3,329 research outputs found
Traitor Tracing Revisited: New Attackers, Stronger Security Model and New Construction
In Crypto 94, Chor, Fiat, and Naor first introduced the traitor tracing (TT) systems, which aim at helping content distributors identify pirates. Since its introduction, many traitor tracing schemes have been proposed. However, we observe until now almost all the traitor tracing systems using probabilistic public key (and secret key) encryption as the the content distribution algorithm, they do not consider this basic fact: the malicious encrypter can plant some trapdoor in the randomness of the ciphertexts and later he can use this trapdoor or the delegation of the trapdoor to construct decoding pirates, He can sell them to the black market and get his own benefits. At first sight, this new attack model is too strong to capture the real attack scenarios. But we think it is valuable at least for the following two reasons: (1) Note in many modern content distribution systems, there are at least existing three different roles: { the content provider, the content distributer and the content consumer. In this framework, the encrypter is not necessarily the content provider (or content owner). It can be a malicious employee in the content provider corporation, it can also be the malicious content distributer or its malicious employee}. In all these cases, the encrypter has its own benefits and has the potential intention to plant some trapdoor in the randomness for generating ciphertexts. (2) Also note in the related work, there is a conclusion that traitor tracing and differential privacy can have directly influence on each other, while differential privacy (DP) is at the heart of constructing modern privacy preserving systems. But if we consider this new insider attacker (the encrypter), at least some part arguments on the relationship between traitor tracing and differential privacy need more consideration. Therefore in this paper we carefully describe this new insider attacker and investigate thoroughly on its effect. Our main research results are the following: (1) We show that many existing public key traitor tracing systems with probabilistic encryption algorithm are failing to work correctly when facing this malicious encrypter.They are including the BSW, BW, GKSW, LCZ and BZ traitor tracing systems. Furthermore, we conclude that most of the existing traitor tracing systems using probabilistic encryption algorithm can not resist this attack.
(2) When considering the insider attacker (the encrypter), if the traitor tracing schemes using probabilistic encryption algorithms, the conclusion on tight relationship between traitor tracing and differential privacy may need more consideration.
(3) By employing the technique of hash function, we show how to design TT+ system which can resist this type of attack based on the existing traitor tracing system. Compared with the old traitor tracing system, our new proposal does not add much overhead and thus is practical too
Dynamic Traitor Tracing for Arbitrary Alphabets: Divide and Conquer
We give a generic divide-and-conquer approach for constructing
collusion-resistant probabilistic dynamic traitor tracing schemes with larger
alphabets from schemes with smaller alphabets. This construction offers a
linear tradeoff between the alphabet size and the codelength. In particular, we
show that applying our results to the binary dynamic Tardos scheme of Laarhoven
et al. leads to schemes that are shorter by a factor equal to half the alphabet
size. Asymptotically, these codelengths correspond, up to a constant factor, to
the fingerprinting capacity for static probabilistic schemes. This gives a
hierarchy of probabilistic dynamic traitor tracing schemes, and bridges the gap
between the low bandwidth, high codelength scheme of Laarhoven et al. and the
high bandwidth, low codelength scheme of Fiat and Tassa.Comment: 6 pages, 1 figur
Dynamic Tardos Traitor Tracing Schemes
We construct binary dynamic traitor tracing schemes, where the number of
watermark bits needed to trace and disconnect any coalition of pirates is
quadratic in the number of pirates, and logarithmic in the total number of
users and the error probability. Our results improve upon results of Tassa, and
our schemes have several other advantages, such as being able to generate all
codewords in advance, a simple accusation method, and flexibility when the
feedback from the pirate network is delayed.Comment: 13 pages, 5 figure
Efficient Probabilistic Group Testing Based on Traitor Tracing
Inspired by recent results from collusion-resistant traitor tracing, we
provide a framework for constructing efficient probabilistic group testing
schemes. In the traditional group testing model, our scheme asymptotically
requires T ~ 2 K ln N tests to find (with high probability) the correct set of
K defectives out of N items. The framework is also applied to several noisy
group testing and threshold group testing models, often leading to improvements
over previously known results, but we emphasize that this framework can be
applied to other variants of the classical model as well, both in adaptive and
in non-adaptive settings.Comment: 8 pages, 3 figures, 1 tabl
Dynamic Traitor Tracing Schemes, Revisited
We revisit recent results from the area of collusion-resistant traitor
tracing, and show how they can be combined and improved to obtain more
efficient dynamic traitor tracing schemes. In particular, we show how the
dynamic Tardos scheme of Laarhoven et al. can be combined with the optimized
score functions of Oosterwijk et al. to trace coalitions much faster. If the
attack strategy is known, in many cases the order of the code length goes down
from quadratic to linear in the number of colluders, while if the attack is not
known, we show how the interleaving defense may be used to catch all colluders
about twice as fast as in the dynamic Tardos scheme. Some of these results also
apply to the static traitor tracing setting where the attack strategy is known
in advance, and to group testing.Comment: 7 pages, 1 figure (6 subfigures), 1 tabl
Optimal sequential fingerprinting: Wald vs. Tardos
We study sequential collusion-resistant fingerprinting, where the
fingerprinting code is generated in advance but accusations may be made between
rounds, and show that in this setting both the dynamic Tardos scheme and
schemes building upon Wald's sequential probability ratio test (SPRT) are
asymptotically optimal. We further compare these two approaches to sequential
fingerprinting, highlighting differences between the two schemes. Based on
these differences, we argue that Wald's scheme should in general be preferred
over the dynamic Tardos scheme, even though both schemes have their merits. As
a side result, we derive an optimal sequential group testing method for the
classical model, which can easily be generalized to different group testing
models.Comment: 12 pages, 10 figure
Discrete Distributions in the Tardos Scheme, Revisited
The Tardos scheme is a well-known traitor tracing scheme to protect
copyrighted content against collusion attacks. The original scheme contained
some suboptimal design choices, such as the score function and the distribution
function used for generating the biases. Skoric et al. previously showed that a
symbol-symmetric score function leads to shorter codes, while Nuida et al.
obtained the optimal distribution functions for arbitrary coalition sizes.
Later, Nuida et al. showed that combining these results leads to even shorter
codes when the coalition size is small. We extend their analysis to the case of
large coalitions and prove that these optimal distributions converge to the
arcsine distribution, thus showing that the arcsine distribution is
asymptotically optimal in the symmetric Tardos scheme. We also present a new,
practical alternative to the discrete distributions of Nuida et al. and give a
comparison of the estimated lengths of the fingerprinting codes for each of
these distributions.Comment: 5 pages, 2 figure
A Secure Traitor Tracing Scheme against Key Exposure
Copyright protection is a major issue in distributing digital content. On the
other hand, improvements to usability are sought by content users. In this
paper, we propose a secure {\it traitor tracing scheme against key exposure
(TTaKE)} which contains the properties of both a traitor tracing scheme and a
forward secure public key cryptosystem. Its structure fits current digital
broadcasting systems and it may be useful in preventing traitors from making
illegal decoders and in minimizing the damage from accidental key exposure. It
can improve usability through these properties.Comment: 5 pages, IEEE International Symposium on Information Theory 2005
(ISIT 2005
Capacities and Capacity-Achieving Decoders for Various Fingerprinting Games
Combining an information-theoretic approach to fingerprinting with a more
constructive, statistical approach, we derive new results on the fingerprinting
capacities for various informed settings, as well as new log-likelihood
decoders with provable code lengths that asymptotically match these capacities.
The simple decoder built against the interleaving attack is further shown to
achieve the simple capacity for unknown attacks, and is argued to be an
improved version of the recently proposed decoder of Oosterwijk et al. With
this new universal decoder, cut-offs on the bias distribution function can
finally be dismissed.
Besides the application of these results to fingerprinting, a direct
consequence of our results to group testing is that (i) a simple decoder
asymptotically requires a factor 1.44 more tests to find defectives than a
joint decoder, and (ii) the simple decoder presented in this paper provably
achieves this bound.Comment: 13 pages, 2 figure
- …