ARCHANGEL: Tamper-proofing Video Archives using Temporal Content Hashes on the Blockchain

We present ARCHANGEL; a novel distributed ledger based system for assuring the long-term integrity of digital video archives. First, we describe a novel deep network architecture for computing compact temporal content hashes (TCHs) from audio-visual streams with durations of minutes or hours. Our TCHs are sensitive to accidental or malicious content modification (tampering) but invariant to the codec used to encode the video. This is necessary due to the curatorial requirement for archives to format shift video over time to ensure future accessibility. Second, we describe how the TCHs (and the models used to derive them) are secured via a proof-of-authority blockchain distributed across multiple independent archives. We report on the efficacy of ARCHANGEL within the context of a trial deployment in which the national government archives of the United Kingdom, Estonia and Norway participated.Comment: Accepted to CVPR Blockchain Workshop 201

Digital Watermarking for Verification of Perception-based Integrity of Audio Data

In certain application fields digital audio recordings contain sensitive content. Examples are historical archival material in public archives that preserve our cultural heritage, or digital evidence in the context of law enforcement and civil proceedings. Because of the powerful capabilities of modern editing tools for multimedia such material is vulnerable to doctoring of the content and forgery of its origin with malicious intent. Also inadvertent data modification and mistaken origin can be caused by human error. Hence, the credibility and provenience in terms of an unadulterated and genuine state of such audio content and the confidence about its origin are critical factors. To address this issue, this PhD thesis proposes a mechanism for verifying the integrity and authenticity of digital sound recordings. It is designed and implemented to be insensitive to common post-processing operations of the audio data that influence the subjective acoustic perception only marginally (if at all). Examples of such operations include lossy compression that maintains a high sound quality of the audio media, or lossless format conversions. It is the objective to avoid de facto false alarms that would be expectedly observable in standard crypto-based authentication protocols in the presence of these legitimate post-processing. For achieving this, a feasible combination of the techniques of digital watermarking and audio-specific hashing is investigated. At first, a suitable secret-key dependent audio hashing algorithm is developed. It incorporates and enhances so-called audio fingerprinting technology from the state of the art in contentbased audio identification. The presented algorithm (denoted as ”rMAC” message authentication code) allows ”perception-based” verification of integrity. This means classifying integrity breaches as such not before they become audible. As another objective, this rMAC is embedded and stored silently inside the audio media by means of audio watermarking technology. This approach allows maintaining the authentication code across the above-mentioned admissible post-processing operations and making it available for integrity verification at a later date. For this, an existent secret-key ependent audio watermarking algorithm is used and enhanced in this thesis work. To some extent, the dependency of the rMAC and of the watermarking processing from a secret key also allows authenticating the origin of a protected audio. To elaborate on this security aspect, this work also estimates the brute-force efforts of an adversary attacking this combined rMAC-watermarking approach. The experimental results show that the proposed method provides a good distinction and classification performance of authentic versus doctored audio content. It also allows the temporal localization of audible data modification within a protected audio file. The experimental evaluation finally provides recommendations about technical configuration settings of the combined watermarking-hashing approach. Beyond the main topic of perception-based data integrity and data authenticity for audio, this PhD work provides new general findings in the fields of audio fingerprinting and digital watermarking. The main contributions of this PhD were published and presented mainly at conferences about multimedia security. These publications were cited by a number of other authors and hence had some impact on their works

Your password is music to my ears: cloud-based authentication using sound

This paper details the research in progress into identifying and addressing the threats faced by voice assistants and audio based digital systems. The popularity of these systems continues to grow as does the number of applications and scenarios they are used in. Smart speakers, smart home devices, mobile phones, telephone banking, and even vehicle controls all benefit from being able to be controlled to some extend by voice without diverting the attention of the user to a screen or having to use an input device such as a screen or keyboard. Whilst this removes barriers to use for those with accessibility challenges like visual impairment or motor skills issues and opens up a much more convenient user experience, a number of cyber security threats remain unanswered. This paper details a threat modeling exercise and suggests a model to address the key threats whilst retaining the usability associated with voice driven systems, by using an additional sound-based authentication factor

Cracks in the Foundation: The New Internet Legislation\u27s Hidden Threat to Privacy and Commerce

Scholarship to date has focused on the legal significance of the novelty of the Internet. This scholarship does not describe or predict actual Internet legislation. Instead of asking whether the Internet is so new as to merit new law, legislators and academics should re-evaluate the role of government in orchestrating collective action and change the relative weight of enforcement, deterrence, and incentives in Internet regulations. A perfect example of the need for this new approach is the recent CANSPAM Act of 2003, which was intended to protect personal privacy and legitimate businesses. However, the law threatens both of these interests, because it does not recognize either the limits of enforceability, or the enhanced possibilities for incentives offered by the decentralized architecture of the Internet

Enhancing cyber security using audio techniques: a public key infrastructure for sound

This paper details the research into using audio signal processing methods to provide authentication and identification services for the purpose of enhancing cyber security in voice applications. Audio is a growing domain for cyber security technology. It is envisaged that over the next decade, the primary interface for issuing commands to consumer internet-enabled devices will be voice. Increasingly, devices such as desktop computers, smart speakers, cars, TV’s, phones an Internet of Things (IOT) devices all have built in voice assistants and voice activated features. This research outlines an approach to securely identify and authenticate users of audio and voice operated systems that utilises existing cryptography methods and audio steganography in a method comparable to a PKI for sound, whilst retaining the usability associated with audio and voice driven systems

Audio Hashing for Spam Detection Using the Redundant Discrete Wavelet Transform

For audio signals, we use the sign of the coefficients of the redundant discrete wavelet transform to generate primary hash vectors assigning bit 1 to positive or zero coefficients and bit 0 in the negative case. Discarding the highest frequency band and using a 6 step transform we get for each sample a 6 bit primary hash value which we may save as an integer. We then select a possible primary hash value (in our experiments we chose 0 or 63) and take the time indices where this primary hash value occurs as the secondary hash vector which is attributed to the whole audio signal. Comparing two audio signals, the number of elements in the intersection of the corresponding time indices are called "number of matches", a high number may indicate a similarity between the files. This secondary hash vector turns out to be robust against addition of noise, GSM-, G.726-, MP3 coding and packet loss. It may therefore be useful to detect spam telephone calls without analyzing the semantic content by the similarity of the corresponding signals. An algorithm is given to detect similar but shifted signals. Results of experiments are reported using a test corpus of 5 000 audio files of regular calls and 200 audio files of different versions of 20 original spam recordings augmented by a set of 45 files of different versions of 9 "special spam" signals.Wir benutzen für Audiosignale das Vorzeichen der Koeffizienten der diskreten redundanten Wavelet-Transformation, um primäre Hashvektoren zu erzeugen, indem wir positiven oder verschwindenden Koeffizienten Bit 0 und negativen Bit 1 zuordnen. Wir lassen das höchste Frequenzband unberücksichtigt, benutzen eine Transformation mit 6 Schritten und erhalten so für jeden Abtastwert einen primären Hashwert, den wir als ganze Zahl abspeichern können. Wir wählen dann einen möglichen primären Hashwert aus (in unseren Experimenten wurde 0 oder 63 ausgewählt) und nehmen die Zeitindizes, bei denen dieser primäre Hashwert auftritt, als den sekundären Hashvektor. Dieser ist dem gesamten Audiosignal zugeordnet. Beim Vergleich zweier Audiosignale wird die Zahl der Elemente im Durchschnitt der Menge der betreffenden Zeitindizes "Trefferzahl" genannt. Eine hohe Trefferzahl kann die Ähnlichkeit zwischen den Dateien anzeigen. Es stellt sich heraus, dass dieser sekundäre Hashvektor robust ist gegenüber Verrauschen, GSM-, G.726-, MP3-Kodierung und Paketverlust. Er kann daher benutzt werden, aufgrund der Ähnlichkeit der entsprechenden Signale Spam-Telefongespräche zu entdecken, ohne den semantischen Inhalt zu analysieren. Es ist ein Algorithmus angegeben, um ähnliche, aber gegeneinander verschobene Signale zu erkennen. Es werden Ergebnisse von Experimenten berichtet, bei denen ein Testkorpus von 5000 Audiodateien gewöhnlicher Gespräche und 200 Audiodateien verschiedener Versionen von 20 ursprünglichen Spamaufzeichnungen benutzt wird. Dieser Testkorpus wurde um 45 Dateien verschiedener Versionen von 9 "Sonderspamsignale" erweitert

Hacking Antarctica

Hacking Antarctica is an investigation focused on rendering aesthetic responses to Antarctica beyond normative representations of the sublime and the imperceptible. It is based on fieldwork in polar and subpolar areas over the last 9 years. At its core, the research uses Immanuel Kant’s Critique of Judgement as a way of understanding what is meant by the sublime and from that develops a practice that examines what a Kantian lack of access to nature implies. This key Kantian concept is explained and devised into art works and then tested through concepts such as translation, transduction, infection and representation, using hacking methodologies informed by bricolage (L ´ evi-Strauss 1968), and diffraction (Barad 2007). The research expands on the taxonomies of the polar to reconsider the Antarctic as a border and periphery, bringing a conjunction of hacking methods and site-specific art that enables a performative causality with which to study the production of site. In other words, a performative approach as Barad and other feminist writers recognize, is questioning the traditional causality of ends and means and observer and observed and rather focuses on processes within discursive practices. Causality is reworked as a local externalization of the intra-acting relations of matter. Within the overall system of research for Antarctica, technical methods used included; Free Libre Open Source software and hardware techniques, black and white and infrared photography, ultraviolet light sensing, sound recordings, hydrophone recordings, very low frequency recordings, AM radio sensing, error in photography (light leakage, displaced focus), in text (cut-up compositions), in video (glitch) and error in bodies as infections; bio-sensing agents (including yeast and lactobacillus), point-array analysis, translation of images to raw data, and from raw data to sound, land art performances, spatialization of sound, stereo panning, quadraphonic sound, interactive embroidery, radio broadcast and installations. Specific outputs include: Antarctica 1961-1986 (2017), an interactive embroidered map of Antarctica showing sites of mineral sources and mineral pollution. The map was installed as an interactive instrument that allowed visitors to participate in the live shaping of the spatialization of sounds recorded in Antarctica. A digital Theremin sensor attached to the map was interfaced with Pure Data software running on a GNU-Linux Debian station. All software was made visible as well as the papers documenting the traces of the plutonium found there. The research through an experimental set of hacking practices supported the hypothesis that Antarctica can be represented outside the sublime through the polar-site produced by hashes of proxies and the diffraction produced when superposing modes of knowing. The interruption of the spectacle to respond to Antarctica is the result