Bytewise Approximate Matching: The Good, The Bad, and The Unknown

Hash functions are established and well-known in digital forensics, where they are commonly used for proving integrity and file identification (i.e., hash all files on a seized device and compare the fingerprints against a reference database). However, with respect to the latter operation, an active adversary can easily overcome this approach because traditional hashes are designed to be sensitive to altering an input; output will significantly change if a single bit is flipped. Therefore, researchers developed approximate matching, which is a rather new, less prominent area but was conceived as a more robust counterpart to traditional hashing. Since the conception of approximate matching, the community has constructed numerous algorithms, extensions, and additional applications for this technology, and are still working on novel concepts to improve the status quo. In this survey article, we conduct a high-level review of the existing literature from a non-technical perspective and summarize the existing body of knowledge in approximate matching, with special focus on bytewise algorithms. Our contribution allows researchers and practitioners to receive an overview of the state of the art of approximate matching so that they may understand the capabilities and challenges of the field. Simply, we present the terminology, use cases, classification, requirements, testing methods, algorithms, applications, and a list of primary and secondary literature

Preserving Trustworthiness and Confidentiality for Online Multimedia

Technology advancements in areas of mobile computing, social networks, and cloud computing have rapidly changed the way we communicate and interact. The wide adoption of media-oriented mobile devices such as smartphones and tablets enables people to capture information in various media formats, and offers them a rich platform for media consumption. The proliferation of online services and social networks makes it possible to store personal multimedia collection online and share them with family and friends anytime anywhere. Considering the increasing impact of digital multimedia and the trend of cloud computing, this dissertation explores the problem of how to evaluate trustworthiness and preserve confidentiality of online multimedia data. The dissertation consists of two parts. The first part examines the problem of evaluating trustworthiness of multimedia data distributed online. Given the digital nature of multimedia data, editing and tampering of the multimedia content becomes very easy. Therefore, it is important to analyze and reveal the processing history of a multimedia document in order to evaluate its trustworthiness. We propose a new forensic technique called ``Forensic Hash", which draws synergy between two related research areas of image hashing and non-reference multimedia forensics. A forensic hash is a compact signature capturing important information from the original multimedia document to assist forensic analysis and reveal processing history of a multimedia document under question. Our proposed technique is shown to have the advantage of being compact and offering efficient and accurate analysis to forensic questions that cannot be easily answered by convention forensic techniques. The answers that we obtain from the forensic hash provide valuable information on the trustworthiness of online multimedia data. The second part of this dissertation addresses the confidentiality issue of multimedia data stored with online services. The emerging cloud computing paradigm makes it attractive to store private multimedia data online for easy access and sharing. However, the potential of cloud services cannot be fully reached unless the issue of how to preserve confidentiality of sensitive data stored in the cloud is addressed. In this dissertation, we explore techniques that enable confidentiality-preserving search of encrypted multimedia, which can play a critical role in secure online multimedia services. Techniques from image processing, information retrieval, and cryptography are jointly and strategically applied to allow efficient rank-ordered search over encrypted multimedia database and at the same time preserve data confidentiality against malicious intruders and service providers. We demonstrate high efficiency and accuracy of the proposed techniques and provide a quantitative comparative study with conventional techniques based on heavy-weight cryptography primitives

Privacy-preserving architecture for forensic image recognition

Forensic image recognition is an important tool in many areas of law enforcement where an agency wants to prosecute possessors of illegal images. The recognition of illegal images that might have undergone human imperceptible changes (e.g., a JPEG-recompression) is commonly done by computing a perceptual image hash function of a given image and then matching this hash with perceptual hash values in a database of previously collected illegal images. To prevent privacy violation, agencies should only learn about images that have been reliably detected as illegal and nothing else. In this work, we argue that the prevalent presence of separate departments in such agencies can be used to enforce the need-to-know principle by separating duties among them. This enables us to construct the first practically efficient architecture to perform forensic image recognition in a privacy-preserving manner. By deriving unique cryptographic keys directly from the images, we can encrypt all sensitive data and ensure that only illegal images can be recovered by the law enforcement agency while all other information remains protected

Towards a standardised strategy to collect and distribute application software artifacts

Reference sets contain known content that are used to identify relevant or filter irrelevant content. Application profiles are a type of reference set that contain digital artifacts associated with application software. An application profile can be compared against a target data set to identify relevant evidence of application usage in a variety of investigation scenarios. The research objective is to design and implement a standardised strategy to collect and distribute application software artifacts using application profiles. An advanced technique for creating application profiles was designed using a formalised differential analysis strategy. The design was implemented in a live differential forensic analysis tool, LiveDiff, to automate and simplify data collection. A storage mechanism was designed based on a previously standardised forensic data abstraction. The design was implemented in a new data abstraction, Application Profile XML (APXML), to provide storage, distribution and automated processing of collected artifacts

Robust hashing for image authentication using quaternion discrete Fourier transform and log-polar transform

International audienceIn this work, a novel robust image hashing scheme for image authentication is proposed based on the combination of the quaternion discrete Fourier transform (QDFT) with the log-polar transform. QDFT offers a sound way to jointly deal with the three channels of color images. The key features of the present method rely on (i) the computation of a secondary image using a log-polar transform; and (ii) the extraction from this image of low frequency QDFT coefficients' magnitude. The final image hash is generated according to the correlation of these magnitude coefficients and is scrambled by a secret key to enhance the system security. Experiments were conducted in order to analyze and identify the most appropriate parameter values of the proposed method and also to compare its performance to some reference methods in terms of receiver operating characteristics curves. The results show that the proposed scheme offers a good sensitivity to image content alterations and is robust to the common content-preserving operations, and especially to large angle rotation operations