A construction of traceability set systems with polynomial tracing algorithm

© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.A family F of w-subsets of a finite set X is called a set system with the identifiable parent property if for any w-subset contained in the union of some t sets, called traitors, of F at least one of these sets can be uniquely determined, i.e. traced. A set system with traceability property (TSS, for short) allows to trace at least one traitor by minimal distance decoding of the corresponding binary code, and hence the complexity of tracing procedure is of order O(M), where M is the number of users or the code's cardinality. We propose a new construction of TSS which is based on the old Kautz-Singleton concatenated construction with algebraic-geometry codes as the outer code and Guruswami-Sudan decoding algorithm. The resulting codes (set systems) have exponentially many users (codevectors) M and polylog(M) complexity of code construction and decoding, i.e. tracing traitors. This is the first construction of traceability set systems with such properties.Peer ReviewedPostprint (author's final draft

Towards joint decoding of binary Tardos fingerprinting codes

The class of joint decoder of probabilistic fingerprinting codes is of utmost importance in theoretical papers to establish the concept of fingerprint capacity. However, no implementation supporting a large user base is known to date. This article presents an iterative decoder which is, as far as we are aware of, the first practical attempt towards joint decoding. The discriminative feature of the scores benefits on one hand from the side-information of previously accused users, and on the other hand, from recently introduced universal linear decoders for compound channels. Neither the code construction nor the decoder make precise assumptions about the collusion (size or strategy). The extension to incorporate soft outputs from the watermarking layer is straightforward. An extensive experimental work benchmarks the very good performance and offers a clear comparison with previous state-of-the-art decoders.Comment: submitted to IEEE Trans. on Information Forensics and Security. - typos corrected, one new plot, references added about ECC based fingerprinting code

On codes for traceability schemes: constructions and bounds

A traceability or fingerprinting scheme is a cryptographic scheme that facilitates the identification of the source of leaked information. In a fingerprinting setting, a distributor delivers copies of a given content to a set of authorized users. If there are dishonest members (traitors) among them, the distributor can deter plain redistribution of the content by delivering a personalized, i.e., marked, copy to each user. The set of all user marks is known as a fingerprinting code. There is, however, another threat. If several traitors collude to create a copy that is a combination of theirs, then the pirated copy generated will contain a corrupted mark, which may obstruct the identification of traitors. This dissertation is about the study and analysis of codes for their use in traceability and fingerprinting schemes, under the presence of collusion attacks. Moreover, another of the main concerns in the present work will be the design of identification algorithms that run efficiently, i.e., in polynomial time in the code length. In Chapters 1 and 2, we introduce the topic and the notation used. We also discuss some properties that characterize fingerprinting codes known under the names of separating, traceability (TA), and identifiable parent property (IPP), which will be subject of research in the present work. Chapter 3 is devoted to the study of the Kötter-Vardy algorithm to solve a variety of problems that appear in fingerprinting schemes. The concern of the chapter is restricted to schemes based on Reed-Solomon codes. By using the Kötter-Vardy algorithm as the core part of the identification processes, three different settings are approached: identification in TA codes, identification in IPP codes and identification in binary concatenated fingerprinting codes. It is also discussed how by a careful setting of a reliability matrix, i.e., the channel information, all possibly identifiable traitors can be found. In Chapter 4, we introduce a relaxed version of separating codes. Relaxing the separating property lead us to two different notions, namely, almost separating and almost secure frameproof codes. From one of the main results it is seen that the lower bounds on the asymptotical rate for almost separating and almost secure frameproof codes are greater than the currently known lower bounds for ordinary separating codes. Moreover, we also discuss how these new relaxed versions of separating codes can be used to show the existence of families of fingerprinting codes of small error, equipped with polynomial-time identification algorithms. In Chapter 5, we present explicit constructions of almost secure frameproof codes based on weakly biased arrays. We show how such arrays provide us with a natural framework to construct these codes. Putting the results obtained in this chapter together with the results from Chapter 4, shows that there exist explicit constructions of fingerprinting codes based on almost secure frameproof codes with positive rate, small error and polynomial-time identification complexity. We remark that showing the existence of such explicit constructions was one of the main objectives of the present work. Finally, in Chapter 6, we study the relationship between the separating and traceability properties of Reed-Solomon codes. It is a well-known result that a TA code is an IPP code, and that an IPP code is a separating code. The converse of these implications is in general false. However, it has been conjectured for some time that for Reed-Solomon codes all three properties are equivalent. Giving an answer to this conjecture has importance in the field of fingerprinting, because a proper characterization of these properties is directly related to an upper bound on the code rate i.e., the maximum users that a fingerprinting scheme can allocate. In this chapter we investigate the equivalence between these properties, and provide a positive answer for a large number of families of Reed-Solomon codes.Un sistema de trazabilidad o de fingerprinting es un mecanismo criptogr afi co que permite identi car el origen de informaci on que ha sido fi ltrada. En el modelo de aplicación de estos sistemas, un distribuidor entrega copias de un determinado contenido a un conjunto de usuarios autorizados. Si existen miembros deshonestos (traidores) entre ellos, el distribuidor puede disuadir que realicen una redistribuci on ingenua del contenido entregando copias personalizadas, es decir, marcadas, a cada uno de los usuarios. El conjunto de todas las marcas de usuario se conoce como c ódigo de fingerprinting. No obstante, existe otra amenaza m as grave. Si diversos traidores confabulan para crear una copia que es una combinación de sus copias del contenido, entonces la copia pirata generada contendr a una marca corrompida que di ficultar a el proceso de identificaci on de traidores. Esta tesis versa sobre el estudio y an alisis de c odigos para su uso en sistemas de trazabilidad o de fi ngerprinting bajo la presencia de ataques de confabulaci on. Otra de las cuestiones importantes que se tratan es el diseño de algoritmos de identi caci on e ficientes, es decir, algoritmos que se ejecuten en tiempo polin omico en la longitud del c odigo. En los Cap tulos 1 y 2 presentamos el tema e introducimos la notaci on que utilizaremos. Tambi en presentaremos algunas propiedades que caracterizan los c odigos de fi ngerprinting, conocidas bajo los nombres de propiedad de separaci on, propiedad identi cadora de padres (IPP) y propiedad de trazabilidad (TA), que est an sujetas a estudio en este trabajo. El Cap tulo 3 est a dedicado al estudio del algoritmo de decodi caci on de lista con informaci on de canal de Kötter-Vardy en la resoluci on de determinados problemas que aparecen en sistemas de fingerprinting. El ambito de estudio del cap ítulo son sistemas basados en c odigos de Reed-Solomon. Empleando el algoritmo de Kötter-Vardy como parte central de los algoritmos de identifi caci on, se analizan tres propuestas en el cap ítulo: identi caci on en c odigos TA, identifi caci on en c odigos IPP e identifi caci on en c odigos de fingerprinting binarios concatenados. Tambi en se analiza c omo mediante un cuidadoso ajuste de una matriz de abilidad, es decir, de la informaci on del canal, se pueden encontrar a todos los traidores que es posible identi car e ficientemente. En el Capí tulo 4 presentamos una versi on relajada de los c odigos separables. Relajando la propiedad de separaci on nos llevar a a obtener dos nociones diferentes: c odigos cuasi separables y c odigos cuasi seguros contra incriminaciones. De los resultados principales se puede observar que las cotas inferiores de las tasas asint oticas para c odigos cuasi separables y cuasi seguros contra incriminaciones son mayores que las cotas inferiores actualmente conocidas para c odigos separables ordinarios. Adem as, tambi en estudiamos como estas nuevas familias de c odigos pueden utilizarse para demostrar la existencia de familias de c odigos de ngerprinting de baja probabilidad de error y dotados de un algoritmo de identi caci on en tiempo polin omico. En el Capí tulo 5 presentamos construcciones expl citas de c odigos cuasi seguros contra incriminaciones, basadas en matrices de bajo sesgo. Mostramos como tales matrices nos proporcionan una herramienta para construir dichos c odigos. Poniendo en com un los resultados de este cap tulo con los del Capí tulo 4, podemos ver que, bas andonos en c odigos cuasi seguros contra incriminaciones, existen construcciones expl ícitas de c odigos de fi ngerprinting de tasa positiva, baja probabilidad de error y con un proceso de identi caci on en tiempo polin omico. Demostrar que existen dichas construcciones expl citas era uno de los principales objetivos de este trabajo. Finalmente, en el Capí tulo 6, estudiamos la relaci on existente entre las propiedades de separaci on y trazabilidad de los c odigos de Reed-Solomon. Es un resultado bien conocido el hecho que un c odigo TA es un c odigo IPP, y que un c odigo IPP es un c odigo separable. Las implicaciones en el sentido opuesto son falsas en general. No obstante, existe una conjetura acerca de la equivalencia de estas tres propiedades en el caso de cóodigos de Reed-Solomon. Obtener una respuesta a esta conjetura es de una importancia relevante en el campo del fi ngerprinting, puesto que la caracterización de estas propiedades est a directamente relacionada con una cota superior en la tasa del c odigo, es decir, con el n umero de usuarios que puede gestionar un sistema de fi ngerprinting. En este cap ítulo investigamos esta equivalencia y proporcionamos una respuesta afirmativa para un gran n umero de familias de c odigos de Reed-Solomon. Los resultados obtenidos parecen sugerir que la conjetura es cierta

Contribution to the construction of fingerprinting and watermarking schemes to protect mobile agents and multimedia content

The main characteristic of fingerprinting codes is the need of high error-correction capacity due to the fact that they are designed to avoid collusion attacks which will damage many symbols from the codewords. Moreover, the use of fingerprinting schemes depends on the watermarking system that is used to embed the codeword into the content and how it honors the marking assumption. In this sense, even though fingerprinting codes were mainly used to protect multimedia content, using them on software protection systems seems an option to be considered. This thesis, studies how to use codes which have iterative-decoding algorithms, mainly turbo-codes, to solve the fingerprinting problem. Initially, it studies the effectiveness of current approaches based on concatenating tradicioanal fingerprinting schemes with convolutional codes and turbo-codes. It is shown that these kind of constructions ends up generating a high number of false positives. Even though this thesis contains some proposals to improve these schemes, the direct use of turbo-codes without using any concatenation with a fingerprinting code as inner code has also been considered. It is shown that the performance of turbo-codes using the appropiate constituent codes is a valid alternative for environments with hundreds of users and 2 or 3 traitors. As constituent codes, we have chosen low-rate convolutional codes with maximum free distance. As for how to use fingerprinting codes with watermarking schemes, we have studied the option of using watermarking systems based on informed coding and informed embedding. It has been discovered that, due to different encodings available for the same symbol, its applicability to embed fingerprints is very limited. On this sense, some modifications to these systems have been proposed in order to properly adapt them to fingerprinting applications. Moreover the behavior and impact over a video produced as a collusion of 2 users by the YouTube’s s ervice has been s tudied. We have also studied the optimal parameters for viable tracking of users who have used YouTube and conspired to redistribute copies generated by a collusion attack. Finally, we have studied how to implement fingerprinting schemes and software watermarking to fix the problem of malicious hosts on mobile agents platforms. In this regard, four different alternatives have been proposed to protect the agent depending on whether you want only detect the attack or avoid it in real time. Two of these proposals are focused on the protection of intrusion detection systems based on mobile agents. Moreover, each of these solutions has several implications in terms of infrastructure and complexity.Els codis fingerprinting es caracteritzen per proveir una alta capacitat correctora ja que han de fer front a atacs de confabulació que malmetran una part important dels símbols de la paraula codi. D'atra banda, la utilització de codis de fingerprinting en entorns reals està subjecta a que l'esquema de watermarking que gestiona la incrustació sigui respectuosa amb la marking assumption. De la mateixa manera, tot i que el fingerprinting neix de la protecció de contingut multimèdia, utilitzar-lo en la protecció de software comença a ser una aplicació a avaluar. En aquesta tesi s'ha estudiat com aplicar codis amb des codificació iterativa, concretament turbo-codis, al problema del rastreig de traïdors en el context del fingerprinting digital. Inicialment s'ha qüestionat l'eficàcia dels enfocaments actuals en la utilització de codis convolucionals i turbo-codis que plantegen concatenacions amb esquemes habituals de fingerprinting. S'ha demostrat que aquest tipus de concatenacions portaven, de forma implícita, a una elevada probabilitat d'inculpar un usuari innocent. Tot i que s'han proposat algunes millores sobre aquests esquemes , finalment s'ha plantejat l'ús de turbocodis directament, evitant així la concatenació amb altres esquemes de fingerprinting. S'ha demostrat que, si s'utilitzen els codis constituents apropiats, el rendiment del turbo-descodificador és suficient per a ser una alternativa aplicable en entorns amb varis centenars d'usuaris i 2 o 3 confabuladors . Com a codis constituents s'ha optat pels codis convolucionals de baix ràtio amb distància lliure màxima. Pel que fa a com utilitzar els codis de fingerprinting amb esquemes de watermarking, s'ha estudiat l'opció d'utilitzar sistemes de watermarking basats en la codificació i la incrustació informada. S'ha comprovat que, degut a la múltiple codificació del mateix símbol, la seva aplicabilitat per incrustar fingerprints és molt limitada. En aquest sentit s'ha plantejat algunes modificacions d'aquests sistemes per tal d'adaptar-los correctament a aplicacions de fingerprinting. D'altra banda s'ha avaluat el comportament i l'impacte que el servei de YouTube produeix sobre un vídeo amb un fingerprint incrustat. A més , s'ha estudiat els paràmetres òptims per a fer viable el rastreig d'usuaris que han confabulat i han utilitzat YouTube per a redistribuir la copia fruït de la seva confabulació. Finalment, s'ha estudiat com aplicar els esquemes de fingerprinting i watermarking de software per solucionar el problema de l'amfitrió maliciós en agents mòbils . En aquest sentit s'han proposat quatre alternatives diferents per a protegir l'agent en funció de si és vol només detectar l'atac o evitar-lo en temps real. Dues d'aquestes propostes es centren en la protecció de sistemes de detecció d'intrusions basats en agents mòbils. Cadascuna de les solucions té diverses implicacions a nivell d'infrastructura i de complexitat.Postprint (published version

Analysis of code-based digital signature schemes

Digital signatures are in high demand because they allow authentication and non-repudiation. Existing digital signature systems, such as digital signature algorithm (DSA), elliptic curve digital signature algorithm (ECDSA), and others, are based on number theory problems such as discrete logarithmic problems and integer factorization problems. These recently used digital signatures are not secure with quantum computers. To protect against quantum computer attacks, many researchers propose digital signature schemes based on error-correcting codes such as linear, Goppa, polar, and so on. We studied 16 distinct papers based on various error-correcting codes and analyzed their various features such as signing and verification efficiency, signature size, public key size, and security against multiple attacks

802.11 Payload Iterative decoding between multiple transmission attempts

Abstract. The institute of electrical and electronics engineers (IEEE) 802.11 standard specifies widely used technology for wireless local area networks (WLAN). Standard specifies high-performance physical and media access control (MAC) layers for a distributed network but lacks an effective hybrid automatic repeat request (HARQ). Currently, the standard specifies forward error correction (FEC), error detection (ED), and automatic repeat request (ARQ), but in case of decoding errors, the previously transmitted information is not used when decoding the retransmitted packet. This is called Type 1 HARQ. Type 1 HARQ uses received energy inefficiently, but the simple implementation makes it an attractive solution. Unfortunately, research applying more sophisticated HARQ schemes on top of IEEE 802.11 is limited. In this Master’s Thesis, a novel HARQ technology based on packet retransmissions that can be decoded in a turbo-like manner, keeping as much as possible compatibility with vanilla 802.11, is proposed. The proposed technology is simulated with both the IEEE 802.11 code and with the robust, efficient and smart communication in unpredictable environments (RESCUE) code. An additional interleaver is added before the convolutional encoder in the proposed technology, interleaving either the whole frame or only the payload to enable effective iterative decoding. For received frames, turbo-like iterations are done between initially transmitted packet copy and retransmissions. Results are compared against the non-iterative combining method maximizing signal-to-noise ratio (SNR), maximum ratio combining (MRC). The main design goal for this technology is to maintain compatibility with the 802.11 standard while allowing efficient HARQ. Other design goals are range extension, higher throughput, and better performance in terms of bit error rate (BER) and frame error rate (FER). This technology can be used for range extension at low SNR range and may provide up to 4 dB gain at medium SNR range compared to MRC. At high SNR, technology can reduce the penalty from retransmission allowing higher average modulation and coding scheme (MCS). However, these gains come with the cost of computational complexity from the iterative decoding. The main limiting factors of the proposed technology are decoding errors in the header and the scrambler area, and resource-hungry-processing. In simulations, perfect synchronization and packet detection is assumed, but in reality, especially at low SNR, packet detection and synchronization would be challenging. 802.11 pakettien iteratiivinen dekoodaus lähetysten välillä. Tiivistelmä. IEEE 802.11-standardi määrittelee yleisesti käytetyn teknologian langattomille lähiverkoille. Standardissa määritellään tehokas fyysinen- ja verkkoliityntäkerros hajautetuille verkoille, mutta siitä puuttuu tehokas yhdistetty automaattinen uudelleenlähetys. Nykyisellään standardi määrittelee virheenkorjaavan koodin, virheellisen paketin tunnistuksen sekä automaattisen uudelleenlähetyksen, mutta aikaisemmin lähetetyn paketin informaatiota ei käytetä hyväksi uudelleenlähetystilanteessa. Tämä menetelmä tunnetaan tyypin yksi yhdistettynä automaattisena uudelleenlähetyksenä. Tyypin yksi yhdistetty automaattinen uudelleenlähetys käyttää vastaanotettua signaalia tehottomasti, mutta yksinkertaisuus tekee siitä houkuttelevan vaihtoehdon. Valitettavasti edistyneempien uudelleenlähetysvaihtoehtojen tutkimusta 802.11-standardiin on rajoitetusti. Tässä diplomityössä esitellään uusi yhdistetty uudelleenlähetysteknologia, joka pohjautuu pakettien uudelleenlähetykseen, sallien turbo-tyylisen dekoodaamisen säilyttäen mahdollisimman hyvän taaksepäin yhteensopivuutta alkuperäisen 802.11-standardin kanssa. Tämä teknologia on simuloitu käyttäen sekä 802.11- että nk. RESCUE-virheenkorjauskoodia. Teknologiassa uusi lomittaja on lisätty konvoluutio-enkoodaajan eteen, sallien tehokkaan iteratiivisen dekoodaamisen, lomittaen joko koko paketin tai ainoastaan hyötykuorman. Vastaanotetuille paketeille tehdään turbo-tyyppinen iteraatio alkuperäisen vastaanotetun kopion ja uudelleenlähetyksien välillä. Tuloksia vertaillaan eiiteratiiviseen yhdistämismenetelmään, maksimisuhdeyhdistelyyn, joka maksimoi yhdistetyn signaali-kohinasuhteen. Tärkeimpänä suunnittelutavoitteena tässä työssä on tehokas uudelleenlähetysmenetelmä, joka ylläpitää taaksepäin yhteensopivuutta IEEE 802.11-standardin kanssa. Muita tavoitteita ovat kantaman lisäys, nopeampi yhteys ja matalampi bitti- ja pakettivirhesuhde. Kehitettyä teknologiaa voidaan käyttää kantaman lisäykseen matalan signaalikohinasuhteen vallitessa ja se on jopa 4 dB parempi kohtuullisella signaalikohinasuhteella kuin maksimisuhdeyhdistely. Korkealla signaali-kohinasuhteella teknologiaa voidaan käyttää pienentämään häviötä epäonnistuneesta paketinlähetyksestä ja täten sallien korkeamman modulaatio-koodiasteen käyttämisen. Valitettavasti nämä parannukset tulevat kasvaneen laskennallisen monimutkaisuuden kustannuksella, johtuen iteratiivisesta dekoodaamisesta. Isoimmat rajoittavat tekijät teknologian käytössä ovat dekoodausvirheet otsikossa ja datamuokkaimen siemenessä. Tämän lisäksi käyttöä rajoittaa resurssisyöppö prosessointi. Simulaatioissa oletetaan täydellinen synkronisointi, mutta todellisuudessa, erityisesti matalalla signaali-kohinasuhteella, paketin tunnistus ja synkronointi voivat olla haasteellisia

Properties and evaluation of fingerprinting codes

The concept of data fingerprinting is of paramount importance in the framework of digital content distribution. This project deals with fingerprinting codes, which are used to prevent dishonest users from redistributing copyrighted material. After introducing some basic notions of coding and fingerprinting theory, the project is divided in two parts. In the first part, we present and analyze some of the main existing fingerprinting codes and we also discuss some new constructions. The study is specifically focused on the estimation of the minimum length of the codes, given the design parameters of the system: number of users to allocate, maximum size of the collusions and probability of identification error. Also, we present some theoretical results about the new code construction studied. Finally, we present several simulations, comparing the different codes and estimating what is the minimum-length code in each region. The second part of the project is devoted to the study of the properties of Reed-Solomon codes in the context of fingerprinting. Codes with the traceability (TA) property are of remarkable significance, since they provide an efficient way to identify traitors. Codes with the identifiable parent property (IPP) are also capable of identifying traitors, requiring less restrictive conditions than the TA codes at the expense of not having an efficient decoding algorithm, in the general case. Other codes that have been widely studied but possess a weaker traitor-tracing capability are the secure frameproof codes (SFP). It is a well-known result that TA implies IPP and IPP implies SFP. The converse is in general false. However, it has been conjectured that for Reed-Solomon codes all three properties are equivalent. In this paper we investigate this equivalence, and provide a positive answer for families of Reed-Solomon codes when the number of traitors divide the size of the code fieldAward-winnin

On application of algebraic geometry codes of L-construction in copy protection

Схемы широковещательного шифрования используются для защиты легально тиражируемой цифровой продукции от несанкционированного копирования. В схемах распространитель тиражирует данные свободно в зашифрованном виде, а для расшифрования выдаёт каждому легальному пользователю уникальный набор ключей, по которому можно однозначно определить пользователя, его получившего, и далее определить источник несанкционированного распространения. Для организации схем широковещательного шифрования используются методы, основанные на использовании помехоустойчивых кодов с большим кодовым расстоянием и быстрых алгоритмов списочного декодирования. В работе рассматривается возможность использования в этих схемах алгеброгеометрических кодов (АГ-кодов) L-конструкции и списочных декодеров Судана — Гурусвами. Рассмотрена проблема построения таких кодов. В ходе исследования получены достаточные условия применимости АГ-кодов. Представлен алгоритм построения одноточечного АГ-кода, применимого в схемах широковещательного шифрования, обоснована его корректность, приведён пример работы