Joint Quantization and Diffusion for Compressed Sensing Measurements of Natural Images

Recent research advances have revealed the computational secrecy of the compressed sensing (CS) paradigm. Perfect secrecy can also be achieved by normalizing the CS measurement vector. However, these findings are established on real measurements while digital devices can only store measurements at a finite precision. Based on the distribution of measurements of natural images sensed by structurally random ensemble, a joint quantization and diffusion approach is proposed for these real-valued measurements. In this way, a nonlinear cryptographic diffusion is intrinsically imposed on the CS process and the overall security level is thus enhanced. Security analyses show that the proposed scheme is able to resist known-plaintext attack while the original CS scheme without quantization cannot. Experimental results demonstrate that the reconstruction quality of our scheme is comparable to that of the original one.Comment: 4 pages, 4 figure

Chosen-plaintext attack of an image encryption scheme based on modified permutation-diffusion structure

Since the first appearance in Fridrich's design, the usage of permutation-diffusion structure for designing digital image cryptosystem has been receiving increasing research attention in the field of chaos-based cryptography. Recently, a novel chaotic Image Cipher using one round Modified Permutation-Diffusion pattern (ICMPD) was proposed. Unlike traditional permutation-diffusion structure, the permutation is operated on bit level instead of pixel level and the diffusion is operated on masked pixels, which are obtained by carrying out the classical affine cipher, instead of plain pixels in ICMPD. Following a \textit{divide-and-conquer strategy}, this paper reports that ICMPD can be compromised by a chosen-plaintext attack efficiently and the involved data complexity is linear to the size of the plain-image. Moreover, the relationship between the cryptographic kernel at the diffusion stage of ICMPD and modulo addition then XORing is explored thoroughly

Adaptive 3D Mesh Steganography Based on Feature-Preserving Distortion

3D mesh steganographic algorithms based on geometric modification are vulnerable to 3D steganalyzers. In this paper, we propose a highly adaptive 3D mesh steganography based on feature-preserving distortion (FPD), which guarantees high embedding capacity while effectively resisting 3D steganalysis. Specifically, we first transform vertex coordinates into integers and derive bitplanes from them to construct the embedding domain. To better measure the mesh distortion caused by message embedding, we propose FPD based on the most effective sub-features of the state-of-the-art steganalytic feature set. By improving and minimizing FPD, we can efficiently calculate the optimal vertex-changing distribution and simultaneously preserve mesh features, such as steganalytic and geometric features, to a certain extent. By virtue of the optimal distribution, we adopt the Q-layered syndrome trellis coding (STC) for practical message embedding. However, when Q varies, calculating bit modification probability (BMP) in each layer of Q-layered will be cumbersome. Hence, we contrapuntally design a universal and automatic BMP calculation approach. Extensive experimental results demonstrate that the proposed algorithm outperforms most state-of-the-art 3D mesh steganographic algorithms in terms of resisting 3D steganalysis.Comment: IEEE TVCG major revisio

Intellectual Property Protection for Deep Learning Models: Taxonomy, Methods, Attacks, and Evaluations

The training and creation of deep learning model is usually costly, thus it can be regarded as an intellectual property (IP) of the model creator. However, malicious users who obtain high-performance models may illegally copy, redistribute, or abuse the models without permission. To deal with such security threats, a few deep neural networks (DNN) IP protection methods have been proposed in recent years. This paper attempts to provide a review of the existing DNN IP protection works and also an outlook. First, we propose the first taxonomy for DNN IP protection methods in terms of six attributes: scenario, mechanism, capacity, type, function, and target models. Then, we present a survey on existing DNN IP protection works in terms of the above six attributes, especially focusing on the challenges these methods face, whether these methods can provide proactive protection, and their resistances to different levels of attacks. After that, we analyze the potential attacks on DNN IP protection methods from the aspects of model modifications, evasion attacks, and active attacks. Besides, a systematic evaluation method for DNN IP protection methods with respect to basic functional metrics, attack-resistance metrics, and customized metrics for different application scenarios is given. Lastly, future research opportunities and challenges on DNN IP protection are presented