Information Hiding & Digital Watermarking

Information Hiding&

Digital Watermarking

Tri Van Le

Outlines• Some history• State of the art• Research goals• Possible approaches• Research plan

Cryptography in the 80s• Beginning time of open research• A lot of schemes proposed• Most of them soon broken

Broken Cryptosystems (I)Merkle

Hellman1978-1984

IteratedKnapsack

1978-1984

Lu-Lee

1979-1980

MerlkeHellman

MerlkeHellman

Lu-Lee

AdigaShankar

1985-1988

AdigarShankar

Nieder-reiter

1986-1988

Neiderreiter

GoodmanMcAuly

1984-1988

GoodmanMcAuly

Pieprzyk

1985-1988

Pieprzyk

ChorRivest

1988-1998

ChorRivest

Okamoto

1986-1987

Okamoto

Okamoto

1987-1988

Okamoto

Broken Cryptosystems (II)Matsumoto

Imai1983-1984

Cade

1985-1986Yagisawa

1985-1986

MatsumotoImai

Cade Yasigawa

TMKIF1986-1985

Tsujii, ItohMatsumotoKurosama

Fujioka

LuccioMazzone

1980-1981

LuccioMazzone

KravitzReed

1982-1982

KravitzReed

RaoNam

1986-1988RaoNam

LowDegree

CG

1982

HighDegree

CG

1988

RivestAdleman

Dertouzos

1978-1987Rivest

AdlemanDertouzos

KrawczykBoyar

Broken Cryptosystems (III)Ong

Schnorr1983-1984

OngSchorr

OngSchnorrShamir

1984-1985Ong

SchorrShamir

OkamotoShiraishi

1985-1985

OkamotoShiraishi

Proven Secure Cryptosystems (I)

• Shannon’s work (1949)– Mathematical proof of security– Information theoretic secrecy

• Enemy with unlimited power– Can compute any desired function

Proven Secure Cryptosystems (II)

• Rabin (81), Goldwasser & Micali (82)– Mathematical proof of security– Computational secrecy

• Enemy with limited time and space– Can run in polynomial time– Can use polynomial space

Information Hiding(state of the art)

• Similar to that of cryptography in 80s– Many schemes were proposed– Most of them were broken

• Use heuristic security– Subjective measurements– Assume very specific enemy

Broken Schemes (I)Name Author(s) Pro-BroContraband Zimmerman 1996-1999Echo Hiding Gruhl et. Al. 1996-1998EIKONA Pitas 1996-1998EzStego Machado 1994-1999Fravia Fravia 1995-1999

Broken Schemes (II)Name Author(s) Pro/BroHide and Seek Latham 1998-1999J K_PGS Kutter & J ordan 1997-1998J Steg Korejwa 1998-1999NEC Method Cox et. Al. 1996-1998PGMStealth Rinne 1994-1999

Broken Schemes (III)Name Author(s) Pro/BroPictureMarc Rhoads 1997-1998Piilo Aura 1995-1999Snow Kwan 1996-1999Steganos Steganos GmbH 1996-1999Stegodos Wolf 1995-1999

Broken Schemes (IV)Name Author(s) Pro/BroS-Tools Brown 1995-1999SureSign Signum Tech 1997-1998SysCoP Koch & Zhao 1995-1998White noise storm Arachelian 1994/1999

Research Goals• Fundamental way

– Systematic research– Same as Shannon and Goldwasser’s

work• What have been done

– Covert channels– Anonymous communications

• What are the properties

Fundamental Models• Unconditional hiding

– Unlimited enemy• Statistical hiding

– Polynomial samples• Computational hiding

– Polynomial time

What have been done• Covert channels• Anonymous communications• Information hiding

– Steganography– Digital watermarking

Covert Channels• Leakage information (e.g. viruses)

– Disk space– CPU load

• Subliminal channels– Digital signatures– Encryption schemes– Cryptographic malwares

Covert Computations• Computation inside computations

– Secret design calculations inside a factoring computation

– Secret physics simulations inside a cryptographic software or devices

Anonymous Communications

• MIX Networks– Electronic voting– Anonymous communication

• Onion Routings– Limited anonymous communication

• Blind signatures– Digital cash

Information Hiding• Steganography

– Invisible inks– Small dots– Letters

• Digital watermarking– Common lossy compressions– Common signal processing operations

Information Hiding• Hiding property

– Output must look like the cover• Secrecy

– No partial information on input message

• Authenticity– Hard to compute valid output

Our Approaches• Arbitrary key

– Steganography, watermarking• Restricted key

– Protection of key materials• Key = Ciphertext

– Secret sharing

Research Plan• To understand information hiding

– Perfect hiding (done)• Necessary and sufficient conditions• Computational complexity results• Constructions of prefect secure schemes• Constructions of schemes with non-reliability

– Computational hiding (under research)• Conventional constructions• Public key schemes

Research Plan• Other aspects

– Replacing privacy by authenticity• Extra problem

– Robustness against modifications

Thank you• Questions?• More details?

Approaches• Arbitrary key distribution

– E: KM C– K: key space– M: message space– C: cover space

• Requires– E(k,m) is distributed accordingly to

Pcover

Approaches• Restricted key distribution

– c = E(k,m)– k is distributed accordingly to PK

– c is distributed accordingly to PCover

Approaches• Key = Ciphertext

– S: MCC– (k1,k2) = S(m)

• Requires– k1 and k2 distributed accordingly to

PCover

Models• Perfect hiding

– Pc = Pcover

– Ciphertext distributes exactly as Pcover

• Statistical Hiding– |Pc - Pcover| is a negligible function

• Negligible function– f(n)<n-d for all d>0 and n>Nd.

Models• Computational Hiding

– Pc and Pcover are P-time indistinguishable

– For all P-time P.T.M. M:Prob(M(Pc)=1) - Prob(M(Pcover)=1)

is negligible.

Examples• Quadratic residues

– n = pq– S1 = {x2 |x in Zn

*}– S2 = {x|x in Zn

* and J(x)=1}• Decision Diffie-Hellman

– U1 = (g, ga, gb, gab) mod p– U2 = (g, ga, gb, gr) mod p