View
221
Download
1
Tags:
Embed Size (px)
Citation preview
Electronic Watermarking
Jean-Paul M.G. Linnartz
Nat.Lab., Philips Research
Outline of Today’s Talk
• A quick update on security in Copy Protection
• More about Watermarks
• Watermark embedding and detection
• A few attacks on watermarks
Copyrighted content in the digital world of the future
will only flow over compliant devices
Compliant World All content is encrypted on all interfaces Controlled by CSS, 5C, 4C, Millennium, ...
Non-Compliant World
All analog devices, some digital
authentication
encryption
watermark?
By licensing contract: - no unprotected output
Analog
Digital
To avoid analog circumvention
DVD ROM
VHS
Rush
Record Control; How to enforce?
• All licensing contracts are based on permission to PLAY BACK protected content
Pla
yb
ac
k o
nly Play
Ticket
Pla
ybac
k o
rig
inal
Copy
Ticket
Rec
ord
Pla
ybac
k co
py
Watermarked content
ElectronicAuthorization Ticket
or
Play Control
: Watermark matches with valid ticket
: Free-Copy: No Watermark
+Copy
Ticket
Record / playback ONLY if
or
Anti-Cloning: use a physical mark for discs
Wobble
Wobble amplitude of30 nm (peak to peak)
• Encrypted content can be cloned.
• Store the keys as a physical id which is hard to duplicate, even in a disc press environment
• Catch illegal copies using play-back control
Generation Control
• Copying “in the family circle” is “fair use”• German customers pay tape levies, thus buy the right to copy• “Copies of copies” lead to exponential growth of copy population
Without generation control
With generation control
Re-marking: Adding a secondary watermark
Primary watermark:Copy-Once
STB Recorder
Detect Watermark+
Add Secondary watermark:
Copy-No-More
Player
Primary + Secondarywatermark: Copy-Once
DriveRecorder Drive
T T’is implemented as
Ticket Handling
Check whether T Wn
encoderinformationto embed
original data
retrievedinformation
markeddata
decoderchannel
(processing)
receiveddata
Digital watermarking
• The imperceptible, robust, secure communication of information by embedding it in and retrieving it from other digital data.
processed data
Image: p(n)+
Perceptive model X
Watermark: w(n)
Marked Image: q(n)
A simple example
Pseudo-noise
Seed
Correlation detector: matched filter
SuspectVideo
X
Reference watermark
Accumulator Comparator
DetectionThreshold
Decision Variable
•Optimal detection method (under certain AWGN conditions)•Detection can be executed in MPEG compressed domain.
• Provide an additional communication channel
• Additional data travels with the content
• Imperceptibly embed information directly into original data (“host data”, “cover data”) to produce “watermarked data”
Motivation for Digital Watermarking
Types of Watermarks
• Imperceptible or perceptible but unobtrusive
• Robust or Fragile
• Blind detection or detection with original
• Public of private detection
ClearVideo Marked Video
Watermark Embedding Data
Decision:present/absent
WatermarkDetection Data
Some Applications of Watermarking• Copyright control
– playback, copy-generation control (DVD, SDMI)
• Meta data and referral service • Broadcast monitoring
– check on royalty payments– commercial verification
• Distribution tracing– fingerprinting
• Proof of ownership (with zero knowledge?)• Proof of authenticity
• Watermarked data and original data should be perceptually indistinguishable
• Use low-amplitude modifications and/or perceptual modeling
Desired Properties: Imperceptibility
Original image
115 154 180 …158 183 174 …177 168 144 …
After embedding
114 150 180 …156 186 172 …177 170 144 …
Desired Properties: Robustness• Processing of the watermarked data cannot damage or destroy
the embedded information without rendering the processed data useless
JPEG compression Additive noise & clipping
Watermark parameters• Robustness
• Perceptibility, transparancy
• Security– vulnerability to intentional attacks– Kerckhoffs’ principle Complexity
• Granularity
• Capacity, payload
• False Positive Rate
• Layering & remarking
Watermarking: A Multidisciplinary Field
• Communications
• Information theory
• Cryptography
• Human perception
• Detection theory
• Hypothesis testing
• Signal processing
• Data compression
• Multimedia processing
• Intellectual property
• Law
• Consumer electronics
• Music & film industry
• The matched filter is optimum for AWGN channels
Example of research topics 1: Prefiltering
H-1AWGN Image
Watermark + H X
H
Watermark
MF
Example of research topics 2: Exploiting non-stationarity
• Images contain areas A0, A0, .., AI-1, with different statistical properties– mean and variance of luminance– spectrum of luminance– masking properties
Correlate weigh
Correlate weigh
Correlate weigh
+f0
f1
A0
A1Decision variable d. SNR: g
d0 = d0,w + d0,p
d0 f0
Example of research topics 3: Correlation After FFT
• Detection when synchronization is unknown:dk = <CyclicShift(W,k) , Q>
k ranges over [128 by 128], Computationally infeasible
[dk] = I-FFT(FFT(Q) * conj(FFT(W))
FFT(CyclicShift(W,k)) = zk FFT(W)
FFT Multiply I-FFT
FFT
Q
W
d0 = <W, Q>
dk=<CyclicShift(W,k),Q>
Example of research topics 4: Zero-Knowledge proof of ownership
Assume that Peggy wants to prove that has watermarked content, without revealing the secrets of her watermarking method.
1) she must prove that she had committed to a watermarking method in advance
2) she may just prove the presence of a watermark in a scrambled (permuted) version of the suspect image, where she reveals either the permuatation or the permuted watermark.
Exercise• Given
– watermarking scheme: q(n) = p(n) + w(n)
– Watermark detection: correlation method
• Summarize various attacks and discuss whether the watermarking scheme is robust, or how it can be made more robust.
• The application of copy protection requires a very low false positive rate. How would you choose the decision threshold setting?
Examples of Attacks• Attacks on the content
– (noise addition, filtering scaling)
• Attacks exploiting the presence of an embedder
• Attack exploiting the presence of a detector
• Attacks on the system
Scrambling Descrambling
RecorderWatermark detector
Watermark detector
PlayerCopyrighted Video IN
CopiedVideoOUT
Copy Protected video recorder and player
Circumvention by encryption
•Encryption device has a legitimate purpose (privacy)
•Hacker can use very simple scrambling
•Avoid that CSS is misused to hide watermarks.
•It does not help to outlaw all other file formats than MPEG
Copyprotected content
Data hidingFake carrierFree-copy
Watermark detector Recorder
Watermark detector Player
Extract hidden data
Copy of Copyprotected content
Circumvention by data hiding
Decision:present/absent
SecretWatermarkDetection Data
WatermarkDetector
Attacks exploiting the presence of a detector:Exploiting Side Information
Computation time;Frame accumulation time
Reliability parameter
Power consumption;CPU load
Attacks exploiting the presence of a detector
Scenario 1:Consumer recorder / player or PC image processing application has an embedded “tamperproof” detector
Scenario 2:Access to on-line watermark detector, e.g. internet service
Correlator detector
SuspectVideo
X
Reference watermark
Accumulator Comparator
DetectionThreshold
Decision Variable
Note the step-wise transition if the watermark is just strong enough
Sensitivity AttackHow to ... remove a watermark in N steps
• Take a watermarked image• Take an unmarked image• Combine these images, until the detector is just below
threshold of making decision “present”.• Now experiment pixel by pixel to see how the detector
responds. This fully reveals the detector’s sensitivity toparticular pixels.• Subtract the pattern of pixel sensitivities• Iterate if you suspect that the detector is non-linear.
• Key assumption:
Attacker has a black-box device thatdetects whether a watermark is present.
Sensitivity AttackAbstract Mathematical Interpretation
original p watermarked q
0
q0: test image at detection threshold
w: watermark
Watermark not presentWatermark present
Set of images that look simiar to p
Space of all possible images
random nonmarkedimage
Countermeasure against Sensitivity Attack
SuspectVideo
Reference watermarkAccumulator Comparator
Decision Variable
X y=R(q)
y thr
Pro
ba
bili
ty
De
cisi
on
=“P
rese
nt ”
yythr
1
0
y1 y2
qw
D
Countermeasure against Sensitivity Attack
SuspectVideo
Reference watermarkAccumulator
Random number generator
ComparatorDecision Variable
•Randomization of the transition point is required to restrictinformation leakage•Information theoretic bounds are achieved for preservingwatermark confidentiality.
X +
Pro
bab
ility
De
cisi
on
=“
Pre
sen
t ”
y
y0=R(q0)
1
0
y1
y2
p0
Statistical Analysis
Pro
bab
ility
De
cisi
on
=“
Pre
sen
t ”
y yi,j =R(q
0 +tj +
j )
1
0
y1
y2
p0
y 0,j=R(q 0
+ j)
pj
Sophisticating the Attack
y
pj = p0 + y p’(y)
pj = p0 + y p’(y) if R(tj) = +1
Probability of response D = 1
can be measured by repeated experiments
How much information leaks?
• Initially, the entropy of a watermark pixel H(w(n0)) = 1
• Mutual information I(DK;w(n0)) = H(DK) - H(DK|w(n0))
I(D1;w(n0)) = h(p0) - 1/2[h(p0+y p’(y))+ h(p0-y p’(y)) ]
Here, we use
with
We arrive at the differential equation
Require the leakage I to be constant over [y1, y2]
y
p(y)
y1
original pwatermarked q
• Transformed copies of the watermarked image (red area) must trigger the detector (with P < Pmd)• Transformed version of the unmarked original (blue area) may not trigger the detector (with P < Pfa)
Why are most “robust” systems vulnerable?
Conclusions
• Concept protection is critical in an economy that more and
more relies on knowledge
• Watermarks have interesting applications
• Security features are different from cryptography