Embed Size (px)
DESCRIPTION
Information Hiding & Digital Watermarking. Tri Van Le. Outlines. Some history State of the art Research goals Possible approaches Research plan. Cryptography in the 80s. Beginning time of open research A lot of schemes proposed Most of them soon broken. Broken Cryptosystems (I). - PowerPoint PPT Presentation
Citation preview
Information Hiding&
Digital Watermarking
Tri Van Le
Outlines• Some history• State of the art• Research goals• Possible approaches• Research plan
Cryptography in the 80s• Beginning time of open research• A lot of schemes proposed• Most of them soon broken
Broken Cryptosystems (I)Merkle
Hellman1978-1984
IteratedKnapsack
1978-1984
Lu-Lee
1979-1980
MerlkeHellman
MerlkeHellman
Lu-Lee
AdigaShankar
1985-1988
AdigarShankar
Nieder-reiter
1986-1988
Neiderreiter
GoodmanMcAuly
1984-1988
GoodmanMcAuly
Pieprzyk
1985-1988
Pieprzyk
ChorRivest
1988-1998
ChorRivest
Okamoto
1986-1987
Okamoto
Okamoto
1987-1988
Okamoto
Broken Cryptosystems (II)Matsumoto
Imai1983-1984
Cade
1985-1986Yagisawa
1985-1986
MatsumotoImai
Cade Yasigawa
TMKIF1986-1985
Tsujii, ItohMatsumotoKurosama
Fujioka
LuccioMazzone
1980-1981
LuccioMazzone
KravitzReed
1982-1982
KravitzReed
RaoNam
1986-1988RaoNam
LowDegree
CG
1982
HighDegree
CG
1988
RivestAdleman
Dertouzos
1978-1987Rivest
AdlemanDertouzos
KrawczykBoyar
Broken Cryptosystems (III)Ong
Schnorr1983-1984
OngSchorr
OngSchnorrShamir
1984-1985Ong
SchorrShamir
OkamotoShiraishi
1985-1985
OkamotoShiraishi
Proven Secure Cryptosystems (I)
• Shannon’s work (1949)– Mathematical proof of security– Information theoretic secrecy
• Enemy with unlimited power– Can compute any desired function
Proven Secure Cryptosystems (II)
• Rabin (81), Goldwasser & Micali (82)– Mathematical proof of security– Computational secrecy
• Enemy with limited time and space– Can run in polynomial time– Can use polynomial space
Information Hiding(state of the art)
• Similar to that of cryptography in 80s– Many schemes were proposed– Most of them were broken
• Use heuristic security– Subjective measurements– Assume very specific enemy
Broken Schemes (I)Name Author(s) Pro-BroContraband Zimmerman 1996-1999Echo Hiding Gruhl et. Al. 1996-1998EIKONA Pitas 1996-1998EzStego Machado 1994-1999Fravia Fravia 1995-1999
Broken Schemes (II)Name Author(s) Pro/BroHide and Seek Latham 1998-1999J K_PGS Kutter & J ordan 1997-1998J Steg Korejwa 1998-1999NEC Method Cox et. Al. 1996-1998PGMStealth Rinne 1994-1999
Broken Schemes (III)Name Author(s) Pro/BroPictureMarc Rhoads 1997-1998Piilo Aura 1995-1999Snow Kwan 1996-1999Steganos Steganos GmbH 1996-1999Stegodos Wolf 1995-1999
Broken Schemes (IV)Name Author(s) Pro/BroS-Tools Brown 1995-1999SureSign Signum Tech 1997-1998SysCoP Koch & Zhao 1995-1998White noise storm Arachelian 1994/1999
Research Goals• Fundamental way
– Systematic research– Same as Shannon and Goldwasser’s
work• What have been done
– Covert channels– Anonymous communications
• What are the properties
Fundamental Models• Unconditional hiding
– Unlimited enemy• Statistical hiding
– Polynomial samples• Computational hiding
– Polynomial time
What have been done• Covert channels• Anonymous communications• Information hiding
– Steganography– Digital watermarking
Covert Channels• Leakage information (e.g. viruses)
– Disk space– CPU load
• Subliminal channels– Digital signatures– Encryption schemes– Cryptographic malwares
Covert Computations• Computation inside computations
– Secret design calculations inside a factoring computation
– Secret physics simulations inside a cryptographic software or devices
Anonymous Communications
• MIX Networks– Electronic voting– Anonymous communication
• Onion Routings– Limited anonymous communication
• Blind signatures– Digital cash
Information Hiding• Steganography
– Invisible inks– Small dots– Letters
• Digital watermarking– Common lossy compressions– Common signal processing operations
Information Hiding• Hiding property
– Output must look like the cover• Secrecy
– No partial information on input message
• Authenticity– Hard to compute valid output
Our Approaches• Arbitrary key
– Steganography, watermarking• Restricted key
– Protection of key materials• Key = Ciphertext
– Secret sharing
Research Plan• To understand information hiding
– Perfect hiding (done)• Necessary and sufficient conditions• Computational complexity results• Constructions of prefect secure schemes• Constructions of schemes with non-reliability
– Computational hiding (under research)• Conventional constructions• Public key schemes
Research Plan• Other aspects
– Replacing privacy by authenticity• Extra problem
– Robustness against modifications
Thank you• Questions?• More details?
Approaches• Arbitrary key distribution
– E: KM C– K: key space– M: message space– C: cover space
• Requires– E(k,m) is distributed accordingly to
Pcover
Approaches• Restricted key distribution
– c = E(k,m)– k is distributed accordingly to PK
– c is distributed accordingly to PCover
Approaches• Key = Ciphertext
– S: MCC– (k1,k2) = S(m)
• Requires– k1 and k2 distributed accordingly to
PCover
Models• Perfect hiding
– Pc = Pcover
– Ciphertext distributes exactly as Pcover
• Statistical Hiding– |Pc - Pcover| is a negligible function
• Negligible function– f(n)<n-d for all d>0 and n>Nd.
Models• Computational Hiding
– Pc and Pcover are P-time indistinguishable
– For all P-time P.T.M. M:Prob(M(Pc)=1) - Prob(M(Pcover)=1)
is negligible.
Examples• Quadratic residues
– n = pq– S1 = {x2 |x in Zn
*}– S2 = {x|x in Zn
* and J(x)=1}• Decision Diffie-Hellman
– U1 = (g, ga, gb, gab) mod p– U2 = (g, ga, gb, gr) mod p
