André Adelsbach

Zero-Knowledge Watermark Detection and Proof of Ownership

The goal of zero-knowledge watermark detection is to allow a prover to soundly convince a verifier of the presence of a watermark in certain stego-data without revealing any information which the verifier can use to remove the watermark. Existing proposals do not achieve this goal in terms of definition (not formally zero-knowledge), security (unproven) and coverage (handle only blind watermark detection).In this paper we define zero-knowledge watermark detection precisely. We then propose efficient and provably secure zero-knowledge protocols for blind and non-blind versions of a well-known class of watermarking schemes. Using these protocols the security and efficiency of many watermark based applications can be significantly improved.As an example of use we propose concrete protocols for direct proof of ownership which enable offline ownership proofs, i.e., copyright holders can prove their rightful ownership to anyone without involving a trusted third party in the actual proof protocol.

Proving Ownership of Digital Content

Protection of digital property has become crucial in the widespread and rapidly growing use of digital media. Making the misuse of copyrighted works detectable, and thus deterring people from misuse, is the most promising measure currently known. To achieve this, most proposals apply watermarking techniques and focus on resolving the ownership in disputes which may arise after a misuse has been detected. Here a trusted third party (judge) compares the ownership claims of disputing parties. However, this does not necessarily imply determining the rightful owner, since she might not be participating in the dispute. Moreover, in contrast to disputes, one is in practice often confronted with only a single claim of ownership, e.g., in electronic market places where buyers intend to purchase digital items from someone claiming to be the rightful copyright holder. Proof of ownership is highly desirable in such situations because on the one hand, the buyers are ensured not to buy digital items from fake copyright holders and on the other hand, the copyright holders are protected against unauthorized reselling of their digital works.

Watermarking schemes provably secure against copy and ambiguity attacks

Protocol attacks against watermarking schemes pose a threat to modern digital rights management systems; for example, a successful attack may allow to copy a watermark between two digital objects or to forge a valid watermark. Such attacks enable a traitor to hinder a dispute resolving process or accuse an innocent party of a copyright infringement. Secure DRM systems based on watermarks must therefore prevent such protocol attacks. In this paper we introduce a formal framework that enables us to assert rigorously the security of watermarks against protocol attacks. Furthermore, we show how watermarking schemes can be secured against some protocol attacks by using a cryptographic signature of a trusted third party.

Fingercasting-joint fingerprinting and decryption of broadcast messages

We propose a stream cipher that provides confidentiality, traceability and renewability in the context of broadcast encryption. We prove it to be as secure as the generic pseudo-random sequence on which it operates. This encryption scheme, termed fingercasting scheme, achieves joint decryption and fingerprinting of broadcast messages in such a way that an adversary cannot separate both operations or prevent them from happening simultaneously. The scheme is a combination of a broadcast encryption scheme, a fingerprinting scheme and an encryption scheme inspired by the Chameleon cipher. It is the first to provide a formal security proof and a non-constant lower bound for resistance against collusion of malicious users i.e., a minimum number of content copies needed to remove all fingerprints. The scheme is efficient and includes parameters that allow, for example, to trade-off storage size for computation cost at the receiving end.

Watermark detection with zero-knowledge disclosure

Abstract.Watermarking schemes embed information imperceptibly in digital objects and are proposed as primitives in various copyright protection applications, such as proofs of authorship, dispute resolving protocols or fingerprinting. In many applications, the presence of watermarks must be provable to any possibly dishonest party. Traditionally, watermark detection requires knowledge of sensitive information like the watermark or the embedding key. This is a major security risk, since this information is in most cases sufficient to remove the watermark and to defeat the goal of copyright protection. Zero-knowledge watermark detection is a promising approach to overcome security issues during the process of watermark detection: cryptographic techniques are used to prove that a watermark is detectable in certain data, without jeopardizing the watermark. This paper presents a formal definition of zero-knowledge watermark detection, discusses zero-knowledge watermark detection protocols and compares their properties.

Visual spoofing of SSL protected web sites and effective countermeasures

Today the standard means for secure transactions in the World Wide Web (WWW) are the SSL/TLS protocols, which provide secure (i.e., private and authentic) channels between browsers and servers. As protocols SSL/TLS are considered secure. However, SSL/TLSs protection ends at the “transport/session layer” and it is up to the application (here web browsers) to preserve the security offered by SSL/TLS. In this paper we provide evidence that most web browsers have severe weaknesses in the browser-to-user communication (graphical user interface), which attackers can exploit to fool users about the presence of a secure SSL/TLS connection and make them disclose secrets to attackers. These attacks, known as “Visual Spoofing”, imitate certain parts of the browsers user interface, pretending that users communicate securely with the desired service, while actually communicating with the attacker. Therefore, most SSL/TLS protected web applications can not be considered secure, due to deficiencies in browsers user interfaces. Furthermore, we characterise Visual Spoofing attacks and discuss why they still affect todays WWW browsers. Finally, we introduce practical remedies, which effectively prevent these attacks and which can easily be included in current browsers or (personal) firewalls to preserve SSL/TLSs security in web applications.

Overcoming the obstacles of zero-knowledge watermark detection

Standard watermarking schemes suffer from a major problem: They require to reveal security critical information to potentially untrusted parties, when proving the presence of a watermark to these parties. Zero-knowledge watermark detection is a promising means to overcome this problem and to improve the security of digital watermarking schemes in the context of various applications: it allows to cryptographically conceal the information required for the detection of a watermark and to prove the presence of the hidden watermark by efficient zero-knowledge proof systems.However, concealing the watermark prevents the verifying party from performing additional checks on the watermark, e.g., on its probability distribution, which may be required for certain applications. This is a limitation in the use of zero-knowledge watermark detection and we present several strategies to overcome this issue.Furthermore, we propose concrete and practical protocols, which pursue two promising strategies: the first strategy is to prove in zero-knowledge that a concealed watermark suffices a certain desired distribution, whereas the second strategy is to interactively and verifiably generate watermarks that suffice the desired distribution.

On the Insecurity of Non-invertible Watermarking Schemes for Dispute Resolving

Robust watermarking is an important and powerful technology with several applications in the field of copyright protection. Watermarking schemes were proposed as primitives for dispute resolving schemes and direct proofs of authorship. However, it was shown that watermark-based dispute-resolving schemes are vulnerable to inversion attacks where an adversary exploits the invertibility property of the underlying watermarking scheme to lead the dispute-resolving mechanism to a deadlock. One of the proposed countermeasures is to make watermarking schemes “non-invertible” by incorporating cryptographic primitives, such as one-way functions, into the watermark embedding process. However, this solution ignores the fact that the security strongly depends on the false-positives probability of the underlying watermarking scheme, i.e., the probability to find a detectable watermark which has never been embedded into the considered content.

A computational model for watermark robustness

Multimedia security schemes often combine cryptographic schemes with information hiding techniques such as steganography or watermarking. Example applications are dispute resolving, proof of ownership, (asymmetric/anonymous) fingerprinting and zero-knowledge watermark detection. The need for formal security definitions of watermarking schemes is manifold, whereby the core need is to provide suitable abstractions to construct, analyse and prove the security of applications on top of watermarking schemes. Although there exist formal models and definitions for information-theoretic and computational security of cryptographic and steganographic schemes, they cannot simply be adapted to watermarking schemes due to the fundamental differences among these approaches. Moreover, the existing formal definitions for watermark security still suffer from conceptual deficiencies. In this paper we make the first essential steps towards an appropriate formal definition of watermark robustness, the core security property of watermarking schemes: We point out and discuss the shortcomings of the existing proposals and present a formal framework and corresponding definitions that cover those subtle aspects not considered in the existing literature. Our definitions provide suitable abstractions that are compatible to cryptographic definitions allowing security proofs of composed schemes.

Non-interactive watermark detection for a correlation-based watermarking scheme

Cryptographic techniques have been deployed to securely prove the presence of a watermark in stego-data without disclosing any security critical information to the detecting party. This paper presents a detailed practical construction and implementation results of a correlation-based non-blind watermarking scheme in the non-interactive zero-knowledge setting. We extensively describe the modifications and hurdles that had to be overcome to transform a well-known watermarking scheme – whose general detection principle is applied in many other known schemes – into a two-party setting where the critical detection input, i.e. the watermark vector and the original data is cryptographically concealed from the verifying party using a commitment scheme. Our prototype implementation is very efficient and is an evidence of the practical feasibility of zero-knowledge watermark detection.