Professional Documents
Culture Documents
Contents
• Motivation
• Goals
• Ways
• Authentication : Data Hiding (watermarking & Steganography), Digital
Fingerprint /signature
• Confidentiality : Encryption
• Integrity : hash (Digital Fingerprint /signature)
• Access Control :
• Non repudiation : third party
• Digital Rights Management (DRM).
I. Motivation
The recent growth of networked multimedia systems has increased
the need for the protection of digital media
Digital media
Audio
Video
Documents (including HTML documents) : email
Images
Graphic or Scene Models
Programs (executable code)
I. Motivation
• Electronic/digital media Record conditions :
1. Very easy to make copies : ???
2. Very fast distribution
3. Easy archiving and retrieval
4. Copies are as good as original : ???
5. Easily modifiable : ???
6. Environmental Friendly
I. Motivation
• Without such methods, placing images, audio or video sequences on a
public network puts them at risk of theft and alteration.
• Techniques are needed to prevent the copying, forgery and
unauthorized distribution of multimedia elements
• This is particularly important for the protection and enforcement of
intellectual property rights.
• Copyright protection involves the authentication of media ownership, and the
identification of illegal copies of the (possibly media.
II. Goals
Goals of Multimedia streams (Multimedia Security)
Secure communications
Secure delivery :
Copyright protection (originality)
Prevent forgery, illegal copying, illegal distribution (Integrity)
Tamper proofing,
Access control
visual encryption
Secure Internet/Network :
III. Ways (Approaches)
• Cryptography Techniques :
• Multimedia Authentication
• Multimedia Signature & Watermark
• Multimedia Confidentiality (Encryption)
• Multimedia Identifications and Access Control
• Multimedia Integrity
• Multimedia Non-repudiations
• Implemented into : Digital Right Management
• Watermarking, steganography, digital signature, fingerprint
3.1. Cryptography Techniques
1. Authentication: providing assurance of the identity of the multimedia data
sender (assure the credibility of multimedia content)
Primary tool: Digital signatures (data hiding : watermarking, steganography)
2. Confidentiality: protecting multimedia data from unauthorized disclosure
(Secure content transmission privacy)
Primary tool: Encryption (DES, AES, RSA, Diffie Hellman, ….., )
3. Integrity: providing assurance that multimedia data has not been altered in
an unauthorized way (Assurance that data received is as sent)
Primary tool: Hashing
4. Access Control
Prevention of unauthorized use of a resource (Protect multimedia data from illegal
distribution and theft)
5.Non-repudiation: preventing a party from denying a previous action.
(Protection against denial by the parties in a communication)
Primary tool: Trusted third party service
3.1.1. Authentication
Authentication techniques :
Passive Authentication
Three Image tampering (Enhancing, Compositing,
Copy/Move)
Active Authentication
Data Hiding :
Watermarking (Embedding techniques, Application,
Types (Visible&Invisible), Alliance Member
Steganography
Digital Signature/Digital Fingerprint
3.1.1.1. Passive Authentication
Does not rely of presence of watermark or
fingerprint.
Identify media tampering methods.
Example : Three image tampering
(enhancing, compositing & copy/move)
a. Three Image Tampering
• There are three main categories of image tampering:
• Enhancing
• Compositing
• Copy/Move
1. Enhancing
• Changing the color of objects
• Changing the weather conditions
• Blurring out objects
2. Compositing
Combining two or
more images to create
a new image.
Original
data
Embedding Extraction
function Channel
function
Original Watermarked
Information Information
a. Embedding Techniques
Spatial domain
Watermark embedded by directly modifying the single pixel of an image
Usually use spread spectrum approach.
Where fi is the original image, gi is the modified image and Tp (.) is the spatial
operator defined in a neighborhood p of a given pixel.
Example : Using LSB insertion
Frequency domain
Frequency domain are operated on frequency of an image.
Content ID
Multimedia access
Streaming audio
Music
Multimedia
Bookmarking DOWNLOA
D
Ring tones
Buy tickets
Reviews
Tour dates
Samples
Band info
b3. Filtering & Classification
Copyrighte Access
d Legitimate
Copy or
Content Non-Copyrighted
License
Filter
• Filtering can occur at the whole content level and/or at a more granular
level identifying copyrighted, sensitive and/or questionable material for
the given audience
• May be key element of identifying copyrighted content to support
legitimate P2P distribution
c. Types of Watermark
Visible
A visible information which is overlaid on the primary
media
Invisible
The information which cannot be seen, but which can be
detected algorithmically
c1. Visible Watermark
Encrypt
Encrypted
Data
Data
Steganogram
Carrier
Media
Application
• Basic functionality
• Processes
• Asymmetric encryption
• Certification
• User’s realisation
A. Basic Functionality
Digital Fingerprinting is an emerging technology to
protect multimedia from unauthorized redistribution.
It embeds a unique ID into each user's copy, which can
be extracted to help identify culprits when an
unauthorized leak is found, that identifies the
originator of a document.
It utilizes asymmetric encryption, where one key
(private key) is used to create the signature code and
a different but related key (public key) is used to
verify it.
A. Basic Functionality
• A powerful, cost-effective attack is the collusion attack from a group of
users,
• where the users combine their copies of the same
content but with different fingerprints to generate
a new version.
• If designed improperly, the fingerprints can be attenuated or even
removed by the collusion attack.
B. Processes
Calculated
Message Hash
Hash
COMPARE OK
Signatures
verified
SIGN hash Hash
With Sender’s
Private key
Decrypt
Signature
With Sender’s
Sender Receiver Public Key
Hash function :
algorithm which creates a digital representation in the
form of a hash result of a standard length which is
usually much smaller than the message but substantially
unique to it
B. Processes
Generally :
Each individual generates his own key pair
a pair of keys, namely a private key and a public key
[Public key known to everyone & Private key only to the
owner]
Private Key – Used for making digital signature (ie. has to be
saved, e.g. using a chip card with a PIN )
Public Key – Used to verify the digital signature
Public key can be accessible for everyone,
but its owner’s identity has to be identifiable without problems to
guarantee authentication (certificate)
Not possible to generate the Private key by knowing
someone’s Public key
RSA Key pair
(including Algorithm identifier)
[2048 bit]
Private Key
3082 010a 0282 0101 00b1 d311 e079 5543 0708 4ccb 0542 00e2 0d83 463d e493
bab6 06d3 0d59 bd3e c1ce 4367 018a 21a8 efbc ccd0 a2cc b055 9653 8466 0500
da44 4980 d854 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc
185e 47bc 3ab1 463d 1ef0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7
8a83 0ea1 4cb4 3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824
1a25 193a eb95 9c39 0a8a cf42 b2f0 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93
a9d3 7b77 3ceb 7103 a938 4a16 6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10
f82e 6135 c629 4c2a d02a 63d1 6559 b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a
54fb ff78 41bc bd71 28f4 bb90 bcff 9634 04e3 459e a146 2840 8102 0301 0001
Public Key
3082 01e4 f267 0142 0f61 dd12 e089 5547 0f08 4ccb 0542 00e2 0d83 463d e493
bab6 0673 0d59 bf3e c1ce 4367 012a 11a8 efbc ccd0 a2cc b055 9653 8466 0500
da44 4980 d8b4 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc
185e 47bc 3ab1 463d 1df0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7
8a83 0ea1 4cb4 3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824
1a25 193a eb95 9c39 0a8a cf42 b250 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93
a9d3 7b77 3ceb 7103 a938 4a16 6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10
f82e 6135 c629 4c2a d02a 63d1 6559 b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a
54fb ff78 41bc bd71 28f4 bb90 bcff 9634 04de 45de af46 2240 8410 02f1 0001
B. Processes
Digital signature creation (Sender Side) :
Generating message’s digest (hash result) and a given
private key
Result of the encryption: digital signature
Sender send :
Message with digital signature and certificate to receiver
Message
To Verifier
Hash
Hash Result
Message Function
From Signer
Digital Verify
Function Valid Y/N?
Signature
Signer Authentication :
A signature should indicate who signed a document, message or record,
and should be difficult for another person to produce without
authorization.
Message Authentication:
The digital signature also identifies the signed message, typically with far
greater certainty and precision than paper signatures. Verification reveals
any tampering, since the comparison of the hash results
Affirmation Act :
Signatures are legally binding
Efficiency :
Allows for automation of modern Electronic Data Interchange (EDI).
D. Advantages of Digital Signatures
• Data integrity
• Digital signatures provide proof that the document or message has not been
altered or tampered with.
• Authentication of Identities
• Digital signatures make it easier to verify the identity of senders and
recipient.
• Concept of non-repudiation
• This means that neither the sender nor the recipient can deny having sent or
received the document.
• Includes an automatic date and time stamp, which is critical in business
transactions.
• Increase the speed and accuracy of transactions
E. Disadvantages of Digital Signatures
Technological Compatibility
Refers to standards and the ability of one digital
signature system to "talk" to another. It is difficult to
develop standards across a wide user base.
Security Concerns
These efforts are perpetually hampered by lost or
borrowed passwords, theft and tampering, and
vulnerable storage and backup facilities.
Legal Issues
There is clear consensus that digital signatures
should be legally acceptable. However, many
questions remain unanswered in the legal arena
F. Challenges
Institutional overhead
The cost of establishing and utilizing certification
authorities, repositories, and other important
services, as well as assuring quality in the
performance of their functions.
Subscriber and relying Party Costs
A digital signature will require software, and will
probably have to pay a certification authority some
price to issue a certificate. Hardware to secure the
subscriber’s private key also be advisable.
G. Digital Signatures Example : Text
<Signed SigID=1>
Promissory Note
I, Mary Smith, promise to pay to the order of First Western Bank five
thousand dollars and no cents ($5,000) on or before June 10, 1998, with
interest at the rate of fifteen per cent (15%) per annum.
Mary Smith, Maker
• RSA
• RC4
• RC6
• IDEA
• PGP
• PEM
• Kerberos
B.Multimedia Encryption Approach
Signal scrambling
Historical approach
Not compatible with modern multimedia compression
Fast speed but low security
Total encryption with cryptographic ciphers
Trivial solution
High security but slow speed
Selective encryption
Most popular approach today
Limited in its range of application
Integrating encryption into entropy coding
Complementary to selective encryption
Very fast computation speed
Selective Encryption
Select the most important coefficients and then encrypt them
with traditional ciphers such as DES
Media Coefficient Cryptographic
Digitized Coefficients Selected
Compression
Audiovisual Cipher
System Selection Coefficients
data
Error
Non-selected
Correction
Coefficients
Coding
DRM tools
Identify the work, the right holder
Describe the content
Allow use according to the rules
3.2.3. DRM Technical Solution
CONDITIONAL ACCESS (CA) SYSTEMS FOR SATELLITE, CABLE AND TERRESTRIAL TELEVISION NETWORKS
DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEMS FOR THE INTERNET
COPY PROTECTION (CP) SYSTEMS FOR DIGITAL HOME NETWORKS
DVD PROTECTION
DIGITAL TAPE PROTECTION
DIGITAL INTERFACE PROTECTION
IP MULTICAST SECURITY
SECURE MULTICAST APPLICATIONS
CORE PROBLEM AREA IN MULTICAST SECURITY
EVALUATION CRITERIA
CLASSIFICATION OF KEY MANAGEMENT SCHEMES
PERIODIC BATCH REKEYING
WIRELESS NETWORKS AND MOBILE MEMBERS
TWO-TIER SERVER ARCHITECTURE
DESIGN CRITERIA
MOBILE MEMBER JOIN AND LEAVE
MOBILE MEMBER TRANSFER
SECURITY OF WIRELESS LANS
WIRED EQUIVALENT PRIVACY (WEP)
WHAT’S WRONG WITH WEP?
IMPROVEMENTS ON WEP
LEGAL SOLUTIONS
WORLD INTELLECTUAL PROPERTY ORGANIZATION (WIPO)
DIGITAL MILLENIUM COPYRIGHT ACT (DMCA) OF 1998
CONSUMER BROADBAND AND DIGITAL TELEVISION PROMOTION ACT (CBDTPA) OF 2002
CONSUMERS, SCHOOLS, AND LIBRARIES DIGITAL RIGHTS MANAGEMENT AWARENESS ACT OF 2003
3.2.3.1. Content Scrambling System (CSS)
One of the first and most widely contested DRM, used to encode DVD
movie files.
This system was developed by the DVD Consortium as a
tool to influence hardware manufacturers to produce only
systems which didn't include certain features.
By releasing the encryption key for CSS only to hardware
manufacturers who agreed not to include features such as
digital-out, which would allow a movie to be copied easily,
the DVD Consortium was essentially able to dictate
hardware policy for the DVD industry.
Very quickly after the CSS DRM was implemented, its
algorithm was broken.
3.2.3.2. DeCSS
Tools for making copies of CSS-encrypted movies and
playing them on systems that otherwise would not be
able to, such as some alternative operating systems.
The Digital Millennium Copyright Act in the United
States makes it illegal to use systems such as DeCSS to
bypass DRM limitations.
Similar acts have since been passed in many
countries.
Many advocates in the computer science world see
the DMCA as a major blow against creative freedom
because of its overly harsh restrictions.
3.2.3.3. Software Example
• Game consoles (Nintendo, Sony Playstation, …)
• Microsoft software (Genuine certificate verification)
• Trial use of a software for a limited period of time
• Online registration to activate the software