Your search keyword '"DATA encryption"' showing total 3,415 results

1. Longer Randomly Blinded RSA Keys May Be Weaker Than Shorter Ones.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, and Walter, Colin D.

Abstract

Side channel leakage from smart cards has been of concern since their inception and counter-measures are routinely employed. So a number of standard and reasonable assumptions are made here regarding an implementation of RSA in a cryptographic token which may be subjected to non-invasive side-channel cryptanalysis. These include blinding the re-usable secret key, input whitening, and using an exponentiation algorithm whose operation sequence partially obscures the key. The working hypothesis is that there is limited side channel leakage which only distinguishes very imprecisely between squarings and multiplications. For this typical situation, a method is described for recovering the private exponent, and, realistically, it does not require an excessive number of traces. It just requires the modulus to be public and the public exponent not to be too large. The attack is computationally feasible unless parameters are appropriately adjusted. It reveals that longer keys are much more vulnerable than shorter ones unless blinding is proportional to key length. A further key conclusion is that designers must assume that the information theoretic level of leakage from smart cards can be transformed into usable key information by adversaries whatever counter-measures are put in place. [ABSTRACT FROM AUTHOR]

Published

2008

2. Authorization Constraints Specification of RBAC.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Lilong Han, and Qingtan Liu

Abstract

Constraints are an important aspect of role-based access control (RBAC) and are often regarded as one of the principle motivations behind RBAC. Although the importance of the constraints in RBAC has been recognized for a long time, they have not received much attention. In this article, we introduce an intuitive formal language for specifying role-based authorization constraints named RCL2000 including its basic elements, syntax and semantics. We show how previously identified role-based authorization constraints such as separation of duty (SOD) can be expressed in this language, and that there are other significant SOD properties that have not been previously identified in the literature. Our work indicates that there are many alternate formulations of even the simplest SOD properties, with varying degree of flexibility and assurance. So this language provides us a rigorous foundation for systematic study of role-based authorization constraints. [ABSTRACT FROM AUTHOR]

Published

2008

3. A Compositional Multiple Policies Operating System Security Model.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Lei Xia, and Wei Huang

Abstract

Multilevel security policies aim at only confidentiality assurance, with less consideration on integrity assurance and weakness in expressing channel control policies. Besides, the trusted subjects it introduces to handle the information flow "downgrade" have many security flaws. Moreover, increasing diversity of the computing environments results in various security requirements. However, current mainstream security models are aiming at only one or few requirements of them each. The Multi-Policy Views Security Model is presented, which is based on the MLS model, combining the domain and role attributes to the model, to enforce the expression power in channel control policies, make permission management more fine-grained and enhance the ability of confining the permission of the trusted subjects. Moreover, MPVSM has integrated the properties and functions of MLS, Domain-Type and Role Based models into one unified model. It is able to enforce multi-policy views in operating system in a flexible way. [ABSTRACT FROM AUTHOR]

Published

2008

4. Dynamic Access Control Research for Inter-operation in Multi-domain Environment Based on Risk.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Zhuo Tang, and Ruixuan Li

Abstract

For the complexity of the multi-domain environment and the ceaseless evolvement of the information secure sharing, the traditional access control method can not ensure the absolute security for the exchange of data resources. Through introducing the concept of risk, this paper proposes a dynamic access control model for multi-domain environment based on risk of inter-operations. The risk rank of an access policy can be calculated by the history of the inter-operations among domains, the security degree of the objects and the safety factor of the access events. Through adjusting the access policies which be considered the high risk, the risk in the system can be controlled in real time. The security analysis shows that this method can reinforce the facility of the access control and the security of the multi-domain environment. [ABSTRACT FROM AUTHOR]

Published

2008

5. On the Security of a Popular Web Submission and Review Software (WSaR) for Cryptology Conferences.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Swee-Won Lo, and Phan, Raphael C. -W.

Abstract

Most, if not all, conferences use an online system to handle paper submissions and reviews. Introduction of these systems has significantly facilitated the administration, submission and review process compared to traditional paper-based ones. However, it is crucial that these systems have strong resistance against Web attacks as they involve confidential data and privacy. Some submissions could be leading edge breakthroughs that authors do not wish to leak out and be subtly plagiarized. Also, security of the employed system will attract more submissions to conferences that use it and gives confidence of the quality that the conferences uphold. In this paper, we analyze the security of the Web-Submission-and-Review (WSaR) software - latest version 0.53 beta at the time of writing; developed by Shai Halevi from IBM Research. WSaR is currently in use by top cryptology and security-related conferences including Eurocrypt 2007 & 2008, Crypto 2007, and Asiacrypt 2007, annually sponsored by the International Association for Cryptologic Research (IACR). We present detailed analysis on WSaR's security features. In particular, we first discuss the desirable security features that are designed into WSaR and what attacks these features defend against. Then, we discuss how some untreated security issues may lead to problems, and we show how to enhance WSaR security features to take these issues into consideration. Our results are the first known careful analysis of WSaR, or any type of online submission system for that matter. [ABSTRACT FROM AUTHOR]

Published

2008

6. ICRep: An Incentive Compatible Reputation Mechanism for P2P Systems.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Junsheng Chang, and Huaimin Wang

Abstract

In peer-to-peer (P2P) systems, peers often must interact with unknown or unfamiliar peers without the benefit of trusted third parties or authorities to mediate the interactions. Trust management through reputation mechanism to facilitate such interactions is recognized as an important element of P2P systems. It is, however, faced by the problems of how to stimulate reputation information sharing and honest recommendation elicitation. This paper presents ICRep ( an incentive compatible reputation mechanism for P2P systems. ICRep has two unique features: (i) a recommender's credibility and level of confidence about the recommendation is considered in order to achieve a more accurate calculation of reputations and fair evaluation of recommendations. (ii) Incentive for participation and honest recommendation is implemented through a fair differential service mechanism. It relies on peer's level of participation and on the recommendation credibility. Theoretic analysis and simulation show that ICRep can help peers effectively detect dishonest recommendations in a variety of scenarios where more complex malicious strategies are introduced. Moreover, it can also stimulate peers to send sufficiently honest recommendations. [ABSTRACT FROM AUTHOR]

Published

2008

7. Optimizing Quality Levels and Development Costs for Developing an Integrated Information Security System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Myeonggil Choi, and Sangmun Shin

Abstract

Increased Internet threats make many kinds of information security systems performing various functions, which can often be combined into functions of an integrated information security system. To load various functions to an integration information system, much development resources should be invested to a development life cycles. The constraints of development resources force developers not to achieve a balanced quality of the system. To attain the specified quality of the system within the given development resources, the relative weights among quality factors of the system on a development life cycle should be measured and a balance between the levels of quality and development costs should be optimized, simultaneously. This paper suggests the relative weights of the quality factors influencing operations of the system, and shows an optimal solution for the quality levels and development costs using desirability function (DF). For optimization, this paper employs AHP as multiple criteria decision making (MCDM) technique and DF. [ABSTRACT FROM AUTHOR]

Published

2008

8. Risk & Distortion Based K-Anonymity.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Shenkun Xu, and Xiaojun Ye

Abstract

Current optimizations for K-Anonymity pursue reduction of data distortion unilaterally, and rarely evaluate disclosure risk during process of anonymization. We propose an optimal K-Anonymity algorithm in which the balance of risk & distortion $\left(RD\right)$ can be equilibrated at each anonymity stage: we first construct a generalization space $\left(GS\right)$, then, we use the probability and entropy metric to measure RD for each node in GS, and finally we introduce releaser's RD preference to decide an optimal anonymity path. Our algorithm adequately considers the dual-impact on RD and obtains an optimal anonymity with satisfaction of releaser. The efficiency of our algorithm will be evaluated by extensive experiments. [ABSTRACT FROM AUTHOR]

Published

2008

9. Provably Secure Countermeasure Resistant to Several Types of Power Attack for ECC.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, JaeCheol Ha, and JeaHoon Park

Abstract

Recently, it has been shown that some cryptographic devices, such as smart card, RFID and USB token, are vulnerable to the power attacks if they have no defence against them. With the introduction of new types of power analysis attack on elliptic curve cryptosystem (ECC) which is implemented in these secure devices, most existing countermeasures against differential power analysis (DPA) are now vulnerable to new power attacks, such as a doubling attack (DA), refined power analysis attack (RPA), and zero-value point attack (ZPA). Mamiya et al. recently proposed a countermeasure (so-called BRIP) against the DPA, RPA, ZPA, and simple power analysis (SPA) by introducing a random initial value. Yet, the BRIP was also shown to be vulnerable to the address-bit DPA by Itoh et al. and the 2-torsion attack by Yen et al.. Accordingly, this paper proposes a secure countermeasure based on a message-blinding technique. A security analysis demonstrates that the proposed countermeasure is secure against most existing power attacks with just a few additional registers. [ABSTRACT FROM AUTHOR]

Published

2008

10. Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, McEvoy, Robert, and Tunstall, Michael

Abstract

The HMAC algorithm is widely used to provide authentication and message integrity to digital communications. However, if the HMAC algorithm is implemented in embedded hardware, it is vulnerable to side-channel attacks. In this paper, we describe a DPA attack strategy for the HMAC algorithm, based on the SHA-2 hash function family. Using an implementation on a commercial FPGA board, we show that such attacks are practical in reality. In addition, we present a masked implementation of the algorithm, which is designed to counteract first-order DPA attacks. [ABSTRACT FROM AUTHOR]

Published

2008

11. A Generic Method for Secure SBox Implementation.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Prouff, Emmanuel, and Rivain, Matthieu

Abstract

Cryptographic algorithms embedded in low resource devices are vulnerable to side channel attacks. Since their introduction in 1996, the effectiveness of these attacks has been highly improved and many countermeasures have been invalidated. It was especially true for countermeasures whose security was based on heuristics and experiments. Consequently, there is not only a need for designing new and various countermeasures, but it is also necessary to prove the security of the new proposals in formal models. In this paper we provide a simple method for securing the software implementation of functions called SBoxes that are widely used in symmetric cryptosystems. The main advantage of the proposed solution is that it does not require any RAM allocation. We analyze its efficiency and we compare it with other well-known countermeasures. Moreover, we use a recently introduced proof-of-security framework to demonstrate the resistance of our countermeasure from the viewpoint of Differential Power Analysis. Finally, we apply our method to protect the AES implementation and we show that the performances are suitable for practical implementations. [ABSTRACT FROM AUTHOR]

Published

2008

12. Security Analysis of MISTY1.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Tanaka, Hidema, and Hatano, Yasuo

Abstract

We analyze 64-bit block cipher MISTY1 from several standpoints. Our analysis consists of two algorithms based on the higher order differential property of the S-box. The first succeeds in attacking a six round MISTY1 provided 218.9 chosen plaintexts and 280.9 computational cost. The second succeeds in attacking a seven round MISTY1 with no FL functions by controlling the value of the fixed part of the plaintext and using a 2-round elimination method provided 211.9 chosen plaintexts and 2125.1 computational cost. Both algorithms exceeds the existing attack algorithms against MISTY1 and give new perspectives for the security of MISTY1. [ABSTRACT FROM AUTHOR]

Published

2008

13. Efficient Implementation of the Pairing on Mobilephones Using BREW.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Yoshitomi, Motoi, and Takagi, Tsuyoshi

Abstract

Pairing based cryptography can accomplish novel security applications such as ID-based cryptosystems, which have not been constructed efficiently without the pairing. The processing speed of the pairing based cryptography is relatively slow compared with the other conventional public key cryptography. However, several efficient algorithms for computing the pairing have been proposed, namely Duursma-Lee algorithm and its variant ηT pairing. In this paper, we present an efficient implementation of the pairing over some mobilephones, and examine the feasibility of the pairing based cryptosystems on ubiquitous devices. Indeed the processing speed of our implementation in ARM9 processors on BREW achieves under 100 milliseconds using the supersingular curve over $\mathbb F_{3^{97}}$. It has become fast enough for implementing security applications using the pairing on mobilephones. [ABSTRACT FROM AUTHOR]

Published

2008

14. Breaking 104 Bit WEP in Less Than 60 Seconds.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Tews, Erik, and Weinmann, Ralf-Philipp

Abstract

We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less than 40,000 frames with a success probability of 50%. In order to succeed in 95% of all cases, 85,000 packets are needed. The IV of these packets can be randomly chosen. This is an improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. The required computational effort is approximately 220 RC4 key setups, which on current desktop and laptop CPUs is negligible. [ABSTRACT FROM AUTHOR]

Published

2008

15. Comparative Studies in Key Disagreement Correction Process on Wireless Key Agreement System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Hashimoto, Toru, and Itoh, Takashi

Abstract

This paper describes the comparison of the error-correcting codes that is adopted by the key disagreement correction process about wireless key agreement system called ESPARSKEY that is expected to achieve information-theoretic security. This system consists of AP with a variable directional antenna, that is, an ESPAR antenna, and UT with an omni-directional antenna. We employ conditional mutual information as the evaluation index. From experimental evaluation results, we clarified that the best way is adopting BCH(31,16,7) with table-aided soft-decision decoding as the key disagreement process where one eavesdropper exists more than 40cm from UT. After adopting this error-correcting code, we should transact 200 wireless packets between the nodes to share a 128-bit unguessable key against an eavesdropper. [ABSTRACT FROM AUTHOR]

Published

2008

16. Detecting Motifs in System Call Sequences.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Wilson, William O., and Feyereisl, Jan

Abstract

The search for patterns or motifs in data represents an area of key interest to many researchers. In this paper we present the Motif Tracking Algorithm, a novel immune inspired pattern identification tool that is able to identify unknown motifs which repeat within time series data. The power of the algorithm is derived from its use of a small number of parameters with minimal assumptions. The algorithm searches from a completely neutral perspective that is independent of the data being analysed and the underlying motifs. In this paper the motif tracking algorithm is applied to the search for patterns within sequences of low level system calls between the Linux kernel and the operating system's user space. The MTA is able to compress data found in large system call data sets to a limited number of motifs which summarise that data. The motifs provide a resource from which a profile of executed processes can be built. The potential for these profiles and new implications for security research are highlighted. A higher level system call language for measuring similarity between patterns of such calls is also suggested. [ABSTRACT FROM AUTHOR]

Published

2008

17. An Architecture Providing Virtualization-Based Protection Mechanisms Against Insider Attacks.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Stumpf, Frederic, and Röder, Patrick

Abstract

Insider attacks are very powerful and are relevant in many scenarios, such as grid computing, corporate computing on home computers and electronic commerce of digital content. We present an example scenario to illustrate these attacks and perform a threat analysis to extract requirements for preventing insider attacks. We believe that these requirements are also representative of other scenarios. We develop a four layered protection architecture by using virtualization techniques based on these requirements. Therefore, the proposed architecture prevents insider attacks in scenarios with similar requirements as well. [ABSTRACT FROM AUTHOR]

Published

2008

18. Windows Vault: Prevention of Virus Infection and Secret Leakage with Secure OS and Virtual Machine.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Sameshima, Yoshiki, and Saisho, Hideaki

Abstract

We present an integrated system of two Windows workstations; while the first workstation is prepared to process secret information, the second is for non-secret which may contain computer virus, and the two workstations are integrated into a PC with secure OS, virtual machine and gateways. Since the two workstations are virtually separated at the physical level, the first workstation is not infected by virus, nor is secret leaked out to the Internet, even if the second is infected by unknown virus. Comparing previous work which realizes complete data isolation for intelligence community, user of the proposed system can import data securely from the second workstation to the first through security guaranteed channel between the two workstations. The user can also read e-mail from the Internet on the first without fear of virus infection, and as a result the user does not need to be aware that she/he uses the two workstations. [ABSTRACT FROM AUTHOR]

Published

2008

19. A Compact Architecture for Montgomery Elliptic Curve Scalar Multiplication Processor.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Yong Ki Lee, and Verbauwhede, Ingrid

Abstract

We propose a compact architecture of a Montgomery elliptic curve scalar multiplier in a projective coordinate system over GF(2m). To minimize the gate area of the architecture, we use the common Z projective coordinate system where a common Z value is kept for two elliptic curve points during the calculations, which results in one register reduction. In addition, by reusing the registers we are able to reduce two more registers. Therefore, we reduce the number of registers required for elliptic curve processor from 9 to 6 (a 33%). Moreover, a unidirectional circular shift register file reduces the complexity of the register file, resulting in a further 17% reduction of total gate area in our design. As a result, the total gate area is 13.2k gates with 314k cycles which is the smallest compared to the previous works. [ABSTRACT FROM AUTHOR]

Published

2008

20. Iteration Bound Analysis and Throughput Optimum Architecture of SHA-256 (384,512) for Hardware Implementations.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Yong Ki Lee, and Herwin Chan

Abstract

The hash algorithm forms the basis of many popular cryptographic protocols and it is therefore important to find throughput optimal implementations. Though there have been numerous published papers proposing high throughput architectures, none of them have claimed to be optimal. In this paper, we perform iteration bound analysis on the SHA2 family of hash algorithms. Using this technique, we are able to both calculate the theoretical maximum throughput and determine the architecture that achieves this throughput. In addition to providing the throughput optimal architecture for SHA2, the techniques presented can also be used to analyze and design optimal architectures for some other iterative hash algorithms. [ABSTRACT FROM AUTHOR]

Published

2008

21. Geometrically Invariant Image Watermarking in the DWT Domain.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Shijun Xiang, and Hyoung-Joong Kim

Abstract

Watermark resistance to both geometric attacks and lossy compressions is a fundamental issue in the image watermarking community. In this paper, we propose a DWT (Discrete Wavelet Transform) based watermarking scheme for such a challenging problem. Watermark resistance to geometric deformations is achieved by using the invariance of the histogram shape. In both theoretical analysis and experimental way, we show that the invariance can be extended to the DWT domain thanks to the time-frequency localization property of DWT. Consequently, we achieve the goal to embed a geometrically invariant watermark into the low-frequency sub-band of DWT in such a way that the watermark is not only invariant to various geometric transforms, but also robust to common image processing operations. Extensive simulation results demonstrate the superiority of the proposed watermark strategy due to the use of the histogram shape invariance combined with the DWT technique. [ABSTRACT FROM AUTHOR]

Published

2008

22. Traffic Analysis Attacks on a Continuously-Observable Steganographic File System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Troncoso, Carmela

Abstract

A continuously-observable steganographic file system allows to remotely store user files on a raw storage device; the security goal is to offer plausible deniability even when the raw storage device is continuously monitored by an attacker. Zhou, Pang and Tan have proposed such a system in [7] with a claim of provable security against traffic analysis. In this paper, we disprove their claims by presenting traffic analysis attacks on the file update algorithm of Zhou et al. Our attacks are highly effective in detecting file updates and revealing the existence and location of files. For multi-block files, we show that two updates are sufficient to discover the file. One-block files accessed a sufficient number of times can also be revealed. Our results suggest that simple randomization techniques are not sufficient to protect steganographic file systems from traffic analysis attacks. [ABSTRACT FROM AUTHOR]

Published

2008

23. Implementation of LSM-Based RBAC Module for Embedded System.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Jae-Deok Lim, and Sung-Kyong Un

Abstract

Security requirements of the embedded system which were not considered when the embedded system is independently deployed are being increased because the embedded system is connected to an internet. Accordingly, the coverage of the system security is being expanded from the general server to the embedded system. And it is not enough that the embedded system supports only its inherent functions and it becomes the essential element to provide the security function to the embedded system. This paper implements the Role Based Access Control(RBAC) module which is designed using the Linux Security Module(LSM) for the embedded system. RBAC allows security management to be administrated easily and LSM is a lightweight, general purpose, access control framework for mainstream Linux kernel that enables many different access control models. The combination of RABC and LSM properties is very suitable for one of security solutions of embedded system because of the simplicity and flexibility of RBAC and a lightweight loadable mechanism of LSM. And we show the performance of our implementation that has very small overhead for the intended processing and is acceptable. [ABSTRACT FROM AUTHOR]

Published

2008

24. Implementation of BioAPI Conformance Test Suite Using BSP Testing Model.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Jihyeon Jang, and Elliott, Stephen J.

Abstract

The purpose of this paper is to design a Conformance Test Suite(CTS) for BSPs(Biometric Service Provider) based upon the BioAPI (Biometric Application Programming Interface) v2.0, an international standard by ISO/IEC JTC1/SC37. The proposed BioAPI CTS enables users to test BSPs without depending on various frameworks. In this paper, a test scheduling tool has been embodied in order to use Test Assertion with XML. In order to demonstrate the performance of the CTS, the experiment was performed using both commercial fingerprint verification and identification BSPs. The developed CTS will be installed at Korean National Biometrics Test Center and used to test whether commercial biometrics products are compliant to BioAPI. [ABSTRACT FROM AUTHOR]

Published

2008

25. Information Hiding in Software with Mixed Boolean-Arithmetic Transforms.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Yongxin Zhou, and Main, Alec

Abstract

As increasingly powerful software analysis and attack tools arise, we need increasingly potent software protections. We generate an unlimited supply of obscuring transforms via mixed-mode computation over Boolean-arithmetic (mba) algebras corresponding to real-world functions and data. Such transforms resist reverse engineering with existing advanced tools and create np-hard problems for the attacker. We discuss broad uses and concrete applications to aacs key hiding and software watermarking. [ABSTRACT FROM AUTHOR]

Published

2008

26. Secret Signatures: How to Achieve Business Privacy Efficiently?

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Byoungcheon Lee, and Choo, Kim-Kwang Raymond

Abstract

Digital signatures provide authentication and non-repudiation in a public way in the sense that anyone can verify the validity of a digital signature using the corresponding public key. In this paper, we consider the issues of (1) signature privacy and (2) the corresponding public provability of signature. We propose a new digital signature variant, secret signature, which provides authentication and non-repudiation to the designated receiver only. If required, the correctness of the secret signature can be proven to the public either by the signer or the receiver. We conclude with a discussion to demonstrate the usefulness of the proposed cryptographic primitive (e.g., achieving signature privacy in an efficient manner). [ABSTRACT FROM AUTHOR]

Published

2008

27. Universal ηT Pairing Algorithm over Arbitrary Extension Degree.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Shirase, Masaaki, and Kawahara, Yuto

Abstract

The ηT pairing on supersingular is one of the most efficient algorithms for computing the bilinear pairing [3]. The ηT pairing defined over finite field ${\mathbb F}_{3^n}$ has embedding degree 6, so that it is particularly efficient for higher security with large extension degree n. Note that the explicit algorithm over ${\mathbb F}_{3^n}$ in [3] is designed just for $n \equiv 1\ (\bmod \ 12)$, and it is relatively complicated to construct an explicit algorithm for $n \not \equiv 1\ (\bmod \ 12)$. It is better that we can select many n's to implement the ηT pairing, since n corresponds to security level of the ηT pairing. In this paper we construct an explicit algorithm for computing the ηT pairing with arbitrary extension degree n. However, the algorithm should contain many branch conditions depending on n and the curve parameters, that is undesirable for implementers of the ηT pairing. This paper then proposes the universal ηT pairing ($\widetilde{\eta_T}$ pairing), which satisfies the bilinearity of pairing (compatible with Tate pairing) without any branches in the program, and is as efficient as the original one. Therefore the proposed universal ηT pairing is suitable for the implementation of various extension degrees n with higher security. [ABSTRACT FROM AUTHOR]

Published

2008

28. Convertible Undeniable Proxy Signatures: Security Models and Efficient Construction.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Sehun Kim, Yung, Moti, Hyung-Woo Lee, Wei Wu, and Yi Mu

Abstract

In the undeniable signatures, the validity or invalidity can only be verified via the Confirmation/Disavowal protocol with the help of the signer. Convertible undeniable signatures provide the flexibility that a signer can convert an undeniable signature into publicly verifiable one. A proxy signature scheme allows an entity to delegate his/her signing capability to another entity in such a way that the latter can sign messages on behalf of the former when the former is not available. Proxy signatures have found numerous practical applications in ubiquitous computing, distributed systems, mobile agent applications, etc. In this paper, we propose the first convertible undeniable proxy signature scheme with rigorously proven security. The properties of Unforgeability, Invisibility and Soundness in the context of convertible undeniable proxy signatures are also clearly defined. The security of our construction is formally proven in the random oracle models, based on some natural complexity assumptions. [ABSTRACT FROM AUTHOR]

Published

2008

29. Generalised Category Attack—Improving Histogram-Based Attack on JPEG LSB Embedding.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kwangsoo Lee

Abstract

We present a generalised and improved version of the category attack on LSB steganography in JPEG images with straddled embedding path. It detects more reliably low embedding rates and is also less disturbed by double compressed images. The proposed methods are evaluated on several thousand images. The results are compared to both recent blind and specific attacks for JPEG embedding. The proposed attack permits a more reliable detection, although it is based on first order statistics only. Its simple structure makes it very fast. [ABSTRACT FROM AUTHOR]

Published

2008

30. Pros and Cons of Mel-cepstrum Based Audio Steganalysis Using SVM Classification.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kraetzer, Christian

Abstract

While image steganalysis has become a well researched domain in the last years, audio steganalysis still lacks a large scale attentiveness. This is astonishing since digital audio signals are, due to their stream-like composition and the high data rate, appropriate covers for steganographic methods. In this work one of the first case studies in audio steganalysis with a large number of information hiding algorithms is conducted. The applied trained detector approach, using a SVM (support vector machine) based classification on feature sets generated by fusion of time domain and Mel-cepstral domain features, is evaluated for its quality as a universal steganalysis tool as well as a application specific steganalysis tool for VoIP steganography (considering selected signal modifications with and without steganographic processing of audio data). The results from these evaluations are used to derive important directions for further research for universal and application specific audio steganalysis. [ABSTRACT FROM AUTHOR]

Published

2008

31. A Fusion of Maximum Likelihood and Structural Steganalysis.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Ker, Andrew D.

Abstract

This paper draws together two methodologies for the detection of bit replacement steganography: the principle of maximum likelihood, which is statistically well-founded but has lead to weak detectors in practice, and so-called structural detection, which is sensitive but lacks optimality and can suffer from complicated exposition. The key novelty is to extend structural analysis to include a hypothetical "pre-cover", from which the cover object is imagined to derive. Here, maximum likelihood detection is presented for three structural detectors. Although the algebraic derivation is long, and maximizing the likelihood function difficult in practice, conceptually the new detectors are reasonably simple. Experiments show that the new detectors are the best performers yet, very significantly so in the detection of replacement of multiple bit planes. [ABSTRACT FROM AUTHOR]

Published

2008

32. Security of Invertible Media Authentication Schemes Revisited.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Dönigus, Daniel

Abstract

Dittmann, Katzenbeisser, Schallhart and Veith (SEC 2005) introduced the notion of invertible media authentication schemes, embedding authentication data in media objects via invertible watermarks. These invertible watermarks allow to recover the original media object (given a secret encryption key), as required for example in some medical applications where the distortion must be removable. Here we revisit the approach of Dittmann et al. from a cryptographic viewpoint, clarifying some important aspects of their security definitions. Namely, we first discuss that their notion of unforgeability may not suffice in all settings, and we therefore propose a strictly stronger notion. We then show that the basic scheme suggested by Dittmann et al. achieves our notion if instantiated with the right cryptographic primitives. Our proof also repairs a flaw in the original scheme, pointed out by Hopper, Molnar and Wagner (TCC 2007). We finally address the issue of secrecy of media authentication schemes, basically preventing unauthorized recovering of the original media object without the encryption key. We give a rigorous security statement (that is, the best security guarantee we can achieve) and prove again that the scheme by Dittmann et al. meets this security level if the right cryptographic building blocks are deployed. Together our notions of unforgeability and of secrecy therefore give very strong security guarantees for such media authentication schemes. [ABSTRACT FROM AUTHOR]

Published

2008

33. Imaging Sensor Noise as Digital X-Ray for Revealing Forgeries.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Mo Chen

Abstract

In this paper, we describe a new forensic tool for revealing digitally altered images by detecting the presence of photo-response non-uniformity noise (PRNU) in small regions. This method assumes that either the camera that took the image is available to the analyst or at least some other non-tampered images taken by the camera are available. Forgery detection using the PRNU involves two steps - estimation of the PRNU from non-tampered images and its detection in individual image regions. From a simplified model of the sensor output, we design optimal PRNU estimators and detectors. Binary hypothesis testing is used to determine which regions are forged. The method is tested on forged images coming from a variety of digital cameras and with different JPEG quality factors. The approximate probability of falsely identifying a forged region in a non-forged image is estimated by running the algorithm on a large number of non-forged images. [ABSTRACT FROM AUTHOR]

Published

2008

34. Software Integrity Checking Expressions (ICEs) for Robust Tamper Detection.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Jakubowski, Mariusz

Abstract

We introduce software integrity checking expressions (SoftICEs), which are program predicates that can be used in software tamper detection. We present two candidates, probabilistic verification conditions (PVCs) and Fourier-learning approximations (FLAs), which can be computed for certain classes of programs,. We show that these predicates hold for any valid execution of the program, and fail with some probability for any invalid execution (e.g., when the output value of one of the variables is tampered). PVCs work with straight-line integer programs that have operations { ∗ , + , − }. We also sketch how we can extend this class to include branches and loops. FLAs can work over programs with arbitrary operations, but have some limitations in terms of efficiency, code size, and ability to handle various classes of functions. We describe a few applications of this technique, such as program integrity checking, program or client identification, and tamper detection. As a generalization of oblivious hashing (OH), our approach resolves several troublesome issues that complicate practical application of OH towards tamper-resistance. [ABSTRACT FROM AUTHOR]

Published

2008

35. A Graph Game Model for Software Tamper Protection.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Dedić, Nenad

Abstract

We present a probabilistic program-transformation algorithm to render a given program tamper-resistant. In addition, we suggest a model to estimate the required effort for an attack. We make some engineering assumptions about local indistinguishability on the transformed program and model an attacker's steps as making a walk on the program flow graph. The goal of the attacker is to learn what has been inserted by the transformation, in which case he wins. Our heuristic estimate counts the number of steps of his walk on the graph. Our model is somewhat simplified, but we believe both the constructions and models can be made more realistic in the future. [ABSTRACT FROM AUTHOR]

Published

2008

36. Tamper Hiding: Defeating Image Forensics.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kirchner, Matthias

Abstract

This paper introduces novel hiding techniques to counter the detection of image manipulations through forensic analyses. The presented techniques allow to resize and rotate (parts of) bitmap images without leaving a periodic pattern in the local linear predictor coefficients, which has been exploited by prior art to detect traces of manipulation. A quantitative evaluation on a batch of test images proves the proposed method's efficacy, while controlling for key parameters and for the retained image quality compared to conventional linear interpolation. [ABSTRACT FROM AUTHOR]

Published

2008

37. Exposing Digital Forgeries Through Specular Highlights on the Eye.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Johnson, Micah K.

Abstract

When creating a digital composite of two people, it is difficult to exactly match the lighting conditions under which each individual was originally photographed. In many situations, the light source in a scene gives rise to a specular highlight on the eyes. We show how the direction to a light source can be estimated from this highlight. Inconsistencies in lighting across an image are then used to reveal traces of digital tampering. [ABSTRACT FROM AUTHOR]

Published

2008

38. Combining Tardos Fingerprinting Codes and Fingercasting.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Katzenbeisser, Stefan

Abstract

Forensic tracking faces new challenges when employed in mass-scale electronic content distribution. In order to avoid a high load at the server, the watermark embedding process should be shifted from the secure server to the client side, where (1) the security of the watermark secrets must be ensured, and (2) collusion-resistance against a reasonably sized coalition of malicious users needs to be guaranteed. The combination of secure content broadcasting, secure embedding and collusion tolerance aspects has been recently addressed and termed as Fingercasting. However, the proposed solution does not apply a special collusion-resistant code, but derives a limited resistance against collusion attacks from the underlying spread spectrum watermark. In this paper, we make the first step towards tackling this problem: we propose a construction that provides collusion-resistance against a large coalition in a secure watermark embedding setting. In particular, we propose to incorporate a variant of the collusion resistant random code of Tardos, currently the code with best asymptotic behavior, into a Fingercasting framework. Through statistical analysis we show that the combination is feasible for a small subset of possible Fingercasting system parameters. [ABSTRACT FROM AUTHOR]

Published

2008

39. Optimization of Tardos's Fingerprinting Codes in a Viewpoint of Memory Amount.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Nuida, Koji

Abstract

It is known that Tardos's collusion-secure probabilistic fingerprinting code (Tardos code) has length of theoretically minimal order. However, Tardos code uses certain continuous probability distribution, which causes that huge amount of extra memory is required in a practical use. An essential solution is to replace the continuous distributions with finite discrete ones, preserving the security. In this paper, we determine the optimal finite distribution for the purpose of reducing memory amount; the required extra memory is reduced to less than 1/32 of the original in some practical setting. Moreover, the code length is also reduced (to, asymptotically, about 20.6% of Tardos code), and some further practical problems such as approximation errors are also considered. [ABSTRACT FROM AUTHOR]

Published

2008

40. A Geometrical Robust Image Data Hiding Scheme Using FCA-Based Resynchronization.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Peizhong Lu

Abstract

This paper proposes a data hiding scheme composed of a synchronization technique by using content of the image and a DCT payload embedding method. The position of the center of gravity of each Delaunay triangle is embedded inside the red channel of the corresponding triangle. This information called synchronization information is afterward decoded robustly by fast correlation attacks used commonly in cryptanalysis. The synchronization information is used to recover the affine transform that has been done on the image. The best merit of correlation attack is its powerful error-correcting ability which can be used not only to get rid of false position information caused by a few missed or imagined features, but also to obtain enough error-free synchronization information in spite of the feature points undergoing geometry transformations. A DCT-based algorithm is used to embed secret messages in the blue channel of the image. The paper also explicitly analyses the channel noise model so as to provide a basis on which some important parameters used in fast correlation attacks are designed. Simulation results show that our data-hiding scheme is highly robust to geometrical distortions including RST and most of affine transformations, and common signal processing such as JPEG compression. [ABSTRACT FROM AUTHOR]

Published

2008

41. Noise Robust Speech Watermarking with Bit Synchronisation for the Aeronautical Radio.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Hofbauer, Konrad

Abstract

Analogue amplitude modulation radios are used for air/ ground voice communication between aircraft pilots and controllers. The identification of the aircraft, so far always transmitted verbally, could be embedded as a watermark in the speech signal and thereby prevent safety-critical misunderstandings. The first part of this paper presents an overview on this watermarking application. The second part proposes a speech watermarking algorithm that embeds data in the linear prediction residual of unvoiced narrowband speech at a rate of up to 2 kbit/s. A bit synchroniser is developed which enables the transmission over analogue channels and which reaches the optimal limit within one to two percentage points in terms of raw bit error rate. Simulations show the robustness of the method for the AWGN channel. [ABSTRACT FROM AUTHOR]

Published

2008

42. Soft Feature-Based Watermark Decoding with Insertion/Deletion Correction.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Schlauweg, Mathias

Abstract

Hard decisions constitute the major problem in digital watermarking applications, especially when content adaptive embedding methods are used. Soft-decision decoding, on the other hand, has proved to be performance gaining, often realized during forward error correction. But despite this insight, no adaptive watermarking approach integrates the adaptation process into soft decoding, up to now. Further, insertion/deletion errors can occur in a content dependent watermarking system due to hard decisions if data is embedded only in some selected regions of the host signal. This kind of error usually desynchronizes the decoder and disables the correct watermark extraction. In this paper, we work out three fundamental properties of content dependent quantization-based watermarking. We show how the coupling between these properties and common soft-decision forward error correction decoding can be used to build up an overall soft processing watermarking. No pre-distortion has to be used, and hence, the image quality is not degraded. Even adaptation techniques can be used where it is computational infeasible to project a pre-distortion back onto the host image. Afterwards, we describe how to modify a common Viterbi decoder to enable the correction of insertion/deletion errors combined with our new soft decoding approach and hence improve the overall performance. [ABSTRACT FROM AUTHOR]

Published

2008

43. Reducing the Complexity of Syndrome Coding for Embedding.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Schönfeld, Dagmar

Abstract

This paper deals with strategies to dramatically reduce the complexity for embedding based on syndrome coding. In contrast to existing approaches, our goal is to keep the embedding efficiency constant, i.e., to embed less complexly without increasing the average number of embedding changes, compared to the classic Matrix Embedding scenario. Generally, our considerations are based on structured codes, especially on BCH Codes. However, they are not limited to this class of codes. We propose different approaches to reduce embedding complexity concentrating on both syndrome coding based on a parity check matrix and syndrome coding based on the generator polynomial. [ABSTRACT FROM AUTHOR]

Published

2008

44. How Can Reed-Solomon Codes Improve Steganographic Schemes?

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Fontaine, Caroline

Abstract

The use of syndrome coding in steganographic schemes tends to reduce distortion during embedding. The more complete model comes from the wet papers [FGLS05] which allow to lock positions that cannot be modified. Recently, BCH codes have been investigated, and seem to be good candidates in this context [SW06]. Here, we show that Reed-Solomon codes are twice better with respect to the number of locked positions and that, in fact, they are optimal. We propose two methods for managing these codes in this context: the first one is based on a naive decoding process through Lagrange interpolation; the second one, more efficient, is based on list decoding techniques and provides an adaptive trade-off between the number of locked positions and the embedding efficiency. [ABSTRACT FROM AUTHOR]

Published

2008

45. Steganographic Communication with Quantum Information.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Martin, Keye

Abstract

We introduce a scheme for steganographic communication based on a channel hidden within the quantum key distribution protocol of Bennett and Brassard. An outside observer cannot establish evidence that this communication is taking place for the simple reason that no correlations between public data and hidden information exist. Assuming an attacker guesses hidden communication is underway, we obtain a precise quantitative bound on the amount of hidden information they can acquire, and find that it is very small, less than 10− 7 bits per channel use in typical experimental settings. We also calculate the capacity of the steganographic channel, including an analysis based on data available from experimental realizations of quantum protocols. [ABSTRACT FROM AUTHOR]

Published

2008

46. Practical Security Analysis of Dirty Paper Trellis Watermarking.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, and Bas, Patrick

Abstract

This paper analyses the security of dirty paper trellis (DPT) watermarking schemes which use both informed coding and informed embedding. After recalling the principles of message embedding with DPT watermarking, the secret parameters of the scheme are highlighted. The security weaknesses of DPT watermarking are then presented: in the watermarked contents only attack (WOA) setup, the watermarked data-set exhibits clusters corresponding to the different patterns attached to the arcs of the trellis. The K-means clustering algorithm is used to estimate these patterns and a co-occurrence analysis is performed to retrieve the connectivity of the trellis. Experimental results demonstrate that it is possible to accurately estimate the trellis configuration, which enables to perform attacks much more efficient than simple additive white Gaussian noise (AWGN). [ABSTRACT FROM AUTHOR]

Published

2008

47. Exploiting Security Holes in Lattice Data Hiding.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Pérez-Freire, Luis

Abstract

This paper presents a security analysis for data hiding methods based on nested lattice codes, extending the analysis provided by previous works. The security is quantified in an information-theoretic sense by means of the information leakage between the watermarked signals seen by the attacker and the secret key used in the embedding process. The theoretical analysis accomplished in the first part of the paper addresses important issues such as the possibility of achieving perfect secrecy and the impact of the embedding rate and channel coding in the security level. In the second part, a practical algorithm for estimating the secret key is proposed, and the information extracted is used for implementing a reversibility attack on real images. [ABSTRACT FROM AUTHOR]

Published

2008

48. Robust and High Capacity Image Watermarking Based on Jointly Coding and Embedding Optimization.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Chuntao Wang

Abstract

A new informed image watermarking algorithm is presented in this paper, which can achieve the information rate of 1/64 bits/pixel with high robustness. Firstly, the LOT (Locally Optimum Test) detector based on HMM in wavelet domain is developed to tackle the issue that the exact strength for informed embedding is unknown to the receiver. Then based on the LOT detector, the dirty-paper code for informed coding is constructed and the metric for the robustness is defined accordingly. Unlike the previous approaches of informed watermarking which take the informed coding and embedding process separately, the proposed algorithm implements a jointly coding and embedding optimization for high capacity and robust watermarking. The Genetic Algorithm (GA) is employed to optimize the robustness and distortion constraints simultaneously. Extensive simulations are carried out which demonstrates that the proposed algorithm achieves significant improvements in performance against JPEG, gain attack, low-pass filtering and so on. [ABSTRACT FROM AUTHOR]

Published

2008

49. Three-Dimensional Meshes Watermarking: Review and Attack-Centric Investigation.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Kai Wang

Abstract

The recent decade has seen the emergence of 3D meshes in industrial, medical and entertainment applications. Therefore, their intellectual property protection problem has attracted more and more attention in both the research and industrial realms. This paper gives a synthetic review of 3D mesh watermarking techniques, which are deemed to be a potential effective solution to the above problem. We begin with a discussion on the particular difficulties encountered while applying watermarking on 3D meshes. Then some typical algorithms are presented and analyzed, classifying them in two categories: spatial and spectral. Considering the important impact of the different attacks on the design of 3D mesh watermarking algorithms, we also provide an attack-centric viewpoint of this state of the art. Finally, some special issues and possible future working directions are discussed. [ABSTRACT FROM AUTHOR]

Published

2008

50. Space-Efficient Kleptography Without Random Oracles.

Author

Hutchison, David, Kanade, Takeo, Kittler, Josef, Kleinberg, Jon M., Mattern, Friedemann, Mitchell, John C., Naor, Moni, Nierstrasz, Oscar, Pandu Rangan, C., Steffen, Bernhard, Sudan, Madhu, Terzopoulos, Demetri, Tygar, Doug, Vardi, Moshe Y., Weikum, Gerhard, Furon, Teddy, Cayre, François, Doërr, Gwenaël, Bas, Patrick, and Young, Adam L.

Abstract

In the past, hiding asymmetric backdoors inside cryptosystems required a random oracle assumption (idealization) as "randomizers" of the hidden channels. The basic question left open is whether cryptography itself based on traditional hardness assumption(s) alone enables "internal randomized channels" that enable the embedding of an asymmetric backdoor inside another cryptosystem while retaining the security of the cryptosystem and the backdoor (two security proofs in one system). This question translates into the existence of kleptographic channels without the idealization of random oracle functions. We therefore address the basic problem of controlling the probability distribution over information (i.e., the kleptogram) that is hidden within the output of a cryptographic system. We settle this question by presenting an elliptic curve asymmetric backdoor construction that solves this problem. As an example, we apply the construction to produce a provably secure asymmetric backdoor in SSL. The construction is general and applies to many other kleptographic settings as well. [ABSTRACT FROM AUTHOR]

Published

2008