Watermarking and Steganography Watermarks • First introduced in Bologna, Italy in 1282 • Dandy Roll presses pattern into drying paper – Changes thickness of paper fibers • Uses: – – – – By paper makers to identify their product Security for stamps, official documents. Stock certificates, money, etc. Chic • Other “watermarks” – Printing on plastic with a window. (Australian $10 note) Dandy Roll • Pressed into paper during paper-making process J. Plank Features •In-house watermark design •Computerized design process •Quick-change sleeves and sections •Dandy roll •7.25" diameter •Watermarking possible http://www.uwsp.edu/papersci/PM/Machine/Dandy.htm Dandy Roll • Wet pulp sprayed onto moving belt • Dandy Roll pressed into pulp • Dandy Roll looks like oversized printer’s roll covered with pattern •High grade stainless steel construction •Incorporates internal oscillating shower, internal pan, internal steam shower and external saveall pan •Extended Header Brush for easy cleaning of shower pipe Laser Printed “Watermarks” • Used on bond paper, but who uses bond paper? – Doesn’t work well in inkjets or laserjets • “Watermarks” with most print drivers… Printed Watermarks • Looks great • You can even put it in your PDF file…which is the problem! • No security Printed Document Authentication Techniques • Microprinting – Print that is too small to produce or copy with conventional equipment • Intaglio –engraved pattern used to press ink with great force; raised letters • Letterpress – Ink rolled raised type, leaving depression. Used for printing numbers. • Simultan press – precise registration of front and back. (see-through register). Changing ink colors (rainbowing). • Optically variable inks (change color depending on angle) • Metal foils & threads embedded in paper • Security holograms Lessons for paper authentication • Security features should convey a message relevant to the product. – Use iridescent ink to print the banknote denomination • Should obviously belong where they are – They become “embedded in the user’s cognitive model.” • Should be obvious • Should not have competitors • Should be standardized Source: Security Engineering, Anderson Information Hiding • Copyright Marks: – Watermarks - Hidden copyright messages – Fingerprints – Hidden serial numbers • Steganography – Hidden messages. • Other applications: – Closed captioning (hidden in first 21 scan lines) • http://www.robson.org/gary/writing/nv-line21.html – Audio RDS (Radio Data Service)-like service • “What’s that song?” Watermarks for Copyright Policy • “never copy” • “copy only once” • “copy only at low quality” JPMG Linnartz, “The ‘Ticket’ Concept for Copy Control Based on Embedded Signaling” (Anderson [504] ) Suggests a hash-based implementation of “copy only once:” – X is the ticket – Record h(h(X)) on DVD – Provided with X, DVD recorded stores h(X) on secondgeneration copy. The Broadcast Flag • “Advanced Television Systems Committee Flag” • Enable/Disable: – high-quality digital output – Re-transmitting on an “unprotected” channel • In the future: – Time-shifting? – Disallow fast-forward through commercials • Required on all digital TV cards sold after July 2005 • Only broadcast, not satellite or cable-transmitted. “Losing Control of Your TV,” Technology Review, March 3, 2004 http://www.technologyreview.com/articles/04/03/wo_garfinkel030304.asp?p=1 Steganography • A hidden message that can't be found by humans • A hidden message that can't be found by an algorithm. A hidden message that can be found by an algorithm but not by a human. • A hidden message that can be found by some algorithms but not others. [Wayner 2004] What is Hidden? Defining "Hidden" is not easy – We run into the usual Goedel limits that prevents us from being logical about detection. – Humans are very different. Some musicians have very, very good ears. – Some algorithms leave statistical anomalies. The message is often more random than the carrier signal. These statistics can give away the message. Who wants it? • Evil doers. If evil messages can't be seen by good people, evil will triumph. Osama bin Laden? • Good doers. If the good guys can communicate in secret, then good will triumph. U.S. forces • Content owners and copyright czars. Hidden messages can carry information about rights to view, copy, share, listen, understand, etc. • Software Developers. "Hidden" channels can be added to data structures without crashing previous versions. Steganography can fight bit rot. Models for Steganography • Replace random number generators with the message. – This works if the random numbers are used in a detectable way. – TCP/IP, for instance, uses a random number for connections. Some grab this for their own purposes. • Replace noise with the message. – Just replace the least-significant bit. – Avoid the noise and tweak the salient features. • Anything not affected by compression. – If you have the freedom to change data without hurting the data, then you have the freedom to include another message. Models for Steganography • Structured Models – Run some compression algorithm in reverse • If the compression models the data accurately, then running it in reverse should spit out something that models the data well. • Huffman algorithms give common letters short bit strings and rare ones long ones. – Change the structure or the order. • GifEncoder, for instance, changes the order of the colors in the palette. – Synthesize something new and use the data to guide the synthesis. • Is the ghoul shooting at you in the game using a revolver or a machine gun? That's one bit. Noise • The least significant bit of pixels or sound files is very popular. • Tweaking the LSB is only a small change. Less than 1%. – 140=10001100 – 141=10001101 • You can encrypt, too! LSB modified to hide info LSB Modification • Side Effects: – The data may not have the same statistical pattern as the least significant bits being replaced. • Add a lot of noise, and it’s obvious 4 LSB modified produces banding More LSB Modification 6 bits 7 bits 8 out of 8 bits All 8 bits Bit 8 vs. Bit 1 Wayner Demos • Information hiding at the bit level: – http://www.wayner.org/books/discrypt2/bitlevel .php • Encoding information through list order: – http://www.wayner.org/books/discrypt2/sorted. php#note2 JPEG Watermarking “Hide and Seek: An Introduction to Steganography” IEEE Security & Privacy Figure 2. Embedded information in a JPEG. (a) The unmodified original picture; (b) the picture with the first chapter of The Hunting of the Snark embedded in it. Mesh Watermarking • Robust mesh watermarking, Emil Praun, Hugues Hoppe, Adam Finkelstein, July 1999 Proceedings of the 26th annual conference on Computer graphics and interactive techniques Issues to evaluate • “Capability” – Payload carrying ability – Detectability – Robustness • Securing information: Capacity is the wrong paradigm, Ira S. Moskowitz, LiWu Chang, Richard E. Newman , September 2002 Proceedings of the 2002 workshop on New security paradigms SDMI – Secure Digital Media Initiative • SDMI (200+ companies) published an “Open Letter to the Digital Community” with an SDMI Challenge. – Earn up to $10,000 for breaking their “watermarks” – Challenge from September 15, 2000 – October 7, 2000 • SDMI Systems: – Designed to prevent “remixing” of privated CDs – Designed to survive MP3 compression SDMI & The Academics • The Academics: – Scott Craver, Patrick McGregor, Min Wu, Bede Liu, (Dept. of Electrical Engineering, Princeton University) – Adam Stubblefield, Ben Swartzlander, Dan S. Wallach (Dept. of Computer Science, Rice University) – Edward W. Felten (Dept. of Computer Science, Princeton University) • What they did: – Successfully removed the digital watermark from the challenge audio samples. • How did they know they did it? – SDMI provided an “Oracle” that told them they did! SDMI & Academics: Part 2 • Academics couldn’t claim cash prize – Doing so would have required signing a “confidentiality agreement” and prohibit the academics from sharing results with the public • DMCA didn’t apply… – … because SDMI specifically invited the work • Felton &c decided to present their findings at the 4th International Information Hiding Workshop April 25-29, 2001 • April 9, 2001 RIAA Senior VP for Business and Legal Affairs sent Felton letter with veiled DMCA threats • April 26, 2001 Felton declines to present paper • May 3, 2001 – RIAA and SDMI say they never intended to sue • June 6, 2001 – Felton files suit against RIAA asking for a declaratory judgment that they would not be infringing • November 28, 2001 – Case dismissed for mootness DigiMarc • Leading provider of watermarking technologies • Plug-ins for Windows, PhotoShop, etc. • Communicates: – Copyright ownership – Image ID – Image content – adult, etc. Tools and References • Fabien a. p. penticolas – http://www.petitcolas.net/fabien/steganography/ • Digimarc • http://theargon.com/archivess/steganograp hy/ • Hiding Secrets with Steganography, by Dru Lavigne, – http://www.onlamp.com/pub/a/bsd/2003/12/04 /FreeBSD_Basics.html • http://www.outguess.org “Mosaïc attack” • Defeat an embedded watermark by chopping up image and serving it in pieces <nobr> <img SRC="kings_chapel_wmk1.jpg’ BORDER="0’ ALT="1/6’ width="116’ height="140"> <img SRC="kings_chapel_wmk2.jpg’ BORDER="0’ ALT="2/6’ width="116’ height="140"> <img SRC="kings_chapel_wmk3.jpg’ BORDER="0’ ALT="3/6’ width="118’ height="140"> </nobr> <br> <nobr> <img SRC="kings_chapel_wmk4.jpg’ BORDER="0’ ALT="4/6’ width="116’ height="140"> <img SRC="kings_chapel_wmk5.jpg’ BORDER="0’ ALT="5/6’ width="116’ height="140"> <img SRC="kings_chapel_wmk6.jpg’ BORDER="0’ ALT="6/6’ width="118’ height="140"> </nobr> Mosaïc assembled • Some websites use mosaics to deter casual copying! MP3Stego • Hides information in MP3 files during the compression process • Takes advantage of the fact that MP3 provides high-quality compression of 11:1 – Plenty of room for information hiding! – Randomly chooses which parts of the Layer III inner loop to modify; makes sure modifications don’t exceed threshold defined by the psycho acoustic model. • “Weak but better than the MPEG copyright flag defined in the standard” • Defeat by decompressing & recompressing MP3Stego in action http://www.petitcolas.net/fabien/steganography/mp3stego/index.html Translucent Databases (More Wayner Work, if we have time…) Translucent Database • Instead of: – INSERT INO purchases values (“bob jones”, 55424, “36”, NOW()) • Use: – INSERT INTO purchases values (MD5(“bob jones”, 55424, “36”, NOW()) TD’s with Redundency • INSERT INTO salaries2 VALUES ( MD5(“Fred Smith/1313 Mockingbird Lane/06-011960/012-34-5678”), MD5(“Fred Smith/1313 Mockingbird Lane/012-34-5678”), MD5(“Fred Smith/1313 Mockingbird Lane/06-01-1960”), MD5(“Fred Smith//06-01-1960/012-34-5678”), 60000, 5 20 ) Coordinating Users nameHash1 nameHash2 Message d3b07384d113edec49ea a6238ad5ff00 2b00042f7481c7b056c4 b410d28f33cf You’ve got some explaining to do 2b00042f7481c7b056c4 b410d28f33cf D3b07384d113edec49ea a6238ad5ff00 It’s not my fault! Inserting into multi-user table • INSERT INTO bboard1 Values(MD5(“Lucy”),MD5(“Ricky”),”You’ve got some explaining to do.”) • INSERT INTO bboard1 Values(MD5(“Lucy”),MD5(“Ricky”),ENCRY PT(”You’ve got some explaining to do.”))