Date post: | 22-Dec-2015 |
Category: |
Documents |
View: | 213 times |
Download: | 0 times |
HICSS 36HICSS 36
A Watermarking Infrastructure for A Watermarking Infrastructure for Enterprise Document ManagementEnterprise Document Management
Presenter Presenter S.C. Cheung S.C. Cheung [email protected]@cs.ust.hk
Department of Computer ScienceDepartment of Computer ScienceHong Kong University of Science and TechnologyHong Kong University of Science and Technology
Co-author Co-author Dickson K.W. Chiu Dickson K.W. Chiu [email protected]@cse.cuhk.hk
22HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
OutlineOutline
Digital WatermarkingDigital Watermarking
Document Distribution InfrastructureDocument Distribution Infrastructure
Three Phases of Document Distribution Three Phases of Document Distribution ProtocolProtocol Acquisition of Registration CertificatesAcquisition of Registration Certificates Acquisition of DocumentsAcquisition of Documents Resolution of Policy ViolationResolution of Policy Violation
Conclusion & Future WorkConclusion & Future Work
33HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
IntroductionIntroductionEnterprise document management across a large enterprise Enterprise document management across a large enterprise is difficult.is difficult. Sensitive documents often found in photocopier rooms or public Sensitive documents often found in photocopier rooms or public
folders at file serversfolders at file servers
Why?Why? It involves both digital and non-digital forms.It involves both digital and non-digital forms. It covers both automated and manual procedures.It covers both automated and manual procedures. It requires a truly distributed solution.It requires a truly distributed solution. It supports multimedia format.It supports multimedia format. It must be flexible, allowing individual group to refine its own policies.It must be flexible, allowing individual group to refine its own policies. It should protect privacy wherever applicableIt should protect privacy wherever applicable..
44HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
IntroductionIntroduction
We propose the use of digital watermarking to We propose the use of digital watermarking to enforce enterprise document distribution enforce enterprise document distribution policy.policy.
Document provider disseminates watermarked documents based on the
registration certificate submitted by end user
End User Document Provider
55HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Digital Watermarking Digital Watermarking (Overview)(Overview)
Two common applications of digital Two common applications of digital watermarking:watermarking:
Identify and claim the copyrights ownershipIdentify and claim the copyrights ownership
Identify the origin of illegal distribution Identify the origin of illegal distribution Watermarks are exclusively owned by individualsWatermarks are exclusively owned by individuals..
66HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Digital Watermarking is originated from Steganography
77HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Principle of Digital WatermarkingPrinciple of Digital Watermarkinginsertion detection
88HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Key Issues in Watermarked Document Key Issues in Watermarked Document Distribution ProtocolDistribution Protocol
PhasesPhases IssuesIssues
Registration Certificate Registration Certificate AcquisitionAcquisition
- Secrecy of watermarks- Secrecy of watermarks
Watermarked Document Watermarked Document AcquisitionAcquisition
- End users cannot be trustedEnd users cannot be trusted
- Document providers cannot be trustedDocument providers cannot be trusted
Policy Violation ResolutionPolicy Violation Resolution - End users cannot be trustedEnd users cannot be trusted
- Document providers cannot be trustedDocument providers cannot be trusted
99HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
ProblemProblem
Identify the origin of illegal distributionIdentify the origin of illegal distribution End user owning the origin is liableEnd user owning the origin is liable End user’s watermark is analogous to a End user’s watermark is analogous to a
private keyprivate key Could we protect end user’s watermark in Could we protect end user’s watermark in
document distribution to prevent others document distribution to prevent others (including the document provider) from (including the document provider) from abusing the watermark?abusing the watermark?
1010HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Solution SketchSolution Sketch
End users need not release their watermarksEnd users need not release their watermarks
Instead, end users release an encrypted Instead, end users release an encrypted version of their watermarksversion of their watermarks
So, how does a document provider validate So, how does a document provider validate an encrypted watermark?an encrypted watermark?
Trusted Enterprise Registration AuthorityTrusted Enterprise Registration Authority
Use registration certificate to protect the Use registration certificate to protect the integrity of encrypted watermarkintegrity of encrypted watermark
1111HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Watermarked Document Watermarked Document Distribution InfrastructureDistribution Infrastructure
Obtain
Once
Document provider disseminates watermarked documents based on the
registration certificate submitted by end user
Enterprise registration authority generates registration certificate for end user
End User
Enterprise Registration
Authority
Document Provider
Policy enforcer collects evidence of policy violation from document provider
Policy Enforcer
1212HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Object Model of Registration CertificateObject Model of Registration Certificate
RegistrationCertificate Response
Registration Certificate (RCertB)
Watermark(W)
EncryptedWatermark
EKB(W)
Registration Certificate
Request
PKI Certificate (CertB)
Public Key (KB)
End User1
1
1
1
1 1
1
1
Enterprise Registration
Authority
1
generated by1 *
refers to refers to
refers to
encrypt1
aggregation binary association
ternary association
produces
Sign
(RC
ertB)
1313HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
apply for registration certificate
Registration Certificate
Requestgenerate watermark
Registration Certificate Response
obtain PKI certificate
store certificate
End UserEnterprise RegistrationAuthority
Watermark AcquisitionWatermark Acquisition
activities
data objects
1414HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
WatermarkedDocumentAcquisition
Policy ViolationResolution
encrypt X” by EKB
Evidence Response
(σ, RCertB)
discover a sensitive document (X”)
Policy Enforcer Document Provider
retrieve the request identifier (V) from X”
retrieve permutation function σ and registration certificate (RCertB)
send evidence σ & RCertB
Encrypted Document
EKB(X”)
data objects
activities
Evidence Request
(X”)
submit X”
retrieve public key EKB retrieve encryptedwatermark EKB(W)
apply permutationfunction σ
Permutated Encrypted Watermark
EKB(σW)
detect existence of EKB(σW) in EKB(X”)
[no]
X” originates from theend user of RCertB
[yes]
1616HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Implementation ArchitectureImplementation Architecture
Enterprise Registration
Authority
Request Registration Certificate
Deliver Registration Certificate
Encrypted
watermarked
document
DocumentRegistryLook up
document access information and policy
Check out
Reg
iste
r do
cum
ent
acce
ss in
form
atio
n an
d po
licy
End UserCheck in document with registration certificate
Store and retrieve document access history
Deliver permutation function and registration certificate
Submit
susp
ected
docu
ment
reque
st fo
r evid
ence
Document Access Log
Document Serverof the Provider
Policy Enforcer
Certificate Repository
Maintain directories of valid and revoked Registration Certificates
1717HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Version (of Registration Certificate Format)
Registration Certificate Serial Number
Signature Algorithm Identifier (for Certificate Issuer’s Signature)
Issuer Name
Validity Period (Start and Expiry Dates/Times)
Subject Name
Roles
Subject’s Public Key information (Algorithm Identifier & Public Key Value)
One-Way Hash Value of Encrypted Secret Text
Encrypted Image Watermark & Watermarking Algorithm Identifiers
Encrypted Audio Watermark & Watermarking Algorithm Identifiers
Encrypted Video Watermark & Watermarking Algorithm Identifiers
Issuer’s Digital Signature
Option
alFormat of Registration Certificate
1818HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
ConclusionConclusionWe have proposed a distribution protocol We have proposed a distribution protocol and its infrastructure for watermarked and its infrastructure for watermarked documentsdocuments features with two roles: end users and features with two roles: end users and
document providers;document providers; does not require trusts on these parties in the does not require trusts on these parties in the
protection and distribution of watermarks; protection and distribution of watermarks; assumes a trusted enterprise registration assumes a trusted enterprise registration
authority and the use of registration authority and the use of registration certificatescertificates
1919HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Future WorkFuture WorkStudy the effectiveness of our protocol with respect Study the effectiveness of our protocol with respect to various watermarking schemesto various watermarking schemes
Adapt the techniques to digital contents in Adapt the techniques to digital contents in JPEG2000 formatJPEG2000 format
Study the integration of watermarking protocols and Study the integration of watermarking protocols and inter-organizational workflows [1,2,3] and e-inter-organizational workflows [1,2,3] and e-marketplace negotiations [4]marketplace negotiations [4]
1. S.C. Cheung, Dickson K.W. Chiu and Sven Till, A Data-Driven Methodology to Extending Workflows to E-services over the Internet (HICSS-36), January 2003.
2. Dickson K.W. Chiu, S.C. Cheung and Sven Till, A Three Layer Architecture for E-Contract Enforcement in an E-Service Environment (HICSS-36), January 2003.
3. Dickson K.W. Chiu, Wesley C.W. Chan, Gary K.W. Lam, S.C. Cheung and Franklin T. Luk, An Event Driven Approach to Customer Relationship Management in e-Brokerage Industry (HICSS-36), January 2003.
4. S.C. Cheung, Patrick C.K. Hung and Dickson K.W. Chiu, On the e-Negotiation of Unmatched Logrolling Views (HICSS-36), January 2003.
Questions and AnswersQuestions and Answers
[email protected]@cs.ust.hk
[email protected]@cse.cuhk.hk
2121HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Supplementary Slides (Q&A)Supplementary Slides (Q&A)Permutation functionPermutation functionvoid permutefunc(VLONG wmark[], int size, int seed)void permutefunc(VLONG wmark[], int size, int seed){{
int i, index1, index2;int i, index1, index2;srand(seed);srand(seed);for (i=0; i < rand() % 100 + 50)for (i=0; i < rand() % 100 + 50) // min. 50 times, max 150 times// min. 50 times, max 150 times{{
VLONG tmp;VLONG tmp;index1=rand()%size;index1=rand()%size;index2=rand()%size;index2=rand()%size;// swap the two watermark coefficient// swap the two watermark coefficienttmp = wmark[index1];tmp = wmark[index1];wmark[index1]=wmark[index2];wmark[index1]=wmark[index2];wmark[index2]=tmp;wmark[index2]=tmp;
}}} }
2222HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management
Supplementary Slides (Q&A)Supplementary Slides (Q&A)
Watermark generation and insertion Watermark generation and insertion Privacy homomorphismPrivacy homomorphism
If the watermark insertion operation is:If the watermark insertion operation is: XXW = { xW = { x11(1+αw(1+αw11), x), x22(1+αw(1+αw22),…, x),…, x10001000(1+αw(1+αw10001000)})}
Then we have,Then we have, (E(E((xx)) E E((yy)) mod n = )) mod n = EE((x x y y) )
Therefore we can insert watermark in the Therefore we can insert watermark in the encrypted domain:encrypted domain:
EEKBKB(X’(X’σ(W)) = Eσ(W)) = EKBKB(X’) (X’) σ(Eσ(EKBKB(W)) (W))