HICSS 36 A Watermarking Infrastructure for Enterprise Document Management Presenter S.C. Cheung...

HICSS 36HICSS 36

A Watermarking Infrastructure for A Watermarking Infrastructure for Enterprise Document ManagementEnterprise Document Management

Presenter Presenter S.C. Cheung S.C. Cheung [email protected]@cs.ust.hk

Department of Computer ScienceDepartment of Computer ScienceHong Kong University of Science and TechnologyHong Kong University of Science and Technology

Co-author Co-author Dickson K.W. Chiu Dickson K.W. Chiu [email protected]@cse.cuhk.hk

mailto:[email protected]

22HICSS36 - sccHICSS36 - scc A Watermarking Infrastructure for EnterA Watermarking Infrastructure for Enterprise Document Managementprise Document Management

OutlineOutline

Digital WatermarkingDigital Watermarking

Document Distribution InfrastructureDocument Distribution Infrastructure

Three Phases of Document Distribution Three Phases of Document Distribution ProtocolProtocol Acquisition of Registration CertificatesAcquisition of Registration Certificates Acquisition of DocumentsAcquisition of Documents Resolution of Policy ViolationResolution of Policy Violation

Conclusion & Future WorkConclusion & Future Work


IntroductionIntroductionEnterprise document management across a large enterprise Enterprise document management across a large enterprise is difficult.is difficult. Sensitive documents often found in photocopier rooms or public Sensitive documents often found in photocopier rooms or public

folders at file serversfolders at file servers

Why?Why? It involves both digital and non-digital forms.It involves both digital and non-digital forms. It covers both automated and manual procedures.It covers both automated and manual procedures. It requires a truly distributed solution.It requires a truly distributed solution. It supports multimedia format.It supports multimedia format. It must be flexible, allowing individual group to refine its own policies.It must be flexible, allowing individual group to refine its own policies. It should protect privacy wherever applicableIt should protect privacy wherever applicable..


IntroductionIntroduction

We propose the use of digital watermarking to We propose the use of digital watermarking to enforce enterprise document distribution enforce enterprise document distribution policy.policy.

Document provider disseminates watermarked documents based on the

registration certificate submitted by end user

End User Document Provider


Digital Watermarking Digital Watermarking (Overview)(Overview)

Two common applications of digital Two common applications of digital watermarking:watermarking:

Identify and claim the copyrights ownershipIdentify and claim the copyrights ownership

Identify the origin of illegal distribution Identify the origin of illegal distribution Watermarks are exclusively owned by individualsWatermarks are exclusively owned by individuals..


Digital Watermarking is originated from Steganography


Principle of Digital WatermarkingPrinciple of Digital Watermarkinginsertion detection


Key Issues in Watermarked Document Key Issues in Watermarked Document Distribution ProtocolDistribution Protocol

PhasesPhases IssuesIssues

Registration Certificate Registration Certificate AcquisitionAcquisition

- Secrecy of watermarks- Secrecy of watermarks

Watermarked Document Watermarked Document AcquisitionAcquisition

- End users cannot be trustedEnd users cannot be trusted

- Document providers cannot be trustedDocument providers cannot be trusted

Policy Violation ResolutionPolicy Violation Resolution - End users cannot be trustedEnd users cannot be trusted

- Document providers cannot be trustedDocument providers cannot be trusted


ProblemProblem

Identify the origin of illegal distributionIdentify the origin of illegal distribution End user owning the origin is liableEnd user owning the origin is liable End user’s watermark is analogous to a End user’s watermark is analogous to a

private keyprivate key Could we protect end user’s watermark in Could we protect end user’s watermark in

document distribution to prevent others document distribution to prevent others (including the document provider) from (including the document provider) from abusing the watermark?abusing the watermark?


Solution SketchSolution Sketch

End users need not release their watermarksEnd users need not release their watermarks

Instead, end users release an encrypted Instead, end users release an encrypted version of their watermarksversion of their watermarks

So, how does a document provider validate So, how does a document provider validate an encrypted watermark?an encrypted watermark?

Trusted Enterprise Registration AuthorityTrusted Enterprise Registration Authority

Use registration certificate to protect the Use registration certificate to protect the integrity of encrypted watermarkintegrity of encrypted watermark


Watermarked Document Watermarked Document Distribution InfrastructureDistribution Infrastructure

Obtain

Once

Document provider disseminates watermarked documents based on the

registration certificate submitted by end user

Enterprise registration authority generates registration certificate for end user

End User

Enterprise Registration

Authority

Document Provider

Policy enforcer collects evidence of policy violation from document provider

Policy Enforcer


Object Model of Registration CertificateObject Model of Registration Certificate

RegistrationCertificate Response

Registration Certificate (RCertB)

Watermark(W)

EncryptedWatermark

EKB(W)

Registration Certificate

Request

PKI Certificate (CertB)

Public Key (KB)

End User1

1

1

1

1 1

1

1


Authority

1

generated by1 *

refers to refers to

refers to

encrypt1

aggregation binary association

ternary association

produces

Sign

(RC

ertB)


apply for registration certificate

Registration Certificate

Requestgenerate watermark

Registration Certificate Response

obtain PKI certificate

store certificate

End UserEnterprise RegistrationAuthority

Watermark AcquisitionWatermark Acquisition

activities

data objects


WatermarkedDocumentAcquisition

Policy ViolationResolution

encrypt X” by EKB

Evidence Response

(σ, RCertB)

discover a sensitive document (X”)

Policy Enforcer Document Provider

retrieve the request identifier (V) from X”

retrieve permutation function σ and registration certificate (RCertB)

send evidence σ & RCertB

Encrypted Document

EKB(X”)

data objects

activities

Evidence Request

(X”)

submit X”

retrieve public key EKB retrieve encryptedwatermark EKB(W)

apply permutationfunction σ

Permutated Encrypted Watermark

EKB(σW)

detect existence of EKB(σW) in EKB(X”)

[no]

X” originates from theend user of RCertB

[yes]


Implementation ArchitectureImplementation Architecture


Authority

Request Registration Certificate

Deliver Registration Certificate

Encrypted

watermarked

document

DocumentRegistryLook up

document access information and policy

Check out

Reg

iste

r do

cum

ent

acce

ss in

form

atio

n an

d po

licy

End UserCheck in document with registration certificate

Store and retrieve document access history

Deliver permutation function and registration certificate

Submit

susp

ected

docu

ment

reque

st fo

r evid

ence

Document Access Log

Document Serverof the Provider

Policy Enforcer

Certificate Repository

Maintain directories of valid and revoked Registration Certificates


Version (of Registration Certificate Format)

Registration Certificate Serial Number

Signature Algorithm Identifier (for Certificate Issuer’s Signature)

Issuer Name

Validity Period (Start and Expiry Dates/Times)

Subject Name

Roles

Subject’s Public Key information (Algorithm Identifier & Public Key Value)

One-Way Hash Value of Encrypted Secret Text

Encrypted Image Watermark & Watermarking Algorithm Identifiers

Encrypted Audio Watermark & Watermarking Algorithm Identifiers

Encrypted Video Watermark & Watermarking Algorithm Identifiers

Issuer’s Digital Signature

Option

alFormat of Registration Certificate


ConclusionConclusionWe have proposed a distribution protocol We have proposed a distribution protocol and its infrastructure for watermarked and its infrastructure for watermarked documentsdocuments features with two roles: end users and features with two roles: end users and

document providers;document providers; does not require trusts on these parties in the does not require trusts on these parties in the

protection and distribution of watermarks; protection and distribution of watermarks; assumes a trusted enterprise registration assumes a trusted enterprise registration

authority and the use of registration authority and the use of registration certificatescertificates


Future WorkFuture WorkStudy the effectiveness of our protocol with respect Study the effectiveness of our protocol with respect to various watermarking schemesto various watermarking schemes

Adapt the techniques to digital contents in Adapt the techniques to digital contents in JPEG2000 formatJPEG2000 format

Study the integration of watermarking protocols and Study the integration of watermarking protocols and inter-organizational workflows [1,2,3] and e-inter-organizational workflows [1,2,3] and e-marketplace negotiations [4]marketplace negotiations [4]

1. S.C. Cheung, Dickson K.W. Chiu and Sven Till, A Data-Driven Methodology to Extending Workflows to E-services over the Internet (HICSS-36), January 2003.

2. Dickson K.W. Chiu, S.C. Cheung and Sven Till, A Three Layer Architecture for E-Contract Enforcement in an E-Service Environment (HICSS-36), January 2003.

3. Dickson K.W. Chiu, Wesley C.W. Chan, Gary K.W. Lam, S.C. Cheung and Franklin T. Luk, An Event Driven Approach to Customer Relationship Management in e-Brokerage Industry (HICSS-36), January 2003.

4. S.C. Cheung, Patrick C.K. Hung and Dickson K.W. Chiu, On the e-Negotiation of Unmatched Logrolling Views (HICSS-36), January 2003.

Questions and AnswersQuestions and Answers

[email protected]@cs.ust.hk

[email protected]@cse.cuhk.hk


Supplementary Slides (Q&A)Supplementary Slides (Q&A)Permutation functionPermutation functionvoid permutefunc(VLONG wmark[], int size, int seed)void permutefunc(VLONG wmark[], int size, int seed){{

int i, index1, index2;int i, index1, index2;srand(seed);srand(seed);for (i=0; i < rand() % 100 + 50)for (i=0; i < rand() % 100 + 50) // min. 50 times, max 150 times// min. 50 times, max 150 times{{

VLONG tmp;VLONG tmp;index1=rand()%size;index1=rand()%size;index2=rand()%size;index2=rand()%size;// swap the two watermark coefficient// swap the two watermark coefficienttmp = wmark[index1];tmp = wmark[index1];wmark[index1]=wmark[index2];wmark[index1]=wmark[index2];wmark[index2]=tmp;wmark[index2]=tmp;

}}} }


Supplementary Slides (Q&A)Supplementary Slides (Q&A)

Watermark generation and insertion Watermark generation and insertion Privacy homomorphismPrivacy homomorphism

If the watermark insertion operation is:If the watermark insertion operation is: XXW = { xW = { x11(1+αw(1+αw11), x), x22(1+αw(1+αw22),…, x),…, x10001000(1+αw(1+αw10001000)})}

Then we have,Then we have, (E(E((xx)) E E((yy)) mod n = )) mod n = EE((x x y y) )

Therefore we can insert watermark in the Therefore we can insert watermark in the encrypted domain:encrypted domain:

EEKBKB(X’(X’σ(W)) = Eσ(W)) = EKBKB(X’) (X’) σ(Eσ(EKBKB(W)) (W))

Date post:	22-Dec-2015
Category:	Documents
View:	213 times
Download:	0 times