Security of Invertible Media Authentication Schemes Revisited

Dittmann, Katzenbeisser, Schallhart and Veith (SEC 2005) introduced the notion of invertible media authentication schemes, embedding authentication data in media objects via invertible watermarks. These invertible watermarks allow to recover the original media object (given a secret encryption key), as required for example in some medical applications where the distortion must be removable. Here we revisit the approach of Dittmann et al. from a cryptographic viewpoint, clarifying some important aspects of their security definitions. Namely, we first discuss that their notion of unforgeability may not suffice in all settings, and we therefore propose a strictly stronger notion. We then show that the basic scheme suggested by Dittmann et al. achieves our notion if instantiated with the right cryptographic primitives. Our proof also repairs a flaw in the original scheme, pointed out by Hopper, Molnar and Wagner (TCC 2007). We finally address the issue of secrecy of media authentication schemes, basically preventing unauthorized recovering of the original media object without the encryption key. We give a rigorous security statement (that is, the best security guarantee we can achieve) and prove again that the scheme by Dittmann et al. meets this security level if the right cryptographic building blocks are deployed. Together our notions of unforgeability and of secrecy therefore give very strong security guarantees for such media authentication schemes.

[1]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, ASIACRYPT.

[2]  Ahmed H. Tewfik,et al.  Transparent robust image watermarking , 1996, Proceedings of 3rd IEEE International Conference on Image Processing.

[3]  Stefan Katzenbeisser,et al.  Provably Secure Authentication of Digital Media Through Invertible Watermarks , 2004, IACR Cryptol. ePrint Arch..

[4]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[5]  Marc Fischlin The Cramer-Shoup Strong-RSASignature Scheme Revisited , 2003, Public Key Cryptography.

[6]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[7]  Jana Dittmann,et al.  Malicious attacks on media authentication schemes based on invertible watermarks , 2004, IS&T/SPIE Electronic Imaging.

[8]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[9]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[10]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[11]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[12]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[13]  Stefan Katzenbeisser,et al.  Ensuring Media Integrity on Third-Party Infrastructures , 2005, SEC.

[14]  Minerva M. Yeung,et al.  Invisible watermarking for image verification , 1998, J. Electronic Imaging.

[15]  David A. Wagner,et al.  From Weak to Strong Watermarking , 2007, TCC.

[16]  D. Boneh,et al.  Short Signatures from the Weil Pairing , 2001, Journal of Cryptology.

[17]  Brent Waters,et al.  Strongly Unforgeable Signatures Based on Computational Diffie-Hellman , 2006, Public Key Cryptography.

[18]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[19]  Jessica J. Fridrich,et al.  Lossless Data Embedding—New Paradigm in Digital Watermarking , 2002, EURASIP J. Adv. Signal Process..