New attacks on SARI image authentication system

The image authentication system SARI proposed by Lin and Chang passes JPEG compression and rejects other malicious manipulations. Some vulnerabilities of the system have been reported recently. In this paper, we propose two new attacks that can compromise the SARI system. The first attack is called a histogram attack which modifies DCT coefficients yet maintains the same relationship between any two DCT coefficients and the same mean values of DCT coefficients. Such a modified image can pass the SARI authentication system. The second attack is an oracle attack which uses an oracle to efficiently find the secret pairs used by SARI in its signature generation. A single image plus an oracle is needed to launch the oracle attack. Fixes to thwart the proposed attacks are also proposed in this paper.

[1]  E M Van Buskirk,et al.  When seeing isn't believing. , 1997, Journal of glaucoma.

[2]  A.H. Tewfik,et al.  When seeing isn't believing [multimedia authentication technologies] , 2004, IEEE Signal Processing Magazine.

[3]  Shih-Fu Chang,et al.  A robust image authentication method distinguishing JPEG compression from malicious manipulation , 2001, IEEE Trans. Circuits Syst. Video Technol..

[4]  Shih-Fu Chang,et al.  Semifragile watermarking for authenticating JPEG visual content , 2000, Electronic Imaging.

[5]  Reihaneh Safavi-Naini,et al.  On (In)security of "A Robust Image Authentication Method" , 2002, IEEE Pacific Rim Conference on Multimedia.

[6]  Regunathan Radhakrishnan,et al.  On the security of the digest function in the SARI image authentication system , 2002, IEEE Trans. Circuits Syst. Video Technol..

[7]  Van Buskirk Em When seeing isn't believing. , 1997, Journal of glaucoma.

[8]  Chien-Chang Chen,et al.  Robust image authentication method surviving JPEG lossy compression , 1997, Electronic Imaging.

[9]  Mitchell D. Swanson,et al.  Multimedia Authentication and Watermarking , 2003 .

[10]  Regunathan Radhakrishnan,et al.  On the security of the SARI image authentication system , 2001, Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205).

[11]  Shih-Fu Chang,et al.  A new semi-fragile image authentication framework combining ECC and PKI infrastructures , 2002, 2002 IEEE International Symposium on Circuits and Systems. Proceedings (Cat. No.02CH37353).