Digital Watermarking

Unit-3
 What is a watermark ?
What is a watermark ? A distinguishing mark impressed on
paper during manufacture; visible when paper is held up to
the light (e.g. INR Bill)

the way to protect Multimedia files

 Digital Watermarking?

◼ Allows users to embed SPECIAL PATTERN or SOME

DATA into digital contents without changing its
perceptual quality.
◼ When data is embedded, it is not written at HEADER
PART but embedded directly into digital media itself
by changing media contents data
◼ Watermarking is a key process for the PROTECTION
of copyright ownership of electronic data.
 Types of Watermarking
◼ Invisible/Inaudible
◼ Information is embedded without digital content degradation,
because of the level of embedding operation is too small for
human to notice the change.
◼ Inseparable
◼ The embedded information can survive after some
processing, compression and format transformation.
◼ Unchanging data file size
◼ Data size of the media is not changed before and after
embedding operation because information is embedded
directly into the media.
 CLASSIFICATION OF
WATERMARK
◼ According to Human Perception
◼ Invisible
◼ Visible

◼ According to Robustness
◼ Fragile
◼ Semi fragile
◼ Robust

◼ According to types of Document

◼ Text
◼ Image
◼ Audio
◼ Video
 Visible Watermark
• Logo or seal of the organization which holds the
rights to the primary image, it allows the primary
image to be viewed, but still visible it clearly as the
property of the owning organization.

• Overlay the watermark in such a way that makes it

difficult to remove, if the goal of indicating property
rights is to be achieved.
 Invisible Watermark
• Embedding level is too small to notice
• Can be retrieved by extraction software
• Applications:
– Authentication
– Copyrighting
– Etc…
Invisible Watermark
CLASSIFICATION BY
“ROBUSTNESS”
 Fragile/Semi Fragile/Robust
• A watermark is called fragile if it fails to be
detected after the slightest modification.
• A watermark is called semi-fragile if it resists
beginning transformations but fails detection
after malignant transformations.
• A watermark is called robust if it resists a
designated class of transformations.
Public Key Cryptography

Unit-3
Public Key Authentication
 Public Key Requirements
1. computationally easy to create key pairs
2. computationally easy for sender knowing public key to
encrypt messages
3. computationally easy for receiver knowing private key to
decrypt ciphertext
4. computationally infeasible for opponent to determine private
key from public key
5. computationally infeasible for opponent to otherwise
recover original message
6. useful if either key can be used for each role
 Public Key Algorithms
RSA (Rivest, Shamir, Adleman)
developed in 1977
only widely accepted public-key encryption algorithm
given tech advances need 1024+ bit keys
 RSA
➢ to encrypt a message M the sender:
⚫ obtains public key of recipient PU={e,n}
⚫ computes: C = Me mod n, where 0≤M<n
➢ to decrypt the ciphertext C the owner:
⚫ uses their private key PR={d,n}
⚫ computes: M = Cd mod n
➢ note that the message M must be smaller than
the modulus n (block if needed)
 RSA Key Setup
➢ each user generates a public/private key pair by:
➢ selecting two large primes at random: p, q
➢ computing their system modulus n=p.q
⚫ note ø(n)=(p-1)(q-1)
➢ selecting at random the encryption key e
⚫ where 1<e<ø(n), gcd(e,ø(n))=1

➢ solve following equation to find decryption key d

⚫ e.d=1 mod ø(n) and 0≤d≤n

➢ publish their public encryption key: PU={e,n}

➢ keep secret private decryption key: PR={d,n}
 RSA Example - Key Setup
1. Select primes: p=17 & q=11
2. Calculate n = pq =17 x 11=187
3. Calculate ø(n)=(p–1)(q-1)=16x10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is
d=23 since 23x7=161= 10x160+1
6. Public key PU={7,187}
7. Keep secret private key PR={23,187}
 RSA Example - En/Decryption
➢ sample RSA encryption/decryption is:
➢ given message M = 88 (nb. 88<187)
➢ encryption:
C = 887 mod 187 = 11
➢ decryption:
M = 1123 mod 187 = 88
Progress in Factoring
Symmetric vs. Public-Key
 Digital Signatures
• have looked at message authentication
– but does not address issues of lack of trust
• digital signatures provide the ability to:
– verify author, date & time of signature
– authenticate message contents
– be verified by third parties to resolve disputes
• hence include authentication function with
additional capabilities
 Digital Signature Properties
• must depend on the message signed
• must use information unique to sender
– to prevent both forgery and denial
• must be relatively easy to produce
• must be relatively easy to recognize & verify
• be computationally infeasible to forge
– with new message for existing digital signature
– with fraudulent digital signature for given message
• be practical save digital signature in storage
 Digital Signature Standard (DSS)
• US Govt approved signature scheme FIPS 186
• uses the SHA hash algorithm
• designed by NIST & NSA in early 90's
• DSS is the standard, DSA is the algorithm
• a variant on ElGamal and Schnorr schemes
• creates a 320 bit signature, but with 512-1024 bit
security
• security depends on difficulty of computing discrete
logarithms
 DSA Key Generation
• have shared global public key values (p,q,g):
– a large prime p = 2L
• where L= 512 to 1024 bits and is a multiple of 64
– choose q, a 160 bit prime factor of p-1
– choose g = h(p-1)/q
• where h<p-1, h(p-1)/q (mod p) > 1
• users choose private & compute public key:
– choose x<q
– compute y = gx (mod p)
 DSA Signature Creation
• to sign a message M the sender:
– generates a random signature key k, k<q
– nb. k must be random, be destroyed after use, and
never be reused
• then computes signature pair:
r = (gk(mod p))(mod q)
s = (k-1.SHA(M)+ x.r)(mod q)
• sends signature (r,s) with message M
 DSA Signature Verification
• having received M & signature (r,s)
• to verify a signature, recipient computes:
w = s-1(mod q)
u1= (SHA(M).w)(mod q)
u2= (r.w)(mod q)
v = (gu1.yu2(mod p)) (mod q)
• if v=r then signature is verified
• see book web site for details of proof why
 Unit 3

Cryptographic Protocols
• Arbitrated Protocols
• In a computer protocol arbiter is a trustworthy third party who
ensures fairness. The arbiter might be a person , a program, or a
machine. For example, in a network an arbiter might be a
program running on one machine of the network. The program
receives and forwards messages between users. The user trust
that when the arbiter forwards a message saying it comes from
A, the message really did come from user A.the notion of an
arbiter is the basis for type of secure protocol called an
arbitrated protocol.
Arbitrated Protocols disadvantages
• The two sides may not be able to find a neutral third party that
both sides trust. Suspicious users are rightfully suspicious of
unknown arbiter in a network.
• Maintaining the availability of an arbiter represents a cost to the
users or the network ; that cost may be high.
• Arbitration causes a time delay in communication because a third
party must receive, act on, and then forward every transaction.
• If the arbitration service is heavily used, it may become a
bottleneck in the network as many users try to access a single
arbiter.
• Secrecy becomes weak, because the arbiter has access to much
sensitive information.
• Adjudicated Protocols
Its able to see all sides third party to judge fairness based on
evidences.
Not only can a third party determine whether two parties
acted fairly, that is, within the rules of the protocol, but
third party can also determine who cheated.
Adjudicated protocols involve the services of a third party
only in case of a dispute. Therefore, they are usually less
costly, in terms of machine time or access to a trusted third
party software judge, than arbitrated protocols. However,
adjudicated protocols detect a failure to cooperate only
after the failure has occurred
 Hash Function Requirements
A hash function H must have the following properties:
• H can be applied to a block of data of any size
• H produces a fixed-length output
• H(x) is relatively easy to compute for any given x,
making both hardware and software implementations
practical
• For any given code h, it is computationally infeasible
to find x such that h(x)=h
• For any given block x, it is computationally infeasible
to find yx with h(y)=h(x)
• It is computationally infeasible to find any pair (x, y)
such that h(x)=h(y)
 Message Authentication Using a One-
Message
Way Hash Function

Message

Message
H

Compare
K
H
K
D
E

Using conventional encryption

Message

Message

Message
H

Compare
Kpublic
H
Kprivate
D
E

Using public-key encryption (Digital Signature)

UNIT-3
 Contents
•Information Security Techniques
•Introduction to Cryptography: Terminology, Cryptanalysis, Security of Algorithms
Substitution Cipher and Transposition Cipher, Single XOR, One-Way pad
•Cryptographic Protocols: Arbitrated and Adjudicated Protocol, One-way Hash Function,
Public key cryptography, Digital Signature
•Digital Water marking: Characteristics and Types
Information Security Techniques

Types of IT security
•Network security. Network security is used to
prevent unauthorized or malicious users from
getting inside your network. ...
•Internet security. ...
•Endpoint security. ...
•Cloud security. ...
•Application security.
Cryptography
Terminology of Cryptography
 Types of Security Protocols
• Arbitrated protocols
– Involving a trusted third party
• Adjudicated protocols
– Trusted third party, after the fact
• Self-enforcing protocols
– No trusted third party
 Key Exchange With Symmetric
Encryption and an Arbitrator

• Alice and Bob want to talk securely with a

new key
• They both trust Trent
– Assume Alice & Bob each share a key with
Trent
• How do Alice and Bob get a shared key?
 Step One

KA KB
Alice Bob
Alice
Who knows
Requests
what at this
Session
point?
Key for
Bob KA Trent KB
 Step Two

KA KB
Alice Bob
EKA(KS),
EKB(KS) Who knows
what at this
EKA(KS), point?
EKB(KS)
KA Trent KB
KS
 Step Three

KS KS
KA EKB(KS) KB
Alice Bob
EKA(KS),
EKB(KS) Who knows
what at this
point?

KA Trent KB
KS
 What Has the Protocol Achieved?
• Alice and Bob both have a new session key
• The session key was transmitted using keys
known only to Alice and Bob
• Both Alice and Bob know that Trent
participated
• But there are vulnerabilities
 Problems With the Protocol
• What if the initial request was grabbed by
Mallory?
• Could he do something bad that ends up
causing us problems?
• Yes!
 The Man-in-the-Middle Attack
• A class of attacks where an active attacker
interposes himself secretly in a protocol
• Allowing alteration of the effects of the
protocol
• Without necessarily attacking the encryption
 Applying the Man-in-the-Middle
Attack

KA KB
Alice KM
Bob
Mallory
Alice
Alice Who knows what at
this point?
Requests
Requests More precisely, what do
they think they know?
Session
Session
Key for
Key for
Mallory
Bob KA Trent KB
KM
 Trent Does His Job

KA KB
Alice KM
Bob
EKA(KS), Mallory
EKM(KS)

KA Trent KB
KM
 Alice Gets Ready to Talk to Bob
EKM(KS)
KS
KA KB
Alice KM
Bob
Mallory
KS EKM(KS) EKM(KS) Mallory can now
masquerade as
Bob

KA Trent KB
KM
 Really Getting in the Middle

KA KB
Alice KM
Bob KS1
EKM(KS1), Mallory KS
KS EKB(KS1) KS1 EKB(KS1)

Mallory can also

ask Trent for a
key to talk to Trent
KA KB
Bob KM
 Mallory Plays Man-in-the-Middle

Alice Bob KS1

Mallory KS
KS K Alice’s big secret
EKS (Alice’s big secret) S1
Bob’s big secret
Alice’s big secret EKS1(Alice’s big secret)
EKS(Alice’s big secret) EKS1(Bob’s big secret)
EKS1(Bob’s big secret)
EKS(Bob’s big secret) EKS(Bob’s big secret)
Bob’s big secret
Alice’s big secret
Bob’s big secret
 Data Encryption Standard (DES)

• Goal of DES is to completely scramble the data

and key so that every bit of cipher text depends
on every bit of data and ever bit of key
• DES is a block Cipher Algorithm
– Encodes plaintext in 64 bit chunks
– One parity bit for each of the 8 bytes thus it reduces
to 56 bits
• It is the most used algorithm
– Standard approved by US National Bureau of Standards
for Commercial and nonclassified US government use
in 1993
Data Encryption Standard (DES)
 Symmetric Encryption – Limitations
• Any exposure to the secret key compromises secrecy of
ciphertext
• A key needs to be delivered to the recipient of the coded
message for it to be deciphered
– Potential for eavesdropping attack during transmission of key
 Asymmetric Encryption
• Uses a pair of keys for encryption
– Public key for encryption
– Private key for decryption
• Messages encoded using public key can only be decoded by the
private key
– Secret transmission of key for decryption is not required
– Every entity can generate a key pair and release its public key

Plain Text Cipher Text Plain Text

Cipher Cipher

Public Key Private Key

 Asymmetric Encryption
• Two most popular algorithms are RSA & El Gamal
– RSA
• Developed by Ron Rivest, Adi Shamir, Len Adelman
• Both public and private key are interchangeable
• Variable Key Size (512, 1024, or 2048 bits)
• Most popular public key algorithm
– El Gamal
• Developed by Taher ElGamal
• Variable key size (512 or 1024 bits)
• Less common than RSA, used in protocols like PGP
 Asymmetric Encryption - RSA
• Choose two large prime numbers p & q
• Compute n=pq and z=(p-1)(q-1)
• Choose number e, less than n, which has no common factor (other
than 1) with z
• Find number d, such that ed – 1 is exactly divisible by z Keys are
generated using n, d, e
– Public key is (n,e)
– Private key is (n, d)
• Encryption: c = me mod n
– m is plain text
– c is cipher text
• Decryption: m = cd mod n
• Public key is shared and the private key is hidden
 Asymmetric Encryption - Weaknesses
• Efficiency is lower than Symmetric Algorithms
– A 1024-bit asymmetric key is equivalent to 128-bit
symmetric key
• Potential for eavesdropping attack during transmission of
key
• It is problematic to get the key pair generated for the
encryption