asymptotically false-positive- maximizing attack on non-binary tardos codes antonino simone and...
TRANSCRIPT
Asymptotically false-positive-maximizing attack on non-binary Tardos codes
Antonino Simone and Boris Škorić
Eindhoven University of Technology
IH 2011, May 2011
2
OutlineForensic watermarking
◦Collusion attacksq-ary Tardos schemeNew parameterization of attack
strategyAccusation-minimizing attackPerformance of the Tardos scheme
◦False accusation probabilityResults & Summary
3
Forensic Watermarking
Embedder Detector
originalcontent
payload
content withhidden payload
WM secrets
WM secrets
payload
originalcontent
Payload = some secret code indentifying the recipient
ATTACK
4
Collusion attacks
A B A C
C A A A
A B A B
AC
AB
A ABC
"Coalition of pirates"Symbols received by pirates
Symbols allowed
“Restricted Digit Model”
5
AimTrace at least one pirate from detected watermark
BUTResist large coalition
longer codeLow probability of innocent accusation (FP) (critical!)
longer codeLow probability of missing all pirates (FN) (not critical) longer codeANDLimited bandwidth available for watermarking code
6
n users
embeddedsymbols
m content segments
Symbols allowed
Symbol biases
drawn from distribution
F
watermarkafter attack
A B C B
A C B A
B B A C
B A B A
A B A C
C A A A
A B A B
biases
AC
AB
A ABC
p1A
p1B
p1C
p2A
p2B
p2C
piA
piB
piC
pm
A
pm
B
pm
C
c pirates
q-ary Tardos scheme (2008)
• Arbitrary alphabet size q
• Dirichlet distribution F
• Symbol-symmetric
A B C B
A C B A
B B A C
B A B A
A B A C
C A A A
A B A B
7
Tardos scheme (cont.)Accusation:
• Every user gets a score
• User is accused if score > threshold
• Sum of scores per content segment
• Given that pirates create y in segment i:
• Symbol-symmetric
g0(p)
g1(p)
p
p
8
Accusation probabilitiesm = code length
c = #pirates
μ̃E = expected coalition score per segment
Pirates want to minimize μ̃E and make the innocent tail longer
Curve shapes depend on: F, g0, g1 (fixed ‘a
priori’) Code length # pirates Pirate strategy
Method to compute innocent curve [Simone+Škorić 2010]Big m innocent curve goes to Gaussian
threshold
total score (scaled)
innocent guilty
9
New parameterization of attack strategy
Symbol-symmetric only symbol occurrences matter
Notation: α = # α in segmentc pirates α α = c
For every segment:
New attack parameterization that does not refer to symbols:
10
New parameterization of attack strategy (cont.)
Due to the marking assumption, K0=0 and Kc=1
Kb can be pre-computed faster computation
Thanks to the new parameterization, we can write
Which strategy minimizes μ̃E?
])1[(
)2/1]1[(
)(
)2/1()1(
2
1)(
)(]Pr[~1
qbc
qbc
b
bcq
c
bbT
bTKbqc
bb
11
μ̃E-minimizing attack
For each , the attack outputs the symbol y s. t. its occurrence value y minimizes T(b) (i. e. T(y)T() for each )
12
T(b) analysisStrong influence of parameter
More interesting case:
Majority voting
Minority voting
13
ResultsGaussian approximation
14
Results (cont.)Gaussian approximation
15
SummaryResults: simple decoder accusation method in the
Restricted Digit Model new parameterization of the attack strategy μ̃E-minimizing attack is the strongest attack in
asymptotic regime◦ not optimal attack for small coalitions
parameter has a strong effect For q>2 code length becomes better than for q=2,
but only if c is large enough! The larger q is, the larger c must be to obtain a
code shorter than the case q=2
Thank you for your attention!