A Watermarking Infrastructure For Enterprise Document Management

A Watermarking Infrastructure for Enterprise Document Management
PRESETED BY PANKAJ SHARMA
Outline
Digital Watermarking Document Distribution Infrastructure Three Phases of Document Distribution Protocol

Acquisition of Registration Certificates Acquisition of Documents Resolution of Policy Violation
Conclusion & Future Work

HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 2
Introduction
Enterprise document management across a large enterprise is difficult.
Sensitive documents often found in photocopier rooms or public folders at file servers
Why?

It involves both digital and non-digital forms. It covers both automated and manual procedures. It requires a truly distributed solution. It supports multimedia format. It must be flexible, allowing individual group to refine its own policies.
It should protect privacy wherever applicable.

A Watermarking Infrastructure for Enterprise Document Management 3
HICSS36 - scc
Introduction
We propose the use of digital watermarking to enforce enterprise document distribution policy.
End User
Document provider disseminates Document Provider watermarked documents based on the registration certificate submitted by end user
HICSS36 - scc
Digital Watermarking (Overview)

Two common applications of digital watermarking:
Identify and claim the copyrights ownership

Identify the origin of illegal distribution
Watermarks are exclusively owned by individuals.
HICSS36 - scc
Digital Watermarking is originated from Steganography
HICSS36 - scc
Principle of Digital Watermarking

insertion detection
HICSS36 - scc
Key Issues in Watermarked Document Distribution Protocol

Phases
Registration Certificate Acquisition Watermarked Document Acquisition Policy Violation Resolution
Issues
- Secrecy of watermarks
- End users cannot be trusted - Document providers cannot be trusted - End users cannot be trusted - Document providers cannot be trusted
HICSS36 - scc
Problem
Identify the origin of illegal distribution End user owning the origin is liable End users watermark is analogous to a private key Could we protect end users watermark in document distribution to prevent others (including the document provider) from abusing the watermark?
Solution Sketch
End users need not release their watermarks Instead, end users release an encrypted version of their watermarks So, how does a document provider validate an encrypted watermark? Trusted Enterprise Registration Authority Use registration certificate to protect the integrity of encrypted watermark
Watermarked Document Distribution Infrastructure

Enterprise Registration Authority Policy Enforcer Enterprise registration authority generates registration certificate for end user Document provider disseminates watermarked documents based on the registration certificate submitted by end user Policy enforcer collects evidence of policy violation from document provider
HICSS36 - scc
Obtain Once
End User
Document Provider
11
Object Model of Registration Certificate

1
Sign(RCertB)
Registration Certificate Request

aggregation
1
Enterprise Registration Authority
generated by *
Registration Certificate Response

1
binary association
1 refers to
PKI Certificate (CertB)

1
refers to 1
End User
1
Watermark (W)
Registration Certificate (RCertB)

1 produces
ternary association encrypt

refers to
Public Key (KB)

1
Encrypted Watermark EKB(W)
HICSS36 - scc
12
Watermark Acquisition
Enterprise Registration Authority End User
obtain PKI certificate

activities
apply for registration certificate
generate watermark
Registration Certificate Request

data objects
Registration Certificate Response
store certificate
End User
Registration Certificate RCertB
Document Provider
verify
submit request
Watermarked Document Acquisition

decrypt contents
generate request identifier (V) activities update license database with V synchronization bar encrypt contents permutate watermark
Decrypted Watermarked Contents (X W)
Encrypted Contents EKB(X)
Permutated Watermark EKB(W)
HICSS36 - scc
data objects
Enterprise Document Management
Encrypted Watermarked Contents A Watermarking Infrastructure for insert encrypted watermark EKB(X W)
14
Policy Enforcer
Document Provider
discover a sensitive document (X)
Evidence Request (X)
retrieve the request identifier (V) from X
submit X activities
retrieve permutation function and registration certificate (RCertB) send evidence & RCertB
retrieve encrypted watermark EKB(W)

apply permutation function
Permutated Encrypted Watermark EKB(W)
retrieve public key EKB
Evidence Response (, RCertB)
encrypt X by EKB
Encrypted Document EKB(X)
data objects
Policy Violation Resolution
detect existence of EKB(W) in EKB(X) [no]
[yes]
X originates from the end user of RCertB
Implementation Architecture
Certificate Repository
Maintain directories of valid and revoked Registration Certificates Request Registration Certificate Look up document access information and policy
Document Registry
Register document access information and policy
Policy Enforcer
Deliver Registration Certificate
Enterprise Registration Authority
End User
Deliver permutation function and registration certificate
Document Server of the Provider

HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management
Store and retrieve document access history
Document Access Log
16
Format of Registration Certificate
Version (of Registration Certificate Format)

Registration Certificate Serial Number Signature Algorithm Identifier (for Certificate Issuers Signature) Issuer Name
Validity Period (Start and Expiry Dates/Times)

Subject Name Roles Subjects Public Key information (Algorithm Identifier & Public Key Value) One-Way Hash Value of Encrypted Secret Text Encrypted Image Watermark & Watermarking Algorithm Identifiers Encrypted Audio Watermark & Watermarking Algorithm Identifiers Encrypted Video Watermark & Watermarking Algorithm Identifiers
Optional
Issuers Digital Signature

Conclusion
We have proposed a distribution protocol and its infrastructure for watermarked documents
features with two roles: end users and document providers; does not require trusts on these parties in the protection and distribution of watermarks; assumes a trusted enterprise registration authority and the use of registration certificates
HICSS36 - scc
18
Future Work
Study the effectiveness of our protocol with respect to various watermarking schemes Adapt the techniques to digital contents in JPEG2000 format Study the integration of watermarking protocols and inter-organizational workflows [1,2,3] and emarketplace negotiations [4]
1.
2. 3. 4.
S.C. Cheung, Dickson K.W. Chiu and Sven Till, A Data-Driven Methodology to Extending Workflows to Eservices over the Internet (HICSS-36), January 2003. Dickson K.W. Chiu, S.C. Cheung and Sven Till, A Three Layer Architecture for E-Contract Enforcement in an E-Service Environment (HICSS-36), January 2003. Dickson K.W. Chiu, Wesley C.W. Chan, Gary K.W. Lam, S.C. Cheung and Franklin T. Luk, An Event Driven Approach to Customer Relationship Management in e-Brokerage Industry (HICSS-36), January 2003. S.C. Cheung, Patrick C.K. Hung and Dickson K.W. Chiu, On the e-Negotiation of Unmatched Logrolling Views (HICSS-36), January 2003.
Questions and Answers

scc@cs.ust.hk kwchiu@cse.cuhk.hk
Supplementary Slides (Q&A)

Permutation function
void permutefunc(VLONG wmark[], int size, int seed) { int i, index1, index2; srand(seed); for (i=0; i < rand() % 100 + 50) // min. 50 times, max 150 times { VLONG tmp; index1=rand()%size; index2=rand()%size; // swap the two watermark coefficient tmp = wmark[index1]; wmark[index1]=wmark[index2]; wmark[index2]=tmp; } }
Supplementary Slides (Q&A)

Watermark generation and insertion Privacy homomorphism
If the watermark insertion operation is:
XW = { x1(1+w1), x2(1+w2),, x1000(1+w1000)} (E(x) E(y)) mod n = E(x y)
Then we have,
Therefore we can insert watermark in the encrypted domain:
EKB(X(W)) = EKB(X) (EKB(W))
HICSS36 - scc
22

A Watermarking Infrastructure For Enterprise Document Management

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

A Watermarking Infrastructure For Enterprise Document Management

Încărcat de

Drepturi de autor:

Formate disponibile

A Watermarking Infrastructure for Enterprise Document Management

PRESETED BY PANKAJ SHARMA

Acquisition of Registration Certificates Acquisition of Documents Resolution of Policy Violation

Conclusion & Future Work

It should protect privacy wherever applicable.

Digital Watermarking (Overview)

Identify and claim the copyrights ownership

Watermarks are exclusively owned by individuals.