HICSS 36 A Watermarking Infrastructure for Enterprise Document Management Presenter S.C. Cheung [email protected] Department of Computer Science Hong Kong University of Science and Technology Co-author Dickson K.W.
Download ReportTranscript HICSS 36 A Watermarking Infrastructure for Enterprise Document Management Presenter S.C. Cheung [email protected] Department of Computer Science Hong Kong University of Science and Technology Co-author Dickson K.W.
HICSS 36 A Watermarking Infrastructure for Enterprise Document Management Presenter S.C. Cheung [email protected] Department of Computer Science Hong Kong University of Science and Technology Co-author Dickson K.W. Chiu [email protected] Outline Digital Watermarking Document Distribution Infrastructure Three Phases of Document Distribution Protocol Acquisition of Registration Certificates Acquisition of Documents Resolution of Policy Violation Conclusion & Future Work HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 2 Introduction Enterprise document management across a large enterprise is difficult. Sensitive documents often found in photocopier rooms or public folders at file servers Why? It involves both digital and non-digital forms. It covers both automated and manual procedures. It requires a truly distributed solution. It supports multimedia format. It must be flexible, allowing individual group to refine its own policies. It should protect privacy wherever applicable. HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 3 Introduction We propose the use of digital watermarking to enforce enterprise document distribution policy. End User HICSS36 - scc Document provider disseminates Document Provider watermarked documents based on the registration certificate submitted by end user A Watermarking Infrastructure for Enterprise Document Management 4 Digital Watermarking (Overview) Two common applications of digital watermarking: Identify and claim the copyrights ownership Identify the origin of illegal distribution Watermarks are exclusively owned by individuals. HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 5 Digital Watermarking is originated from Steganography HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 6 Principle of Digital Watermarking insertion HICSS36 - scc detection A Watermarking Infrastructure for Enterprise Document Management 7 Key Issues in Watermarked Document Distribution Protocol Phases Issues Registration Certificate Acquisition - Secrecy of watermarks Watermarked Document Acquisition - End users cannot be trusted - Document providers cannot be trusted Policy Violation Resolution - End users cannot be trusted - Document providers cannot be trusted HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 8 Problem Identify the origin of illegal distribution End user owning the origin is liable End user’s watermark is analogous to a private key Could we protect end user’s watermark in document distribution to prevent others (including the document provider) from abusing the watermark? HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 9 Solution Sketch End users need not release their watermarks Instead, end users release an encrypted version of their watermarks So, how does a document provider validate an encrypted watermark? Trusted Enterprise Registration Authority Use registration certificate to protect the integrity of encrypted watermark HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 10 Watermarked Document Distribution Infrastructure Enterprise Registration Authority Obtain Once Policy enforcer collects evidence of policy violation from document provider Policy Enforcer Enterprise registration authority generates registration certificate for end user Document provider disseminates watermarked documents based on the registration certificate submitted by end user End User HICSS36 - scc Document Provider A Watermarking Infrastructure for Enterprise Document Management 11 Object Model of Registration Certificate Registration Certificate Request Enterprise Registration Authority aggregation 1 PKI Certificate (CertB) 1 1 generated by * binary association 1 refers to refers to 1 End User Sign(RCertB) 1 Registration Certificate Response 1 1 Registration Certificate (RCertB) Watermark (W) 1 ternary association 1 produces Public Key (KB) encrypt 1 Encrypted Watermark EKB(W) refers to HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 12 Watermark Acquisition Enterprise Registration Authority End User obtain PKI certificate activities apply for registration certificate generate watermark Registration Certificate Request data objects Registration Certificate Response store certificate HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 13 End User Document Provider Registration Certificate RCertB verify submit request Watermarked Document Acquisition generate request identifier (V) activities update license database with V synchronization bar decrypt contents Decrypted Watermarked Contents (X’ σW) HICSS36 - scc data objects encrypt contents permutate watermark Encrypted Contents EKB(X’) Permutated Watermark EKB(σW) Encrypted Watermarked Contents A Watermarking forinsert encrypted watermark EKB(X’ Infrastructure σW) Enterprise Document Management 14 Policy Enforcer Document Provider discover a sensitive document (X”) Evidence Request (X”) submit X” activities retrieve encrypted watermark EKB(W) retrieve permutation function σ and registration certificate (RCertB) send evidence σ & RCertB retrieve public key EKB apply permutation function σ encrypt X” by EKB Permutated Encrypted Watermark EKB(σW) Encrypted Document EKB(X”) detect existence of EKB(σW) in EKB(X”) [no] retrieve the request identifier (V) from X” [yes] Evidence Response (σ, RCertB) data objects X” originates from the end user of RCertB Policy Violation Resolution Implementation Architecture Maintain directories of valid and revoked Registration Certificates Look up document access information and policy Document Registry Register document access information and policy Certificate Repository Request Registration Certificate Policy Enforcer Deliver Registration Certificate Enterprise Registration Authority Deliver permutation function and registration certificate End User Document Access Log Document Server of the Provider HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Store and retrieve document access history 16 Format of Registration Certificate Version (of Registration Certificate Format) Registration Certificate Serial Number Signature Algorithm Identifier (for Certificate Issuer’s Signature) Issuer Name Validity Period (Start and Expiry Dates/Times) Subject Name Roles Subject’s Public Key information (Algorithm Identifier & Public Key Value) One-Way Hash Value of Encrypted Secret Text Encrypted Audio Watermark & Watermarking Algorithm Identifiers Encrypted Video Watermark & Watermarking Algorithm Identifiers Optional Encrypted Image Watermark & Watermarking Algorithm Identifiers Issuer’s Digital Signature HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 17 Conclusion We have proposed a distribution protocol and its infrastructure for watermarked documents features with two roles: end users and document providers; does not require trusts on these parties in the protection and distribution of watermarks; assumes a trusted enterprise registration authority and the use of registration certificates HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 18 Future Work Study the effectiveness of our protocol with respect to various watermarking schemes Adapt the techniques to digital contents in JPEG2000 format Study the integration of watermarking protocols and inter-organizational workflows [1,2,3] and emarketplace negotiations [4] 1. 2. 3. 4. S.C. Cheung, Dickson K.W. Chiu and Sven Till, A Data-Driven Methodology to Extending Workflows to Eservices over the Internet (HICSS-36), January 2003. Dickson K.W. Chiu, S.C. Cheung and Sven Till, A Three Layer Architecture for E-Contract Enforcement in an E-Service Environment (HICSS-36), January 2003. Dickson K.W. Chiu, Wesley C.W. Chan, Gary K.W. Lam, S.C. Cheung and Franklin T. Luk, An Event Driven Approach to Customer Relationship Management in e-Brokerage Industry (HICSS-36), January 2003. S.C. Cheung, Patrick C.K. Hung and Dickson K.W. Chiu, On the e-Negotiation of Unmatched Logrolling Views (HICSS-36), January 2003. HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 19 Questions and Answers [email protected] [email protected] Supplementary Slides (Q&A) Permutation function void permutefunc(VLONG wmark[], int size, int seed) { int i, index1, index2; srand(seed); for (i=0; i < rand() % 100 + 50) // min. 50 times, max 150 times { VLONG tmp; index1=rand()%size; index2=rand()%size; // swap the two watermark coefficient tmp = wmark[index1]; wmark[index1]=wmark[index2]; wmark[index2]=tmp; } } HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management 21 Supplementary Slides (Q&A) Watermark generation and insertion Privacy homomorphism If the watermark insertion operation is: XW = { x1(1+αw1), x2(1+αw2),…, x1000(1+αw1000)} Then we have, (E(x) E(y)) mod n = E(x y) Therefore we can insert watermark in the encrypted domain: HICSS36 - scc EKB(X’σ(W)) = EKB(X’) σ(EKB(W)) A Watermarking Infrastructure for Enterprise Document Management 22