Results 1  10
of
172
CollusionSecure Fingerprinting for Digital Data
 IEEE Transactions on Information Theory
, 1996
"... This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (e.g., software, documents, and images). Fingerprinting consists of uniquely marking and registering each copy of the data. This marking allows a distributor to detect any unauthorized copy and trac ..."
Abstract

Cited by 353 (1 self)
 Add to MetaCart
This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (e.g., software, documents, and images). Fingerprinting consists of uniquely marking and registering each copy of the data. This marking allows a distributor to detect any unauthorized copy and trace it back to the user. This threat of detection will hopefully deter users from releasing unauthorized copies. A problem arises when users collude: For digital data, two different fingerprinted objects can be compared and the differences between them detected. Hence, a set of users can collude to detect the location of the fingerprint. They can then alter the fingerprint to mask their identities. We present a general fingerprinting solution which is secure in the context of collusion. In addition, we discuss methods for distributing fingerprinted data. 1 Introduction Fingerprinting is an old cryptographic technique. For instance, several hundred years ago logarithm tables were protec...
An InformationTheoretic Model for Steganography
, 1998
"... An informationtheoretic model for steganography with passive adversaries is proposed. The adversary's task of distinguishing between an innocentcover message C and a modified message S containing a secret part is interpreted as a hypothesis testing problem. The security of a steganographic sys ..."
Abstract

Cited by 267 (3 self)
 Add to MetaCart
An informationtheoretic model for steganography with passive adversaries is proposed. The adversary's task of distinguishing between an innocentcover message C and a modified message S containing a secret part is interpreted as a hypothesis testing problem. The security of a steganographic system is quantified in terms of the relative entropy (or discrimination) between PC and PS . Several secure steganographic schemes are presented in this model; one of them is a universal information hiding scheme based on universal data compression techniques that requires no knowledge of the covertext statistics.
Revocation and Tracing Schemes for Stateless Receivers
, 2001
"... Abstract. We deal with the problem of a center sending a message to a group of users such that some subset of the users is considered revoked and should not be able to obtain the content of the message. We concentrate on the stateless receiver case, where the users do not (necessarily) update their ..."
Abstract

Cited by 248 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We deal with the problem of a center sending a message to a group of users such that some subset of the users is considered revoked and should not be able to obtain the content of the message. We concentrate on the stateless receiver case, where the users do not (necessarily) update their state from session to session. We present a framework called the SubsetCover framework, which abstracts a variety of revocation schemes including some previously known ones. We provide sufficient conditions that guarantees the security of a revocation algorithm in this class. We describe two explicit SubsetCover revocation algorithms; these algorithms are very flexible and work for any number of revoked users. The schemes require storage at the receiver of log N and 1 2 log2 N keys respectively (N is the total number of users), and in order to revoke r users the required message lengths are of r log N and 2r keys respectively. We also provide a general traitor tracing mechanism that can be integrated with any SubsetCover revocation scheme that satisfies a “bifurcation property”. This mechanism does not need an a priori bound on the number of traitors and does not expand the message length by much compared to the revocation of the same set of traitors. The main improvements of these methods over previously suggested methods, when adopted to the stateless scenario, are: (1) reducing the message length to O(r) regardless of the coalition size while maintaining a single decryption at the user’s end (2) provide a seamless integration between the revocation and tracing so that the tracing mechanisms does not require any change to the revocation algorithm.
Collusion resistant broadcast encryption with short ciphertexts and private keys
"... We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and private keys are of constant size (only two group elements), for any subset of receivers. The public ke ..."
Abstract

Cited by 190 (19 self)
 Add to MetaCart
(Show Context)
We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and private keys are of constant size (only two group elements), for any subset of receivers. The public key size in this system is linear in the total number of receivers. Our second system is a generalization of the first that provides a tradeoff between ciphertext size and public key size. For example, we achieve a collusion resistant broadcast system for n users where both ciphertexts and public keys are of size O (√n) for any subset of receivers. We discuss several applications of these systems.
Numbertheoretic constructions of efficient pseudorandom functions
 In 38th Annual Symposium on Foundations of Computer Science
, 1997
"... ..."
Sirius: Securing remote untrusted storage
 in Proc. Network and Distributed Systems Security (NDSS) Symposium 2003
, 2003
"... This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network storage is untrusted and provides its own readwrite cryptographic access control for file level sharing. ..."
Abstract

Cited by 137 (2 self)
 Add to MetaCart
(Show Context)
This paper presents SiRiUS, a secure file system designed to be layered over insecure network and P2P file systems such as NFS, CIFS, OceanStore, and Yahoo! Briefcase. SiRiUS assumes the network storage is untrusted and provides its own readwrite cryptographic access control for file level sharing. Key management and revocation is simple with minimal outofband communication. File system freshness guarantees are supported by SiRiUS using hash tree constructions. SiRiUS contains a novel method of performing file random access in a cryptographic file system without the use of a block server. Extensions to SiRiUS include large scale group sharing using the NNL key revocation construction. Our implementation of SiRiUS performs well relative to the underlying file system despite using cryptographic operations. 1.
Key management for large dynamic groups: Oneway function trees and amortized initialization
, 2000
"... ..."
AntiCollusion Fingerprinting for Multimedia
 IEEE Transactions on Signal Processing
, 2003
"... Digital fingerprinting is a technique for identifying users who might try to use multimedia content for unintended purposes, such as redistribution. These fingerprints are typically embedded into the content using watermarking techniques that are designed to be robust to a variety of attacks. A cost ..."
Abstract

Cited by 105 (27 self)
 Add to MetaCart
Digital fingerprinting is a technique for identifying users who might try to use multimedia content for unintended purposes, such as redistribution. These fingerprints are typically embedded into the content using watermarking techniques that are designed to be robust to a variety of attacks. A coste#ective attack against such digital fingerprints is collusion, where several di#erently marked copies of the same content are combined to disrupt the underlying fingerprints. In this paper, we investigate the problem of designing fingerprints that can withstand collusion and allow for the identification of colluders. We begin by introducing the collusion problem for additive embedding. We then study the e#ect that averaging collusion has upon orthogonal modulation. We introduce an e#cient detection algorithm for identifying the fingerprints associated with K colluders that requires log(n/K)) correlations for a group of n users. We next develop a fingerprinting scheme based upon code modulation that does not require as many basis signals as orthogonal modulation. We propose a new class of codes, called anticollusion codes (ACC), which have the property that the composition of any subset of K or fewer codevectors is unique. Using this property, we can therefore identify groups of K or fewer colluders. We present a construction of binaryvalued ACC under the logical AND operation that uses the theory of combinatorial designs and is suitable for both the ono# keying and antipodal form of binary code modulation. In order to accommodate n users, our code construction requires only # n) orthogonal signals for a given number of colluders. We introduce four di#erent detection strategies that can be used with our ACC for identifying a suspect set of colluders. We demonstrate th...
Optimal Probabilistic Fingerprint Codes
 In 35th ACM STOC
, 2003
"... We construct binary codes for fingerprinting. Our codes for n users that are #secure against c pirates have length O(c log(n/#)). This improves the codes proposed by Boneh and Shaw [3] whose length is approximately the square of this length. Our codes use the full power of randomization. Thi ..."
Abstract

Cited by 101 (2 self)
 Add to MetaCart
(Show Context)
We construct binary codes for fingerprinting. Our codes for n users that are #secure against c pirates have length O(c log(n/#)). This improves the codes proposed by Boneh and Shaw [3] whose length is approximately the square of this length. Our codes use the full power of randomization. This improvement carries over to works using the BonehShaw code as a primitive, e.g. to the dynamic traitor tracing scheme of Tassa [16].