图像完整性与身份验证
|
摘要
信息安全技术有悠久的历史,在人类社会活动中具有重要的作用。随着信息载体介质属性、信息传输、存储方式等方面的变化,信息安全技术近来发展迅猛。消息的完整性与消息发送者的身份验证是信息安全的重要组成部分。消息的完整性是指接收方收到的消息与发送方发送的消息是一致的,没有被他人非法篡改、添加。身份验证是指接收方检查消息发送方的身份是否与他所声称的身份相同,有没有出现他人冒充发送者身份发送消息的攻击情况。数字图像是消息的一种,它具有一些特殊性。它在许多的实际应用领域,比如:新闻报道、法庭举证、医学鉴定、记实照相机(trusted camera)等方面,均要求保证未授权者不能随意篡改图像。在某些场合,不仅要求保证图像的完整性,还需要验证图像发送者的身份。数字图像完整性验证往往会提出一些特殊些的功能需要求,如果使用传统的消息完整性验证方法是难以实现这些功能,比如,不仅需要检测出图像的完整性是否已遭受破坏,还要求能定位出被篡改图像的部位,有时还要求能够检测出图像是否被缩放,甚至要求能够恢复图像被篡改部分。
数字图像完整性验证的特殊需求,导致了基于数字水印技术的图像完整性与身份验证方法的提出与发展,它是数字水印技术与信息安全技术的一个新的研究课题。所多学者利用数字水印技术实现图像的完整性与身份验证的方法进行了研究,取得了一定的成果,但总的来说效果不佳,特别是将图像的版权保护与完整性、身份验证功能集成一体的方法具有一定的挑战性。
本文提出的基于数字水印技术的数字图像完整性与身份验证技术综合了信息安全技术中有关消息完整性与身份验证的方法与数字水印技术,并充分考虑到了数字图像的特殊性,提出了两种协议模型:无仲裁协议模型与有仲裁协议模型。无仲裁协议具有简单、易实现的优点,主要用于图像发收双方相互信
任的场合。有关的水印技术主要采用了空域法中的LSB算法,这种法具有算法
简单、可增加的水印信息较多、运行效率高的优点;本文不仅从理论上证明了
这种方法的正确性,而且从各种攻击实验中证明了这种方法具有以下功能特
点图像数据与校验数据共存于添加水印后的图像之中;不使用图像发送者(所
有者)事先公布的水印/标志图,防止非法攻击;能检测出图像的所有改动,
包括图像的缩放、剪切等,并能定位出被篡改的图像子块位置;能防止诸如“图
像内子块与子块之间的偷换、图像与图像之间的子块偷换、嫁接”之类的攻击,
并能定位出被偷换、嫁接的图像子块等。有仲裁协议适用于图像发收双方都不
信任的情况。除了具有无仲裁协议模型中的所有功能外,安全性更高,具有图
像版权认证保护、防止图像发送方的各种抵赖行为、防止图像接收方或敌方的
各种身份冒充欺骗攻击与10、几、凡、凡、T等矛码欺骗攻击、可防止“消
息重放”攻击。
The history of information security technology, which plays an important role in social activities, is very long. Presently, Information Security is developing fast since the changes of information's media, storage and transport method. Message integrity verification and authentication are important aspects of information security technology. Message integrity verification means to test whether the message received is identical with the one to be sent. Authentication means to test whether who has sent the message is identical with whom declared or not. Digital image is a special sort of message. Image Integrity is very important for many imaging applications, for example, news report, court probe, medical archiving of images, trusted camera and others. In addition, sender's authentication is needed on some occasions. In these cases, some digital image verification functions are very hard to be implemented by traditional information security technology. For example, the verification and location to the changed pixels of image are hard to implemented with traditional method.
In this paper, a new method based on watermark, message digest and public key cryptography technology is proposed to verify image integrity and sender's authentication. We proposed two protocols: non-arbitrate protocol and arbitrate protocol. Non-arbitrate protocol is simple and easy to be implemented, and it is mostly applied on trusted sender and receiver. This protocol is implemented based on LSB watermark technology. Its highlight points are: the verification and
authentication data are embedded into the images' data, any changes of pixel values and changes in image size due to scaling or cropping as well as block swapping in images or corresponding block swapping between images can be detected and located, Logo image is unnecessary. Arbitrate protocol is applied in distrusted sender and receiver. It is more secure than non-arbitrate protocols: the copyright of image can be protected by the CA, can prevent all A~(2) codes attack, such as I_(0),I_(1);S_(1);R_(0);T; can prevent message resend attack.
Digital image integrity and authentication based on watermark technology is a challenge to us. May people take interest in it, and many methods have been found. But, there is a long way to reach the perfect goal.
数字图像完整性验证的特殊需求,导致了基于数字水印技术的图像完整性与身份验证方法的提出与发展,它是数字水印技术与信息安全技术的一个新的研究课题。所多学者利用数字水印技术实现图像的完整性与身份验证的方法进行了研究,取得了一定的成果,但总的来说效果不佳,特别是将图像的版权保护与完整性、身份验证功能集成一体的方法具有一定的挑战性。
本文提出的基于数字水印技术的数字图像完整性与身份验证技术综合了信息安全技术中有关消息完整性与身份验证的方法与数字水印技术,并充分考虑到了数字图像的特殊性,提出了两种协议模型:无仲裁协议模型与有仲裁协议模型。无仲裁协议具有简单、易实现的优点,主要用于图像发收双方相互信
任的场合。有关的水印技术主要采用了空域法中的LSB算法,这种法具有算法
简单、可增加的水印信息较多、运行效率高的优点;本文不仅从理论上证明了
这种方法的正确性,而且从各种攻击实验中证明了这种方法具有以下功能特
点图像数据与校验数据共存于添加水印后的图像之中;不使用图像发送者(所
有者)事先公布的水印/标志图,防止非法攻击;能检测出图像的所有改动,
包括图像的缩放、剪切等,并能定位出被篡改的图像子块位置;能防止诸如“图
像内子块与子块之间的偷换、图像与图像之间的子块偷换、嫁接”之类的攻击,
并能定位出被偷换、嫁接的图像子块等。有仲裁协议适用于图像发收双方都不
信任的情况。除了具有无仲裁协议模型中的所有功能外,安全性更高,具有图
像版权认证保护、防止图像发送方的各种抵赖行为、防止图像接收方或敌方的
各种身份冒充欺骗攻击与10、几、凡、凡、T等矛码欺骗攻击、可防止“消
息重放”攻击。
The history of information security technology, which plays an important role in social activities, is very long. Presently, Information Security is developing fast since the changes of information's media, storage and transport method. Message integrity verification and authentication are important aspects of information security technology. Message integrity verification means to test whether the message received is identical with the one to be sent. Authentication means to test whether who has sent the message is identical with whom declared or not. Digital image is a special sort of message. Image Integrity is very important for many imaging applications, for example, news report, court probe, medical archiving of images, trusted camera and others. In addition, sender's authentication is needed on some occasions. In these cases, some digital image verification functions are very hard to be implemented by traditional information security technology. For example, the verification and location to the changed pixels of image are hard to implemented with traditional method.
In this paper, a new method based on watermark, message digest and public key cryptography technology is proposed to verify image integrity and sender's authentication. We proposed two protocols: non-arbitrate protocol and arbitrate protocol. Non-arbitrate protocol is simple and easy to be implemented, and it is mostly applied on trusted sender and receiver. This protocol is implemented based on LSB watermark technology. Its highlight points are: the verification and
authentication data are embedded into the images' data, any changes of pixel values and changes in image size due to scaling or cropping as well as block swapping in images or corresponding block swapping between images can be detected and located, Logo image is unnecessary. Arbitrate protocol is applied in distrusted sender and receiver. It is more secure than non-arbitrate protocols: the copyright of image can be protected by the CA, can prevent all A~(2) codes attack, such as I_(0),I_(1);S_(1);R_(0);T; can prevent message resend attack.
Digital image integrity and authentication based on watermark technology is a challenge to us. May people take interest in it, and many methods have been found. But, there is a long way to reach the perfect goal.
引文
1. Friedman. The trustworthy digital camera: restoring credibility to the photographic image [J]. IEEE Transactions on Consumer Electronics November 1993, vol. 39: 905-910.
2.陈强洪,数字水印技术,四川大学硕士学位论文,2001年03月.
3. Minerva Yeung, Fred Mintzer. An invisible watermarking technique for image verification in Proceedings of ICIP [C]. Santa Barbara CA: October 1997.
4. Ping Wah Wong. A watermark for image integrity and ownership verification in Proceedings of IS&TPIC Conference [C]. Portland OR: May 1998.
5. Ping Wah Wong. A Public Key Watermark for Image Verification and Authentication [J]. IEEE, 1998: 155-159.
6. Holliman, Memon. Counterfeiting Attacks on Oblivious Block-wise Independent Invisible Watermarking Schemes [J]. IEEF Trans Image Processing, March 2000 Vol. 9: 432-441.
7. Nopporn Chotikakamthorn, Wasin Sangiamkun. Digital Watermarking Technique for Image Authentication by Neighbouring Block Similarity Measure [J]. IEEE Catalogue No. 01CH377239 2001.
8.杨义先,孙伟,钮心忻,现代密码新理论,科学出版社,2002年:79-80.
9.姚远,李炳法,张小洪,虞科敏,一种基于数字水印的图像完整性与身份验证方法.计算机应用,成都,2003年第5期.
10. Microsoft, MSON Library VC++ Run-Time Library Reference time,_time64, January 2002,
11. Simmons G. J, A Cartesian product construction for unconditionally secure authentication codes that permit arbitration, Journal of cryptology, 1990, 2(2) : 77-104.
12.william Stallings,网络安全要素—应用与标准,人民邮电出版社,2000年11月:60.
13.张小洪,虞科敏,李炳法,姚远,数字作品版权保护协议及其应用,计算机应用研究(待发).
14. Simons G. J, Contemporary Cryptology: The Science of Information Integrity, Piscataway, NJ: IEEE Press, 1992.
15. Davies D.,Price W., Security for Computer Networks, New York:Wiley, 1989.
16. Tsudik G., Message Authentication with One-Way Hash Functions, Proceedings, INFOCOM'92, May 1992.
17.Bruce Schneier,应用密码学—协议、算法与C源程序,机械工业出版社,2000年1月:11-315.
18. R.L. Rivest, The MD4 Message Digest Algorithm, RFC 1186, Oct 1990.
19. R.L. Rivest, The MD4 Message Digest Algorithm, Advances in Cryptology—CRYPTO' 90 Proceedings, Springer-Verlag.1991, 303-311.
20. R. L. Rivest, The MD4 Message Digest Algorithm, RFC 1321, Apt 1992.
21. B. den Boer, A. Bosselaers, An Attack on the last Two RoundsofMD4, Advances in Cryptology—CRYPTO' 91 Proceedings, Springer-Verlag, 1988:293-304.
22. E. Biham, On the Applicability of Differential at EIES Workshop on Cryptographic Hash Functions. Mar 1992.
23. B. Schneier, One-Way Hash Functions, Dr. Dobb's Journal, v. 16, n. 9, Sep 1991:148-151.
24. R.L. Rivest, The MD5 Message Digest Algorithm, RFC 1321, Apr 1992.
25. National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard U.S. Department of Commerce, May
1994.
26. Proposed Federal Information Processing Standard for Secure Hash Standard, Federal Register, v. 57,n. 21,31 Jan 1992, 3747-3749.
27. Proposed Revision of Federal Information Processing Standard(FIPS) 180, Secure Hash Standard, Federal Register, V. 59, n. 131,11 Jul 1994:35317-35318.
28. DIFFE W.,HELLMAN M.E, New Direction in Cryptography IEEE Trans, on Information Theory, vol. IT-22, pp. 644-654, Nov. 1976.
29.卢开澄等,计算机系统安全,重庆大学出版社,Jan 1999:2-50.
30. R.L. Rivest, A. Shamir, L.M. Adleman, A method for Obtaining Digital Signatures and PubJic-Key Cryptosystems. Communications of The ACM, v. 21, n. 2, Feb1978: 120-126.
31. R.L. Rivest, A. Shamir, L.M. Adleman, On Digital Signatures and Public Key Cryptosystems, MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212, Jan 1979.
32. M. Gardner, A New Kind of Cipber That Would Take Millions of Years to Break, Scientific American, V. 237, n. 8, Aug 1977: 120-124.
33. E.F. Brickell, Cryptanalysis of the Uagisawa Public Key Cryptosystem, Abstracts of Paper, EUROCRYPT' 86, May 1986: 20-22,
34. J.B. Lacy, D.P. Mithcell, W.M. Schell, CryptoLib: Cryptography in Software, UNIX Security Symposium IV Proceedings, USENIX Association, 1993: 1-17.
35. C.K. Wu, X.M. Wang, Determination of the True Value of the Euler Totient Function in the RSA Cryptosystem from a Set of Possibilities, Electronics Letters, v. 29, n. 1, 7 Jan 1993: 84-85.
36. W. Alexi, B.Z. Chor, O. Goldreich, C.P. Schnor, RSA and Rabin Functions: Certain Parts are as Hard as the whole, SIAM Journal on Computing, v. 17, n. 2, Apr 1988: 194-209.
37. W.H. Payne, Public Key Cryptography IsEasy to Break, William H. Payne, unpublished manuscript, 16 Oct 1990.
38. H. Hule, W.B. MUller, On the RSA Cryptosystem with Wrong Keys, Contributions to General Algebra 6, Vienna: Verlag Hlder-Pichler-Tempsky, 1988: 103-109.
39.Andrew S.Tanenbaum,计算机网络,清华大学出版社,1998年7月:475-476。
40. K. Tanaka, Y. Nakamura, K. Matsui, Embedding secret Jnformation into a dithered multi-level image, Processings 1990 IEEE Military Communications Conference, 1990: 216-220.
41. Chiou-Ting Hsu, Ja-Ling Wu, Hidden Digital Watermarks in Images, IEEE Tansactions on Image Processing, Vol. 8, No. 1, Jan 1999.
42. R. Barnett, D. Person, Attack Operator for Digitally Watermarked Images, IEEE Proc.-Vis. Image Signal Process., Vo1. 145, No. 4. August 1998: 271-279.
43. Minerva M. Yeung, Boon-Lock Yeo, Matthew Holliman, DIGITAL WATERMARKS: SHEDDING LIGHT ON THE INVISIBLE, IEEE November- December 1998: 31-35:
2.陈强洪,数字水印技术,四川大学硕士学位论文,2001年03月.
3. Minerva Yeung, Fred Mintzer. An invisible watermarking technique for image verification in Proceedings of ICIP [C]. Santa Barbara CA: October 1997.
4. Ping Wah Wong. A watermark for image integrity and ownership verification in Proceedings of IS&TPIC Conference [C]. Portland OR: May 1998.
5. Ping Wah Wong. A Public Key Watermark for Image Verification and Authentication [J]. IEEE, 1998: 155-159.
6. Holliman, Memon. Counterfeiting Attacks on Oblivious Block-wise Independent Invisible Watermarking Schemes [J]. IEEF Trans Image Processing, March 2000 Vol. 9: 432-441.
7. Nopporn Chotikakamthorn, Wasin Sangiamkun. Digital Watermarking Technique for Image Authentication by Neighbouring Block Similarity Measure [J]. IEEE Catalogue No. 01CH377239 2001.
8.杨义先,孙伟,钮心忻,现代密码新理论,科学出版社,2002年:79-80.
9.姚远,李炳法,张小洪,虞科敏,一种基于数字水印的图像完整性与身份验证方法.计算机应用,成都,2003年第5期.
10. Microsoft, MSON Library VC++ Run-Time Library Reference time,_time64, January 2002,
11. Simmons G. J, A Cartesian product construction for unconditionally secure authentication codes that permit arbitration, Journal of cryptology, 1990, 2(2) : 77-104.
12.william Stallings,网络安全要素—应用与标准,人民邮电出版社,2000年11月:60.
13.张小洪,虞科敏,李炳法,姚远,数字作品版权保护协议及其应用,计算机应用研究(待发).
14. Simons G. J, Contemporary Cryptology: The Science of Information Integrity, Piscataway, NJ: IEEE Press, 1992.
15. Davies D.,Price W., Security for Computer Networks, New York:Wiley, 1989.
16. Tsudik G., Message Authentication with One-Way Hash Functions, Proceedings, INFOCOM'92, May 1992.
17.Bruce Schneier,应用密码学—协议、算法与C源程序,机械工业出版社,2000年1月:11-315.
18. R.L. Rivest, The MD4 Message Digest Algorithm, RFC 1186, Oct 1990.
19. R.L. Rivest, The MD4 Message Digest Algorithm, Advances in Cryptology—CRYPTO' 90 Proceedings, Springer-Verlag.1991, 303-311.
20. R. L. Rivest, The MD4 Message Digest Algorithm, RFC 1321, Apt 1992.
21. B. den Boer, A. Bosselaers, An Attack on the last Two RoundsofMD4, Advances in Cryptology—CRYPTO' 91 Proceedings, Springer-Verlag, 1988:293-304.
22. E. Biham, On the Applicability of Differential at EIES Workshop on Cryptographic Hash Functions. Mar 1992.
23. B. Schneier, One-Way Hash Functions, Dr. Dobb's Journal, v. 16, n. 9, Sep 1991:148-151.
24. R.L. Rivest, The MD5 Message Digest Algorithm, RFC 1321, Apr 1992.
25. National Institute of Standards and Technology, NIST FIPS PUB 186, Digital Signature Standard U.S. Department of Commerce, May
1994.
26. Proposed Federal Information Processing Standard for Secure Hash Standard, Federal Register, v. 57,n. 21,31 Jan 1992, 3747-3749.
27. Proposed Revision of Federal Information Processing Standard(FIPS) 180, Secure Hash Standard, Federal Register, V. 59, n. 131,11 Jul 1994:35317-35318.
28. DIFFE W.,HELLMAN M.E, New Direction in Cryptography IEEE Trans, on Information Theory, vol. IT-22, pp. 644-654, Nov. 1976.
29.卢开澄等,计算机系统安全,重庆大学出版社,Jan 1999:2-50.
30. R.L. Rivest, A. Shamir, L.M. Adleman, A method for Obtaining Digital Signatures and PubJic-Key Cryptosystems. Communications of The ACM, v. 21, n. 2, Feb1978: 120-126.
31. R.L. Rivest, A. Shamir, L.M. Adleman, On Digital Signatures and Public Key Cryptosystems, MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212, Jan 1979.
32. M. Gardner, A New Kind of Cipber That Would Take Millions of Years to Break, Scientific American, V. 237, n. 8, Aug 1977: 120-124.
33. E.F. Brickell, Cryptanalysis of the Uagisawa Public Key Cryptosystem, Abstracts of Paper, EUROCRYPT' 86, May 1986: 20-22,
34. J.B. Lacy, D.P. Mithcell, W.M. Schell, CryptoLib: Cryptography in Software, UNIX Security Symposium IV Proceedings, USENIX Association, 1993: 1-17.
35. C.K. Wu, X.M. Wang, Determination of the True Value of the Euler Totient Function in the RSA Cryptosystem from a Set of Possibilities, Electronics Letters, v. 29, n. 1, 7 Jan 1993: 84-85.
36. W. Alexi, B.Z. Chor, O. Goldreich, C.P. Schnor, RSA and Rabin Functions: Certain Parts are as Hard as the whole, SIAM Journal on Computing, v. 17, n. 2, Apr 1988: 194-209.
37. W.H. Payne, Public Key Cryptography IsEasy to Break, William H. Payne, unpublished manuscript, 16 Oct 1990.
38. H. Hule, W.B. MUller, On the RSA Cryptosystem with Wrong Keys, Contributions to General Algebra 6, Vienna: Verlag Hlder-Pichler-Tempsky, 1988: 103-109.
39.Andrew S.Tanenbaum,计算机网络,清华大学出版社,1998年7月:475-476。
40. K. Tanaka, Y. Nakamura, K. Matsui, Embedding secret Jnformation into a dithered multi-level image, Processings 1990 IEEE Military Communications Conference, 1990: 216-220.
41. Chiou-Ting Hsu, Ja-Ling Wu, Hidden Digital Watermarks in Images, IEEE Tansactions on Image Processing, Vol. 8, No. 1, Jan 1999.
42. R. Barnett, D. Person, Attack Operator for Digitally Watermarked Images, IEEE Proc.-Vis. Image Signal Process., Vo1. 145, No. 4. August 1998: 271-279.
43. Minerva M. Yeung, Boon-Lock Yeo, Matthew Holliman, DIGITAL WATERMARKS: SHEDDING LIGHT ON THE INVISIBLE, IEEE November- December 1998: 31-35: