Download Jensen3

Fingerprinting Text in
Logical Markup Languages
Christian D. Jensen
G.I. Davida and Y. Frankel (Eds.): Proc. Information Security
Conference 2001, Lecture Notes in Computer Science, Vol. 2200,
pp. 433–445, 2001.
© Springer-Verlag Berlin Heidelberg 2001
Presented by Sasank Jampana
Summary
• This paper shows Semantic Fingerprinting
as the only viable fingerprinting technique
for documents in logical markup languages
and a working model is demonstrated using
Synonym Substitution and the results are
evaluated with a prototype developed for
Traitor Tracing.
Appreciative Comments
•
Provides a convincing argument that Semantic
Fingerprinting is the only viable technique for
fingerprinting text in Logical Markup
Languages.
–
Open space fingerprinting:
Vulnerable to OCR attacks.
–
Syntactic fingerprinting:
Resist OCR attacks.
Easily noticeable and can be circumvented.
–
Semantic fingerprinting:
Limited in scope.
Resist OCR attacks.
Very Robust compared to other techniques.
Security Analysis
• Performs a security analysis on the credible threat
models specified in the literature.
– Additive Attacks:
Inserting one or more fingerprints in the document, in
order to mask the identity of the source of the leak.
– Distortive Attacks:
Modifying the text in order to distort the fingerprint.
The attack is effective if the document retains value to the attacker.
– Collusive Attacks:
Detect fingerprints by comparing more than one copy of the
document and eliminate the identified fingerprints.
Collusion Attack
An effective collusive attack
Source: Collberg and Thomborson, 2000, Watermarking, Tamper-proofing, and Obfuscation – Tools for software Protection.
Alice: Author of the document
P: Original Document
P1: Fingerprinted Doc. 1
K1: Key for user 1
F1: Fingerprint 1
• Alice
Bob: Traitor (s)
P2: Fingerprinted Doc. 2
K2: Key for user 2.
F2: Fingerprint 2
fingerprints the document P, using various keys.
• Bob detects those keys by comparing copies of the document.
• Once Bob detects the fingerprints he can remove them.
Critical Comments
Hash function proposed for Synonym Substitution.
H(T+Δ) = H(T) + δ
H – Hash function
T – Text input
Δ – Change in text
δ – Change in hash value.
• Conditions required to be met by the hash function for an
effective traitor tracing algorithm, as specified by Chor et al.,
are not mentioned.
– Traitor tracing algorithm needs to identify at least one traitor and
reduce possibilities of a false positives.
– For a k-resilient open user scheme the hash function needs to
satisfy.
s > 4k2 log(n)
• s – Set of Hash Functions Chosen.
• k – Maximum number of traitors colluding.
• n – Total number of users using the document.
Critical Comments
• In Sec. 1 Par. 7, “Traitor tracing has unique
properties that makes it simpler than fingerprinting
for detection of copyright violators.”
– Isn’t Traitor Tracing accomplished by fingerprinting?
Interesting Aspects
• This technique can be extended to
documents in other formats and languages
as well.
• One key for one user is very practical in
organizations where a few people are
repeatedly sent confidential documents.
Question
• In
what
category
of
documents
is
“Confidentiality” more desirable than “Integrity”?
Considering there has to be some tradeoff between
“Integrity”
and
“Confidentiality”
while
performing semantic fingerprinting.
Is it possible to add redundant information into the document,
to give more possibilities for safe transformations, to
completely automate the process of fingerprinting?
Safe transformations are those semantic preserving text
transformations that can be applied without considering
the context.
e.g.: Dates: December 2002  last month of the year 2002
Numbers: 15 fifteen