Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cross-site scripting wikipedia , lookup
Computer security wikipedia , lookup
Unix security wikipedia , lookup
Cryptography wikipedia , lookup
Quantum key distribution wikipedia , lookup
Cryptanalysis wikipedia , lookup
Cyberattack wikipedia , lookup
Diffie–Hellman key exchange wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Mobile security wikipedia , lookup
Digital signature wikipedia , lookup
Cryptographic hash function wikipedia , lookup
Fingerprinting Text in Logical Markup Languages Christian D. Jensen G.I. Davida and Y. Frankel (Eds.): Proc. Information Security Conference 2001, Lecture Notes in Computer Science, Vol. 2200, pp. 433–445, 2001. © Springer-Verlag Berlin Heidelberg 2001 Presented by Sasank Jampana Summary • This paper shows Semantic Fingerprinting as the only viable fingerprinting technique for documents in logical markup languages and a working model is demonstrated using Synonym Substitution and the results are evaluated with a prototype developed for Traitor Tracing. Appreciative Comments • Provides a convincing argument that Semantic Fingerprinting is the only viable technique for fingerprinting text in Logical Markup Languages. – Open space fingerprinting: Vulnerable to OCR attacks. – Syntactic fingerprinting: Resist OCR attacks. Easily noticeable and can be circumvented. – Semantic fingerprinting: Limited in scope. Resist OCR attacks. Very Robust compared to other techniques. Security Analysis • Performs a security analysis on the credible threat models specified in the literature. – Additive Attacks: Inserting one or more fingerprints in the document, in order to mask the identity of the source of the leak. – Distortive Attacks: Modifying the text in order to distort the fingerprint. The attack is effective if the document retains value to the attacker. – Collusive Attacks: Detect fingerprints by comparing more than one copy of the document and eliminate the identified fingerprints. Collusion Attack An effective collusive attack Source: Collberg and Thomborson, 2000, Watermarking, Tamper-proofing, and Obfuscation – Tools for software Protection. Alice: Author of the document P: Original Document P1: Fingerprinted Doc. 1 K1: Key for user 1 F1: Fingerprint 1 • Alice Bob: Traitor (s) P2: Fingerprinted Doc. 2 K2: Key for user 2. F2: Fingerprint 2 fingerprints the document P, using various keys. • Bob detects those keys by comparing copies of the document. • Once Bob detects the fingerprints he can remove them. Critical Comments Hash function proposed for Synonym Substitution. H(T+Δ) = H(T) + δ H – Hash function T – Text input Δ – Change in text δ – Change in hash value. • Conditions required to be met by the hash function for an effective traitor tracing algorithm, as specified by Chor et al., are not mentioned. – Traitor tracing algorithm needs to identify at least one traitor and reduce possibilities of a false positives. – For a k-resilient open user scheme the hash function needs to satisfy. s > 4k2 log(n) • s – Set of Hash Functions Chosen. • k – Maximum number of traitors colluding. • n – Total number of users using the document. Critical Comments • In Sec. 1 Par. 7, “Traitor tracing has unique properties that makes it simpler than fingerprinting for detection of copyright violators.” – Isn’t Traitor Tracing accomplished by fingerprinting? Interesting Aspects • This technique can be extended to documents in other formats and languages as well. • One key for one user is very practical in organizations where a few people are repeatedly sent confidential documents. Question • In what category of documents is “Confidentiality” more desirable than “Integrity”? Considering there has to be some tradeoff between “Integrity” and “Confidentiality” while performing semantic fingerprinting. Is it possible to add redundant information into the document, to give more possibilities for safe transformations, to completely automate the process of fingerprinting? Safe transformations are those semantic preserving text transformations that can be applied without considering the context. e.g.: Dates: December 2002 last month of the year 2002 Numbers: 15 fifteen