Abstract:The training of high-precision federated learning models consumes a large number of users’ local resources. The users who participate in the training can gain illegal profits by selling the jointly trained model without others’ permission. In order to protect the property rights of federated learning models, this study proposes a federated learning watermark based on backdoor (FLWB) by using the feature that deep learning backdoor technology maintains the accuracy of main tasks and only causes misclassification in a small number of trigger set samples. FLWB allows users who participate in the training to embed their own private watermarks in the local model and then map the private backdoor watermarks to the global model through the model aggregation in the cloud as the global watermark for federated learning. Then a stepwise training method is designed to enhance the expression effect of private backdoor watermarks in the global model so that FLWB can accommodate the private watermarks of the users without affecting the accuracy of the global model. Theoretical analysis proves the security of FLWB, and experiments verify that the global model can effectively accommodate the private watermarks of the users who participate in the training by only causing an accuracy loss of 1% of the main tasks through the stepwise training method. Finally, FLWB is tested by model compression and fine-tuning attacks. The results show that more than 80% of the watermarks can be retained when the model is compressed to 30% by FLWB, and more than 90% of the watermarks can be retained under four different fine-tuning attacks, which indicates the excellent robustness of FLWB.

Abstract:Although traditional watermarking attack methods can obstruct the correct extraction of watermark information, they reduce the visual quality of watermarked images greatly. Therefore, a novel imperceptible watermarking attack method based on residual learning is proposed. Specifically, a watermarking attack model based on a convolutional neural network is constructed for the end-to-end nonlinear learning between a watermarked image and an unwatermarked one. A mapping from the watermarked image to the unwatermarked one is thereby accomplished to achieve the purpose of watermarking attack. Then, a proper number of feature extraction blocks are selected according to the embedding region of watermark information to extract a feature map containing watermark information. As the difference between the two images is insignificant, the learning ability of the watermarking attack model is limited in the training process, making it difficult for the model to reach a convergence state. A residual learning mechanism is thus introduced to improve the convergence speed and learning ability of the watermarking attack model. The imperceptibility of the attacked image can be improved by reducing the difference between the residual image (the subtraction between the watermarked image and the extracted feature map) and the unwatermarked one. In addition, a dataset for training the watermarking attack model is constructed with the super-resolution dataset DIV2K2017 and the attacked robust color image watermarking algorithm based on quaternion exponent moments. The experimental results show the proposed watermarking attack model can attack a robust watermarking algorithm with a high bit error rate (BER) without compromising the visual quality of watermarked images.

Abstract:As a new technology that combines reversible data hiding and fragile watermarking, image reversible authentication (RA) can not only realize the fragile authentication of images but also recover the original carrier image without distortion while extracting the authentication code. Thus, it is of great significance to authenticate the originality and integrity of images. Existing reversible authentication methods have low authentication accuracy and cannot effectively protect images with complex textures or some areas with complex textures in the images. To this end, this study proposes a new reversible authentication method. Firstly, images to be authenticated are divided into blocks, and the obtained sub-blocks are classified as differential blocks (DB) and shifting blocks (SB) according to their embedding capacity. Different reversible embedding methods are employed to embed the authentication codes into different types of blocks. It also adopts a hierarchical embedding strategy to increase embedding capacity and improve the authentication effects of each sub-block. On the authentication side, tamper detection and localization can be realized by the authentication code extracted from each sub-block. In addition, this method can be combined with dilation and corrosion in morphology to refine tamper detection marks and further improve the detection accuracy rate. Experimental results show that the proposed method can protect images with smooth texture and complex texture under the same authentication accuracy, and can also realize independent authentication and restoration of almost all sub-blocks, which has widespread applicability.

Abstract:Digital watermarking to form fingerprints in databases is an important approach for database right protection and ownership identification. It provides protection for the sharing and fusion of data. As existing database fingerprinting methods have a deficiency in the universality of data, this study proposes a database fingerprinting approach based on statistical features. This approach first divides the host data into several subsets by an iterative hash function. Then, the statistical feature of each subset is maximized/minimized by an optimization algorithm after extreme values are filtered out. Finally, the optimum threshold is taken as fingerprint information which is calculated by Bayesian decision for minimum errors. This study also theoretically verifies the feasibility and effectiveness of the proposed method. The experimental results on real datasets demonstrate that the method has advantages in both robustness and universality.

Abstract:Reversible watermarking technique for relational data is intended to protect the copyright. It overcomes the shortcomings of traditional watermarking techniques. It can not only claim the copyright of data, but also recover the original data from the watermarked copy. However, existing reversible watermarking schemes for relational data cannot control the extent of data recovery. Aiming at this problem, a graded reversible watermarking scheme for relational data is proposed in the study. Data quality grade is defined to depict the impact of watermark embedding on the usability of data. Watermark embedding, grade detection, watermark detection, and grade enhancement algorithms are designed to achieve graded reversibility of watermark. Before distributing the data, the data owner can predefine several data quality grades, then embed the watermark into data partitions. A unique key is used in each data partition to control the position and value of the watermark information. If data users are not satisfied with the usability of data, they can require or purchase relevant keys from the owner to upgrade the data quality grade. The watermark in relational data with any data quality grade is sufficient to prove the copyright. Flexible watermark reversion is achieved via partitioned auxiliary data design. A more practical mechanism is devised to efficiently handle the hash table collision, which reduces both computational and storage overhead. Experiments on algorithms and watermark show that the proposed scheme is feasible and robust.

Abstract:Homomorphic encryption technique can be used for protection of data privacy, and some algebraic operations can be implemented on the ciphertext data. This is very useful in the field of cloud computing security, such as analyzing and processing the encrypted data in cloud without exposing the content of data. Addressing privacy protection and data security problems in cloud computing, this paper proposes a robust and reversible image watermarking algorithm in homomorphic encrypted domain. The algorithm includes five aspects:(1) The original image is divided into a number of non-overlapping blocks and each pixel in a block is encrypted with Paillier cryptosystem to obtain the encrypted image; (2) The statistical values of the encrypted blocks can be retrieved in encrypted domain by employing modular multiplicative inverse (MMI) method and looking for a mapping table. After that, watermark information can be reversibly embedded into encrypted image by shifting the histogram of the statistical values with the homomorphic property of Paillier cryptosystem; (3) On the receiver side, the marked histogram of the watermarked and encrypted image can be obtained for extraction of the watermark from the marked histogram. The encrypted image can be restored by inverse operations of histogram shifting in the embedding phase; (4) The marked histogram can be obtained from the directly decrypted image. This is followed by the watermark extraction and restoration of original image; (5) The watermark can still be extracted correctly under some attacks (such as JPEG/JPEG2000 compression and additive Gaussian noise) to some extent on the watermarked and decrypted image. The proposed method achieves embedding information bits directly into the encrypted image without preprocessing operations on the original image, and can extract the watermark and restore the encrypted image in encrypted domain or the original image in plaintext domain after decryption. Besides, the watermark is robust to those common image processing operations. The experimental results have shown the validity of the proposed scheme.

Abstract:Digital watermarking in encrypted domain is a potential technology for privacy protection (with encryption) and integrity authentication (with watermarking) in cloud computing environments. Based on order-preserving encryption scheme (OPES), discrete cosine transformation (DCT), cryptography hash and watermarking technologies, this paper proposes a new database authentication watermarking algorithm in encrypted domain. Firstly, data in a database are encrypted with OPES for privacy protection. Then, the encrypted data are divided into groups for DCT operations. The watermark bits generated by hashing AC coefficients are embedded into DC coefficients for authenticating the encrypted data. The receiver can determine whether the data have been tampered by matching the hash value of AC coefficients and the extracted watermark bits from DC coefficients. The watermark embedding process in encrypted domain is lossless to plaintext data by exploring order-preserving property of OPES. In the receiver, an illegal user can recover the original database by directly decrypting the watermarked ciphertext data. Experimental results have shown that the algorithm can efficiently detect different tampering operations while protecting data content privacy with the encryption.

Abstract:To improve the tamper detection performance and harmonize the conflict between security and invisibility, this paper proposes a fragile watermarking algorithm for JPEG images, in which the authenticity of image blocks is determined by neighborhood comparison. This scheme divides the original image into 8×8 image blocks. For each block, four bits watermarks are generated based on the DCT coefficients to be protected. Next, the watermarks are randomly embedded in the least significant bit (LSB) of DCT coefficients with smaller quantization step in other four blocks. The authenticity of each block is determined by comparison between the number of inconsistent image blocks in the eight-neighborhood of each block and its four corresponding mapping blocks. Then, this paper derives the probability of false acceptance and false rejection under general tampering and collage attack and validates the theoretical analysis results by statistical experiments. Theoretical analysis and statistical experiments show that comparing the number of inconsistent image blocks in the eight-neighborhood of each block with its four corresponding mapping blocks improves the tamper detection performance. Embedding watermarks in the LSB of DCT coefficients with less quantization step efficiently solves the conflict between the number of DCT coefficients to be protected and invisibility.

Abstract:Watermark carriers of existing network flow watermarking schemes are limited to packet payload, traffic rate, and packet timing. However, packet payload is based on flow watermarking schemes, which depend on specific application protocols, such as telnet and rlogin, but encryted traffic and are invisible to traffic interceptors. At the same time, traffic rate and packet timing based ones are vulnerable to timing perturbation introduced by network transmission and attackers. Even worse, most of them have a low watermark capacity and are visible to multi-flow attack, mean-square autocorrelation attack and timing analysis attacks. This paper utilizes packet order as a watermark carrier and proposes a novel packet reordering based flow watermarking (PROFW) scheme. To achieve robustness against packet out-of-order pertubation, a theory of error correcting code is introduced into watermark encoding. Meanwhile, this paper utilizes a stochastic modulation approach to increase the stealthiness of PROFW scheme by controlling packet reordering degree not exceeding normal levels. Empirical results prove its robustness against timing and packet out-of-order pertubations, introduced by network transmission and deliberately by attackers. Compared with typical flow watermarking schemes, PROFW scheme, which has a higher watermark capacity, is more robust against timing and packet out-of-order pertubations.

Abstract:The spread spectrum based flow watermarking, which can be used to trace anonymity abuses effectively, applies spread spectrum technique to encode watermark signals and embeds them into suspect flows. This serves to confirm the communication relationship among network users. The implementation of watermarking can be divided into four phases: Signal encoding, flow modulation, flow demodulation and signal decoding. It is important to choose the right watermark carrier that determines the robustness and invisibility of watermarking techniques. Since most applications using anonymous communication, such as Web browsing, instant message and remote login generate interactive traffic with unstable traffic rate, existing spread spectrum based flow watermarking adopting traffic rate as its carrier has big limitations. Furthermore, there exist some attacks against the invisibility of this watermarking technique, destroying the traceback effect. Based on the spread spectrum flow marking model, this paper proposes a novel flow watermarking technique that adopts interval centroid as its watermark carrier, which is insensitive to different types of flows. The theoretical analysis and experimental results show that this flow watermarking technique is appropriate for both interactive and non-interactive traffic, and can resist most existing attacks against flow watermarking.