Abstract image of a woman sitting on books and studying on a laptop

Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data

I
IDES Editor

The document presents a new non-repudiation service aimed at enhancing the security of sensitive private data in decentralized systems. It introduces a tracking system allowing data owners to trace data leaks by identifying the last authorized receiver of protected data, utilizing techniques like digital watermarking. The proposed security service extends existing non-repudiation protocols, focusing on preventing unauthorized forwarding by providing evidence of data receipt and use.

TechnologyBusiness
Related topics:
Information SecurityDigital ForensicsSecurity Services Overview
1 of 6
Download to read offline
1
2
3
4
5
6
ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data Rainer Schick1, Christoph Ruland1 1 Chair for Data Communications Systems / University of Siegen, Siegen, Germany Email: {rainer.schick, christoph.ruland}@uni-siegen.de Abstract—Current security systems dealing with sensitive Fig. 1 illustrates the problem for a data owner in a decentralized private data do not provide sufficient options to find data leaks. information distribution system. The approaches described An approach to find the last authorized receiver of a protected in this paper solve two different goals: First, a reliable data copy is proposed in this paper. Existing security concepts are tracking system is provided. Each receiver is able to track the extended by a new security service based on reliable tracking way protected data have taken so far. Additionally, only data embedding. Additionally, a new mechanism to protect the new tracking data is shown. Digital watermarking authorized receivers are able to decrypt the received data. techniques are used to provide tracking abilities for forwarded The goal is a new security service which provides non- copies of the protected data. This paper briefly describes repudiation of forwarding for recipients. A receiver of such approaches to improve security for both the owner of protected protected data cannot repudiate that he had access to it. data and its recipients. Second, a mechanism to prove forwarding of such protected data is provided for the owner. If he or she finds a copy of Index Terms—information security, security services, digital these data, he is able to track the last authorized receiver of it. forensic, data hiding, digital watermark, fingerprinting Then the owner can check if it is an authorized or unauthorized copy. I. INTRODUCTION Finally, the approaches shown in this paper should lead Nowadays most sensitive and private data are generated, to a new security service. This service extends recent non- processed and stored digitally. This circumstance causes repudiation services described in ISO/IEC 13888 [1], [2], [3]. many efforts to protect these data from access by The fields of application of the data tracking service are those unauthorized attackers. Fortunately, modern security depending on provable authentic information. Examples are services provide confidentiality, authenticity and integrity the protection of company secrets and warrants or the for data worth protecting. But these services only provide realization of notary authorities. Authorized receivers of security against attacks by unauthorized external attackers. protected data should be able to collect evidence to prove The even worse attacks conducted by employees and the receipt and the forwarding by previous receivers of these authorized receivers of such data are often neglected. The data. Taking Fig. 1 as an example, Carol should be able to main problem is that control over confidentiality ends with prove the forwarding by the Owner and FLR3. Additionally, decryption. The sender does not know what the receiver does the owner (the first sender) of this sensitive information can with the data. This is even worse for a data owner. If he prove the unauthorized forwarding by the last authorized shares information with trusted users and one of them receiver of data protected using the data tracking service. If misbehaves, the owner cannot prove who has been the Carol forwards the data to an unauthorized receiver, the owner “mole”. should be able to prove this misbehavior. The data tracking service does not prevent unauthorized forwarding of the plaintext information. Instead, it provides mechanisms to track data leaks. It is not meant to replace copyright protections in the sense of preventing or detecting illegal file sharing applications. II. RELATED WORK As already stated in the introduction, the new data tracking service is proposed as a non-repudiation service. The goal of a non-repudiation service is to generate and collect evidence concerning a claimed action or event [4]. None of the services described in ISO/IEC 13888 provides options to find the last authorized receiver of a suspicious copy of sensitive data. If a misbehaving authorized receiver claims the forwarding, all of the next receivers can use the evidence to prove the forwarding [5]. There are several approaches to providing control over Figure 1. Unauthorized data forwarding in a decentralized system digital data. For example, companies often install so-called © 2012 ACEEE 1 DOI: 01.IJIT.02.01. 30
ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 “Data Leakage Prevention” on their systems [6]. This is also m’ = m||CD. called “Endpoint Security”, because it is often a software  mO: The concatenated data m’||σO(m’). extension installed on client computers. These software  PIDn: The unique personal identifier of user n. solutions limit the user rights on these systems, such that an  FID: The unique file identifier of data m. employee cannot copy protected data to a private USB device  TIDn: The unique transaction identifier for the or use a private e-mail account for conversations. transmission of data m from user n to user n+1. Another approach is Digital Rights Management. DRM  TSn: Timestamp of TIDn. provides access control for copyright holders to limit the use  TDn: The tracking data of user n. These data are of digital content. It is often stated as a copy protection defined as the concatenation of mechanism, but it is not. Copying cannot be prevented by PID0…PIDn+1||FID||TID0…TIDn||TS0…TSn this technique. Instead, the copies contain digital watermarks.  σn(TDn): The signature calculated by user n signing These watermarks support the copyright owners to track the the current tracking data TDn. leak if an unauthorized copy is found [7], [8], [9], [10], [11].  SSTKn: Secret Storage Key. Digital watermarking has to cope with different problems. One  DEKn: Secret Data Encryption Key. is the limited embedding capacity in relation to the size of its  SWKn: Secret Watermarking Key. carrier [12]. Another is the collusion attack, where attackers  SCK: Secret Confusion Key. combine their copies to withdraw their fingerprints. This attack  TDEK: Secret Tracking Data Encryption Key. is tried to be solved by frameproof codes [13], [14]. Unfortunately, there is no feasible possibility to prevent IV. SYSTEM DESIGN unauthorized information forwarding under all circumstances. The system aims at two different goals, so that the If a user is able to view the plaintext information (and approach consists of two main parts: one is the data tracking authorized receivers should be able to do so), he or she has part and the other is the displaying or watermarking part. several possibilities to create copies. The recipient may print Before these parts are described in detail, the basic idea of it, photograph the screen or at least rewrite it (if the confidential the data flow is explained. The data tracking part secures the information is a text). As it is easy to make copies or manipulate sensitive information during storage, transmission and digital data, a rethink in using and believing its content is processing. The embedded tracking data provide non- inevitable. Receivers of digitalized information should not trust repudiation of forwarding for an authorized receiver n. With its content unless its authenticity and the authenticity of its the use of the embedded tracking data a receiver n can prove source can be proven. At least if sensitive and confidential the chain of receivers for all users 0…n-1. The figuring part information are shared. embeds a digital watermark into the visible content on the Nevertheless, usually attackers do not care for the receiver’s side. If such a watermarked copy is found and not existence of a valid digital signature. They forward data they manipulated, the data owner can prove the forwarding of the have stolen or received by misbehaving authorized personnel. last authorized receiver. Fig. 2 sketches the flow of such It is not part of this work to find the one who published the protected data. It shows the functionality for sending and data. Instead, the last authorized receiver should be traceable, receiving data using the data tracking service. It also shows such that the source of the data leak can be found. In contrast the branch of the visible data. These data are watermarked to the approaches mentioned above, each authorized receiver using a watermarking key SWKn. The watermarked copy is of the data is trusted. If he or she is not in possession of a for viewing only and should not be forwarded to anybody needed security module, the receiver is not able to obtain a by the authorized receiver. The encrypted data contains the plaintext copy of the protected information. tracking data of all previous recipients of the confidential information. III. NOTATION The following terms and notations apply for this paper:  m: Data/Information that must be protected by the document tracking service.  CD: Specific configuration data added by the data owner. This may contain an expiry date, specific receiver identifier or group policies.  x||y: The result of the concatenation of x and y in that order. An appropriate encoding must be used so that the data items can be recovered from the concatenated string.  σO(m’): The source signature calculated by the data Figure 2. Data flow of the data tracking scheme owner. As long as this signature accompanies m and can be verified successfully, the data is valid. The signature is calculated over the concatenation of data Figure 3. Structure of the data © 2012 ACEEE 2 DOI: 01.IJIT.02.01. 30
ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 V. DATA TRACKING private key within the module. The negotiated secret data encryption key is DEKn. The approach of data tracking can basically be conceived  Three different functions must be provided for data as a “smart” letter: The receiver of the data gets a letter in an processing. These functions are described in the envelope. The envelope contains a field for the signature following. consisting of carbon paper. If the user has signed the receipt The “prepare”-function works as follows: on the closed envelope, the letter internally checks the 1. The sensitive data m which must be protected by the signature and reveals the secret content only if that signature data tracking service are input into the security is valid. That is, the signature and the confirmation of the module. recipient of the receiver are already added to the letter once 2. The user adds configuration data CD, such as expiry he can view it and cannot be removed anymore. When this dates for the protected data, valid receiver PID’s or a letter is published, he cannot repudiate that he was the last maximum number of allowed forwarding. authorized recipient of it. For each receiver, the personal 3. The source signature σO(m’) is calculated. Thus, mO signature and confirmation of recipient is added to the is generated. tracking information of the letter, such that it contains all 4. Finally, mO is encrypted using a secret storage key information of the previous receivers. When the letter is sent SSTK0. The encrypted copy is stored locally stored to the next authorized receiver, it is put into a smart envelope until it is processed again. again and the letter is now accompanied by the tracking data. The “receive”-function works as follows: The data tracking part is figured as the path of the 1. Data encrypted using DEK n are received and encrypted data shown in Fig. 2. Summarized, each receiver of decrypted. The structure of such data is shown in the protected data signs the receipt before he or she is able Fig. 3. The tracking data within this output are to process the data. This measurement improves security for protected using either the PCBC data encryption or all authorized users of the security system. A receiver of such the data confusion mechanism as described later in protected information can verify the way the data have taken this chapter. up to him. The owner of the data protects them by access 2. The tracking data signature σ(TDn-1) is verified. If the control: only users with an appropriate security module can validation fails, the module stops processing. decrypt the data. Additionally, the owner can proof if a 3. The previous tracking data are displayed. The suspicious plaintext copy of his document is authorized or receiver can check the chain of receivers of the not. This idea of non-repudiation of forwarding is explained protected information. in the following. 4. If the receiver applies the receipt, the source signature σO(m’) is verified to check integrity and VI. TRACKING DATA PROTECTION authenticity of m’. In order to protect the tracking data from targeted 5. A digital watermark is added to m using SWKn. The manipulations, two solutions are proposed in this paper. One watermarked copy mΨ is output to the receiver. is based on a known block cipher mode of operation with 6. For local storage, the tracking data are protected infinite error propagation. The other is a new mechanism called again and the data are encrypted using a secret data confusion. This mechanism confuses data of arbitrary storage key SSTKn. size, such that data in one block is not only permuted within that block. The following requirements must be fulfilled by the approaches:  If an attacker manipulates any of the protected data, the source signature must be destroyed with very high probability. Thus, the confidential information is not authentic anymore.  The tracking data of a receiver must be added before he or she is able to access the plaintext. A. Security Module Figure 4. The three functions of the security module The previously mentioned requirements make the use of The “send”-function works as follows: a security module inevitable. This module must provide 1. The locally stored data encrypted by SSTKn are different functionalities: decrypted again. If the sender is not the data owner  A secure storage for different secret and private keys. (e.g. no tracking data are available yet), continue with The owner of the security module must not be able step 3. to read them out. 2. The PID0 of the data owner and the unique FID are  Generation and validation of digital signatures. added. The owner proceeds with step 4.  Support SSL/TLS. The key agreement is done using 3. Both signatures σO(m’) and σ(TDn-1) are verified again a public key that corresponds to a securely stored in order to detect manipulations during storage. If an © 2012 ACEEE 3 DOI: 01.IJIT.02.01. 30
ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 error occurs, the module stops processing. first mixed using the data confusion mechanism. This mecha- 4. The security module adds the PIDn+1 of the next nism uses a pseudorandom generator with a minimum period receiver, a unique TIDn for the transmission and the of ν (with ν as the length of the data in bytes). This function current timestamp TS n . must be initialized using a private key SCK. The PRNG cal- 5. The signature σ(TDn-1) is discarded and replaced by culates the new positions of the confused data block. Under the new tracking data signature σ(TDn). The new these circumstances it can be guaranteed that each byte might signature authenticates all tracking data including have changed its positions to any new position. Only users those of previous receivers. who know the start value SCK are able to reverse the confu- 6. The resulting data are encrypted using DEKn+1 and sion process. The confused data are additionally encrypted transmitted to the next receiver. using a common symmetric cipher like AES. As a side effect, The three security module functions work as a black box. the cipher behaves as a block by block mixing function. It The data are input into the module, and certain data are output follows that each bit of the confused data are additionally (if no error occurs). Fig. 4 illustrates the functions from the permuted within the block. Symmetric key algorithms are key- users’ view. The “receive”-function additionally outputs a controlled and therefore another private key TDEK is needed. watermarked plaintext copy of the protected data. This output Again, this key must only be known to the security module. will be explained in the watermarking chapter and is not shown in Fig. 4. B. PCBC Data Encryption The propagating cipher-block chaining (PCBC) mode is used if small changes in a ciphertext should cause infinite error propagation when the data are decrypted. This mode of operation is chosen such that every data following the manipulated is also manipulated. For logical reasons, an attacker will try to manipulate or remove his personal tracking data. It is one requirement to make sure that such an attack is not successful. Therefore the tracking data have to be added ahead the existing data as shown in Fig. 3. If these data are encrypted using the PCBC mode, the manipulation of any of the tracking data leads to a useless plaintext. Neither the source signature σO(m’) nor the original message m can be recovered. The tracking data signature σ(TDn) is also destroyed if any preceding data is manipulated. For that reason, a receiver of such manipulated data recognizes the attack before he gets access to the message and before his tracks are added. Unfortunately, the PCBC mode deals with different problems and it is claimed to be insecure. If two adjacent ciphertext blocks are exchanged, it does not affect the decryption of subsequent blocks [15]. For this reason, an alternative mechanism is presented: the data confusion. C. Tracking Data Confusion The data confusion mechanism confuses the structure of certain data. It is an approach to protect tracking data embedded by the security module from manipulations by authorized receivers. Nobody can remove or change certain information in the data unless he or she is in possession of the required private key. Unlike other mixing schemes or Figure 5. Data flow using the data confusion mechanism encryption functions, the permutations in this approach do not shuffle data block by block [16], [17]. Instead, it considers The proposal of the data confusion mechanism is an approach the protected data as a single block of arbitrary size. This is to randomize data of arbitrary size. If such data are encrypted for a good reason: If an attacker knows that each new tracking only, the manipulation of certain tracking data might lead to data are appended to the end of the data, he or she also knows an invalid tracking data block while the source signature still which block must be manipulated. Targeted obliteration of remains valid. The new data confusion mechanism ensures traces must be prevented by the data tracking scheme. that the source signature σ O(m’) and the tracking data Fig. 5 sketches the flow of the protected data from the signature σ(TDn) become invalid if an attacker manipulates data owner to the n-th receiver. The tracking data including any of the confused data. A precise description of the data configuration data CD and the source signature σO(m’) are confusion mechanism is part of future work. © 2012 ACEEE 4 DOI: 01.IJIT.02.01. 30
ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 VII. DIGITAL WATERMARKING Two suggestions to protect the new tracking data are made: The PCBC encryption protects the data with infinite error As already stated in the introduction, the unauthorized propagation. If an attacker manipulates his personal tracking forwarding of confidential data cannot be prevented under data, the sensitive information is also manipulated and all circumstances. The services mentioned before focus on useless. The new data confusion mechanism shuffles certain protecting data from attacks by authorized users during data and encrypts them. If an attacker manipulates any of storage and transmission. The system proposed in this paper these confused data, every confused data are also should also provide traceability for plaintext copies of the manipulated with very high probability. protected data. Digital watermarks are chosen to meet this The proposed system is split into two different parts. requirement. The plaintext document output by the receive Currently, the data tracking part can handle any kind of data. function is declared as mΨ. The watermark Ψ contains the The watermarking part is ubject to the restrictions of recent unique identifier PIDn of the last authorized receiver. digital watermarking algorithms. It is therefore currently limited Additionally, the timestamp of watermark generation TSΨ is n to data where such algorithms can be applied. This paper added. Finally, these data are signed, thus σn(PIDn||TSΨ ) is n describes the sapproaches in a superficial way and shows generated and added to Ψ. If a copy of mΨ is found by the the big picture of the ideas. More detailed descriptions will data owner, the signature σn(PIDn||TSΨ ) is used to prove the n be published in future work, including precise descriptions authenticity of the watermark. of the used mechanisms and the key management. It is also If Ψ was extracted and the signature was verified planned to describe another way to protect the tracking data successfully, the user with identifier PIDn as extracted from Ψ using authenticated encryption. cannot repudiate that he or she was the last authorized recipient of it. This feature of the proposed watermarking process is ACKNOWLEDGMENT called the non-repudiation of forwarding. The data owner (or another administrative instance) decides if this data forwarding This work is funded by the German Research Foundation was authorized or not. Unauthorized information distribution (DFG) as part of the research training group GRK 1564 must not be intentional. It is also possible that the security “Imaging New Modalities . module of the user was stolen or broken. Or the watermarked plaintext data as output by the security module might have REFERENCES been stolen. These scenarios lead to digital forensic aspects. [1] ISO/IEC FDIS 13888-1:2009, “Information technology – This research field will be considered more detailed in future Security Techniques – Non-repudiation – Part 1: General”, 2009 work. The investigation or punishment of a proven forwarding [2] ISO/IEC FDIS 13888-2:2010, “Information technology – is not part of this paper. Security Techniques – Non-repudiation – Part 2: Mechanisms using The watermark embedding process is key-controlled using symmetric techniques”, 2010 securely stored watermarking key SWKn. This key initializes a [3] ISO/IEC FDIS 13888-3:2009, “Information technology – pseudorandom generator to choose the embedding positions Security Techniques – Non-repudiation – Part 3: Mechanisms using within the carrier in the frequency domain. Due to the nature asymmetric techniques”, 2009 [4] S. Kremer, O. Markowitch and J. Zhou, “An Intensive Survey of digital watermarks, the carrier must provide enough of Fair Non-Repudiation Protocols”, Computer Communications, embedding capacity for invisible and robust data embedding. 2002, pp. 1606 – 1621 It is desirable that protected data are destroyed if someone [5] R. Schick and C. Ruland, “Document Tracking – On the Way to tries to manipulate the protected information or the embedded a New Security Service”, Proc. of Conference on Network tracking data. A trade-off between robustness, imperceptibility Architectures and Technologies (SAR-SSI), 2011 and embedding capacity must be found. More precise [6] V. Scheidemann, “Endpoint Security: Data Loss Prevention”, descriptions about embedding capacities and sizes of the Security Advisor ePublication, 2008 embedded data are part of future work. [7] K. J. Liu, W. Trappe, Z.J. Wang, M. Wu and H. Zhao, “Multimedia fingerprinting forensics for traitor tracing”, EURASIP Book Series on Signal Processing and Communications, Hindawi CONCLUSIONS Publishing Corporation, 2005, ISBN 977-5945-18-6 This paper proposes a new security service which [8] J.J. Chae and B.S. Manjunath, “A robust embedded data from provides data tracking abilities. A suitable security module is Wavelet coefficients”, Proceedings of Storage and Retrieval for Image needed to decrypt the protected data. A receiver is able to and Video Databases (SPIE), 1998, pp. 308 – 319 [9] Y. Wang, J.F. Doherty and R.E. van Dyck, “A watermarking track the way the data have taken and prove the forwarding algorithm for fingerprinting intelligence images”, Proceedings of of the sensitive information by previous receivers. If a Conference on Information Sciences and Systems, 2001, pp. 21 – suspicious watermarked copy appears and has not been 24 manipulated, the data owner can associate the copy to the [10] M.U. Celik, G. Sharma, A.M. Tekalp and E. Saber, “Lossless last authorized receiver. Thus, a new non-repudiation service generalized-LSB data embedding”, IEEE Transactions on Image is introduced in this paper: the non-repudiation of forwarding. Processing Vol. 14 No. 2, 2005, pp. 253 – 266 This service can be used both by the data owner and by all [11] J. Dittmann, A. Behr, M. Stabenau, P. Schmitt, J. Schwenk receivers of protected data. and J. Ueberberg, „Combining digital watermarks and collusion secure fingerprints for digital images”, JEI, 2000, pp. 456 – 467 © 2012 ACEEE 5 DOI: 01.IJIT.02.01. 30
ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 [12] A. Barg, G.R. Blakley and G.A. Kabatiansky, “Digital [15] J. Kohl, “The Use of Encryption in Kerberos for Network fingerprinting codes: problem statements, constructions, Authentication”, Proc. of Crypto ’89, 1989 identification of traitors”, IEEE Transactions on Information [16] M. Matyas, M. Peyravian, A. Roginsky and N. Zunic, Theory, 2003, pp. 852 – 865 “Reversible data mixing procedure for efficient public-key [13] Y. T. Lin and J. L. Wu, “Traceable multimedia fingerprinting encryption”, Computers & Security Vol. 17, No. 3, 1998, pp. 265 based on the multilevel user grouping”, Proceedings of Multimedia – 272 and Expo, 2008, doi: 10.1109/ICME.2008.4607442, pp. 345 – 348 [17] M. Jacobsson, J.P. Stern and M. Yung, “Scramble all, encrypt [14] D. Boneh and J. Shaw, “Collusion-secure fingerprinting for small”, FSE 99, LNCS 1636, Springer-Verlag, 1999, pp. 95 – 111 digital data”, Proceedings of CRYPTO ’95, 1995, pp. 452 – 465 © 2012 ACEEE 6 DOI: 01.IJIT.02.01. 30

More Related Content

PDF
Paper id 27201446
IJRAT
 
PDF
Ijaiem 2014-11-30-122
Sathya Madhesh
 
DOCX
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
Shakas Technologies
 
PDF
call for papers, research paper publishing, where to publish research paper, ...
International Journal of Engineering Inventions www.ijeijournal.com
 
PDF
Secure Medical Data Computation using Virtual_ID Authentication and File Swap...
IJASRD Journal
 
PDF
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
PDF
ANALYSIS OF IMAGE WATERMARKING USING LEAST SIGNIFICANT BIT ALGORITHM
ijistjournal
 
PDF
1784 1788
Editor IJARCET
 
Paper id 27201446
IJRAT
 
Ijaiem 2014-11-30-122
Sathya Madhesh
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
Shakas Technologies
 
call for papers, research paper publishing, where to publish research paper, ...
International Journal of Engineering Inventions www.ijeijournal.com
 
Secure Medical Data Computation using Virtual_ID Authentication and File Swap...
IJASRD Journal
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
ANALYSIS OF IMAGE WATERMARKING USING LEAST SIGNIFICANT BIT ALGORITHM
ijistjournal
 
1784 1788
Editor IJARCET
 

What's hot (19)

PDF
IJSRED-V2I1P29
IJSRED
 
PDF
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 
PPTX
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
PDF
Ijnsa050208
IJNSA Journal
 
PDF
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
Journal For Research
 
PDF
489 493
Editor IJARCET
 
PDF
Paper id 2120145
IJRAT
 
PDF
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
csandit
 
PDF
IRJET- Secure Data Protection in Cloud Computing
IRJET Journal
 
PDF
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
PDF
A survey on cloud security issues and techniques
ijcsa
 
PDF
Two Aspect Validation Control Frameworks for Online Distributed Services
IRJET Journal
 
PPTX
Stealth solution for healthcare
Peter de Bruijn
 
PDF
V5 i7 0169
Siddhartha Bashetty
 
PDF
Kp3419221926
IJERA Editor
 
PPTX
GTB Data Leakage Prevention Use Cases 2014
Ravindran Vasu
 
PDF
Literature Survey: Secure transmitting of data using RSA public key implement...
Editor IJCATR
 
PDF
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
PDF
J018145862
IOSR Journals
 
IJSRED-V2I1P29
IJSRED
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET Journal
 
GTB DLP - Content Aware Security Suite
VCW Security Ltd
 
Ijnsa050208
IJNSA Journal
 
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
Journal For Research
 
489 493
Editor IJARCET
 
Paper id 2120145
IJRAT
 
FILESHADER: ENTRUSTED DATA INTEGRATION USING HASH SERVER
csandit
 
IRJET- Secure Data Protection in Cloud Computing
IRJET Journal
 
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
A survey on cloud security issues and techniques
ijcsa
 
Two Aspect Validation Control Frameworks for Online Distributed Services
IRJET Journal
 
Stealth solution for healthcare
Peter de Bruijn
 
V5 i7 0169
Siddhartha Bashetty
 
Kp3419221926
IJERA Editor
 
GTB Data Leakage Prevention Use Cases 2014
Ravindran Vasu
 
Literature Survey: Secure transmitting of data using RSA public key implement...
Editor IJCATR
 
Employment Feedback by Securing Data using Anonymous Authentication
IRJET Journal
 
J018145862
IOSR Journals
 
Ad

Similar to Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data (20)

PDF
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
IJSRD
 
PDF
Privacy preserving detection of sensitive data exposure
redpel dot com
 
PDF
Privacy preserving detection of sensitive data exposure
Pvrtechnologies Nellore
 
PDF
Fog computing a new concept to minimize the attacks and to provide security i...
eSAT Publishing House
 
PDF
10.1.1.436.3364.pdf
mistryritesh
 
PDF
Secure Data Sharing in Cloud through Limiting Trust in Third Party/Server
IRJET Journal
 
PDF
Ej24856861
IJERA Editor
 
DOCX
CCS354-NETWORK SECURITY-network-security notes
Kirubaburi R
 
PPTX
Computer Security Chapter 1
Temesgen Berhanu
 
PDF
Information Security Management
Bhadra Gowdra
 
PDF
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
PPTX
Data leakage detection
Mohit Pandey
 
DOCX
survey project-1
NAVIT GAUR
 
PDF
180 184
Editor IJARCET
 
PDF
Advancing integrity and privacy in cloud storage: challenges, current solutio...
IAESIJAI
 
PDF
FOGCOMPUTING
Anvesh Kolluri
 
PDF
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET Journal
 
PDF
Introduction to security
Mukesh Chinta
 
PDF
Comparative Analysis: Network Forensic Systems
ijsrd.com
 
PDF
Ak03402100217
ijceronline
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
IJSRD
 
Privacy preserving detection of sensitive data exposure
redpel dot com
 
Privacy preserving detection of sensitive data exposure
Pvrtechnologies Nellore
 
Fog computing a new concept to minimize the attacks and to provide security i...
eSAT Publishing House
 
10.1.1.436.3364.pdf
mistryritesh
 
Secure Data Sharing in Cloud through Limiting Trust in Third Party/Server
IRJET Journal
 
Ej24856861
IJERA Editor
 
CCS354-NETWORK SECURITY-network-security notes
Kirubaburi R
 
Computer Security Chapter 1
Temesgen Berhanu
 
Information Security Management
Bhadra Gowdra
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
Data leakage detection
Mohit Pandey
 
survey project-1
NAVIT GAUR
 
180 184
Editor IJARCET
 
Advancing integrity and privacy in cloud storage: challenges, current solutio...
IAESIJAI
 
FOGCOMPUTING
Anvesh Kolluri
 
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET Journal
 
Introduction to security
Mukesh Chinta
 
Comparative Analysis: Network Forensic Systems
ijsrd.com
 
Ak03402100217
ijceronline
 
Ad

More from IDES Editor (20)

PDF
Power System State Estimation - A Review
IDES Editor
 
PDF
Artificial Intelligence Technique based Reactive Power Planning Incorporating...
IDES Editor
 
PDF
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
IDES Editor
 
PDF
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
IDES Editor
 
PDF
Line Losses in the 14-Bus Power System Network using UPFC
IDES Editor
 
PDF
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
IDES Editor
 
PDF
Assessing Uncertainty of Pushover Analysis to Geometric Modeling
IDES Editor
 
PDF
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
IDES Editor
 
PDF
Selfish Node Isolation & Incentivation using Progressive Thresholds
IDES Editor
 
PDF
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
IDES Editor
 
PDF
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
IDES Editor
 
PDF
Cloud Security and Data Integrity with Client Accountability Framework
IDES Editor
 
PDF
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
IDES Editor
 
PDF
Enhancing Data Storage Security in Cloud Computing Through Steganography
IDES Editor
 
PDF
Low Energy Routing for WSN’s
IDES Editor
 
PDF
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
IDES Editor
 
PDF
Rotman Lens Performance Analysis
IDES Editor
 
PDF
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
IDES Editor
 
PDF
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
IDES Editor
 
PDF
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
IDES Editor
 
Power System State Estimation - A Review
IDES Editor
 
Artificial Intelligence Technique based Reactive Power Planning Incorporating...
IDES Editor
 
Design and Performance Analysis of Genetic based PID-PSS with SVC in a Multi-...
IDES Editor
 
Optimal Placement of DG for Loss Reduction and Voltage Sag Mitigation in Radi...
IDES Editor
 
Line Losses in the 14-Bus Power System Network using UPFC
IDES Editor
 
Study of Structural Behaviour of Gravity Dam with Various Features of Gallery...
IDES Editor
 
Assessing Uncertainty of Pushover Analysis to Geometric Modeling
IDES Editor
 
Secure Multi-Party Negotiation: An Analysis for Electronic Payments in Mobile...
IDES Editor
 
Selfish Node Isolation & Incentivation using Progressive Thresholds
IDES Editor
 
Various OSI Layer Attacks and Countermeasure to Enhance the Performance of WS...
IDES Editor
 
Responsive Parameter based an AntiWorm Approach to Prevent Wormhole Attack in...
IDES Editor
 
Cloud Security and Data Integrity with Client Accountability Framework
IDES Editor
 
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
IDES Editor
 
Enhancing Data Storage Security in Cloud Computing Through Steganography
IDES Editor
 
Low Energy Routing for WSN’s
IDES Editor
 
Permutation of Pixels within the Shares of Visual Cryptography using KBRP for...
IDES Editor
 
Rotman Lens Performance Analysis
IDES Editor
 
Band Clustering for the Lossless Compression of AVIRIS Hyperspectral Images
IDES Editor
 
Microelectronic Circuit Analogous to Hydrogen Bonding Network in Active Site ...
IDES Editor
 
Texture Unit based Monocular Real-world Scene Classification using SOM and KN...
IDES Editor
 

Recently uploaded (20)

PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Five Habits of High-Impact Board Members
OnBoard
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
What is a Computer? Input Devices /output devices
GulJan8
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 

Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data

  • 1. ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data Rainer Schick1, Christoph Ruland1 1 Chair for Data Communications Systems / University of Siegen, Siegen, Germany Email: {rainer.schick, christoph.ruland}@uni-siegen.de Abstract—Current security systems dealing with sensitive Fig. 1 illustrates the problem for a data owner in a decentralized private data do not provide sufficient options to find data leaks. information distribution system. The approaches described An approach to find the last authorized receiver of a protected in this paper solve two different goals: First, a reliable data copy is proposed in this paper. Existing security concepts are tracking system is provided. Each receiver is able to track the extended by a new security service based on reliable tracking way protected data have taken so far. Additionally, only data embedding. Additionally, a new mechanism to protect the new tracking data is shown. Digital watermarking authorized receivers are able to decrypt the received data. techniques are used to provide tracking abilities for forwarded The goal is a new security service which provides non- copies of the protected data. This paper briefly describes repudiation of forwarding for recipients. A receiver of such approaches to improve security for both the owner of protected protected data cannot repudiate that he had access to it. data and its recipients. Second, a mechanism to prove forwarding of such protected data is provided for the owner. If he or she finds a copy of Index Terms—information security, security services, digital these data, he is able to track the last authorized receiver of it. forensic, data hiding, digital watermark, fingerprinting Then the owner can check if it is an authorized or unauthorized copy. I. INTRODUCTION Finally, the approaches shown in this paper should lead Nowadays most sensitive and private data are generated, to a new security service. This service extends recent non- processed and stored digitally. This circumstance causes repudiation services described in ISO/IEC 13888 [1], [2], [3]. many efforts to protect these data from access by The fields of application of the data tracking service are those unauthorized attackers. Fortunately, modern security depending on provable authentic information. Examples are services provide confidentiality, authenticity and integrity the protection of company secrets and warrants or the for data worth protecting. But these services only provide realization of notary authorities. Authorized receivers of security against attacks by unauthorized external attackers. protected data should be able to collect evidence to prove The even worse attacks conducted by employees and the receipt and the forwarding by previous receivers of these authorized receivers of such data are often neglected. The data. Taking Fig. 1 as an example, Carol should be able to main problem is that control over confidentiality ends with prove the forwarding by the Owner and FLR3. Additionally, decryption. The sender does not know what the receiver does the owner (the first sender) of this sensitive information can with the data. This is even worse for a data owner. If he prove the unauthorized forwarding by the last authorized shares information with trusted users and one of them receiver of data protected using the data tracking service. If misbehaves, the owner cannot prove who has been the Carol forwards the data to an unauthorized receiver, the owner “mole”. should be able to prove this misbehavior. The data tracking service does not prevent unauthorized forwarding of the plaintext information. Instead, it provides mechanisms to track data leaks. It is not meant to replace copyright protections in the sense of preventing or detecting illegal file sharing applications. II. RELATED WORK As already stated in the introduction, the new data tracking service is proposed as a non-repudiation service. The goal of a non-repudiation service is to generate and collect evidence concerning a claimed action or event [4]. None of the services described in ISO/IEC 13888 provides options to find the last authorized receiver of a suspicious copy of sensitive data. If a misbehaving authorized receiver claims the forwarding, all of the next receivers can use the evidence to prove the forwarding [5]. There are several approaches to providing control over Figure 1. Unauthorized data forwarding in a decentralized system digital data. For example, companies often install so-called © 2012 ACEEE 1 DOI: 01.IJIT.02.01. 30
  • 2. ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 “Data Leakage Prevention” on their systems [6]. This is also m’ = m||CD. called “Endpoint Security”, because it is often a software  mO: The concatenated data m’||σO(m’). extension installed on client computers. These software  PIDn: The unique personal identifier of user n. solutions limit the user rights on these systems, such that an  FID: The unique file identifier of data m. employee cannot copy protected data to a private USB device  TIDn: The unique transaction identifier for the or use a private e-mail account for conversations. transmission of data m from user n to user n+1. Another approach is Digital Rights Management. DRM  TSn: Timestamp of TIDn. provides access control for copyright holders to limit the use  TDn: The tracking data of user n. These data are of digital content. It is often stated as a copy protection defined as the concatenation of mechanism, but it is not. Copying cannot be prevented by PID0…PIDn+1||FID||TID0…TIDn||TS0…TSn this technique. Instead, the copies contain digital watermarks.  σn(TDn): The signature calculated by user n signing These watermarks support the copyright owners to track the the current tracking data TDn. leak if an unauthorized copy is found [7], [8], [9], [10], [11].  SSTKn: Secret Storage Key. Digital watermarking has to cope with different problems. One  DEKn: Secret Data Encryption Key. is the limited embedding capacity in relation to the size of its  SWKn: Secret Watermarking Key. carrier [12]. Another is the collusion attack, where attackers  SCK: Secret Confusion Key. combine their copies to withdraw their fingerprints. This attack  TDEK: Secret Tracking Data Encryption Key. is tried to be solved by frameproof codes [13], [14]. Unfortunately, there is no feasible possibility to prevent IV. SYSTEM DESIGN unauthorized information forwarding under all circumstances. The system aims at two different goals, so that the If a user is able to view the plaintext information (and approach consists of two main parts: one is the data tracking authorized receivers should be able to do so), he or she has part and the other is the displaying or watermarking part. several possibilities to create copies. The recipient may print Before these parts are described in detail, the basic idea of it, photograph the screen or at least rewrite it (if the confidential the data flow is explained. The data tracking part secures the information is a text). As it is easy to make copies or manipulate sensitive information during storage, transmission and digital data, a rethink in using and believing its content is processing. The embedded tracking data provide non- inevitable. Receivers of digitalized information should not trust repudiation of forwarding for an authorized receiver n. With its content unless its authenticity and the authenticity of its the use of the embedded tracking data a receiver n can prove source can be proven. At least if sensitive and confidential the chain of receivers for all users 0…n-1. The figuring part information are shared. embeds a digital watermark into the visible content on the Nevertheless, usually attackers do not care for the receiver’s side. If such a watermarked copy is found and not existence of a valid digital signature. They forward data they manipulated, the data owner can prove the forwarding of the have stolen or received by misbehaving authorized personnel. last authorized receiver. Fig. 2 sketches the flow of such It is not part of this work to find the one who published the protected data. It shows the functionality for sending and data. Instead, the last authorized receiver should be traceable, receiving data using the data tracking service. It also shows such that the source of the data leak can be found. In contrast the branch of the visible data. These data are watermarked to the approaches mentioned above, each authorized receiver using a watermarking key SWKn. The watermarked copy is of the data is trusted. If he or she is not in possession of a for viewing only and should not be forwarded to anybody needed security module, the receiver is not able to obtain a by the authorized receiver. The encrypted data contains the plaintext copy of the protected information. tracking data of all previous recipients of the confidential information. III. NOTATION The following terms and notations apply for this paper:  m: Data/Information that must be protected by the document tracking service.  CD: Specific configuration data added by the data owner. This may contain an expiry date, specific receiver identifier or group policies.  x||y: The result of the concatenation of x and y in that order. An appropriate encoding must be used so that the data items can be recovered from the concatenated string.  σO(m’): The source signature calculated by the data Figure 2. Data flow of the data tracking scheme owner. As long as this signature accompanies m and can be verified successfully, the data is valid. The signature is calculated over the concatenation of data Figure 3. Structure of the data © 2012 ACEEE 2 DOI: 01.IJIT.02.01. 30
  • 3. ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 V. DATA TRACKING private key within the module. The negotiated secret data encryption key is DEKn. The approach of data tracking can basically be conceived  Three different functions must be provided for data as a “smart” letter: The receiver of the data gets a letter in an processing. These functions are described in the envelope. The envelope contains a field for the signature following. consisting of carbon paper. If the user has signed the receipt The “prepare”-function works as follows: on the closed envelope, the letter internally checks the 1. The sensitive data m which must be protected by the signature and reveals the secret content only if that signature data tracking service are input into the security is valid. That is, the signature and the confirmation of the module. recipient of the receiver are already added to the letter once 2. The user adds configuration data CD, such as expiry he can view it and cannot be removed anymore. When this dates for the protected data, valid receiver PID’s or a letter is published, he cannot repudiate that he was the last maximum number of allowed forwarding. authorized recipient of it. For each receiver, the personal 3. The source signature σO(m’) is calculated. Thus, mO signature and confirmation of recipient is added to the is generated. tracking information of the letter, such that it contains all 4. Finally, mO is encrypted using a secret storage key information of the previous receivers. When the letter is sent SSTK0. The encrypted copy is stored locally stored to the next authorized receiver, it is put into a smart envelope until it is processed again. again and the letter is now accompanied by the tracking data. The “receive”-function works as follows: The data tracking part is figured as the path of the 1. Data encrypted using DEK n are received and encrypted data shown in Fig. 2. Summarized, each receiver of decrypted. The structure of such data is shown in the protected data signs the receipt before he or she is able Fig. 3. The tracking data within this output are to process the data. This measurement improves security for protected using either the PCBC data encryption or all authorized users of the security system. A receiver of such the data confusion mechanism as described later in protected information can verify the way the data have taken this chapter. up to him. The owner of the data protects them by access 2. The tracking data signature σ(TDn-1) is verified. If the control: only users with an appropriate security module can validation fails, the module stops processing. decrypt the data. Additionally, the owner can proof if a 3. The previous tracking data are displayed. The suspicious plaintext copy of his document is authorized or receiver can check the chain of receivers of the not. This idea of non-repudiation of forwarding is explained protected information. in the following. 4. If the receiver applies the receipt, the source signature σO(m’) is verified to check integrity and VI. TRACKING DATA PROTECTION authenticity of m’. In order to protect the tracking data from targeted 5. A digital watermark is added to m using SWKn. The manipulations, two solutions are proposed in this paper. One watermarked copy mΨ is output to the receiver. is based on a known block cipher mode of operation with 6. For local storage, the tracking data are protected infinite error propagation. The other is a new mechanism called again and the data are encrypted using a secret data confusion. This mechanism confuses data of arbitrary storage key SSTKn. size, such that data in one block is not only permuted within that block. The following requirements must be fulfilled by the approaches:  If an attacker manipulates any of the protected data, the source signature must be destroyed with very high probability. Thus, the confidential information is not authentic anymore.  The tracking data of a receiver must be added before he or she is able to access the plaintext. A. Security Module Figure 4. The three functions of the security module The previously mentioned requirements make the use of The “send”-function works as follows: a security module inevitable. This module must provide 1. The locally stored data encrypted by SSTKn are different functionalities: decrypted again. If the sender is not the data owner  A secure storage for different secret and private keys. (e.g. no tracking data are available yet), continue with The owner of the security module must not be able step 3. to read them out. 2. The PID0 of the data owner and the unique FID are  Generation and validation of digital signatures. added. The owner proceeds with step 4.  Support SSL/TLS. The key agreement is done using 3. Both signatures σO(m’) and σ(TDn-1) are verified again a public key that corresponds to a securely stored in order to detect manipulations during storage. If an © 2012 ACEEE 3 DOI: 01.IJIT.02.01. 30
  • 4. ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 error occurs, the module stops processing. first mixed using the data confusion mechanism. This mecha- 4. The security module adds the PIDn+1 of the next nism uses a pseudorandom generator with a minimum period receiver, a unique TIDn for the transmission and the of ν (with ν as the length of the data in bytes). This function current timestamp TS n . must be initialized using a private key SCK. The PRNG cal- 5. The signature σ(TDn-1) is discarded and replaced by culates the new positions of the confused data block. Under the new tracking data signature σ(TDn). The new these circumstances it can be guaranteed that each byte might signature authenticates all tracking data including have changed its positions to any new position. Only users those of previous receivers. who know the start value SCK are able to reverse the confu- 6. The resulting data are encrypted using DEKn+1 and sion process. The confused data are additionally encrypted transmitted to the next receiver. using a common symmetric cipher like AES. As a side effect, The three security module functions work as a black box. the cipher behaves as a block by block mixing function. It The data are input into the module, and certain data are output follows that each bit of the confused data are additionally (if no error occurs). Fig. 4 illustrates the functions from the permuted within the block. Symmetric key algorithms are key- users’ view. The “receive”-function additionally outputs a controlled and therefore another private key TDEK is needed. watermarked plaintext copy of the protected data. This output Again, this key must only be known to the security module. will be explained in the watermarking chapter and is not shown in Fig. 4. B. PCBC Data Encryption The propagating cipher-block chaining (PCBC) mode is used if small changes in a ciphertext should cause infinite error propagation when the data are decrypted. This mode of operation is chosen such that every data following the manipulated is also manipulated. For logical reasons, an attacker will try to manipulate or remove his personal tracking data. It is one requirement to make sure that such an attack is not successful. Therefore the tracking data have to be added ahead the existing data as shown in Fig. 3. If these data are encrypted using the PCBC mode, the manipulation of any of the tracking data leads to a useless plaintext. Neither the source signature σO(m’) nor the original message m can be recovered. The tracking data signature σ(TDn) is also destroyed if any preceding data is manipulated. For that reason, a receiver of such manipulated data recognizes the attack before he gets access to the message and before his tracks are added. Unfortunately, the PCBC mode deals with different problems and it is claimed to be insecure. If two adjacent ciphertext blocks are exchanged, it does not affect the decryption of subsequent blocks [15]. For this reason, an alternative mechanism is presented: the data confusion. C. Tracking Data Confusion The data confusion mechanism confuses the structure of certain data. It is an approach to protect tracking data embedded by the security module from manipulations by authorized receivers. Nobody can remove or change certain information in the data unless he or she is in possession of the required private key. Unlike other mixing schemes or Figure 5. Data flow using the data confusion mechanism encryption functions, the permutations in this approach do not shuffle data block by block [16], [17]. Instead, it considers The proposal of the data confusion mechanism is an approach the protected data as a single block of arbitrary size. This is to randomize data of arbitrary size. If such data are encrypted for a good reason: If an attacker knows that each new tracking only, the manipulation of certain tracking data might lead to data are appended to the end of the data, he or she also knows an invalid tracking data block while the source signature still which block must be manipulated. Targeted obliteration of remains valid. The new data confusion mechanism ensures traces must be prevented by the data tracking scheme. that the source signature σ O(m’) and the tracking data Fig. 5 sketches the flow of the protected data from the signature σ(TDn) become invalid if an attacker manipulates data owner to the n-th receiver. The tracking data including any of the confused data. A precise description of the data configuration data CD and the source signature σO(m’) are confusion mechanism is part of future work. © 2012 ACEEE 4 DOI: 01.IJIT.02.01. 30
  • 5. ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 VII. DIGITAL WATERMARKING Two suggestions to protect the new tracking data are made: The PCBC encryption protects the data with infinite error As already stated in the introduction, the unauthorized propagation. If an attacker manipulates his personal tracking forwarding of confidential data cannot be prevented under data, the sensitive information is also manipulated and all circumstances. The services mentioned before focus on useless. The new data confusion mechanism shuffles certain protecting data from attacks by authorized users during data and encrypts them. If an attacker manipulates any of storage and transmission. The system proposed in this paper these confused data, every confused data are also should also provide traceability for plaintext copies of the manipulated with very high probability. protected data. Digital watermarks are chosen to meet this The proposed system is split into two different parts. requirement. The plaintext document output by the receive Currently, the data tracking part can handle any kind of data. function is declared as mΨ. The watermark Ψ contains the The watermarking part is ubject to the restrictions of recent unique identifier PIDn of the last authorized receiver. digital watermarking algorithms. It is therefore currently limited Additionally, the timestamp of watermark generation TSΨ is n to data where such algorithms can be applied. This paper added. Finally, these data are signed, thus σn(PIDn||TSΨ ) is n describes the sapproaches in a superficial way and shows generated and added to Ψ. If a copy of mΨ is found by the the big picture of the ideas. More detailed descriptions will data owner, the signature σn(PIDn||TSΨ ) is used to prove the n be published in future work, including precise descriptions authenticity of the watermark. of the used mechanisms and the key management. It is also If Ψ was extracted and the signature was verified planned to describe another way to protect the tracking data successfully, the user with identifier PIDn as extracted from Ψ using authenticated encryption. cannot repudiate that he or she was the last authorized recipient of it. This feature of the proposed watermarking process is ACKNOWLEDGMENT called the non-repudiation of forwarding. The data owner (or another administrative instance) decides if this data forwarding This work is funded by the German Research Foundation was authorized or not. Unauthorized information distribution (DFG) as part of the research training group GRK 1564 must not be intentional. It is also possible that the security “Imaging New Modalities . module of the user was stolen or broken. Or the watermarked plaintext data as output by the security module might have REFERENCES been stolen. These scenarios lead to digital forensic aspects. [1] ISO/IEC FDIS 13888-1:2009, “Information technology – This research field will be considered more detailed in future Security Techniques – Non-repudiation – Part 1: General”, 2009 work. The investigation or punishment of a proven forwarding [2] ISO/IEC FDIS 13888-2:2010, “Information technology – is not part of this paper. Security Techniques – Non-repudiation – Part 2: Mechanisms using The watermark embedding process is key-controlled using symmetric techniques”, 2010 securely stored watermarking key SWKn. This key initializes a [3] ISO/IEC FDIS 13888-3:2009, “Information technology – pseudorandom generator to choose the embedding positions Security Techniques – Non-repudiation – Part 3: Mechanisms using within the carrier in the frequency domain. Due to the nature asymmetric techniques”, 2009 [4] S. Kremer, O. Markowitch and J. Zhou, “An Intensive Survey of digital watermarks, the carrier must provide enough of Fair Non-Repudiation Protocols”, Computer Communications, embedding capacity for invisible and robust data embedding. 2002, pp. 1606 – 1621 It is desirable that protected data are destroyed if someone [5] R. Schick and C. Ruland, “Document Tracking – On the Way to tries to manipulate the protected information or the embedded a New Security Service”, Proc. of Conference on Network tracking data. A trade-off between robustness, imperceptibility Architectures and Technologies (SAR-SSI), 2011 and embedding capacity must be found. More precise [6] V. Scheidemann, “Endpoint Security: Data Loss Prevention”, descriptions about embedding capacities and sizes of the Security Advisor ePublication, 2008 embedded data are part of future work. [7] K. J. Liu, W. Trappe, Z.J. Wang, M. Wu and H. Zhao, “Multimedia fingerprinting forensics for traitor tracing”, EURASIP Book Series on Signal Processing and Communications, Hindawi CONCLUSIONS Publishing Corporation, 2005, ISBN 977-5945-18-6 This paper proposes a new security service which [8] J.J. Chae and B.S. Manjunath, “A robust embedded data from provides data tracking abilities. A suitable security module is Wavelet coefficients”, Proceedings of Storage and Retrieval for Image needed to decrypt the protected data. A receiver is able to and Video Databases (SPIE), 1998, pp. 308 – 319 [9] Y. Wang, J.F. Doherty and R.E. van Dyck, “A watermarking track the way the data have taken and prove the forwarding algorithm for fingerprinting intelligence images”, Proceedings of of the sensitive information by previous receivers. If a Conference on Information Sciences and Systems, 2001, pp. 21 – suspicious watermarked copy appears and has not been 24 manipulated, the data owner can associate the copy to the [10] M.U. Celik, G. Sharma, A.M. Tekalp and E. Saber, “Lossless last authorized receiver. Thus, a new non-repudiation service generalized-LSB data embedding”, IEEE Transactions on Image is introduced in this paper: the non-repudiation of forwarding. Processing Vol. 14 No. 2, 2005, pp. 253 – 266 This service can be used both by the data owner and by all [11] J. Dittmann, A. Behr, M. Stabenau, P. Schmitt, J. Schwenk receivers of protected data. and J. Ueberberg, „Combining digital watermarks and collusion secure fingerprints for digital images”, JEI, 2000, pp. 456 – 467 © 2012 ACEEE 5 DOI: 01.IJIT.02.01. 30
  • 6. ACEEE Int. J. on Information Technology, Vol. 02, No. 01, March 2012 [12] A. Barg, G.R. Blakley and G.A. Kabatiansky, “Digital [15] J. Kohl, “The Use of Encryption in Kerberos for Network fingerprinting codes: problem statements, constructions, Authentication”, Proc. of Crypto ’89, 1989 identification of traitors”, IEEE Transactions on Information [16] M. Matyas, M. Peyravian, A. Roginsky and N. Zunic, Theory, 2003, pp. 852 – 865 “Reversible data mixing procedure for efficient public-key [13] Y. T. Lin and J. L. Wu, “Traceable multimedia fingerprinting encryption”, Computers & Security Vol. 17, No. 3, 1998, pp. 265 based on the multilevel user grouping”, Proceedings of Multimedia – 272 and Expo, 2008, doi: 10.1109/ICME.2008.4607442, pp. 345 – 348 [17] M. Jacobsson, J.P. Stern and M. Yung, “Scramble all, encrypt [14] D. Boneh and J. Shaw, “Collusion-secure fingerprinting for small”, FSE 99, LNCS 1636, Springer-Verlag, 1999, pp. 95 – 111 digital data”, Proceedings of CRYPTO ’95, 1995, pp. 452 – 465 © 2012 ACEEE 6 DOI: 01.IJIT.02.01. 30