International Conferences: Information Hiding & Multimedia Security, 2015, Portland, Oregon

 

 
SoS Logo

International Conferences: Information Hiding and Multimedia Security, 2015 Portland, Oregon

 

The 3rd ACM Workshop on Information Hiding and Multimedia Security (IH & MMSec) was held June 17-19, 2015 in Portland, Oregon. The workshop focused on information hiding topics such as watermarking, steganography, steganalysis, anonymity, privacy, hard-to-intercept communications, and covert/subliminal channels, and on a variety of multimedia security topics including multimedia identification, biometrics, video surveillance, multimedia forensics, and computer and network security. The papers presented are cited here. The conference web site is available at: http://www.ihmmsec.org/  



Sebastian Matthias Burg, Dustin Peterson, Oliver Bringmann. “End-to-Display Encryption: A Pixel-Domain Encryption with Security Benefit.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 123-128. Doi: 10.1145/2756601.2756613

Abstract: Providing secure access to confidential information is extremely difficult, notably when regarding weak endpoints and users. With the increasing number of corporate espionage cases and data leaks, a usable approach enhancing the security of data on endpoints is needed. In this paper we present our implementation for providing a new level of security for confidential documents that are viewed on a display. We call this End-to-Display Encryption (E2DE). E2DE encrypts images in the pixel-domain before transmitting them to the user. These images can then be displayed by arbitrary image viewers and are sent to the display. On the way to the display, the data stream is analyzed and the encrypted pixels are decrypted depending on a private key stored on a chip card inserted in the receiver, creating a viewable representation of the confidential data on the display, without decrypting the information on the computer itself. We implemented a prototype on a Digilent Atlys FPGA Board supporting resolutions up to Full HD.

Keywords: encryption, multimedia, physical security, security (ID#: 15-6381)

URL: http://doi.acm.org/10.1145/2756601.2756613



Adi Hajj-Ahmad, Séverine Baudry, Bertrand Chupeau, Gwenaël Doërr. “Flicker Forensics for Pirate Device Identification.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 75-84. Doi: 10.1145/2756601.2756612

Abstract: Cryptography-based content protection is an efficient means to protect multimedia content during transport. Nevertheless, content is eventually decrypted at rendering time, leaving it vulnerable to piracy e.g. using a camcorder to record movies displayed on an LCD screen. Such type of piracy naturally imprints a visible flicker signal in the pirate video due to the interplay between the rendering and acquisition devices. The parameters of such flicker are inherently tied to the characteristics of the pirate devices such as the back-light of the LCD screen and the read-out time of the camcorder. In this article, we introduce a forensic methodology to estimate such parameters by analyzing the flicker signal present in pirate recordings. Experimental results clearly showcase that the accuracy of these estimation techniques offers efficient means to tell-tale which devices have been used for piracy thanks to the variety of factory settings used by consumer electronics manufacturers.

Keywords: LCD screen, back-light, camcorder, flicker, passive forensics, piracy, read-out time, rolling shutter (ID#: 15-6382)

URL: http://doi.acm.org/10.1145/2756601.2756612



Tomáš Denemark, Jessica Fridrich. “Improving Steganographic Security by Synchronizing the Selection Channel.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 5-14. Doi: 10.1145/2756601.2756620

Abstract: This paper describes a general method for increasing the security of additive steganographic schemes for digital images represented in the spatial domain. Additive embedding schemes first assign costs to individual pixels and then embed the desired payload by minimizing the sum of costs of all changed pixels. The proposed framework can be applied to any such scheme -- it starts with the cost assignment and forms a non-additive distortion function that forces adjacent embedding changes to synchronize. Since the distortion function is purposely designed as a sum of locally supported potentials, one can use the Gibbs construction to realize the embedding in practice. The beneficial impact of synchronizing the embedding changes is linked to the fact that modern steganalysis detectors use higher-order statistics of noise residuals obtained by filters with sign-changing kernels and to the fundamental difficulty of accurately estimating the selection channel of a non-additive embedding scheme implemented with several Gibbs sweeps. Both decrease the accuracy of detectors built using rich media models, including their selection-channel-aware versions.

Keywords: Gibbs construction, non-additive distortion, security, selection channel, steganography, synchronization (ID#: 15-6383)

URL: http://doi.acm.org/10.1145/2756601.2756620



Christian Arndt, Stefan Kiltz, Jana Dittmann, Robert Fischer. “ForeMan, a Versatile and Extensible Database System for Digitized Forensics Based on Benchmarking Properties.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 91-96. Doi: 10.1145/2756601.2756615

Abstract: To benefit from new opportunities offered by the digitalization of forensic disciplines, the challenges especially w.r.t. comprehensibility and searchability have to be met. Important tools in this forensic process are databases containing digitized representations of physical crime scene traces. We present ForeMan, an extensible database system for digitized forensics handling separate databases and enabling intra and inter trace type searches. It now contains 762 fiber data sets and 27 fingerprint data sets (anonymized time series). Requirements of the digitized forensic process model are mapped to design aspects and conceptually modeled around benchmarking properties. A fiber categorization scheme is used to structure fiber data according to forensic use case identification. Our research extends the benchmarking properties by fiber fold shape derived from the application field of fibers (part of micro traces) and sequence number derived from the application field of time series analysis for fingerprint aging research. We identify matching data subsets from both digitized trace types and introduce the terms of entity-centered and spatial-centered information. We show how combining two types of digitized crime scene traces (fiber and fingerprint data) can give new insights for research and casework and discuss requirements for other trace types such as firearm and toolmarks.

Keywords: benchmarking properties, digitized crime scene forensics, forensic trace database (ID#: 15-6384)

URL: http://doi.acm.org/10.1145/2756601.2756615



Vahid Sedighi, Jessica Fridrich. “Effect of Imprecise Knowledge of the Selection Channel on Steganalysis.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 33-42. Doi: 10.1145/2756601.2756621

Abstract: It has recently been shown that steganalysis of content-adaptive steganography can be improved when the Warden incorporates in her detector the knowledge of the selection channel -- the probabilities with which the individual cover elements were modified during embedding. Such attacks implicitly assume that the Warden knows at least approximately the payload size. In this paper, we study the loss of detection accuracy when the Warden uses a selection channel that was imprecisely determined either due to lack of information or the stego changes themselves. The loss is investigated for two types of qualitatively different detectors -- binary classifiers equipped with selection-channel-aware rich models and optimal detectors derived using the theory of hypothesis testing from a cover model. Two different embedding paradigms are addressed -- steganography based on minimizing distortion and embedding that minimizes the detectability of an optimal detector within a chosen cover model. Remarkably, the experimental and theoretical evidence are qualitatively in agreement across different embedding methods, and both point out that inaccuracies in the selection channel do not have a strong effect on steganalysis detection errors. It pays off to use imprecise selection channel rather than none. Our findings validate the use of selection-channel-aware detectors in practice.

Keywords: adaptive, selection channel, steganalysis, steganography (ID#: 15-6385)

URL: http://doi.acm.org/10.1145/2756601.2756621



Jong-Uk Hou, Do-Gon Kim, Sunghee Choi, Heung-Kyu Lee. “3D Print-Scan Resilient Watermarking Using a Histogram-Based Circular Shift Coding Structure.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 115-121. Doi: 10.1145/2756601.2756607

Abstract: 3D printing content is a new form of content being distributed in digital as well as analog domains. Therefore, its security is the biggest technical challenge of the content distribution service. In this paper, we analyze the 3D print-scan process, and we organize possible distortions according to the processes with respect to 3D mesh watermarking. Based on the analysis, we propose a circular shift coding structure for the 3D model. When the rotating disks of the coding structure are aligned in parallel to the layers of the 3D printing, the structure preserves a statistical feature of each disk from the layer dividing process. Based on the circular shift coding structure, we achieve a 3D print-scan resilient watermarking scheme. In experimental tests, the proposed scheme is robust against such signal processing, and cropping attacks. Furthermore, the embedded information is not lost after 3D print-scan process.

Keywords: 3D mesh model, 3D printer, digital watermarking, robust watermarking, stair-stepping effect (ID#: 15-6386)

URL: http://doi.acm.org/10.1145/2756601.2756607



Brent C. Carrara, Carlisle Adams. “On Characterizing and Measuring Out-of-Band Covert Channels.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 43-54. Doi: 10.1145/2756601.2756604

Abstract: A methodology for characterizing and measuring out-of-band covert channels (OOB-CCs) is proposed and used to evaluate covert-acoustic channels (i.e., covert channels established using speakers and microphones). OOB-CCs are low-probability of detection/low-probability of interception channels established using commodity devices that are not traditionally used for communication (e.g., speaker and microphone, display and FM radio, etc.). To date, OOB-CCs have been declared "covert" if the signals used to establish these channels could not be perceived by a human adversary. This work examines OOB-CCs from the perspective of a passive adversary and argues that a different methodology is required in order to effectively assess OOB-CCs. Traditional communication systems are measured by their capacity and bit error rate; while important parameters, they do not capture the key measures of OOB-CCs: namely, the probability of an adversary detecting the channel and the amount of data that two covertly communicating parties can exchange without being detected. As a result, the adoption of the measure steganographic capacity is proposed and used to measure the amount of data (in bits) that can be transferred through an OOB-CC before a passive adversary's probability of detecting the channel reaches a given threshold. The theoretical steganographic capacity for discrete memoryless channels as well as additive white Gaussian noise channels is calculated in this paper and a case study is performed to measure the steganographic capacity of OOB covert-acoustic channels, when a passive adversary uses an energy detector to detect the covert communication. The case study reveals the conditions under which the covertly communicating parties can achieve perfect steganography (i.e., conditions under which data can be communicated without risk of detection).

Keywords: covert channels, covert-acoustic channels, information hiding, malware communication, out-of-band covert channels, steganographic capacity (ID#: 15-6387)

URL: http://doi.acm.org/10.1145/2756601.2756604



Xiaofeng Song, Fenlin Liu, Chunfang Yang, Xiangyang Luo, Yi Zhang. “Steganalysis of Adaptive JPEG Steganography Using 2D Gabor Filters.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 15-23. Doi: 10.1145/2756601.2756608

Abstract: Adaptive JPEG steganographic schemes are difficult to preserve the image texture features in all scales and orientations when the embedding changes are constrained to the complicated texture regions, then a steganalysis feature extraction method is proposed based on 2 dimensional (2D) Gabor filters. The 2D Gabor filters have certain optimal joint localization properties in the spatial domain and in the spatial frequency domain. They can describe the image texture features from different scales and orientations, therefore the changes of image statistical characteristics caused by steganography embedding can be captured more effectively. For the proposed feature extraction method, the decompressed JPEG image is filtered by 2D Gabor filters with different scales and orientations firstly. Then, the histogram features are extracted from all the filtered images. Lastly, the ensemble classifier is used to assemble the proposed steganalysis feature as well as the final steganalyzer. The experimental results show that the proposed steganalysis feature can achieve a competitive performance by comparing with the other steganalysis features when they are used for the detection performance of adaptive JPEG steganography such as UED, JUNIWARD and SI-UNIWARD.

Keywords: algorithms, design, security (ID#: 15-6388)

URL: http://doi.acm.org/10.1145/2756601.2756608



Yao Shen, Liusheng Huang, Fei Wang, Xiaorong Lu, Wei Yang, Lu Li. “LiHB: Lost in HTTP Behaviors - A Behavior-Based Covert Channel in HTTP.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 55-64. Doi: 10.1145/2756601.2756605

Abstract: The application-layer covert channels have been extensively studied in recent years. Information-hiding in ubiquitous application packets can significantly improve the capacity of covert channels. However, the undetectability is still a knotty problem, because the existing covert channels are all frustrated by proper detection schemes. In this paper, we propose LiHB, a behavior-based covert channel in HTTP. When a client is browsing a website and downloading webpage objects, we can reveal some fluctuation behaviors that the distribution relationship between the ports opening and HTTP requests are flexible. Based on combinatorial nature of distributing N HTTP requests over M HTTP flows, such fluctuation can be exploited by LiHB channel to encode covert messages, which can obtain high stealthiness. Besides, LiHB achieves a considerable and controllable capacity by setting the number of webpage objects and HTTP flows. Compared with existing techniques, LiHB is the first covert channel implemented based on the unsuspicious behavior of browsers, the most important application-layer software. Because most HTTP proxies are using NAPT techniques, LiHB can also operate well even when a proxy is equipped, which poses a serious threat to individual privacy. Experimental results show that LiHB covert channel achieves a good capacity, reliability and high undetectability.

Keywords: application layer, browser, combinatorics, covert channels, http behaviors, proxy (ID#: 15-6389)

URL: http://doi.acm.org/10.1145/2756601.2756605



Yun Cao, Hong Zhang, Xianfeng Zhao, Haibo Yu. “Video Steganography Based on Optimized Motion Estimation Perturbation.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 25-31. Doi: 10.1145/2756601.2756609

Abstract: In this paper, a novel motion vector-based video steganographic scheme is proposed, which is capable of withstanding the current best statistical detection method. With this scheme, secret message bits are embedded into motion vector (MV) values by slightly perturbing their motion estimation (ME) processes. In general, two measures are taken for steganographic security (statistical undetectability) enhancement. First, the ME perturbations are optimized ensuring the modified MVs are still local optimal, which essentially makes targeted detectors ineffective. Secondly, to minimize the overall embedding impact under a given relative payload, a double-layered coding structure is used to control the ME perturbations. Experimental results demonstrate that the proposed scheme achieves a much higher level of security compared with other existing MV-based approaches. Meanwhile, the reconstructed visual quality and the coding efficiency are slightly affected as well.

Keywords: H.264/AVC, information hiding, motion estimation, steganography, video (ID#: 15-6390)

URL: http://doi.acm.org/10.1145/2756601.2756609



Charles V. Wright, Wu-chi Feng, Feng Liu. “Thumbnail-Preserving Encryption for JPEG.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 141-146. Doi: 10.1145/2756601.2756618

Abstract: With more and more data being stored in the cloud, securing multimedia data is becoming increasingly important. Use of existing encryption methods with cloud services is possible, but makes many web-based applications difficult or impossible to use. In this paper, we propose a new image encryption scheme specially designed to protect JPEG images in cloud photo storage services. Our technique allows efficient reconstruction of an accurate low-resolution thumbnail from the ciphertext image, but aims to prevent the extraction of any more detailed information. This will allow efficient storage and retrieval of image data in the cloud but protect its contents from outside hackers or snooping cloud administrators. Experiments of the proposed approach using an online selfie database show that it can achieve a good balance of privacy, utility, image quality, and file size.

Keywords: image security, multimedia encryption, privacy (ID#: 15-6391)

URL: http://doi.acm.org/10.1145/2756601.2756618



Eun-Kyung Ryu, Dae-Soo Kim, Kee-Young Yoo. “On Elliptic Curve Based Untraceable RFID Authentication Protocols.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 147-153. Doi: 10.1145/2756601.2756610

Abstract: An untraceable RFID authentication scheme allows a legitimate reader to authenticate a tag, and at the same time it assures the privacy of the tag against unauthorized tracing. In this paper, we revisit three elliptic-curve based untraceable RFID authentication protocols recently published and show they are not secure against active attacks and do not support the untraceability for tags. We also provide a new construction to solve such problems using the elliptic-curved based Schnorr signature technique. Our construction satisfies all requirements for RFID security and privacy including replay protection, impersonation resistance, untraceability, and forward privacy. It requires only two point scalar multiplications and two hash operations with two messages exchanges. Compared to previous works, our construction has better security and efficiency.

Keywords: ECC, RFID, authentication, privacy, untraceability (ID#: 15-6392)

URL: http://doi.acm.org/10.1145/2756601.2756610



Lakshmanan Nataraj, S. Karthikeyan, B.S. Manjunath. “SATTVA: SpArsiTy inspired classificaTion of malware VAriants.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 135-140. Doi: 10.1145/2756601.2756616

Abstract: There is an alarming increase in the amount of malware that is generated today. However, several studies have shown that most of these new malware are just variants of existing ones. Fast detection of these variants plays an effective role in thwarting new attacks. In this paper, we propose a novel approach to detect malware variants using a sparse representation framework. Exploiting the fact that most malware variants have small differences in their structure, we model a new/unknown malware sample as a sparse linear combination of other malware in the training set.  The class with the least residual error is assigned to the unknown malware. Experiments on two standard malware datasets, Malheur dataset and Malimg dataset, show that our method outperforms current state of the art approaches and achieves a classification accuracy of 98.55\% and 92.83\% respectively. Further, by using a confidence measure to reject outliers, we obtain 100\% accuracy on both datasets, at the expense of throwing away a small percentage of outliers. Finally, we evaluate our technique on two large scale malware datasets: Offensive Computing dataset (2,124 classes, 42,480 malware) and Anubis dataset (209 classes, 36,784 samples). On both datasets our method obtained an average classification accuracy of 77\%, thus making it applicable to real world malware classification.

Keywords: sparsity based classification, compressed sensing, malware variant classification, random projections (ID#: 15-6393)

URL: http://doi.acm.org/10.1145/2756601.2756616



Ji Won Yoon, Hyoungshick Kim, Hyun-Ju Jo, Hyelim Lee, Kwangsu Lee. “Visual Honey Encryption: Application to Steganography.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 65-74. Doi: 10.1145/2756601.2756606

Abstract: Honey encryption (HE) is a new technique to overcome the weakness of conventional password-based encryption (PBE). However, conventional honey encryption still has the limitation that it works only for binary bit streams or integer sequences because it uses a fixed distribution-transforming encoder (DTE). In this paper, we propose a variant of honey encryption called visual honey encryption which employs an adaptive DTE in a Bayesian framework so that the proposed approach can be applied to more complex domains including images and videos. We applied this method to create a new steganography scheme which significantly improves the security level of traditional steganography.

Keywords: honey encryption, multimedia, steganography (ID#: 15-6394)

URL: http://doi.acm.org/10.1145/2756601.2756606



William F. Bond, Ahmed Awad E.A. “Touch-based Static Authentication Using a Virtual Grid.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 129-134. Doi: 10.1145/2756601.2756602

Abstract: Keystroke dynamics is a subfield of computer security in which the cadence of the typist's keystrokes are used to determine authenticity. The static variety of keystroke dynamics uses typing patterns observed during the typing of a password or passphrase. This paper presents a technique for static authentication on mobile tablet devices using neural networks for analysis of keystroke metrics. Metrics used in the analysis of typing are monographs, digraphs, and trigraphs. Monographs as we define them consist of the time between the press and release of a single key, coupled with the discretized x-y location of the keystroke on the tablet. A digraph is the duration between the presses of two consecutively pressed keys, and a trigraph is the duration between the press of a key and the press of a key two keys later. Our technique combines the analysis of monographs, digraphs, and trigraphs to produce a confidence measure. Our best equal error rate for distinguishing users from impostors is 9.3% for text typing, and 9.0% for a custom experiment setup that is discussed in detail in the paper.

Keywords: Bayesian fusion, back-propagation neural networks, digraphs, discretization, keystroke dynamics, mobile authentication, monographs, receiver operating characteristic curve, static authentication, trigraphs (ID#: 15-6395)

URL: http://doi.acm.org/10.1145/2756601.2756602



David Aucsmith. “Implications of Cyber Warfare;. IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 1-1. Doi: 10.1145/2756601.2756622

Abstract: Freedom of operation in cyberspace has become an object of contestation between nation states. Cyber warfare is emerging as a realistic threat. This talk will explore the implications of the development of cyberspace as a domain of warfare and how military theory developed for the other domains of war may be applicable to cyberspace. Far from being a completely different domain, the talk will demonstrate that cyberspace is simply an obvious evolution in conflict theory.

Keywords: conflict theory, cyber warfare, military theory (ID#: 15-6396)

URL: http://doi.acm.org/10.1145/2756601.2756622



Richard Chow. “IoT Privacy: Can We Regain Control?” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 3-3. Doi: 10.1145/2756601.2756623

Abstract: Privacy is part of the Internet of Things (IoT) discussion because of the increased potential for sensitive data collection. In the vision for IoT, sensors penetrate ubiquitously into our physical lives and are funneled into big data systems for analysis. IoT data allows new benefits to end users - but also allows new inferences that erode privacy. The usual privacy mechanisms employed by users no longer work in the context of IoT. Users can no longer turn off a service (e.g., GPS), nor can they even turn off a device and expect to be safe from tracking. IoT means the monitoring and data collection is continuing even in the physical world. On a computer, we have at least a semblance of control and can in principle determine what applications are running and what data they are collecting. For example, on a traditional computer, we do have malware defenses - even if imperfect. Such defenses are strikingly absent for IoT, and it is unclear how traditional defenses can be applied to IoT. The issue of control is the main privacy problem in the context of IoT. Users generally don't know about all the sensors in the environment (with the potential exception of sensors in the user's own home). Present-day examples are WiFi MAC trackers and Google Glass, of course, but systems in the future will become even less discernible. In one sense, this is a security problem - detecting malicious devices or "environmental malware." But it is also a privacy problem - many sensor devices in fact want to be transparent to users (for instance, by adopting a traditional notice-and-consent model), but are blocked by the lack of a natural communication channel to the user. Even assuming communication mechanisms, we have complex usability problems. For instance, we need to understand what sensors a person might be worried about and in what contexts. Audio capture at home is different from audio capture in a lecture hall. What processing is done on the sensor data may also be important. A camera capturing video for purposes of gesture recognition may be less worrisome than for purposes of facial recognition (and, of course, the user needs assurance on the proclaimed processing). Finally, given the large number of "things", the problem of notice fatigue must be dealt with, or notifications will become no more useful than browser security warnings. In this talk, we discuss all these problems in detail, together with potential solutions.

Keywords: (not provided) (ID#: 15-6397)

URL: http://doi.acm.org/10.1145/2756601.2756623

 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.