Top

International Journal of Information Security

Published in:

14-09-2023 | Regular contribution

Pepal: Penalizing multimedia breaches and partial leakages

Authors: Easwar Vivek Mangipudi, Krutarth Rao, Jeremy Clark, Aniket Kate

Published in: International Journal of Information Security | Issue 1/2024

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Storage of media files by users at a third party, like cloud services or escrows, is increasing every day along with the risk of stored files being leaked through breaches from third parties. In this article, we study the problem of handling either intentional or unintentional multimedia storage breaches by the entity hosting the data. To address the problem, we design the Pepal: protocol where the sender forwarding multimedia data to a receiver can penalize the receiver through loss of cryptocurrency even for partial data leakage. Pepal: achieves this by augmenting a blockchain on-chain smart contract between the two parties with an off-chain cryptographic protocol. The protocol involves a new primitive doubly oblivious transfer (DOT), which, when combined with robust watermarking and a claim-or-refund blockchain contract, provides the necessary framework for a provably secure protocol. Any public data leakage by the receiver leads to the sender learning the receiver’s crypto-currency secret key, which allows him to transfer the claim-or-refund deposit of the receiver. The Pepal: protocol also ensures that the malicious sender cannot steal the deposit, even by leaking the original multimedia document in any form. We analyze our DOT-based design against partial adversarial leakages and show it to be robust against even small leakages. The prototype implementation of our Pepal: protocol shows our system to be efficient and easy to deploy in practice.

previous article Simulation extractable versions of Groth’s zk-SNARK revisited

next article Start thinking in graphs: using graphs to address critical attack paths in a Microsoft cloud tenant

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

For \(s_0 = s_1 = b\), the receiver knows that she received \(m_b\); however, that does not constitute any privacy leakage in our application as c and \(m_{1-s_c}\) remain private.

(2015) Data protection and breach. https://otalliance.org/system/files/files/resource/documents/dpd_2015_guide.pdf

(2015) Man in the cloud (mitc) attacks. https://www.imperva.com/docs/HII_Man_In_The_Cloud_Attacks.pdf

(n.d.) Data breaches. https://www.privacyrights.org/data-breaches?title= &breach_type%5B%5D=267

(n.d.) Digital watermarking alliance. http://digitalwatermarkingalliance.org/

(n.d.) Ethereum website. https://www.ethereum.org/

(n.d.) Friendmts. https://www.friendmts.com/nab-2017-showcase/

(n.d.) Nsw data and information custodianship policy. https://www.finance.nsw.gov.au/ict/sites/default/files/NSW%20Data%20and%20Information%20Custodianship%20Polic%20v1-0.pdf

(n.d.) Relic: efficient library for cryptography. https://github.com/relic-toolkit

Adelsbach, A., Sadeghi, A.R.: Zero-knowledge watermark detection and proof of ownership. In: Information Hiding (2001a)

10.

Adelsbach, A., Sadeghi, A.R.: Zero-knowledge watermark detection and proof of ownership. In: Moskowitz, I.S. (ed.) Information Hiding, pp. 273–288. Springer, Berlin Heidelberg, Berlin, Heidelberg (2001)CrossRef

11.

Amer, I., Sheha, T., Badawy, W., Jullien, G.: A tool for robustness evaluation of image watermarking algorithms. In: Elleithy, K. (ed.) Advanced Techniques in Computing Sciences and Software Engineering, pp. 59–63. Springer, Netherlands, Dordrecht (2010)CrossRef

12.

Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: IEEE Symposium on Security and Privacy (2014)

13.

Arun, V., Kate, A., Garg, D., Druschel, P., Bhattacharjee, B.: Finding safety in numbers with secure allegation escrows arXiv preprint arXiv:1810.10123 (2020)

14.

Bast, C.M.: At what price silence: are confidentiality agreements enforceable? William Mitchell Law Rev. 25(2), 627 (1999)

15.

Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: ICC (2014)

16.

Boneh, D., Franklin, M.: An efficient public key traitor tracing scheme. In: CRYPTO (1999)

17.

Camenisch, J., Stadler, M.: Proof Systems for General Statements About Discrete Logarithms, p. 260. Technical report/Dept of Computer Science, ETH Zürich (1997)

18.

Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: CRYPTO (1994)

19.

Chou, T., Orlandi, C.: The simplest protocol for oblivious transfer. In: LATINCRYPT (2015)

20.

Cox, I.J., Kilian, J., Leighton, F.T., Shamoon, T.: Secure spread spectrum watermarking for multimedia. IEEE TIP 6(12), 1673–1687 (1997)

21.

Cunningham, T.J., Huffman, B., Salmon, C.M.: Settlement trends in data breach litigation (2014). https://www.financierworldwide.com/settlement-trends-in-data-breach-litigation

22.

Doerner, J., Kondi, Y., Lee, E., a shelat.: Secure two-party threshold ecdsa from ecdsa assumptions. In: 2018 IEEE Symposium on Security and Privacy (SP), pp 595–612, (2018) https://doi.org/10.1109/SP.2018.00036

23.

Dwork, C., Lotspiech, J., Naor, M.: Digital signets: Self-enforcing protection of digital information (preliminary version). In: Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, pp 489–498 (1996)

24.

Erfani, Y., Siahpoush, S.: Robust audio watermarking using improved TS echo hiding. Digital Signal Process. 19(5), 809–814 (2009). https://doi.org/10.1016/j.dsp.2009.04.003CrossRef

25.

Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Proceedings on Advances in cryptology—CRYPTO ’86, pp 186–194 (1987)

26.

Floyd, T., Grieco, M., Reid, E.F.: Mining hospital data breach records: Cyber threats to u.s. hospitals. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp 43–48 (2016)

27.

Genc, Z.A., Iovino, V., Rial, A.: The simplest protocol for oblivious transfer revisited (2017). https://eprint.iacr.org/2017/370.pdf

28.

Härder, T., Bühmann, A.: Database caching-towards a cost model for populating cache groups. In: Benczúr, A., Demetrovics, J., Gottlob, G. (eds.) Advances in Databases and Information Systems, pp. 215–229. Springer, Heidelberg (2004)CrossRef

29.

Hourihan, C., Cline, B.: A look back: U.s. healthcare data breach trends". (2008) https://hitrustalliance.net/content/uploads/2014/05/HITRUST-Report-U.S.-Healthcare-Data-Breach-Trends.pdf

30.

Kiayias, A., Tang, Q.: How to keep a secret: leakage deterring public-key cryptosystems. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp 943–954 (2013)

31.

Kiayias, A., Tang, Q.: Traitor deterring schemes: using bitcoin as collateral for digital content. In: ACM CCS (2015)

32.

Kiayias, A., Leonardos, N., Lipmaa, H., Pavlyk, K., Tang, Q.: Communication optimal tardos-based asymmetric fingerprinting. In: Nyberg, K. (ed.) Topics in Cryptology – CT-RSA 2015, pp. 469–486. Springer International Publishing, Cham (2015)CrossRef

33.

Kim, S., Wu, D.J.: Watermarking cryptographic functionalities from standard lattice assumptions. In: Katz, J., Shacham, H. (eds.) Advances in Cryptology - CRYPTO 2017, pp. 503–536. Springer International Publishing, Cham (2017)CrossRef

34.

Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In: IEEE Symposium on Security and Privacy (2016)

35.

Lancini, R., Mapelli, F., Tubaro, S.: A robust video watermarking technique in the spatial domain. In: International Symposium on VIPromCom Video/Image Processing and Multimedia Communications, pp 251–256, (2002) https://doi.org/10.1109/VIPROM.2002.1026664

36.

Lei, B.Y., Soon, I.Y., Li, Z.: Blind and robust audio watermarking scheme based on svd-dct. Signal Process. 91(8), 1973–1984 (2011). https://doi.org/10.1016/j.sigpro.2011.03.001CrossRef

37.

Lie, W.N., Chang, L.C.: Robust and high-quality time-domain audio watermarking based on low-frequency amplitude modification. IEEE Trans. Multimed. 8(1), 46–59 (2006). https://doi.org/10.1109/TMM.2005.861292CrossRef

38.

Meerwald, P.: Watermarking source code. Online, (2005) http://www.cosy.sbg.ac.at/~pmeerw/Watermarking

39.

Memon, N., Wong, P.W.: A buyer-seller watermarking protocol. IEEE Trans. Image Process. 10(4), 643–649 (2001). https://doi.org/10.1109/83.913598CrossRef

40.

Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)

41.

Rahulamathavan, Y., Rajarajan, M., Rana, O.F., Awan, M.S., Burnap, P., Das, S.K.: Assessing data breach risk in cloud systems. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp 363–370 (2015)

42.

Rogaway, P.: Formalizing human ignorance. In: Nguyen, P.Q. (ed.) Progress in Cryptology - VIETCRYPT 2006, pp. 211–228. Springer, Heidelberg (2006)CrossRef

43.

Ruffing, T., Kate, A., Schröder, D.: Liar, liar, coins on fire!: penalizing equivocation by loss of bitcoins. In: ACM CCS (2015)

44.

Venkatesan, R., Vazirani, V., Sinha, S.: A graph theoretic approach to software watermarking. In: Moskowitz, I.S. (ed.) Information Hiding, pp. 157–168. Springer, Berlin Heidelberg, Berlin, Heidelberg (2001)CrossRef

45.

Yao, S.B.: An attribute based model for database access cost analysis. ACM Trans. Database Syst. 2(1), 45–67 (1977). https://doi.org/10.1145/320521.320535CrossRef

46.

Zhang, J., Ho, A.T.S., Qiu, G., Marziliano, P.: Robust video watermarking of h.264/avc. In: IEEE Transactions on Circuits and Systems II: Express Briefs 54(2):205–209, (2007) https://doi.org/10.1109/TCSII.2006.886247

Title: Pepal: Penalizing multimedia breaches and partial leakages
Authors: Easwar Vivek Mangipudi
Krutarth Rao
Jeremy Clark
Aniket Kate
Publication date: 14-09-2023
Publisher: Springer Berlin Heidelberg
Published in: International Journal of Information Security / Issue 1/2024
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-023-00744-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2024

Energy-efficient trust-aware secured neuro-fuzzy clustering with sparrow search optimization in wireless sensor network

Estimating vulnerability metrics with word embedding and multiclass classification methods

RLET: a lightweight model for ubiquitous multi-class intrusion detection in sustainable and secured smart environment

MLChain: a privacy-preserving model learning framework using blockchain

SDN as a defence mechanism: a comprehensive survey

Simulation extractable versions of Groth’s zk-SNARK revisited

Premium Partner