MIEMBROS DE LAS REALES MAESTRANZAS DE CABALLERÍA

The feature codes are encrypted by a secret private key of the Public Key method. As described in Section 3.2, the length, lf, of feature codes is determined

by the comparison bits }

2 (

Nn=1bn), the seeds of the block pair mapping function

and selected DCT positions, and the DCT mean values (see Section 3.2.1). For instance, assume the image size is 320240 = 76800(bytes). In a scenario that 10

42 bits of feature codes are used for each block pair,i.e., N = 1 and b = 10. Assume both the seeds are 2 bytes long, and 6 DCT coecient averages are recorded, then the length of feature codes, lf, will be 4030

10 1

8 + 2 + 2 + 6 = 760(bytes). The

signature length can be further reduced with the reduction of the authenticator's eectiveness. We will analyze this trade-o in detail in Section 4.

The Public Key algorithm is used so that any user can easily access a public key to decrypt the signature. The most famous public key algorithm is RSA (Rivest, Shamir, and Adleman)[64][113]. The key length of RSA is variable but the most commonly used length is 512 bits [113], while the message block size must be smaller than the key length. If we choose to divide the feature codes into B-bit blocks, it needs dlf 8

Be RSA calculations (wheredxe denotes the integer ceiling function).

Assume the output length of each RSA is lr, then the signature length will be

dlf 8 1

Belr bits. For instance, in previous example, ifB = 510 and lr = 511 are

used, then the RSA algorithm has to be run 12 times and the signature length will be 767 bytes. It is about 1

100 of the original image size.

A problem with Public Key algorithms is the speed. In hardware, the RSA Public Key algorithm is 1000 times slower than the DES Secret Key algorithm. The dierence is about 100 times in software [113]. Therefore, if eciency is critical, we can choose the Secret Key algorithm instead of the Public Key algorithm. The drawback is that users have to keep their secret keys safe, and the image can be authenticated by only the few people who own the secret key.

Implementation of a Public Key Infrastructure (PKI) is necessary for practical application. A PKI is the set of security services that enable the use and management of public-key cryptography and certicates, including key, certicate, and policy management [54]. If the image is generated from a hardware device, such as digital camera or scanner, then the manufacturer can serve as a Certication

43 486 91 -66 -91 -17 -1 14 -0 140 41 44 35 -8 -12 -6 -4 43 108 -54 5 16 13 -9 -0 -143 -21 84 34 22 -0 -12 6 9 -18 -2 -32 8 5 5 12 -23 -9 1 -1 -8 1 2 -0 3 10 -14 4 6 -1 -1 -6 -8 -10 14 3 -1 -2 -2 -3 727 -188 -3 -28 -16 -4 -6 -1 51 -77 22 45 11 1 2 3 31 -52 -73 -8 5 5 10 7 73 40 -21 -7 1 -13 -2 -2 19 12 -21 -17 4 2 2 -1 20 15 -2 -17 -5 2 -0 -1 16 16 13 1 2 6 -2 0 -1 -3 -6 -12 -6 -1 1 3 (a) (b)

Table 2.1: Two DCT coecient blocks for a 168 area cut from the image \Lenna"

(right eye region).

Authority (CA) issuing all user private-public key pairs. Private keys can be either embedded in the hardware device or issued to the driver software while customers register their information. Any end entity can examine the authenticity of images by requesting the public key and the authentication software from the manufacturer. Similarly, if the image is generated by a Content Holder, he/she can ask a private- public key pairs from any CA, which provides both key pairs and authentication software. The details of the PKI and the related standard X:509 can be found in [52].

2.3.5 Example: A small

168

image

We will use a small 16 8 image, X, as an example to illustrate the proposed

authentication technique. This image is divided into two 88 blocks, from which

DCT coecients are computed. Therefore,} = 2. Its DCT coecients are shown in Table 2.1. For simplicity, only integral values of them are shown in the table.

First, let us consider the case of N = 1, i.e., only one threshold value k = 0 is used for feature code generation. Assume the rst 10 coecients in the zigzag order of the two blocks are compared. In this case, the length of the feature codes, Z, will be 10 bits (b1 = 10)

F

1;2(1) =

;241 < 0. Therefore, the rst bit of the

44 480 96 -64 -96 -16 0 16 0 144 48 48 32 -16 -16 0 0 48 112 -48 0 16 16 -16 0 -144 -16 80 32 16 0 -16 0 16 -16 0 -32 16 0 0 16 -16 -16 0 0 -16 0 0 0 0 16 -16 0 0 0 0 0 -16 -16 16 0 0 0 0 0 720 -192 0 -32 -16 0 0 0 48 -80 16 48 16 0 0 0 32 -48 -80 -16 0 0 16 0 80 48 -16 0 0 -16 0 0 16 16 -16 -16 0 0 0 0 16 16 0 -16 0 0 0 0 16 16 16 0 0 0 0 0 0 0 0 -16 0 0 0 0 (a) (b)

Table 2.2: DCT coecients in Table 1 quantized by a uniform matrix. and

F

2(2) = ;188, respectively. Since

F

1;2(2) = 279 > 0, the second bit of the

feature codes is 1. After 10 iterations, the feature codes,Z, are: 0111100110. Consider longer feature codes, we set N = 4, b1 = 10, b2 = 6, b3 = 3 and b4 = 1.

The reason for a decreasing value of bn is that the lower frequency coecients need

more protection than the higher frequency ones. The threshold values, k's, are 0, 128, 64 and 32 (in the absolute form). The rst 10 bits of Z are the same as the previous case. For the next 6 bits, the rst six coecients are compared again using jkj = 128. For example, since

F

1;2(1) = ;241 < ;128, the 11th bit =

F

1;2(2) = 279 > 128, so the 12th bit = 1. The nal feature codes are:

01111001100100010110. The length of Z isP 4

n=1bn= 20.

Table 2.2 shows the DCT coecients after quantization (i.e.,

~F

1 and

~F

2) with a

uniform matrix of 16. This is to simulate the quantization process in JPEG. Using Figure 2-2(b), we authenticate the compressed image by comparing

~F

1;2 to the

feature codes Z. For instance,

~F

1;2(1) = ;240 < 0 and Z

1(1) = 0, this value is

authenticated to be true. Similar process continues until all feature codes are used. Note if the quantization table is not known to the authenticator, the rst set of codes (withk = 0) can still be veried.

Consider an example of manipulation. AssumeX(0;2) and X(0;3) are modied from 72 and 26 to 172 and 126. (X can be obtained from the IDCT of Table 2.1.) Assume we use the same quantization matrix. Repeating the above process, the

45 I

.

Sτ R S Rn

.

(a) (b) (c) (d) (f) (e)

.

(g)

Figure 2-3: Conceptual illustration of `miss', `false alarm' and other scenarios. authenticator will detect the manipulation due to the mismatch of the 4th bit of the feature codes.

In document MAGALLÁNICA, Revista de Historia Moderna (página 30-46)