copyright 2000, odyssey research associates, inc. sl00-0003 1 semantic data integrity darpa program...
TRANSCRIPT
1Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Semantic Data IntegrityDARPA Program Review
Cornell Business & Technology Park33 Thornwood Drive, Suite 500
Ithaca, NY 14850-1250(607) 257-1975
David Rosenthal
February 22, 2000
2Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Team Members
• ORA
• WetStone
• Jiri Fridrich (consultant to WetStone)
3Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical Objectives
• Support intrusion tolerance by developing improved data integrity methods to recover attacked data
– Many factor influence effectiveness:
• Many different types of threats
• Different types and characteristics of data
• Variety of integrity mechanisms
• Different size and performance constraints
– Want policy-based selection of mechanisms to effectively protect, recover, and reconstruct data that may be accidentally or maliciously damaged
4Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Existing practice
• Current Methods
– Protection of entire object
• One-way hash, Message authentication codes (MAC), Digital signatures
– Replication
– Access control and process control
– Watermarking and self-embedding techniques
• Need better methods to facilitate partial recovery and to focus limited resources where they are needed most
5Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical Approach
• Our research is directed in the following areas
– Techniques for identifying and protecting data subsets
– Developing new watermarking/self-embedding techniques
– Exploring how to recover data subsets using secondary data (DSI Marks) and how to partially reconstruct the whole data object
– How to select data protection and recovery mechanisms to meet integrity policy objectives
• Developing software to test the effectiveness of approach
6Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical ApproachSoftware
ExtractSemanticSegments
DSIMark
Generation
DSIMarkVerification
DataReconstruction
IntegrityPolicy
DSI MarkDB
SuspectData
7Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Added Cars DetectedForgery
Forged Image Detected Forgery
SDI Workshop Examples
8Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
SDI Workshop Examples
Original Image Segmented Image
9Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
SDI Workshop Examples
Forged Image Detected Forgery
AddedHelicopters
DetectedForgery
10Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Forged Image Detected Forgery
RemovedHelicopter
DetectedForgery
SDI Workshop Examples
11Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical ApproachSubsets
• Develop methods for forming subsets of an object, taking into account data characteristics and intended usage
– Simple example
• Save signatures of a subset of a picture consisting of just the higher order bits of pixels
• If some lower order bits are changed, the signature on the subset will still check, and the picture can be partially reconstructed
– Apply extra protection for key parts of an object
12Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical ApproachSubsets (cont.)
• We believe that a good selection of data subset formation methods can lead to improved
– performance characteristics
– likelihood that partially reconstructed objects will contain correct information about “interesting parts”
13Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical ApproachHierarchical Subsets
• We have been experimenting with algorithms for automatically subsetting images based on uniformity criteria (combination of color, intensity, texture similarity)
• Split image into quadrants, test quadrants for uniformity; if a quadrant is uniform, do not subdivide it further. Otherwise, continue subdividing
• Then, merge all “adjacent” segments that share the same uniformity characteristics (or possibly some other desirable characteristics such as a common edge)
14Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical ApproachHierarchical Subsets (cont.)
• Impose different integrity mechanisms at different layers of the decomposition, to achieve policy goals more efficiently
15Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical Approach Secure Fragile Authentication Watermark
• Investigated some attacks that affect several proposed fragile watermark schemes
• Developed a secure fragile watermark that is resistant to these attacks
– Uses secret key and the watermark is difficult to forge
– Resistant to collage attack
16Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical Approach Hybrid Watermark
• Have implemented a hybrid watermark
– Distinguishes between image processing operations (filtering, lossy compression) and feature alteration/removal/replacement
– Embed a semi-local (64 x 64) robust watermark that degrades gradually with alteration
– Embed a local (8x8) fragile watermark on top that breaks with any alterations
17Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical ApproachPolicy
• Policy will define the methods to apply to specific objects based on factors, such as:
– Importance of the data or sub-data
– Threats that need to be countered
– Recovery time constraints
– Resource limitations
– Detectability of integrity measure
– Integrity functionality that is available
– Current situation (INFOCON, THREATCON)
18Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Technical ApproachDemonstration Environment
• We are developing an environment for demonstrating and testing our technology
• Current features include:
– Split-and-merge with parameters
– Policy-based integrity mechanism selection
– Malicious alteration
– Damage detection
– Partial reconstruction with self-embedded data
19Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Major Risks and Planned Mitigation
• Risk
– Partial recovery of subsets may not be very practical (too resource-intensive or error-prone)
• Mitigation
– Focus research on more efficient or economical damage detection and less on partial recovery
– Devise policies that control the allowable expenditure of resources
20Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Accomplishments to Date
• Prototype Tool
– Demonstrates hierarchical subset methods
• Watermarking methods
• Some initial results on policy tradeoff analysis
21Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Quantitative Metrics
• Metrics that may be used are
– Size of DSI mark
– Time to apply integrity protection
– Time for partial reconstruction techniques
– Robustness of method
22Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Expected Major Achievements
• If successful, these methods will provide
– A more effective method for data integrity detection and data reconstruction
– A better foundation about how to relate integrity policy objectives with integrity mechanisms
23Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Task schedule
• First version of prototype tool: Feb 2000
• Next version: July 2000
• Final version: December 2000
24Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Key outstanding issues and recommended resolution
• None
25Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
Transition of Technology
• Military transition
– Integrity enhancement for expensive transmissions, e.g., air-to-ground targeting data
– Use of integrity technologies such as self-embedding for steganography (information hiding)
– Using embedded info to trace unauthorized disclosure
• Possible commercial transitions
– Injection of key technologies into WetStone’s SMARTWatch integrity checker
26Copyright 2000, Odyssey Research Associates, Inc.SL00-0003
What do you need from the DARPA PM?
• No pending requirements