-
Notifications
You must be signed in to change notification settings - Fork 0
Home
In this section, we overview the project's model & system architecture and introduce our solutions to several security concerns.

The system contains an Android frontend application and a Python backend server, communicating via HTTPS.
To generate a new digital watermark, a user must register and log into an Author account. The app will then request a unique tag from the backend authentication handler and invoke the local steganography SDK to embed the tag in the image provided by the user. Meanwhile, the user may add custom messages to the watermark and encrypt them with a passcode via the local crypto SDK. Before exporting the "stamped" image, the app will upload all the messages, along with the image checksum produced by the crypto SDK, and pair them with the tag in the database through the main handler.
Whoever receives the image, known as the Viewer, can retrieve the digital watermark without login. The app will extract the tag, query the server, and verify the image checksum. Aside from public messages, the viewer may also enter the passcode to access the encrypted messages.
Here we list the Q&A to some common cybersecurity concerns. Note that some countermeasures are not guaranteed in the minimal viable product.
Can attackers invalidate my watermark by modifying some pixels / taking a screenshot / adding noise / reformating / compressing / cropping the image?
It depends on the steganography algorithm. We intend to use a robust model based on machine learning to resist most modifications. For example, StegaStamp can retrieve the embedded information from an image that is printed out and rescanned. To destroy the watermark, the attacker has to modify the image thoroughly, creating identifiable artifacts. More discussion about the steganography algorithms can be found here.
No, as long as the attacker does not know your account password. The checksum guarantees that the image cannot be modified without being noticed.
We attach great importance to your privacy and hence our backend only asks for minimal information. Your account password will be salted and hashed before being transmitted to the server. Your IP address is not recorded. The base image for digital watermarking also stays locally - only a secure hash is uploaded. The message part is a bit tricky. Since the image can only store limited information, we have to store your watermark message on the Cloud. We intend to solve this privacy issue by encrypting all the information with a local random key, which is embedded in the image together with the tag. As the image is not uploaded, the server cannot decrypt the message.
Yes, you may choose to keep your username and the timestamp information private when generating the watermark. You can later publish them when there is a copyright conflict.
Theoretically yes, but practically NO. Each tag is a 56-bit long random number. Even if the app has a million users, only 1/70000000000 of the tags are valid.
No, because tags are not generated in increasing order.
Alphabetized by last name. Each team member has made significant contribution to this project.