-
Notifications
You must be signed in to change notification settings - Fork 0
Home
In this section, we overview the project's model & system architecture and introduce our solutions to several security concerns.
The charts above demonstrate the story map of the mobile app. From the user's perspective, the app design can be divided into four stages. For each stage, we list our goals for a skeletal product and a minimum viable product (MVP), as well as other stretch goals. Brief implementation tips are also included.
The system contains an Android frontend application and a Python backend server, communicating via HTTPS.
To generate a new digital watermark, a user must register and log into an Author account. The app will then request a unique tag from the backend authentication handler and invoke the local steganography SDK to embed the tag in the image provided by the user. Meanwhile, the user may add custom messages to the watermark and encrypt them with a passcode via the Android Crypto SDK. Before exporting the "stamped" image, the app will upload all the messages along with the image checksum produced by the crypto SDK, which will be paired with the tag in the NoSQL database through the main handler.
Whoever receives the image, known as the Viewer, can retrieve the digital watermark without login. The app will extract the tag, query the main handler, and verify the image checksum. Aside from public messages, the viewer may also enter the passcode to access the encrypted messages.
The following Q&A part helps further illustrate how each module works and, more importantly, why it is designed this way. Note that some security measures are not guaranteed in the minimal viable product.
- Can attackers invalidate my watermark by modifying some pixels / taking a screenshot / adding noise / reformatting / compressing / cropping the image?
It depends on the steganography algorithm. For the minimum viable product, we intend to use the Least Significant Bit (LSB) method. By embedding redundant information, the watermark can resist cropping attacks. For the stretch goal, we intend to use a more robust model based on machine learning to resist most modifications. For example, StegaStamp can retrieve the embedded information from an image that is printed out and rescanned. To destroy the watermark, the attacker has to modify the image thoroughly, creating identifiable artifacts. More discussion about the steganography algorithms can be found here.
- Can attackers forge my watermark or photoshop the image without being noticed?
No, as long as the attacker doesn't know your account password, s/he cannot steal your identity. The checksum guarantees that the image cannot be modified without being noticed.
- Is the digital watermark still secure as everyone can use the app to extract the fingerprint?
Yes. Compared to traditional watermarks, hidden watermarks increase the barrier for various attacks. More importantly, the system does not count on steganography for security; rather, it relies on cryptography techniques, such as encryption, randomness, and secure hashing.
- Will my private data be uploaded to the server?
We attach great importance to your privacy and hence our backend only asks for minimal information. Your account password will be salted and hashed before being transmitted to the server. Your IP address is not recorded. The base image for digital watermarking also stays locally - only a secure hash is uploaded. The message part is a bit tricky. Since the image can only hold limited information, we have to store your watermark message on the Cloud. In our stretch goals, we intend to solve this privacy issue by encrypting all the information with a random key, which is generated locally and embedded in the image together with the tag. As the image is not uploaded, the server cannot decrypt the message.
- If I embed the same message twice with the same passcode, will the attacker know they are the same without knowing the passcode?
No, random bits will be padded before encryption to prevent this problem.
- Will the image checksum reveal any information about the image I'm using?
No, we will use SHA256 as the hashing function to generate a 64-bit checksum for the whole image, so you don't need to worry about the vulnerability of ECB mode. Also, the checksum is calculated for the image with the watermark, and we will ensure that there is some randomness in the embedding process. Therefore, the attacker cannot use the checksum to verify if you are using a certain base image.
- Can attackers guess the tag of mine without access to the picture?
Theoretically yes, but practically NO. Each tag is a 56-bit long random number. Even if the app has a million users, only 1/70000000000 of the tags are valid.
- Can attackers determine the timestamp of my watermark by comparing tags?
No, because tags are not generated in increasing/decreasing order.
- Can I authorize another user to reproduce the image?
Yes, you may customize an authorization message.
- Can I choose not to reveal my username in the watermark?
Yes, you may choose to keep your username and the timestamp information private when generating the watermark. You can later publish them when there is a copyright conflict.
- Can I use different usernames for different images?
Yes, you may register multiple accounts to achieve this purpose.
- Can I use the app as a standard steganography tool?
Yes, you can choose not to reveal the username/timestamp and set a secure passcode for the message you intend to hide. Then, the app is effectively a standard steganography tool.
- Do I need a phone number or email address for login?
No, but there will be a captcha to prevent spam user registration and brute-force attacks.
Alphabetized by last name. Each team member has made significant contribution to this project.