浅谈SARI图像认证系统的安全性

R. Radhakrishnan, N. Memon
{"title":"浅谈SARI图像认证系统的安全性","authors":"R. Radhakrishnan, N. Memon","doi":"10.1109/ICIP.2001.958287","DOIUrl":null,"url":null,"abstract":"We investigate the image authentication system, SARI, proposed by C.Y. Lin and S.F. Chang (see SPIE Storage and Retrieval of Image/Video Databases, 1998), that distinguishes JPEG compression from malicious manipulations. In particular, we look at the image digest component of this system. We show that if multiple images have been authenticated with the same secret key and the digests of these images are known to an attacker, Oscar, then he can cause arbitrary images to be authenticated with this same but unknown key. We show that the number of such images needed by Oscar to launch a successful attack is quite small, making the attack very practical. We then suggest possible solutions to enhance the security of this authentication system.","PeriodicalId":291827,"journal":{"name":"Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205)","volume":"28 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"On the security of the SARI image authentication system\",\"authors\":\"R. Radhakrishnan, N. Memon\",\"doi\":\"10.1109/ICIP.2001.958287\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We investigate the image authentication system, SARI, proposed by C.Y. Lin and S.F. Chang (see SPIE Storage and Retrieval of Image/Video Databases, 1998), that distinguishes JPEG compression from malicious manipulations. In particular, we look at the image digest component of this system. We show that if multiple images have been authenticated with the same secret key and the digests of these images are known to an attacker, Oscar, then he can cause arbitrary images to be authenticated with this same but unknown key. We show that the number of such images needed by Oscar to launch a successful attack is quite small, making the attack very practical. We then suggest possible solutions to enhance the security of this authentication system.\",\"PeriodicalId\":291827,\"journal\":{\"name\":\"Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205)\",\"volume\":\"28 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2001-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIP.2001.958287\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIP.2001.958287","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 24

摘要

我们研究了图像认证系统,SARI,由林长英和张少峰提出(参见SPIE图像/视频数据库存储和检索,1998),它将JPEG压缩与恶意操作区分开来。特别地,我们看一下这个系统的图像摘要组件。我们展示了,如果多个图像已经使用相同的密钥进行了身份验证,并且攻击者Oscar知道这些图像的摘要,那么他可以使用相同但未知的密钥对任意图像进行身份验证。我们表明,Oscar成功发起攻击所需的此类图像数量非常少,这使得攻击非常实用。然后,我们提出了可能的解决方案来增强该身份验证系统的安全性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
On the security of the SARI image authentication system
We investigate the image authentication system, SARI, proposed by C.Y. Lin and S.F. Chang (see SPIE Storage and Retrieval of Image/Video Databases, 1998), that distinguishes JPEG compression from malicious manipulations. In particular, we look at the image digest component of this system. We show that if multiple images have been authenticated with the same secret key and the digests of these images are known to an attacker, Oscar, then he can cause arbitrary images to be authenticated with this same but unknown key. We show that the number of such images needed by Oscar to launch a successful attack is quite small, making the attack very practical. We then suggest possible solutions to enhance the security of this authentication system.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信