{"title":"浅谈SARI图像认证系统的安全性","authors":"R. Radhakrishnan, N. Memon","doi":"10.1109/ICIP.2001.958287","DOIUrl":null,"url":null,"abstract":"We investigate the image authentication system, SARI, proposed by C.Y. Lin and S.F. Chang (see SPIE Storage and Retrieval of Image/Video Databases, 1998), that distinguishes JPEG compression from malicious manipulations. In particular, we look at the image digest component of this system. We show that if multiple images have been authenticated with the same secret key and the digests of these images are known to an attacker, Oscar, then he can cause arbitrary images to be authenticated with this same but unknown key. We show that the number of such images needed by Oscar to launch a successful attack is quite small, making the attack very practical. We then suggest possible solutions to enhance the security of this authentication system.","PeriodicalId":291827,"journal":{"name":"Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205)","volume":"28 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"On the security of the SARI image authentication system\",\"authors\":\"R. Radhakrishnan, N. Memon\",\"doi\":\"10.1109/ICIP.2001.958287\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We investigate the image authentication system, SARI, proposed by C.Y. Lin and S.F. Chang (see SPIE Storage and Retrieval of Image/Video Databases, 1998), that distinguishes JPEG compression from malicious manipulations. In particular, we look at the image digest component of this system. We show that if multiple images have been authenticated with the same secret key and the digests of these images are known to an attacker, Oscar, then he can cause arbitrary images to be authenticated with this same but unknown key. We show that the number of such images needed by Oscar to launch a successful attack is quite small, making the attack very practical. We then suggest possible solutions to enhance the security of this authentication system.\",\"PeriodicalId\":291827,\"journal\":{\"name\":\"Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205)\",\"volume\":\"28 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2001-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIP.2001.958287\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIP.2001.958287","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
On the security of the SARI image authentication system
We investigate the image authentication system, SARI, proposed by C.Y. Lin and S.F. Chang (see SPIE Storage and Retrieval of Image/Video Databases, 1998), that distinguishes JPEG compression from malicious manipulations. In particular, we look at the image digest component of this system. We show that if multiple images have been authenticated with the same secret key and the digests of these images are known to an attacker, Oscar, then he can cause arbitrary images to be authenticated with this same but unknown key. We show that the number of such images needed by Oscar to launch a successful attack is quite small, making the attack very practical. We then suggest possible solutions to enhance the security of this authentication system.