Watermarking Security Part One: Theory Fran¸ cois Cayre a , Caroline Fontaine b , and Teddy Furon a * a INRIA, TEMICS project, Rennes, France b CNRS, LIFL, Universit´ e des sciences et des technologies de Lille, France ABSTRACT This article proposes a theory of watermarking security based on a cryptanalysis point of view. The main idea is that information about the secret key leaks from the observations, for instance watermarked pieces of content, available to the opponent. Tools from information theory (Shannon’s mutual information and Fisher’s information matrix) can measure this leakage of information. The security level is then defined as the number of observations the attacker needs to successfully estimate the secret key. This theory is applied to common watermarking methods: the substitutive scheme and spread spectrum based techniques. Their security levels are calculated against three kinds of attack. Keywords: W atermarking, Security, Equivocation, Fisher information matrix. 1. INTRODUCTION Digital watermarking studies have always been driven by the improvement of robustness. Most of articles of this field deal with this criterion, presenting more and more impressive experimental assessments. Some key events in this quest are the use of spread spectrum [1], the invention of resynchronization schemes [2], the discovery of side information channel [3,4], and the formulation of the opponent actions as a game [5]. On the contrary, security received little attention in the watermarking community. The first difficulty is that security and robustness are neighboring concepts, which are hardly perceived as different. The intentionality behind the attack is not enough to make a clear cut between these two concepts. An image compression is clearly an attack related to robustness, but it might happen intentionally, i.e. with the purpose of removing the watermark, or not. Robust watermarking is defined in [6] as a communication channel multiplexed into original content in a non-perceptible way, and whose “capacity degrades as a smooth function of the degradation of the marked content ”. We add that the degradation is due to a classical content processing (compression, low-pass filtering, noise addition, geometric attack . . . ). The attacker has three known strategies to defeat watermark robustness: to remove enough watermark signal energy, to jam the hidden communication channel, or to desynchronize the watermarked content. T. Kalker then defines watermarking security as “the inability by unauthorized users to access [i.e. to remove, to read, or to write the hidden message] the communication channel ” established by a robust watermarking. Security deals with intentional attacks whose aims are not only the removal of the watermark signal, excluding those already encompassed in the robustness category since the watermarking technique is assumed to be robust. Some seminal works have already warned the watermarking community that digital watermarking may not be a secure primitive (i.e., a tool providing information security) despite its robustness. However, they only deal with dedicated attacks relevant to particular applications. The deadlock attack concerns copyright protection and illustrates the impossibility to prevent somebody to watermark content with his own technique and key (by embedding a watermark signal or by creating a fake original) [7]. This ruins the identification of the owner because two watermarking channels interfere in the same piece of content. Multiple problems in the field of copyright protection and authentication stems from the copy attack, where the attacker first copies a watermark and then pastes it in a different piece of content [8]. We do not include these two last attacks in our study because they pertain to the protocol layer, in the sense that it questions the link between the presence (or absence) of watermark and the signification at the application * Author names appear in alphabetical order. Contact Information: teddy.furon@irisa.fr The work described in this paper has been supported in part by the French Government through the ACI Fabriano, and by the European Commission through the IST Programme under Contract IST-2002-507932 ECRYPT.