基于数字指纹和数字水印的重要信息保护技术研究-智能与分布计算实验室

基于数字指纹和数字水印的重要信息保护技术研究

姓名	朱大立
论文答辩日期	2007.11.08
论文提交日期	2007.11.08
论文级别	博士
中文题名	基于数字指纹和数字水印的重要信息保护技术研究
英文题名	Research on Key Technologies of Digital Fingerprint and Digital Watermark
导师1	卢正鼎
导师2	陈晓苏
中文关键词	重要信息保护;数字水印;数字指纹;指纹算法;非对称指纹协议;电子政务;信息可控性;数字水印基础设施
英文关键词	Protection of important information;Digital watermarking;Digital fingerprint;Fingerprint coding and detect algorithm;Asymmetrical digital fingerprint protocol;E_goverment;Controllability of information;Digital watermarking infrastructure
中文文摘	数字水印是传统密码学范畴之外具有广阔应用前途的一种信息安全技术。数字水印技术结合传统的密码学技术可以增强信息的可控性，从而完善信息的安全性。要实现这一目标，数字指纹编码及检测算法、非对称数字指纹协议、面向重要信息保护的数字水印基础设施以及基于数字水印的电子文档标识等技术均是关键，围绕此方面展开研究具有十分重要的理论意义和实用价值。讨论了密码学、数字水印以及数字指纹的相关理论与技术基础，分析了数字水印和密码学可以互为补充、完善信息安全性的相互关系，对数字水印与数字指纹的概念进行了全面辨析。基于嵌入假设，以随机序列作为用户的编码指纹，利用合谋指纹与用户指纹之间的相关性来判断用户参与合谋的可能性，并以汉明距离作为检测判断的量化指标，提出了一种简洁高效的合谋容忍数字指纹编码和检测算法CDRC（Coding and Detection algorithm based on Random Code）。给出了算法的描述和实现步骤，推导了错误概率、指纹编码长度以及合谋容忍强度之间的关系，分析了算法的效率和安全性，并给出了与同类算法的比较。分析了几种著名的数字水印协议，指出了它们的缺陷。在此基础上，参考现实生活中的商品交易模式和指纹应用模式并结合PKI-CA（Public Key Infrastructure and Certification Authority）技术，提出了一种基于PKI-CA系统的实用数字水印协议PDWP（Practical Digital Watermarking Protocol）。PDWP协议与PKI-CA系统无缝集成，同时使数字指纹证书对用户保密，实现了指纹协议的非对称性。提出了数字水印基础设施DWI（Digital Watermarking Infrastructure）的概念。DWI的基本功能在于以数字指纹证书的形式给网络系统中的用户添加数字指纹的属性，用于用户行为的标记。给出了DWI及其组成功能实体的定义，描述了DWI的体系结构和各个功能实体之间协作的通用业务。采用层次划分的技术设计了一个具有普适特征的水印技术应用框架，适用于实现电子标识，同时也适用于在信息系统中应用数字水印技术实现其他应用。框架分为驱动层、适配层和应用层。在此基础上提出了一个基于分层水印技术应用框架的涉密网络中电子文档密级标识方案，实现了数字水印作为密级标识的嵌入和检测。分析了涉密网络中重要电子文档保护的系统需求，在DWI、数字指纹编解码算法、非对称数字指纹协议以及基于数字水印的电子文档电子标识方案的基础上，构建了一个适用于中小规模涉密网络的涉密电子文档保护系统原型。描述了原型系统中重要电子文档的处理流程，分析了原型系统的功能和安全性。通过对基于数字指纹和数字水印的重要信息保护技术研究，取得了若干具有理论价值和实用价值的研究成果，为进一步开展实用系统的研究奠定了理论和方法基础。
英文文摘	Digital watermarking is a well-developing information security technique, which can be combined with traditional cryptology to enhance controllability and security of information. To achieve the requirement, it is important and practical to research in the following fields, such as digital fingerprint coding and detects algorithm; asymmetrical digital fingerprint protocol; digital watermarking infrastructure for key information protection; identify e-documents based on watermarking technique. Theory and technique base of Cryptology, digital watermark and digital fingerprint are discussed. The point of cryptology and digital watermark can be combined to enhance security of information is proposed. The relationship between digital fingerprint and digital watermark is analyzed and the concepts of them are differentiated. CDRC（Coding and Detection algorithm based on Random Code）which is an effective and elegant anti collusion fingerprint coding and detecting algorithm is proposed. CDRC, based on embed assumption, utilizes random codes to form digital fingerprints, evaluated the correlation between user fingerprint and collusion fingerprint by hamming distance. The algorithm is described and analyzed deeply, including implementation, safety, efficiency and fault probability. Also CDRC is compared with other algorithms of the same kind. Several well-known digital watermark protocols are studied. Considering the model of community exchange and fingerprint application, PDWP（Practical Digital Watermarking Protocol） is proposed. It is seamlessly integrated with PKI-CA system by adding watermarking functions to CA of PKI-CA system to form W&CA. PDWP also provided digital fingerprint certificate which is confidential to users to fulfill asymmetric attribute of digital fingerprint protocol. With reference to PKI-CA, the concept of DWI（Digital Watermarking Infrastructure）is formed. DWI marked network user activities by adding fingerprint attribute, in the form of generating digital fingerprint certificates. The structure and entities of DWI are defined; relevant general tasks between these entities are described; then DWI is compared and analyzed with PKI and IMPRIMATUR. A generally suitable framework for watermarking application is proposed base on hierarchy. It is not only suitable for identity e-documents but also suitable for other kinds of digital watermarking application. It was composed by three layers: driver layer, adapter layer and application layer. Then based on the techniques of layered watermarking, a scheme of identity e-documents is proposed based on digital watermarking technique. Also, the identity formats of confidential e-documents and the way to use it are discussed. A prototype for protection of e-documents of a mini or medium sized classified net system is actualized in view of the systematical requirement, DWI, digital fingerprint codec algorithm, asymmetrical fingerprint protocol and e-documents identification solution. Come with PKI and PMI, this prototype showed the process of dealing with important e-document, meanwhile the function and security of the prototype are analyzed. According to the research related to digital fingerprint and watermark, progress in both theoretical and practical ways are made and formed fundamental achievement for further development in application research.