| Sensitivity analysis attacks aim at estimating a watermark from multiple observations of the watermark detector's output. Subsequently, the attacker removes the estimated watermark from the watermarked signal. Despite their popularity, spread spectrum schemes are vulnerable against sensitivity analysis attacks on standard deterministic watermark detectors including not only the simple correlation detector, but also a wide class of detectors. Therefore there is a vital need for more secure detection methods.;This thesis explores the fundamental tradeoffs between reliability and security of the watermark detector. A first attempt to improve security is to use a randomized watermark detector. While randomization sacrifices some detection performance, it might indeed be expected to improve detector security to some extent. In the second chapter of this thesis, we present a framework to design randomized detectors with exponentially large randomization space and controllable loss in detection reliability. However, the actual security benefits in terms of resistance against sensitivity analysis attacks remain unknown.;In the third chapter of this thesis, we devise a general procedure to attack randomized detectors by reducing them into equivalent deterministic detectors. Consequently, we show that randomized detectors are not as secure against sensitivity analysis attacks as might have been expected. Instead, they inherit the weaknesses of their equivalent deterministic detectors.;This conclusion calls for a design framework for watermark detectors encompassing all the requirements on the detector. In order to build such framework, we model sensitivity analysis attacks as a general watermark estimation problem in which the adversary controls how informative the measurements will be about the watermark. We evaluate the fundamental performance limits for the attacker's watermark estimation problem. The inverse of the Fisher information matrix provides an algorithm-independent bound on the covariance matrix of the estimation error. A general strategy for the attacker is to select the distribution of auxiliary test signals that minimizes the trace of the inverse Fisher information matrix. The watermark detector must trade off two conflicting requirements: (1) reliability, and (2) security against sensitivity attacks. We explore this tradeoff and design the detection function that maximizes the trace of the attacker's inverse Fisher information matrix while simultaneously guaranteeing an exponential upper bound on the error probability. Game theory is the natural framework to study this problem, and considerable insights emerge from this analysis. Finally, throughout the thesis, we apply our analysis to image watermarking, for which "good" statistical models are available, and hence the practical value of our work can be illustrated. |
