Research On Privacy-Preserving Authentication Watermark In Information Sharing

Information sharing has greatly enriched peoples’ daily life.However,the information shared by users may contain their personal privacy and intellectual achievements.The great privacy disclosure and property infringement will occur when the information is unauthorized forwarded.In view of these problems caused by illegal distributions in information sharing,we propose several authenticable robust watermark schemes for shared images and shared models.When there exists illegal distributed suspicious information,the information owner can extract authentication watermarks from the suspicious carriers to identify illegal distributors’ identifications or verify the ownership of shared model and protect their intellectual property.The main research works are as follows.1.To achieve the goal of identifying unauthorized users in secure image sharing,we propose a privacy-preserving image authentication watermark scheme based on homomorphic encryption named PIAW-HE.The image is encrypted and uploaded to the cloud server for remote storage and image sharing.For preventing authorized users’ illegal distributions,PIAW-HE uses Paillier homomorphic cryptosystem to embed authentication information of authorized users into the encrypted image.The embedding operation of PIAW-HE scheme is carried out in the encrypted DCT domain,which can resist JPEG attack,noise attack and other forms of attacks without disclosing image privacy and achieve high robustness.2.Considering the real-time sharing of images and resource limitation of intelligent devices,a lightweight privacy-preserving image authentication watermark scheme is proposed which is named as LPIAW.Under the influence of homomorphic encryption,PIAW-HE scheme has high computational overhead,which makes the scheme lack of realtime performance.To improve computational efficiency,the additive secret sharing technology is used in LPIAW to divide the shared image into two equally important shares,which are embedded by two different cloud servers respectively.The embedded image with watermark can be obtained after simple calculation.Experimental results show that LPIAW greatly reduces the computational burden of the client and improves the embedding efficiency.In addition,compared to PIAW-HW,LPIAW balances the computational load between two cloud servers.3.Federated learning provides a privacy-preserving solution to the problem of privacy disclosure caused by centralized data collection in deep learning.However,illegal forwarding of federated learning shared models by selfish users will cause intellectual infringement of other users’ properties.The concept of federated learning watermark(FLWM)is proposed to solve this problem for protecting users’ intellectual properties.Based on the feature of deep learning backdoor for keeping the accuracy of main tasks unchanged and only producing misclassification in a small number of trigger set samples,FLWM achieves the goal of integrating each participant’s private backdoor to the global model through the aggregation stage without affecting the accuracy of the global model.Since each user’s private watermark is unknown to the others,their watermarks may combat with each other in the global model.So a stepwise training method is designed to alleviate this possible conflict.The independent selection,local storage and private training of watermarks provide a privacy-preserving environment of watermark embedding.The security of the scheme is proved by theoretical analysis,and the scheme can effectively accommodate all the private watermarks of participating users with only a small loss of accuracy.Meanwhile,model compression attack and model fine-tuning attack are used to test FLWM.The results show that more than 80% of the watermarks can be retained when the model is compressed to 30%,and more than 90% of the watermarks can be retained under fine-tuning attacks,indicating the robustness of FLWM scheme under these attacks.