VHFWLRQZHZLOOSURSRVHDQHZDQGVSHFL¿FDQDO\- sis (see the third section) to make a comparison in terms of robustness between SS and STDM watermarking schemes against collusion attack, in particular when the TFA and its motion com- pensated version MC-TFA is applied to a video sequence. Two are the typologies of watermarking techniques that have been mainly investigated vs. WKHFROOXVLRQDWWDFN¿UVWLWKDVEHHQ66&R[ Kilian, Leighton, & Shamoon, 1997) and second, the STDM (Chen & Wornell, 2001); here we will study which are the Achilles’ heels for both the types of watermarking methods (e.g., repeating the same watermark in all the video frames) and we will provide some solutions.
WHAT IS THE COLLUSION
ATTACK?
The collusion attack is an action carried out by a given set of malicious users in possession of a copy of protected content that join together in order to obtain at the end of the attack procedure an unprotected asset. The attack is carried out by properly combining the protected copies of the multimedia documents collected by the colluders, according to the type of content and the kind of adopted protection system.
When the protection is assured by a data hiding algorithm, the collusion usually can take place in one of two different application frameworks: mul- WLPHGLD¿QJHUSULQWLQJDQGRZQHUVKLSYHUL¿FDWLRQ ,Q PXOWLPHGLD ¿QJHUSULQWLQJ D FRQWHQW RZQHU to protect his/her copyright, embeds a different code into each copy of the content distributed to each customer, in order to be able to trace pos- sible illegal usage of data and discover the source of the leakage of information; in this case, then, each colluder possesses a slightly different copy of the same multimedia content, and the attack consists in averaging all documents they have, trying to produce a new document in which the watermark is no longer present; if the number of averaged documents is large enough, the attack is very effective even without the introduction of SHUFHSWXDOO\VLJQL¿FDQWGHJUDGDWLRQEHWZHHQWKH averaged multimedia document and the original RQH,QRZQHUVKLSYHUL¿FDWLRQDFRQWHQWRZQHU to demonstrate he/she is the authorised holder of the distributed content, embeds always the same code, linked to his/her identity, into different wa- termarked documents before they are distributed to the customers, in such a way that the hidden code can be used to prove ownership in court if someone will infringe on his/her copyrights; in this case, then, each colluder possesses different multimedia documents, with the same hidden code embedded in, so that the attack is carried out by estimating the watermark by means of an average of all the different contents they have (this
approach is suitable only for data hiding systems in which the hidden watermark does not depend on the host data). Then the estimated watermark can be removed from all the documents hiding it, or even falsely inserted in other ones to generate fake watermarked documents.
In the beginning, research against the collu- sion attack concerned mainly applications where the multimedia documents were constituted by digital images; in such a case, a possible colluder is obliged to team together with other attackers RUDWOHDVWWRVXFFHHGLQFROOHFWLQJDVXI¿FLHQW number of assets to successfully achieve his/her attack. Later, this attack was extended to other kinds of multimedia content like video sequences: in this particular case, the possibility of success of a collusion attack increases, since a video sequence, by one’s very nature, is nothing else than a collection of single still images. A single malicious customer in possession of one of few
watermarked video sequences can then combine the single frames composing the video to realize a collusion attack, in order to obtain a set of un- watermarked frames, or to extract the embedded code. In particular, in the case of video content, two kinds of collusion attack can be attempted. 7KH¿UVWXVXDOO\QDPHGinter-video collusion, is the classical attack carried out by resorting to a certain number of different watermarked video sequences, and then requires the cooperation among several malicious users. In Figures 2 and 3 two possible situations are illustrated: in the ¿UVWRQHFROOXGHUVWU\WRHUDVHWKHZDWHUPDUNVWKDW are embedded in the diverse copies of the same video they own, on the contrary, in the second one, the colluders try to estimate the watermark which is contained in the movies they can share and then subtract it by their watermarked contents to obtain watermark-free copies. The acronyms TFA and WER which appear in Figure 2 and
Figure 2. TFA attack applied in inter-video collusion: colluders group together owing the same video with different watermarks and apply a TFA collusion attack to obtain an unwatermarked video
Figure 3 state for temporal frame averaging and watermark estimation remodulation, such collu- sion attacks will be debated in depth in the next subsection.
The second and more interesting collusion attack, video watermarking can suffer, usually called intra-video collusion, refers to the attack performed only by using the frames composing a single video sequence; in this circumstance there is no need for more than one pirate, as the col- luder has access to several watermarked frames composing the video sequence; if the length of the YLGHRLVVXI¿FLHQWWRFROOHFWDVLJQL¿FDQWQXPEHU of watermarked frames, the colluder can attempt the attack by himself/herself.
In the sequel, we will focus exclusively on this kind of attack procedure: intra-video collusion.