Iee proceedings-vision image and signal processing vol:149 issue:2 pages:57-62
The authors describe some weaknesses of public-key blockwise fragile authentication watermarkings and the means to make them secure. Wong's original algorithm as well as a number of its variant techniques are not secure against a mere block cut-and-paste or the well known birthday attack. To make them secure, some schemes have been proposed to make the signature of each block depend on the contents of its neighbouring blocks. The authors attempt to maximise the change localisation resolution using only one dependency per block with a scheme they call hash block chaining version 1 (HBC1). They then show that HBC1, as well as any neighbour content-dependent scheme, are susceptible to another forgery technique that they have named a transplantation attack. They also show a new kind of birthday attack that can be effectively mounted against HBC1. To thwart these attacks, they propose using a nondeterministic digital signature together with a signature-dependent scheme (HBC2). Finally, they discuss the advantages of using discrete logarithm signatures instead of RSA for watermarking.