Min Wu, Wade Trappe, Z. Jane Wang, and K.J. Ray Liusig.umd.edu/publications/wu_fingerprinting_200403.pdfwatermark can survive moderate geometric distortions, such as rotation, scale,

nsuring that digitalcontent is used for itsintended purpose after ithas been delivered to cus-

tomers often requires the ability totrack and identify entities involved inunauthorized redistribution of multimediacontent. Digital fingerprinting is a technolo-gy for enforcing digital rights policies wherebyunique labels, known as digital fingerprints, areinserted into content prior to distribution. As illus-trated in Figure 1, unique fingerprints are assignedto each intended recipient. These fingerprints canfacilitate the tracing of the culprits who use their con-tent for unintended purposes. To protect the content,it is necessary that the fingerprints are difficult toremove from the content. For multimedia content,fingerprints can be embedded using conventionalwatermarking techniques that are typically concernedwith robustness against a variety of attacks mountedby an individual.

Guaranteeing the appro-priate use of multimedia con-

tent, however, is no longer atraditional security issue with a sin-

gle adversary. The global nature ofthe Internet has brought adversaries

closer to each other. It is now easy for agroup of users with differently marked ver-

sions of the same content to work togetherand collectively mount attacks against the fin-

gerprints. These attacks, known as multiuser col-lusion attacks, provide a cost-effective method for

attenuating each of the colluders’ fingerprints. Animproperly designed embedding and identificationscheme may be vulnerable in the sense that a smallcoalition of colluders can successfully produce a newversion of the content with no detectable traces.Thus, collusion poses a real threat to protectingmedia data and enforcing usage policies. It is desir-able, therefore, to design fingerprints that resist col-lusion and identify the colluders.

Min Wu, Wade Trappe, Z. Jane Wang, and K.J. Ray Liu

E

A broad overview of the recent advancesin multimedia fingerprinting for tracing and identifying colluders.

LOG

O C

OM

PO

SIT

E:©

1995

PH

OTO

DIS

C, I

NC

., ©

DIG

TIA

L S

TOC

K, ©

CO

RE

L

IEEE SIGNAL PROCESSING MAGAZINEMARCH 2004 151053-5888/04/$20.00©2004IEEE

IEEE SIGNAL PROCESSING MAGAZINE16 MARCH 2004

In this ar ticle, we review some major designmethodologies for collusion-resistant fingerprinting ofmultimedia and highlight common and unique issuesof different fingerprinting techniques. The goal is toprovide a broad overview of the recent advances in fin-gerprinting for tracing and identifying colluders. Thearticle is organized as the follows: we first providebackground on robust data embedding, upon whichthe multimedia fingerprinting system is built. We alsointroduce the basic concepts of fingerprinting and col-lusion and provide a discussion on the various goalsassociated with fingerprint design and colluder tracing.Detailed discussions are then provided on two majorclasses of fingerprinting strategies, namely, orthogonalfingerprinting and correlated fingerprinting, where thelatter involves the design of suitable codes that areemployed with code modulation to create the finger-prints. Finally, we offer a unified view that coversorthogonal fingerprints, coded fingerprints, and othercorrelated fingerprints and conclude the article byhighlighting some areas for further investigation.

Robust Data EmbeddingFingerprinting multimedia requires the use of robustdata embedding methods that are capable of withstand-ing attacks that adversaries might employ to removethe fingerprint. Collusion-resistant fingerprinting alsorequires that the fingerprints survive collusion attacksand can identify colluders. Although there are manytechniques that have been proposed for embedding

information in multimedia signals [1], in the sequel wewill use the spread-spectrum additive embedding tech-nique for illustrating the embedding of fingerprint sig-nals into multimedia. Spread-spectrum embedding hasproven robust against a number of signal processingoperations (such as lossy compression and filtering) andattacks [2], [3]. With appropriately chosen features andadditional alignment procedures, the spread-spectrumwatermark can survive moderate geometric distortions,such as rotation, scale, shift, and cropping [4], [5].Further, information theoretic studies suggest that it isnearly capacity optimal when the original host signal isavailable in detection [6], [7]. The combination ofrobustness and capacity makes spread-spectrum embed-ding a promising technique for protecting multimedia.In addition, as we shall see in this article, its capabilityof putting multiple marks in overlapped regions alsolimits the effective strategies mountable by colluders infingerprinting applications.

Spread-spectrum embedding borrows ideas fromspread-spectrum modulation [8]. The basic process ofspread-spectrum embedding consists of four steps. Thefirst step is to identify and compute features that willcarry watermark signals. Depending on the applicationand design requirements, the features can be signalsamples, transform coefficients (such as discrete cosinetransform (DCT) and discrete Fourier transform(DFT) coefficients) or other functions of the mediacontent. Next, we generate a watermark signal andtune its strength to ensure imperceptibility. Typically,

� 1. Using embedded fingerprinting for tracing users.

EmbeddedFingerprinting

MultiuserAttacks

TraitorTracing

Customer'sID: Alice

101101 ...

MultimediaDocument

DigitalFingerprint

EmbedDistributeto Alice

Alice

Bob

Fingerprinted Docfor Different Users

Collusion Attack(to Remove Fingerprints)

Colluded Copy

UnauthorizedRedistribution

SuspiciousCopy

ExtractFingerprints 101110 ...

Codebook

IdentifyTraitors

Alice,Bob,...

Fingerprinted Copy

IEEE SIGNAL PROCESSING MAGAZINEMARCH 2004 17

we construct the watermark to cover a broad spectrumas well as a large region of the content, resulting in awatermark that resembles noise. A third step is to addthe watermark to the feature signal. Finally, we replacethe original feature signal with the watermarked versionand convert it back to the signal domain to obtain awatermarked signal. The detection process for spread-spectrum watermarks begins with extracting featuresfrom a media signal in question. Then the similaritybetween the features and a watermark is examined todetermine the existence or absence of the watermark inthe media signal. Typically, a correlation similaritymeasure is used, often in conjunction with preprocess-ing (such as whitening) and normalization [1].

A straightforward way of applying spread-spectrumwatermarking to fingerprinting is to use mutuallyorthogonal watermarks as fingerprints to identify each[11], [12]. (The orthogonality may be approximatedby using random number generators to produce inde-pendent watermark signals for different users.) Theorthogonality allows for distinguishing the fingerprintsto the maximum extent. The simplicity of encodingand embedding orthogonal fingerprints makes themattractive to identification applications that involve asmall group of users. A second option for using spread-spectrum watermarking is to employ code modulation.Code modulation allows fingerprint designers to designmore fingerprints for a given fingerprint dimensionalityby constructing each user’s fingerprint signal as a linearcombination of orthogonal noiselike basis signals.

In the following sections we shall examine the effectof collusion on multimedia fingerprints constructedusing orthogonal modulation and code modulation.During a collusion attack, a group of colluders, whohave differently fingerprinted versions of the same con-tent, examine their different copies in hopes of creatinga new signal that will no longer be tied to any of thecolluders. There are several types of collusion attacks.One method is simply to synchronize the fingerprintedcopies and average them, which is an example of a lin-ear collusion attack. Another collusion attack, referredto as the copy-and-paste attack, involves users cuttingout portions of each of their media signals and pastingthem together to form a new signal. Other attacks mayemploy nonlinear operations, such as taking the maxi-mum or median of the values of corresponding compo-nents of individual copies. We will present a detaileddiscussion on linear and nonlinear collusion for orthog-onal fingerprints since analytic study is more feasible,though the same type of analysis can be applied tocoded and other correlated fingerprints.

It is worth mentioning that another class of collu-sion attack, which is sometimes referred to as intracon-tent collusion, may be mounted against fingerprints bya single user by replacing each segment of the contentsignal with another, seemingly similar segment fromdifferent spatial or temporal regions of the content. Asan example, an adversary may produce an attacked sig-

nal by integrating information from consecutive framesto remove watermarks from a video sequence [13].Such intracontent collusion should be taken intoaccount in designing robust embedding. We will notelaborate this issue in the current article. Interestedreaders may refer to [13]–[15] for detailed discussions.

Regardless of how multiuser collusion is carried out,the overall objective of the digital rights enforcer issimple: capture the adversaries and stop the prolifera-tion of fraudulent content. Different concerns ariseunder different situations, however, and the finger-printing system must be designed according to appro-priate performance criteria. Possible goals for designingthe fingerprints are the following.� Catch one: In this design scenario, the goal is todesign the fingerprints to maximize the chance of catch-ing at least one colluder, while seeking to minimize thelikelihood of falsely accusing an innocent user. For thisdesired goal, the set of performance criteria consists ofthe probability of a false positive and the probability of afalse negative. From the detector’s point of view, adetection approach fails when either the detector fails toidentify any of the colluders (a false negative) or thedetector falsely indicates that an innocent user is a col-luder (a false positive). This criteria is particularly rele-vant when providing evidence in a court of law.� Catch many: The goal in this design scenario is tocapture as many colluders as possible, though possiblyat a cost of accusing more innocent users. For thisdesired goal, the set of performance criteria consists ofthe expected fraction of colluders that are successfullycaptured and the expected fraction of innocent usersthat are falsely placed under suspicion.� Catch all: In this design scenario, the fingerprintsare designed to maximize the probability of capturingall colluders, while maintaining an acceptable amountof innocents being falsely accused. This arises whenthe trustworthiness of the information recipients is ofsuch great concern that all users involved in the infor-mation leak need to be identified. This set of perform-ance criteria consists of measuring the probability ofcapturing all colluders and an efficiency rate, whichdescribes the expected amount of falsely accused inno-cents per colluder.

When designing collusion-resistant fingerprints, thedesigner of a fingerprinting system should considerhow fingerprint detection will take place, the appropri-ate strength for the fingerprint, and the computationalef ficiency of the colluder detection scheme.Additionally, the designer should consider whether ornot the original content is available during the detec-tion phase of the fingerprinting application. We willrefer to nonblind detection as the process of detectingthe embedded watermarks with the assistance of theoriginal content and blind detection as the process ofdetecting the embedded watermarks without theknowledge of the original content. Nonblind finger-print detection requires a method for recognizing the


content from a database, which can often require con-siderable storage resources. Blind detection allows fordistributed detection scenarios or the use of Webcrawling programs since it does not require vast stor-age resources or have large computational costs associ-ated with content registration.

Orthogonal/IndependentFingerprinting and CollusionUsing orthogonal signals to represent different mes-sages, or orthogonal modulation [9], is a popular tech-nique for watermarking and naturally lends itself tofingerprinting applications. In this section, we firstreview linear and nonlinear collusion attacks onorthogonal fingerprints and then introduce severalcommonly used detection statistics in the literature foridentifying orthogonal fingerprints under collusion anddiscuss techniques for improving the computationalcomplexity of colluder identification.

Linear and Nonlinear Collusionon Independent FingerprintsLinear CollusionLinear collusion is one of the most feasible collusionattacks against multimedia fingerprinting. When userscome together with a total of K differently fingerprint-ed copies of the same multimedia content, these userscan simply linearly combine the K signals to produce acolluded version. Since normally no colluder is willingto take more of a risk than any other colluder, the fin-gerprinted signals are typically averaged with an equalweight for each user [10]–[12], [16], [17], as illustrat-ed in Figure 2. Averaging reduces the power of eachcontributing fingerprint. As the number of colludersincreases, the trace of each individual fingerprintbecomes weaker. In fact, the colluded signal can havebetter perceptual quality in that it can be more similarto the host signal than the fingerprinted signals are.

The collusion attack considered in [11] consists ofadding a small amount of noise to the average of K fin-gerprinted documents, where the original document isperturbed by the marking process to produce finger-printed documents with a bounded distortion from the

original document. It was shown that O(√

N / logN )

adversaries are sufficient to defeat the underlying water-marks, where N is the total length of the fingerprintsignal. Similar results were also presented in [12]. In[16], a more general linear attack than in [11] was con-sidered, where the colluders employ multiple-input/single-output linear shift-invariant (LSI) filteringplus additive Gaussian noise to thwart the orthogonalfingerprints. Under the assumption that all fingerprintsare independent and have identical statistical character-istics, it was shown that the optimal LSI attack involveseach user weighting their marked document equallyprior to the addition of additive noise.

When the fingerprint is spread throughout the entirehost signal by such techniques as spread-spectrumembedding and detected through some form of corre-lation, the cut-and-paste collusion attack has an effectthat is similar to averaging collusion. In both cases, theenergy of each contributing fingerprint is reduced by afactor corresponding to the amount of copies involvedin the collusion. A similar reduction phenomenon isobserved for the correlation statistics [24]. As an exam-ple, if Alice contributes half of her samples to a cut-and-paste collusion, the energy of Alice’s fingerprint inthe colluded copy is only half of her overall fingerprintenergy. As a result, the correlation of the colluded sig-nal with Alice’s fingerprint is roughly half the correla-tion of a noncolluded copy of Alice’s fingerprintedsignal with her fingerprint. Therefore, when consider-ing spread-spectrum embedding, we may consider cut-and-paste collusion as analogous to averaging collusion.

Nonlinear CollusionLinear collusion by averaging is a simple and effectiveway for a coalition of users to attenuate embeddedfingerprints. Averaging, however, is not the only formof collusion attack available to a coalition of adver-saries. In fact, for each component of the multimediasignal, the colluders can output any value between theminimum and maximum values that they haveobserved, and have high confidence that the spuriousvalue they get is within the range of just-noticeable-difference since each fingerprinted copy is expected to

have high perceptual quality.Therefore, we next examine fami-lies of nonlinear collusion attacks.

An important class of nonlinearcollusion attacks is based upon suchoperations as taking the maximum,minimum, and median of corre-sponding components of the K col-luders’ independent watermarkedcopies [10], [18]. For simplicity inanalysis, nonlinear attacks are typi-cally assumed to be performed inthe same domain of features as thefingerprint embedding. The just-noticeable difference (JND) from� 2. Model for collusion by averaging.

OriginalImage

AttackedImage

y

x

Adding FingerprintsCollusion

by Averaging

AdditionalAdditive Noise

1/Kz

s1

sn

sKyK

y1

yn

.........


human visual models [3] is used to control the energyof the embedded fingerprints so as to guarantee theirimperceptibility. As in [18], a set of typical nonlinearattacks are considered:� Minimum/maximum/median attack: Under thesethree attacks, the colluders create an attacked signal inwhich each component is the minimum, maximum, andmedian, respectively, of the corresponding components ofthe K watermarked signals associated with the colluders.� Minmax attack: Each component of the attacked signalis the average of the maximum and minimum of the cor-responding components of the K watermarked signals. � Modified negative attack: Each component of theattacked signal is the difference between the medianand the sum of the maximum and minimum of the cor-responding components of the K watermarked signals.� Randomized negative attack: Each component of theattacked signal takes the value of the maximum of thecorresponding components of the K watermarked sig-nals with probability p , and takes the minimum withprobability (1 − p).

The effectiveness of different attacks were studied in[18] based on two performance criteria: the probabilityof capturing at least one colluder (Pd ) and the proba-bility of falsely accusing at least one innocent user(Pf p ). Since the colluded fingerprint components underthe minimum, maximum, and randomized negativeattacks do not have zero mean, preprocessing wasapplied to remove the mean from the colluded copy. Itwas observed that the overall performance under themedian or minmax attacks is comparable to that of theaverage attack. Therefore, from the attacker’s point ofview, there is no gain in employing the median or min-max attack compared to the average attack. On theother hand, the effectiveness of collusion improvesunder the minimum, maximum, and modified negativeattacks. The randomized negative attack was shown tobe the most effective attack, but it also introduces larg-er, more perceivable distortion to the host signal thanother attacks. Colluders may also apply additional noiseafter the nonlinear combining, as studied in [18] and[19]. As the amount of distortion introduced by thenonlinear combining increases, the amount of addition-al noise that can be added while maintaining perceptualconstraints decreases.

Colluder Identification viaIndependent FingerprintsWhen collusion occurs, the content owner’s goal is toidentify the fingerprints associated with users who par-ticipated in generating the colluded content. As wementioned earlier, blind detection is attractive in multi-media fingerprinting systems employing distributedresources. Detection performance is often lower in theblind scenario than in the nonblind one, however, sincethe host signal serves as a noise source in the blinddetection. (Note that there are other types of water-marking schemes that do not suffer from interference

from unknown host signals [7], [20]. Their appropri-ateness for fingerprinting and anticollusion capabilitiesremain under investigation.) A forensic applicationemploying digital fingerprints should carefully considerthe tradeoff between detectability and resource usage.

The problem of detecting colluders can be posed ina hypotheses-testing framework [21] where fingerprintsare signals to be detected. For detecting a single finger-print, three detection statistics, referred to as TN-, Z-,and q-statistic, were proposed to measure the similaritybetween the colluded observation and the originalembedded fingerprint [10], [22], [24]. All three testsare correlation based, involving the correlation betweenthe multimedia test signal and the original fingerprints.Their difference lies in their normalization. A high cor-relation value implies a high likelihood that the corre-sponding user was involved in the act of colluding toform the test signal.

Efficient Detection of Independent FingerprintsOne potential problem with orthogonal modulation isthe computational complexity associated with estimat-ing which user’s watermark is present when the totalnumber of users is large [2], [23]. This is because theclassical method for detection employs a bank ofmatched filters that correlate the test signal againsteach fingerprint. The number of correlations is thusproportional to the number of users. For a large groupof users, this leads to significant detection complexityand bookkeeping resources.

To facilitate multimedia forensic systems employingdistributed resources, where the detectors are likely tohave limited computational capabilities, it is essential tocut down the amount of correlations used. To improvethe computational ef ficiency in detection for anorthogonal fingerprinting system, a recursive detectionstructure was explored in [24]. The underlying motiva-tion comes from the classical problem of finding aheavy coin among n coins, of which n − 1 are identical.One solution to this problem is to break the coins intotwo complementary sets of the same size and weighthese sets. Upon finding the heavier set of coins, theprocess repeats until ultimately the heavy coin is identi-fied. This idea was employed to identify a single collud-er. Denote by S = {w1, . . . , wv} the set of orthogonalfingerprints, and define the sum of A bySUM(A) = ∑

j∈ J wj , where J is an index set for A .The algorithm starts by breaking S into two comple-mentary subsets, S0 and S1, and correlates the test sig-nal with SUM(S0) and SUM(S1), respectively. Thecolluder’s fingerprint should belong to the subset yield-ing a larger correlation value. The algorithm then iter-ates by breaking that subset into smaller subsets, andcorrelating the test signal with the sum of the finger-prints from these smaller subsets. The idea can beextended to identify K colluders, where at each itera-tion the test signal is correlated against both SUM(S0)

and SUM(S1). If any correlation statistic is above a


threshold then we further decompose the correspon-ding set. The algorithm is described via a binary tree, asdepicted in Figure 3.

In the recursive detector, each internal node corre-sponds to two correlations. In the ideal scenario whereeach correlation truthfully reveals whether a colluder ispresent or not, the amount of correlations needed forthe K-colluder case can be shown to beO(K log(n/K )), where n is the total amount of usersto which content is being distributed. TheO(K log(n/K )) complexity is a significant computa-tional improvement over conventional matched filter-ing. While the ideal case of the recursive algorithm isclosely related to tree-based searching algorithms andgroup testing [25], [26], it should be noted that identi-fying colluders involves randomness, which raises issues

not present in tree-based searching. In particular, theintermediate decisions made at each node of the algo-rithm are not guaranteed to be truthful. This is partlydue to the decrease in the detection signal-to-noise ratiowhen correlating a test signal with the sum of a poten-tially large number of fingerprints. Preliminary analysishas been presented in [24], where it was found that atlow watermark-to-noise ratio (WNR) corresponding toblind detection scenarios, the bound on the amount ofcorrelations needed in the recursive detector is abovethe baseline amount of correlations needed for simplycorrelating with each of the fingerprint waveforms. Athigher WNR, which corresponds to nonblind detectionscenarios, however, the bound guarantees a reducednumber of correlations.

Detector-Oriented Model forIndependent FingerprintingA different perspective on collusionfor multimedia was presented in[27] involving devices for mediaplaying. There, the authors proposeda dual watermark/fingerprint systemthat allows the use of dif ferentwatermark signals in embedding andextraction. In their system, a water-mark conveying access and usagepolicies is embedded in the multime-dia content. Different users’ mediaplayers have different variations ofthe watermark (known as the water-mark detection keys) built in. Eachmedia player has a watermark detec-tor that correlates its detection keywith marked content in detection.Each detection key is the sum of ascaled version of the watermark asused by the embedder and a strong,independent Gaussian random vec-tor that serves as a digital finger-print. When an attacker breaks intoone device, obtains the detection keyinside, and subtracts the key fromthe watermarked content, not onlywill the watermark not be complete-ly removed from the attacked copybut also a fingerprint signal will beinserted in the attacked copy. Thisallows one to design a fingerprintdetector to examine the attacked sig-nal, correlate it with suspected fin-gerprints, and decide whether andwhich device is compromised. Ifattackers purchase multiple devices,break into them to get the associatedkeys, and average the attacked copiesto generate a colluded signal, theidentities of the devices involved can

� 3. Detection trees for identifying colluders using the recursive detector with orthogonalfingerprints. The fingerprints of colluders are indicated by green boxes Uj. “TN | U?”denotes the detection statistics from correlating the test image with the sum of the finger-prints U?. The true colluders are indicated by yellow boxes.

Lenna Fingerprinted with U1

Lenna Colluded with Fingerprints U1, U2, and U4

TN|U1 – 4 = 20.75 TN|U5 – 8 = –0.22

TN|U1.2 = 29.53 TN|U3.4 = –0.85

TN|U4 =42.72

TN|U2 =–0.59

U1 U3 U5U2 U4 U6 U7 U8

(a)

TN|U1 – 4 = 23.77 TN|U5 – 8 = –0.01

TN|U1.2 = 21.88 TN|U3.4 = 10.00

TN|U1 =15.18

TN|U2 =14.55

TN|U3 =–0.15

TN|U4 =14.09

U1 U3 U5U2 U4 U6 U7 U8

(b)


be identified. This receiver-end fingerprinting can bemodeled in a similar way to the traditional orthogonalfingerprinting. Interested readers may find quantitativeanalysis of the collusion resistance issues and discussionson related problems of segmentation and key compres-sion in [27].

Coded FingerprintingIn the previous section, we introduced a conceptuallysimple strategy for fingerprinting through orthogonalsignals. We saw that the complexity of detection can bea concern for orthogonal fingerprints. Another problemwith orthogonal fingerprinting arises when examiningthe energy reduction of the fingerprint signals duringcollusion. Under averaging collusion the reduction issignificant and on the same order as the number of col-luders. Further, the maximum number of users that canbe supported by an orthogonal fingerprinting system isequal to the dimension of the fingerprint. In many mul-timedia distribution applications this limits the amountof customers that content can be distributed to.

One approach to counteract the energy reductiondue to collusion is to introduce correlation betweenthe fingerprints. When colluders combine their finger-prints, positively correlated components of the finger-prints do not experience as significant an energyreduction. Further, by introducing correlation, one canintroduce dependence among the fingerprints and,thus, have more fingerprints than the dimensionality ofthe fingerprints. The challenge is to design these fin-gerprints so that they have good anticollusion proper-ties. One can construct these fingerprints by using codemodulation [8]. Then the task is to design the codes sothat the correlations are strategically introduced intothe different fingerprints to allow for accurate identifi-cation of the contributing fingerprints involved in acollusion attack. Typically, the codes are binary codes,though recent efforts have explored real-valued codeconstructions [28].

The Marking Assumption andCollusion-Secure FingerprintsAn early work on designing collusion-resistant binaryfingerprint codes was presented by Boneh and Shaw in1995 [29], which primarily considered the problem offingerprinting generic data that satisfy an underlyingprinciple referred to as the marking assumption. In thiswork, a fingerprint consists of a collection of marks,each of which is modeled as a position in a digitalobject and can take a finite number of states. A mark isconsidered detectable when a coalition of users doesnot have the same mark in that position, as illustratedin Figure 4. The marking assumption states that unde-tectable marks cannot be arbitrarily changed withoutrendering the object useless; however, it is consideredpossible for the colluding set to change a detectablemark to any state. Under this collusion framework,Boneh and Shaw used hierarchical design and random-

ization techniques to construct c-secure codes that areable to capture one colluder out of a coalition of up toc colluders with high probability.

The construction of c-secure code involves two mainstages: 1) the construction of a base code and 2) thecomposition of the base code with a outer code toimprove the efficiency when accommodating a largenumber of users.

In the first stage, we start with a primitive binarycode that consists of n possible codewords of lengthn − 1. For the mth codeword, the first (m − 1) bits are0 and the rest are 1. An example of the trivial codes forn = 4 users A, B, C, and D is shown in Figure 5 (StepI). If we assign this code to n users, we can see thateveryone except user A has a “0” as the first bit, andeveryone except the user D has “1” as the last bit. Now,suppose a fingerprint collusion occurs in which the firstm − 1 users are not involved but the m th user isinvolved. According to the marking assumption, byinspecting the primitive code, the colluders will not beable to detect the first m − 1 bits; hence, the first m − 1bits will remain “0” after collusion. The colluders willdetect the fact that the mth bit of their fingerprintsdon’t agree. Colluders may then alter this bit to whatev-er they choose—either a 0 or a 1. If the detectorobserves that the first m − 1 bits are 0 and the mth bitis a 1, then we can conclude that User m was involvedin the collusion. We sequentially check whether thisholds for m = 1, 2, . . . , n, and if m0 is the first value form passing this test, we know with high confidence thatuser m0 is involved in collusion.

We note that there is no guarantee that the colluderswill switch the bit to a “1,” which prompts the need ofsome method to encourage a “1” to show up during

� 4. Illustration of the marking assumption.

Data Fingerprint

0 001

0 101

0 011

UndetectableMarks

DetectableMarks


collusion. This is accomplished by repetition and per-mutation techniques. More specifically, for each bit ofthe primitive code, we form a block by replicating thatbit d times, arriving at a code of (n − 1) code blocksfor a total length of (n − 1)d . We denote this code as�0(n,d). Extending the above example, we have the�0(4, 3) code shown in Figure 5 (Step II), whered = 3. When fingerprinting digital data with a code-word, each bit is put in a location specified by a secretpermutation table that is known only to the fingerprintcreator and detector. Repetition and permutation helphide which position of the digital object encodes whichfingerprint bits. In the example in Figure 5 (Step II),the first six bits before permutation for A have the samevalue, as do C and D. Later, the bit permutation is per-formed as shown in Figure 5 (Step IV). When colludershaving A, C, and D, respectively, come together to col-lude, they observe six positions with different valuesamong the three of them. But since each of them hasthe same value at all six positions, they would not knowwhich three out of the six bits correspond to the firstthree bits before permutation and which to the secondthree bits. As a result, they cannot alter the underlying�0(4, 3) code at will. Based on the principle that everycolluder should contribute an equal share to the col-luded data, some of the six bits would be set to “1”and others to “0.” A detector starts from the first blockand examines each block in a block-by-block manner,

which is analogous to the bit-by-bit examination of theprimitive code discussed above. The number of “1”sper code block is used as an indicator of a user’sinvolvement in collusion.

In the second stage, we use the code obtained in thefirst stage as a building block and combine it with a sec-ond codebook. We construct a second codebook of Ncodewords over an alphabet of size n, where each code-word has length L . The N codewords are chosen inde-pendently and uniformly over the nL possibilities. Wecall this code C(L ,N ). For example, one random codeC(5, 7) over an alphabet n = 4 is shown in Figure 5 (Step III). Next, we substitute each of the nalphabets in the code C(L ,N ) by �0(n,d) and arrive ata binary code containing N possible codewords oflength L (n − 1)d . This substitution allows us to firstapply the collusion identification algorithm mentionedearlier on each of the L components using the firstcodebook �0(n,d), then find the best match in the sec-ond codebook to determine a likely colluder. Finally,each of the blocks of the codeword are permuted beforebeing inserted into the data. For example, using theabove code C(5, 7), we would be able to support seven users, and the codeword for the first user is shownin Figure 5 (Step IV). By choosing the code parametersappropriately, we can catch one colluder with highprobability and keep the probability of falsely accusinginnocents low. The construction that Boneh and Shaw

� 5. Construction procedure and examples of collusion-secure fingerprint codes.

[I] [IV][III][II]

PrimitiveCode

Enlarge viaRepetition

Compose withRandom Code

Permute WithinEach Block

Step I

Step IV

Step II

Step III

Permute

n

n–1

A

A D CBB

CB DA B

AC DD A

BD CB A

. .

. .

. .

. .

. .

. .

. .

CB AC D

i

vii

iii

iiB

C

D

A

B

C

D

1

111 111111

000 111111

000 111000

000 000000

11

0 11

0 10

0 00

Fingerprint Code for User-i to Insert into Host Data

[ 111 111 111

[ 111111111

110 111 001 110 111 001 000 000 000 100 010 001 ]

000111111 000111111 000000000 000000111 ]


arrived at gives a code length of O(log4 N log2(1/ε))

for catching up to log N users out of a total of N userswith error probability ε < 1/N .

The construction strategies of Boneh–Shaw’s codeoffers insight into fingerprinting both bitstreams andother data for which the each bit or unit of a finger-print is marked in a nonoverlapped manner. Animprovement was introduced in [30] to merge the low-level code with the direct sequence spread-spectrumembedding for multimedia and to extend the markingassumption to allow for random jamming. While the c-secure fingerprint codes were intended for objectsthat satisfy the marking assumption, we note that mul-timedia data have very different characteristics fromgeneric data, and a few fundamental aspects of themarking assumption may not always hold when finger-printing multimedia. For example, different “marks” orfingerprint bits can be embedded in overlapped regionsof an image through spread-spectrum techniques, andsuch “spreading” can make it impossible for attackersto manipulate individual marks at will. As a result, suchcollusion models as linear collusion by averagingbecome more feasible for multimedia fingerprints, andthis has a critical impact on the design of fingerprintcodes. It is also desirable to capture as many colludersas possible, instead of only capturing one. Recentresearch in [17] explored these directions and jointlyconsidered the encoding, embedding, and detection offingerprints for multimedia. A new class of structuredcodes, known as anticollusion codes (ACC), has beenproposed that uses combinatorial theory that areintended to be used with spread-spectrum code modu-lation. Several colluder identification algorithms forthese fingerprint codes were designed and the perform-ance trade-offs were examined [24]. Next, we will takea closer look at this fingerprinting strategy.

Combinatorial Design-BasedAnticollusion FingerprintingBoth encoding and embedding issues should be takeninto consideration when designing fingerprints for mul-timedia that can survive collusion and identify collud-ers. Since it is desirable to design the fingerprints usingas few underlying basis signals as possible, we approachthe design of collusion-resistant fingerprints using codemodulation [8]. The fingerprint signal for the j th user,wj , is constructed using a linear combination of a totalof v orthogonal basis signals {ui }

wj =v∑

i=1

b i j ui . (1)

Here the coefficients {b i j }, representing the fingerprintcodes, are constructed by first designing codevectorswith values {0, 1}, and then mapping them to {±1}.

Anticollusion codes can be used with code modula-tion to construct a family of fingerprints with the abilityto identify colluders [17]. An anticollusion code is afamily of codevectors for which the bits shared between

codevectors uniquely identifies groups of colludingusers. ACC codes have the property that the composi-tion of any subset of K or fewer codevectors is unique.This property allows for the identification of up to Kcolluders. A K-resilient AND anticollusion code (AND-ACC) is such a code where the composition is an ele-ment-wise AND operation.

It has been shown that binary-valued AND-ACCcan be constructed using balanced incomplete blockdesigns (BIBD) [17]. The theory of block designs is afield of mathematics that has found application in theconstruction of error-correcting codes and the designof statistical experiments [31]. The corresponding(k − 1)-resilient AND-ACC codevectors are assigned asthe bit complements of the columns of the incidencematrix of a (v, k, 1) BIBD. In this case, the codevectorsare v-dimensional, and we are able to representn = (v2 − v)/(k2 − k) users with these v basis vectors.Therefore, for a given resilience (k − 1), only O(

√n)

basis vectors are needed to accommodate n users.There are systematic methods for constructing infinitefamilies of BIBDs [31], [32], which thus provide a vastsupply of ACC.

Let us now study a simple example of ACC codes.The columns of the following matrix C represent thecodevectors of an ACC built from a (7, 3, 1)-BIBD

C =

0 0 0 1 1 1 10 1 1 0 0 1 11 0 1 0 1 0 10 1 1 1 1 0 01 1 0 0 1 1 01 0 1 1 0 1 01 1 0 1 0 0 1

�w1 = −u1 − u2 + u3 − u4 + u5 + u6 + u7,

w2 = −u1 + u2 − u3 + u4 + u5 − u6 + u7,

.

.

.

.

w7 = +u1 + u2 + u3 − u4 − u5 − u6 + u7.

Upon examining the code matrix C, we see thatthe logical AND of any two or fewer codevectors isdistinct from the logical AND of any other two orfewer codevectors. When two watermarks are aver-aged, the locations where the corresponding AND-ACC agree and have a value of one identify thecolluding users. For example, the w1 and w2 shownabove represent the watermarks for the first twocolumns of the above code, where we use the antipodalform and map “0” to “−1.” The average (w1 + w2)/2has coefficient vector (−1, 0, 0, 0, 1, 0, 1). The fact thata “1” occurs in the fifth and seventh location uniquelyidentifies user 1 and user 2 as the colluders. Anotherexample employing an ACC from a (16, 4, 1)-BIBDon the Lenna image is shown in Figure 6, where the


code is capable of capturing up to three colluders.Again, the set of positions of the sustained 1s is uniquewith respect to the colluder set and is therefore used toidentify colluders. For example, only users 1 and 4 canproduce a set of sustained 1s at the fifth–tenth and14th–16th code bits; and only users 1, 4, and 8 canproduce a set of sustained 1s at the fifth, sixth, eighth,tenth, 14th, and 16th code bits.

It is desirable to shorten the code length to squeezemore users into fewer bits since this would cut downon the storage and bookkeeping resources used tomaintain the orthogonal basis vectors. Further, it willalso distribute the fingerprint energy over fewer basisvectors and thereby decrease errors in the detectionprocess. A useful metric for evaluating the efficiency βof an AND-ACC for a given collusion resistance isβ = n/v, which describes the amount of users that canbe accommodated per basis vector. AND-ACCs with ahigher β are better. For (v, k, λ)-BIBD AND-ACCcodes, their efficiency is β = λ(v − 1)/(k2 − k) ≥ 1.

Another attempt at using the theory of combinatoricsto design fingerprints was made by [33], where projec-tive geometry was used to construct their codes. Interms of the β value defined above, the fingerprintingscheme employing BIBD ACC is more efficient from acoding perspective as it requires fewer basis signals toaccommodate the same amount of users. The higherefficiency of the BIBD ACC fingerprinting scheme has,to some extent, benefited from incorporating knowledgeabout the embedding and detection processes duringcode design. By incorporating a model of the detector, itis possible to provide as compact representation as possi-ble for collusion resistant fingerprint codes. The BIBDconstruction assumes that the detection of code bits inthe presence of collusion can be modeled as a logicalAND operation. One avenue for further exploration

would be to investigate other models for the detector,such as using majority logic.

Other code construction schemes, such as thosebased on different combinatorial designs, can lead toACC codes with different characteristics and maypotentially allow for content distributors to be able tomarket valuable content to a larger customer base. It isalso possible to obtain useful insights from furtherexploring the building blocks in the Boneh–Shaw’scode construction [29] and apply appropriate modula-tion to fingerprint multimedia. The existing construc-tion described in [29] is limited to a collusionresistance of K ≤ log n and is designed to trace onecolluder among K colluders. Their construction hascode length O(log4 n log2(1/ε)), where ε < 1/n is thedecision error probability. This code length is consider-ably large for small error probabilities and practical nvalues. An interesting avenue to explore would be howto reduce the code length by combining insightfulphilosophies from both Boneh–Shaw’s code and codesbased on combinatorial designs. These hybrid codescould provide additional latitude in searching for a fam-ily of efficient and effective ACC codes.

Colluder IdentificationThere are many potential colluder identification schemes.Due to the discrete nature of the ACC fingerprintingcode, the maximum likelihood (ML) approach [8] usual-ly involves the enumeration of all possible parameter val-ues, which leads to prohibitively high computationalrequirements. Therefore, computationally efficient alter-natives to the ML algorithm are desirable.

Three detection schemes have been recently pro-posed as suitable candidates that may be applied withAND-ACC [24]. The first scheme is a hard-threshold-ing detector, which starts with comparing TN (i), the

correlation-based detection statisticfor each bit, to a threshold τ todecide the observed code bit. If thethreshold is chosen appropriately,the extracted code approximatesthe AND operations of the codesfrom the colluders. We then com-pare the decoded bits with theACC codevectors and use thedetected “1” bits to deduce whichusers have been involved in collu-sion. The second approach is a soft-thresholding scheme, called theadaptive sorting detector, wherethe descendingly ordered detectionstatistics TN (i)s are iteratively usedto narrow down the set of suspect-ed users until the likelihood func-tion stops increasing. The thirdscheme that was introduced,known as sequential detector, dif-fers from the previous two algo-

� 6. 16-bit codevectors from a (16, 4, 1)-ACC code for user 1, 4, and 8, and the finger-printed 512 × 512 Lenna images for these three users, respectively. The code can captureup to three colluders. Shown here is an example of two-user collusion by averaging (user1 and 4) and an example of three-user collusion by averaging. The two codes indicatedby arrows in the table uniquely identify the participating colluders.

User 1:

User 4:

User 8:

User (1,4) Average:

User (1,4,8) Average:

After Thresholding:

–1 –1 –1–1 1 111 1 111 1 111

– – 1 11 1 110 0 00 1 101 0 001 0 101

–1 1 11 1 111 1 –1–11 –1 111

–1 0 00 1 111 1 001 0 111

1 –1 11 1 1–11 –1 111 1 1–11

13

13

13

13

13

13

13

13

13

13

User-1 User-8User-4


rithms in that it attempts to directly estimate the setof colluders from the distributional behavior of thedetection statistics instead of first performing decod-ing before identifying colluders from the decoded fin-gerprint code. As indicated by thename, the sequential detector iden-tifies colluders one by one using alikelihood criteria. These threedetectors have much lower compu-tational complexity than the MLapproach. Simulation results ofthese detectors under a three-col-luder scenario are presented inFigure 7, where fingerprints basedon a (16, 4, 1) BIBD areemployed. It is observed that theuse of a higher threshold in thehard-thresholding scheme is able tocapture more colluders, but alsoplaces more innocent users falselyunder suspicion. Compared to thehard-thresholding scheme withτ = 0.9E (TN ), the soft-threshold-ing scheme and the sequentialscheme capture a larger fraction ofthe colluders at all WNRs, while fora large range of WNRs they placefewer innocents under suspicion.Overall, the sequential detectorprovides the most promising bal-ance between capturing colludersand placing innocents under suspi-cion. From the code perspective,this performance improvement canbe viewed as using not only sus-tained 1 bits but also sustained 0bits to help identify colluders.

ConclusionsIn summary, we have discussed therecent advances in multimedia fin-gerprinting for colluder identifica-tion, reviewed the tradeoffs andperformance criteria, and examineda few embedded fingerprint strate-gies. Revisiting the formulation offingerprint coding and modulationin (1), we can arrive at a unifiedframework that covers orthogonalfingerprints, coded fingerprints, andother correlated fingerprints. Underthis unified formulation, a differentsequence {b1 j , b2 j , . . . , bvj } isassigned for each user j . Its matrixrepresentation, B = {b i j }, has a dif-ferent structure for different finger-print strategies. An identity matrixfor B represents orthogonal finger-

printing wj = uj , where each user is identified with anorthogonal basis signal. The simple structure forencoding and embedding orthogonal fingerprintsmakes it attractive in identification applications that

� 7. Colluder identification performance of four different detectors on ACC-based finger-printing. The horizontal axis indicates watermark-to-noise-ratio (WNR); the vertical axisindicates (a) the fraction of colluders correctly captured and (b) the fraction of innocentusers that are put under suspicion.

Frac

tion

Cap

ture

d

WNR (dB)

Sequential

Sorting

Hard: τ = 0.9E(TN)

Hard: τ = 0.7E(TN)

1.0

0.8

0.6

0.9

0.7

0.3

0.4

0.2

0.5

–25 –20 –10–15 –5 0

Inno

cent

Fra

ctio

n

WNR (dB)

(a)

(b)

Sequential

SortingHard: τ = 0.9E(TN)

Hard: τ = 0.7E(TN)

0.25

0.15

0.05

0.20

0.10

0.00–25 –20 –10–15 –5 0


involve a small group of users. To use v orthogonalbasis signals to represent more than v users, correla-tions between different users’ fingerprints must beintroduced. One way to construct a corresponding Bmatrix is to use binary codes. The c-secure code andthe BIBD ACC code discussed in the previous sectionare two examples. In more general constructions,entries of B can be real numbers [28]. The key issue isto strategically introduce correlation among differentfingerprints to allow for accurate identification of anysingle fingerprint as well as the contributing finger-prints involved in forming a colluded fingerprint signal.

We hope that the work reviewed in this article andthe general framework presented will encourageresearchers from different areas to further explore col-lusion-resistant fingerprinting for digital rights man-agement of multimedia. As we noted throughout,there are many research directions that remain unex-amined. As an example, one key problem in the area ofindependent fingerprints involves developing distrib-uted detection agents. The challenge here lies in devel-oping computationally efficient detection algorithmsthat are capable of robustly identifying colluders at thelow WNR associated with blind detection scenarios.Similarly, there are many suitable directions to explorefor collusion-resistant fingerprints built using codemodulation. The construction of collusion-resistantfingerprints using nonbinary codes, or that involvesdifferent assumptions about the detection process, areinteresting avenues to be explored. Additionally, thediscussion has focused primarily on fingerprintsembedded using spread-spectrum techniques.Exploring the effect that collusion has upon otherembedding technologies is an important area for fur-ther investigation. We envision that insights from mul-tiple disciplines—such as signal processing, coding,combinatorics, communications, and information the-ory—will help improve our understanding of the capa-bility and limitations of fingerprinting, improve ourfingerprint designs, and ultimately lead to systems withbetter colluder-tracing performance. Overall, appropri-ately designed fingerprints can be a useful and proac-tive forensic tool that brings user accountability intomultimedia information management by providing evi-dence and a means to trace the culprits of unautho-rized information dissemination.

AcknowledgmentThis work was supported in part by the Air ForceResearch Laboratory under DDET Grant F30602-03-2-0045 and the National Science Foundation underCAREER Award CCR-0133704.

Min Wu received the B.E. degree in electrical engineer-ing and the B.A. degree in economics from TsinghuaUniversity in 1996 (both with the highest honors), andthe Ph.D. degree in electrical engineering fromPrinceton University in 2001. She is currently an assis-

tant professor of the Department of Electrical andComputer Engineering and the Institute of AdvancedComputer Studies at the University of Maryland,College Park. Her research interests include informa-tion security, multimedia signal processing, and multi-media communications. She received a CAREER awardfrom the U.S. National Science Foundation in 2002and a George Corcoran Faculty Award from Universityof Maryland in 2003. She is the coauthor ofMultimedia Data Hiding (Springer-Verlag, 2003) andholds four U.S. patents on multimedia security. She is amember of the IEEE Technical Committee onMultimedia Signal Processing and was publicity chair ofthe IEEE ICME03 conference.

Wade Trappe received his B.A. degree in mathematicsfrom the University of Texas at Austin in 1994 and thePh.D. in applied mathematics and scientific computingfrom the University of Maryland in 2002. He is cur-rently an assistant professor at the Wireless InformationNetwork Laboratory (WINLAB) and the Electrical andComputer Engineering Department at RutgersUniversity. His research interests include multimediasecurity, cryptography, wireless network security, andcomputer networking. He received the GeorgeHarhalakis Outstanding Systems Engineering GraduateStudent award. He is coauthor of Introduction toCryptography with Coding Theory (Prentice Hall,2001). He is a member of the IEEE Signal Processing,Communication, and Computer Societies.

Z. Jane Wang received the B.Sc. degree fromTsinghua University, China, in 1996 (with the highesthonor) and the M.Sc. and Ph.D. degrees from theUniversity of Connecticut in 2000 and 2002, respec-tively, all in electrical engineering. While at theUniversity of Connecticut, Dr. Wang received theOutstanding Engineering Doctoral Student Award.She is currently a research associate of the Electricaland Computer Engineering Department and theInstitute for Systems Research at the University ofMaryland, College Park. Her research interests are inthe broad areas of statistical signal processing, infor-mation security, genomic signal processing and statis-tics, and wireless communications.

K.J. Ray Liu is a professor in the Electrical andComputer Engineering department at the Institute forSystems Research of the University of Maryland,College Park, where he is also the director of theCommunications and Signal Processing Laboratories.His research contributions encompass broad aspects ofsignal processing algorithms and architectures; multi-media communications and signal processing; wirelesscommunications and networking; information security;and bioinformatics, in which he has published over 300refereed papers. He is the recipient of numerous hon-ors and awards, including the IEEE Signal Processing


Society 2004 Distinguished Lecturer, the 1994National Science Foundation Young InvestigatorAward, the IEEE Signal Processing Society’s 1993 BestPaper Award, and IEEE 50th Vehicular TechnologyConference Best Paper Award, 1999. He is editor-in-chief of IEEE Signal Processing Magazine and was thefounding editor-in-chief of the EURASIP Journal onApplied Signal Processing. He is a Fellow of the IEEEand a member of the Board of Governors of IEEESignal Processing Society.

References[1] I. Cox, J. Bloom, and M. Miller, Digital Watermarking: Principles &

Practice. San Mateo, CA: Morgan Kaufman, 2001.

[2] I. Cox, J. Kilian, F. Leighton, and T. Shamoon, “Secure spread spectrumwatermarking for multimedia,” IEEE Trans. Image Processing, vol. 6, pp.1673–1687, Dec. 1997.

[3] C. Podilchuk and W. Zeng, “Image adaptive watermarking using visualmodels,” IEEE J. Selected Areas Commun., vol. 16, pp. 525–538, May1998.

[4] C-Y. Lin, M. Wu, Y-M. Lui, J.A. Bloom, M.L. Miller, and I.J. Cox,“Rotation, scale, and translation resilient public watermarking for images,”IEEE Trans. Image Processing, vol. 10, pp. 767–782, May 2001.

[5] J. Lubin, J. Bloom, and H. Cheng, “Robust, content-dependent, high-fidelity watermark for tracking in digital cinema,” Security andWatermarking of Multimedia Contents V, Proc. SPIE, vol. 5020, pp.536–545, Jan. 2003.

[6] P. Moulin and J.A. O’Sullivan. (2001, Dec.) Information-theoretic analysisof information hiding. Available: http:// www.ifp.uiuc.edu/~moulin/paper.html

[7] B. Chen and G.W. Wornell, “Quantization index modulation: A class ofprovably good methods for digital watermarking and information embed-ding,” IEEE Trans. Inform. Theory, vol. 47, pp. 1423–1443, May 2001.

[8] J.G. Proakis, Digital Communications, 4th ed. New York: McGraw-Hill,2000.

[9] M. Wu and B. Liu, “Data hiding in image and video: Part-I—Fundamentalissues and solutions,” IEEE Trans. Image Processing, vol. 12, pp. 685–695, June 2003.

[10] H.S. Stone, “Analysis of attacks on image watermarks with randomizedcoefficients,” NEC Research Inst., Princeton, NJ, Tech. Rep. 96-045, 1996.

[11] F. Ergun, J. Kilian, and R. Kumar, “A note on the limits of collusion-resistant watermarks,” in Proc. Eurocrypt’99, pp. 140–149, 1999.

[12] J. Kilian, T. Leighton, L. Matheson, T. Shamoon, R. Tarjan, and F. Zane,“Resistance of digital watermarks to collusive attacks,” in Proc. IEEE Int.Symp. Inform. Theory, Aug. 1998, pp. 271.

[13] K. Su, D. Kundur, and D. Hatzinakos, “A content-dependent spatiallylocalized video watermarked for resistance to collusion and interpolationattacks,” in Proc. IEEE Int. Conf. Image Processing, Oct. 2001, pp.818–821.

[14] M.D. Swanson, B. Zhu, and A.T. Tewfik, “Multiresolution scene-basedvideo watermarking using perceptual models,” IEEE J. Select. AreasCommun., vol. 16, pp. 540–550, May 1998.

[15] D. Kirovski and F.A. Petitcolas, “Blind pattern matching attack on water-marking systems,” IEEE Trans. Signal Processing, vol. 51, pp. 1045–1053,Apr. 2003.

[16] J.K. Su, J.J. Eggers, and B. Girod, “Capacity of digital watermarks sub-jected to an optimal collusion attack,” in European Signal ProcessingConf. (EUSIPCO 2000), 2000.

[17] W. Trappe, M. Wu, and K.J.R. Liu, “Collusion-resistant fingerprinting formultimedia,” in Proc. IEEE Int. Conf. Acoustics, Speech, Signal Processing,2002, pp. 3309–3312.

[18] H. Zhao, M. Wu, Z.J. Wang, and K.J.R. Liu, “Nonlinear collusionattacks on independent fingerprints for multimedia,” in Proc. IEEE Int.Conf. Acoustics, Speech, Signal Processing (ICASSP’03), Hong Kong, Apr.2003, pp. 664–667.

[19] Z.J. Wang, M. Wu, H. Zhao, W. Trappe, and K.J.R. Liu, “Resistance oforthogonal Gaussian fingerprints to collusion attacks,” in Proc. IEEE Int.Conf. Acoustics, Speech, Signal Processing (ICASSP’03), Hong Kong, Apr.2003, pp. 724–727.

[20] M. Wu and B. Liu, Multimedia Data Hiding. New York: Springer-Verlag,Oct. 2002.

[21] S. Kay, Fundamentals of Statistical Signal Processing, Volume II: DetectionTheory. Englewood Cliffs, NJ: Prentice-Hall, New Jersey, 1998.

[22] W. Zeng and B. Liu, “A statistical watermark detection technique withoutusing original images for resolving rightful ownerships of digital images,”IEEE Trans. Image Processing, vol. 8, pp. 1534–1548, Nov. 1999.

[23] A. Herrigel, J. Oruanaidh, H. Petersen, S. Pereira, and T. Pun, “Securecopyright protection techniques for digital images,” in Second InformationHiding Workshop (IHW) (Lecture Notes in Computer Science, vol. 1525).New York: Springer-Verlag, 1998.

[24] W. Trappe, M. Wu, Z.J. Wang, and K.J.R. Liu, “Anti-collusion finger-printing for multimedia,” IEEE Trans. Signal Processing, vol. 51, pp.1069–1087, Apr. 2003.

[25] T. Cormen, C. Leiserson, and R. Rivest, Introduction to Algorithms. NewYork: McGraw Hill, 1989.

[26] D.Z. Du and H. Park, “On competitive group testing,” SIAM J. Comput.,vol. 23, pp. 1019–1025, Oct. 1994.

[27] D. Kirovski, H.S. Malvar, and Y. Yacobi, “Multimedia content screeningusing a dual watermarking and fingerprinting system,” in Proc. ACMMultimedia, 2002, pp. 372–381.

[28] Z.J. Wang, M. Wu, W. Trappe, and K.J.R. Liu, “Group-oriented finger-printing for multimedia forensics,” to be published.

[29] D. Boneh and J. Shaw, “Collusion-secure fingerprinting for digital data,”IEEE Trans. Inform. Theory, vol. 44, pp. 1897–1905, Sept. 1998.

[30] Y. Yacobi, “Improved Boneh-Shaw content fingerprinting,” in Proc. CT-RSA 2001, 2001, pp. 378–91.

[31] J.H. Dinitz and D.R. Stinson, Contemporary Design Theory: A Collectionof Surveys. New York: Wiley, 1992.

[32] C. J. Colbourn and J.H. Dinitz, The CRC Handbook of CombinatorialDesigns. Boca Raton, FL: CRC Press, 1996.

[33] J. Dittmann, P. Schmitt, E. Saar, J. Schwenk, and J. Ueberberg,“Combining digital watermarks and collusion secure fingerprints for digitalimages,” SPIE J. Electron. Imaging, vol. 9, no. 4, pp. 456–467, 2000.

Documents

Min Wu, Wade Trappe, Z. Jane Wang, and K.J. Ray Liusig.umd.edu/publications/wu_fingerprinting_200403.pdfwatermark can survive moderate geometric distortions, such as rotation, scale,