Security aspecs of CSGC
to find the limits of the authentication systems based on CSGC
Copy sensitive graphical codes (CSGC) are used as anti-counterfeiting solution in packaging and document protection. Nevertheless, the security aspects of these elements are not fully studied. The security of CSGC is based on the stochastic nature of print-and-scan (P&S) process. It can be easily shown that every time when an image is printed and scanned some information is lost in comparison with its digital version. Using this property, the authentication test can distinguish the original CSGC (printed once) from copied/counterfeited (printed several times).
The authentication test can be performed as 1) a comparison of the binary CSGC with an estimated binary code that is obtained by binarization of grayscale image during the authentication test or as 2) a comparison of binary CSGC with its degraded (graylevel) version.
Most of the attacks are produced between printing and scanning processes. An opponent needs to correctly predict a binarized version of CSGC that then will be re-printed and re-scanned using the same devices (in the case of the worst type attack) and the authentication test will process a grayscale counterfeited image. Thus, the comparison function might be sensitive to distortions added during Print-and-Scan (P&S) process and must correctly discriminate CSGC printed ones and CSGC printed twice or counterfeited.
The security of this authentication system is based on the fact that a P&S process cannot be fully controlled and the hardness of reversing it. That is why the task to estimate a CSGC structure with precision is hard. Nevertheless, an opponent can try to create CSGC copies as close as possible to the original aiming to pass an authentication test. For this purpose the opponent can use different strategies depending on his/her practical skills.
- Duplication. The beginner will try to copy the document with a CSGC by using straightforwardly a photocopier or a scanner without further investigations. It was shown that the CSGC are quite robust to such attacks [C6].
- Naive attack. An attacker having some experience in image processing will try to increase the image quality between two consecutive P&S operations. Nevertheless, in practice the use of some naive tools as image sharpening and histogram equalization cannot help to pass the authentication test [C7].
- Modeling the inverse P&S process. This task is quite difficult due to stichastic nature of P&S process, that is why the construction of inverse P&S function is still an ongoing topic. Some preliminary study of P&S process was done in [C5].
- Estimation attack. The estimation attack aims at predicting the numerical form of a CSGC using statistical or machine learning approaches. An attacker needs to construct a database in order to capture the impact of P&S process, to prepare an algorithm that will be trained using the constructed database then to correctly predict the CSGC structure using the trained algorithm. Recently, it was shown that the neural approach gives a good estimation results [C12,C13].
Taking into account the opponent attacks, an authentication test have to be improved :
- Using some image processing techniques [C16].
Related projects
- FakeNets (january 2022 - december 2023) funded by FIL.
- Copy Detection Pattern Dataset construction with Scantrust (april-july 2021).
- CSGC dataset construction during my post-doc in LaHC, Saint-Etienne (april-july 2019).