Solved

Please help us protect copyrighted material

Posted on 2015-01-22
9
108 Views
Last Modified: 2015-01-24
We are a company that develops methods to protect rights holders digital assets using techniques similar to what Digimarc and/or steganography uses.  We have been developing a method which will call back to a database the exact location of a file based off packet information, but the problem has been getting the code to activate when a mouseover takes place.

 I am sure there are different ways of accomplishing this task, but we need help generating the code that calls back to the database telling us the location of this downloaded file. We have tried php, and java, but we are still struggling with the coding method that can help us get this task done.

 If you have worked on something like this, please provide theory, proof of concept code, or any other assistance.
0
Comment
Question by:vdavid23
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40565758
If I open a file of any type unless it is an executable then the .video .document will open using its default action which will not phone home to the rights holder .. with digital rights and a file that supports digital rights management then opening the file can phone home to get the token that allows the file to be opened.

Simply mousing over the file in explorer will do nothing. Same with transferring the file from an unprotected location to another will not phone home. Digimark and other steganography if each file that is distributed is changed will only allow you to find out who leaked the file by getting the file information and matching it to your database.
0
 
LVL 2

Author Comment

by:vdavid23
ID: 40565894
I appreciate your comment, I agree in part with most of what you are saying, but our research is showing that it is possible to develop a call home method with a simple mouse over. Now granted, the example links I have provided show a very rudimentary form of the mouse over scripting process, but we feel at Goldmarc Solutions what we were originally told by others could not be done, we did.

I feel we just have not found the appropriate individual(s) with a background in this technology that can perform the tasks we are requesting. The most basic part of the process we want to accomplish is inserting the call home function in the stegged image, video, music or Ebook. Once we accomplish this, then we will review the methodology in which we want to approach the person who is sharing the digital media.

There are several things we need to explore after getting the fundamentals down first.  In fact, we may later abandon the whole concept of a call home method entirely, but we are exploring all our options now that we have successfully achieved the first part of the process which can be seen at www.goldmarcsolutions.com


http://forums.unfiction.com/forums/viewtopic.php?t=28896&start=1425
http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html
https://support.google.com/webmasters/answer/3024344?hl=en
0
 
LVL 61

Expert Comment

by:gheist
ID: 40566043
it is pretty illegal to embed exploits in files, and chances are high next patch update closes the loophole.
0
 
LVL 2

Author Comment

by:vdavid23
ID: 40566445
I've requested that this question be closed as follows:

Accepted answer: 0 points for vdavid23's comment #a40565894

for the following reason:

Silly answers
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40566446
Not very professional of you.  Post a link to a picture that you have encoded I will download this picture and put it on an external web server and I defy you to identify the ip address of the web server.. in fact I will put it on several servers and open the file on those servers and I'd like a report of the ip addresses as they phoned home.. you will have encoded the information into the files so when they phone home you should be able to query your database and confirm the ip addresses
0
 
LVL 61

Expert Comment

by:gheist
ID: 40566476
Once the file is on the disk or displayed on the screen you have no control where it goes after (For primitive means - backup, and big display wall)
0
 
LVL 32

Expert Comment

by:shalomc
ID: 40566999
So you have found  way to steg a png file. That is very nice.
if I am to download the file into my pc and open it in an image processing software, you will not know about it. There is no  mechanism in the software to call home.
If I copy and paste it into my presentation, you will not know about it. There is no mechanism that you can trigger in my presentation to call home.
If I capture the screen and then paste it into my web page, you will not know about it. Steg is lost.
If I modify any aspect of the image, even change quality by 1%, this will very likely destroy your steganography.

The only thing that can work, is when I download the file from the "protected" web site A, use it as-is in another web site B, and also embed in the web site B some javascript code that will:
* Trigger a mouseover event
* Call home with an Ajax call and report the file to your server
* Your server then downloads the file and checks for watermarks.
However, this is a stupid scheme. The perpetrator has to deliberately install spying javascript into his web site, and tag the image as violating copyright :)

Your best alternative is to convince Google, the Mozilla Foundation, Opera and Microsoft to embed spying code into the browsers, that will report to you on every image viewed on earth. You will only need a cluster of 50,000 web servers to process the requests.

Your second best alternative is to develop a browser addon that people will have to download and deliberately infect their computers with. This is what a lot of malware does, so the technicalities can be found, although not on EE.
You still need a lot of servers and a lot of bandwidth. I know a company that has a browser addon similar to alexa, and they process 50K transactions a second with a humongous cluster. Their bandwidth bills alone are more than $30K a month.

Sometimes the best answer is that what you ask for is not feasible, and it is not a silly answer. It is just an answer you don't like. That's life.
0
 
LVL 61

Accepted Solution

by:
gheist earned 0 total points
ID: 40567051
For PNG file it is much simpler... Just recompress and wipe surplus data... At least that is done when publishing on thw web...
0
 
LVL 61

Expert Comment

by:gheist
ID: 40568437
e.g. advancecomp -> advpng.exe
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
When we want to run, execute or repeat a statement multiple times, a loop is necessary. This article covers the two types of loops in Python: the while loop and the for loop.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
The viewer will learn how to implement Singleton Design Pattern in Java.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now