Two-Dimensional (D) barcodes are widely used in various applications because of their advantages of simple and low cost. In addition, one attractive feature in D barcodes is capable of providing significantly higher information capacity than that in D barcodes [1, 2]. A D barcode pattern named Quick Response (QR) code has been popularly used in our daily life. For example, a QR code can be employed as the information entrance of an advertisement, the information carrier for a mobile payment transaction, and a product authentication for tracking and anti-counterfeiting, etc.
Recently, the security of D barcodes has received extensive attention due to the following three major security risks [3, 4, 5, 6, 7, 8]. First, various types of illegal information, e.g., Trojan virus and phishing websites, are encoded in a normal D barcode. It is challenging to detect illegal information before the barcode is decoded . Second, a D barcode can be illegally tampered by a replacement attack that covers the original barcode by an illegal one. Under such attacks, some important information, e.g., the payee of a mobile payment transaction, can be tampered and it results in may cause some economic loss . Third, a D barcode can be illegally replicated to fake a unique identifier in a tracking system for the anti-counterfeiting application.
The first two security risks have been effectively overcome. For example, for the first security risk, an anti-virus and anti-phishing recognition mechanism was used before the receiver of a D barcode executes the decoded information , while for the second security risk, the digital signature algorithms can be used to check the authenticity and integrity of the contents in a D barcode . However, the third security risk (illegal copying) is more challenging as compared with the other two risks, since a D barcode can be easily replicated with an off-the-shelf photocopier. An illegal copying D barcode not only leads to large economic and reputational loss for the authorized manufacturer but also limits the application of D barcodes as an anti-counterfeiting technique. Thus, this paper focuses on the problem of illegal copying.
In the literature, some approaches have been proposed to overcome the security risk of illegal copying but accompanying with some limitations. Now, we briefly introduce them as follow.
1) Special Printing Materials or Techniques. This approach exploits the special features of printing materials or techniques, which cannot be reproduced on purpose, to counter the attack of illegal copying. For example, a polymerized liquid crystal material  with unique optical characteristics can be used to print an anti-copying D barcode. Some red, green and blue light-emitting nano-particles  can be used to construct 3-dimensional (D) QR codes that cannot be copied by ordinary technologies. Special halftone printing technology  can generate D barcodes that are invisible under visible light. However, this approach not only increases the production cost but also reduces the universal applicability of a D barcode, which hinders its promotion in extensive applications.
2) Physical Unclonable Function (PUF). The PUF is an unclonable response function which inputs a stimulus to a physical entity and then outputs a unique feature according to the internal physical structure, e.g., a unique texture of printing paper . In recent years, researchers have found that it is possible for a mobile imaging device under a semi-controlled condition to acquire images of paper and to extract microscopic textural features for constructing the PUF 
. The PUF, which acts as a digital signature of each printing substrate, is stored in an online database to facilitate the verification of textural features extracted from a query document. This approach has a limitation. The authentication is performed over an online database, where the scale of the database has been greatly restricted. The scale of the database applied is often not sufficiently large to have extensive universality. When the scale of the database is expanded, the accuracy of its authentication will be reduced.
3) Anti-copying Pattern. Some patterns with detailed features, such as high-density black or white blocks, can be used to prevent illegal copying . Similarly, the following patterns also can be used for anti-copying, e.g., the black-and-white texture pattern with a grating structure  and color anti-copying pattern which contains the information of four channels of CMYK . This approach requires that the legal receiver equips a capturing device with a high resolution, which apparently increases the implementation cost of the receiver and is impractical for a low-cost mobile phone.
4) Digital Watermarking. The digital watermarking technology (DWT) can embed certain privacy information in a D barcode so as to protect its content authenticity . Semi-fragile watermark is an important branch of DWT , which can resist distortion or tamper with low intensity and can detect distortion or falsification of various types of images with high intensity . However, to our best knowledge, there is no public report that a digital watermarking technique has been used against illegally-copying attacks.
In summary, the existing anti-copying approaches have the drawbacks of low generality for special material, high cost for high-resolution equipment and high overhead for online database required. In this paper, we focus on the print-capture channel where a message is transmitted using a printed medium and is retrieved by a mobile imaging device. We propose a low-cost anti-copying (LCAC) D barcode by exploiting the difference between the noise characteristics of legal and illegal channels. At the same time, we propose some possible transformations of the D barcode, and give corresponding covertness and robustness analysis. For accurately evaluating the performance of the proposed LCAC code, a theoretical model of the noise in an illegal channel is established by using a generalized Gaussian distribution. At last, based on the theoretical model, we built a prediction function to optimize the parameters of the proposed LCAC D barcode in order to increase the cost of copying attack and achieve a better anti-copying effect.
The key contributions of this work can be summarized as follows.
We propose a low-cost anti-copying (LCAC) D barcode on the basis of the considered D barcode, which exploits the difference between the legal and illegal channels. In the proposed LCAC code, the sender of a D barcode embeds an authentication message into a source message to realize the anti-copying purpose. Two embedding strategies are proposed and analyzed.
For accurately evaluating the performance of the proposed LCAC code, a theoretical model of an illegal channel based on various printers and scanners is established by using a generalized Gaussian distribution. By comparing with the actual experimental results, the theoretical model works well.
For improving the security of the proposed LCAC code, besides the direct-copying attack, an improved version which is the synthesized-copying attack, is also considered in this paper. Based on the aforementioned theoretical model, we built a prediction function to optimize the parameters of the proposed LCAC code. The parameters optimization incorporates the covertness requirement, the robustness requirement and a tradeoff between the production cost and the cost of illegally-copying attacks together. The experimental results show that our approach has a good ability to prevent illegal copying.
Ii Background of Considered D Barcode and System Model
Ii-a Background of Considered D Barcode
Without loss of generality, this paper considers -order multilevel D barcodes , where is the modulation order and . The block diagram of the generic D barcode is illustrated in Fig. 1, as shown at the top of the next page. As shown in the sender of Fig. 1, denotes a source message with length , where is the number of blocks and is the length per block. The is encoded via Reed-Solomon (RS) codes to obtain the coder output . The output length of RS codes per block is denoted as n and its error correction capability is . Thus, the length of is .
Then, through a pulse amplitude modulation (PAM) with order , we obtain a modulated signal . The modulate block transforms a bit stream into the corresponding gray-scale values. The case of is very popular in the practical application of D barcodes; however, the cases of is becoming a new research trend due to its high capacity . Thus, this paper focuses on the case of . Following , the constellation points are set as , that is, . Note that the ideas of this paper can be straightforwardly extended to other cases, e.g., and .
After inserting the header and training symbols into the modulated signal , the original version of a D barcode, , is generated. The total length of header and training symbols is denoted as and the final length of a D barcode is denoted as , where the value of should be an integer after taking a square root to keep the D barcode a square structure. The header symbols have two functions: first, it stores additional information, e.g., format and version of a considered D barcode; second, its length is adjustable to ensure that the value of satisfies the length requirement in a considered D barcode .
In Fig. 2
, the white and grey modules represent the modulated symbols of information bits and redundant bits of the source message, respectively. The yellow and red modules represent the locations of header symbols and training symbols, respectively. The intensity of red illustrates the gray level of the training symbols. Moreover, two types of training symbols are considered. The first type is used to estimate the spatial distortion, which is set over an entireD barcode as uniform as possible; the second type is used to estimate the post-processing distortion, which is set at the center area of a D barcode . Following , the gray value of the first type of training symbols is set to , while those of the second type of training symbols are set to , as shown the red cross of Fig. 2. Note that, as the last step of encoding a D barcode, a finder pattern should be attached to facilitate the detection of a D barcode reader ; however, without causing any confusion, the finder pattern is omitted in Fig. 1 for conciseness.
In Fig. 1, the first block of a receiver is the detection block which scans the printed D barcode with a mobile phone camera or an optical scanner. The detection block is to locate and to segment the captured version of a D barcode by using the finder pattern. Then, the detection block quantizes the mean intensity within each partitioned area to obtain a gray-scale signal . The is fed into an equalizer block which compensates the channel distortion by using the training symbols described above 
. Specifically, the equalizer block trains a fitting function to reflect the channel distortion by comparing the gray-scale values of the scanned training symbols with those of the considered ones. The fitting function can be described by a sigmoid function in practical situations. When the fitting function is trained, an inverse fitting function is further established to correct the distortions in . Then, is extracted by removing the header and training symbols in . Next, is demodulated and decoded to obtain and , respectively.
Ii-B System Model
As shown in Fig. 3, we consider the system model of a D barcode by two different channels, i.e., a legal channel and an illegal channel. In the legal channel, as shown by the lower branch of Fig. 3, a legal D barcode is received through only a print-and-capture process, whereas in the illegal channel as enclosed by the dashed box of Fig. 3, an illegal D barcode is received through a print-scan-print-and-capture process, which is denoted as a double print scan (DPS) process. Intuitively, the distortion and noise in an illegal channel are more serious than those in a legal channel. Specifically, the total noise in a legal channel can be modeled as
where and represent the noise components of the first printing process and the legal detecting process, respectively, represents the interaction of noise in different stages. The more common relationships are additive noise and multiplicative noise. The total noise in an illegal channel is written as
where and denote the noise components of the illegal scanning process and the second printing process, respectively.
By considering the models of printing and scanning processes in , it is easy to conclude that since more processes of printing or scanning introduce more noise. This conclusion is also demonstrated through an example shown in Fig. 4. By comparing the details of Fig. 4(a) with those of Fig. 4(b) and Fig. 4
(c), the noise variance of the legalD barcode is slightly larger than that of the original barcode, whereas the noise variance of the illegally copied one is much larger than those of both the legal D barcode and the original barcode. Although it is possible to distinguish the illegally copied D barcode by detecting various characteristics of two channels [18, 26], it is challenging for a low-cost mobile terminal, e.g., a mobile phone, to finish this task due to the following two reasons. First, it is difficult to set an appropriate threshold to distinguish two types of D barcodes, even for the enlarged subgraph as shown in Fig. 4(d) and Fig. 4(e), since there is no prior information for two types of channels. Second, if the mobile phone performs an authentication with the online database, which not only causes large network overhead but also introduces additional security risks due to the frequent sensitive data exposure during wireless communication. The basic idea of our approach is to embed an authentication message into a source message, where the decoded bit-error-rates (BER) of the authentication message is sensitive to the noise variance. In the receiver, we set an appropriate threshold for decoded BER of authentication message to detect whether the received D barcode is an illegally copied version of the legal D barcode or not, which will be described in the next section. Then, we fine-tune the performance of our approach by optimizing the embedding parameters of the authentication message, which will be described in Section VI.
Iii The Proposed Low-cost Anti-Copying Code
Iii-a Description for the Sender
As shown in Fig. 5, we generate an authentication message for anti-copying purpose. The is encoded via the Bose-Chaudhuri-Hocquenghem (BCH) codes to obtain the coder output for improving its robustness. The lengths of and are denoted as and respectively, and the error correction capability is .
The key block of the sender in the proposed LCAC code is the embed block which replaces certain bits of the source message by those of the authentication message. Specifically, if the bit of the source message is different from that of the authentication message, this bit is modified from to or to ; otherwise, this bit is kept unchanged. Apparently, the embedding operation sacrifices the robustness of the source message, which also can be denoted as the covertness of the authentication message. There are two aspects of the covertness requirement in our LCAC code. First, the presence of the authentication message should not be easily detectable by the illegal receiver. Second, it should not have a noticeable effect on the receivers’ ability to recover the source message. Moreover, covert authentication in an LCAC code may be used together with other security techniques in the conventional approaches to produce a more secure
D barcode. In this paper, the covertness performance is analyzed through the error probability of demodulation and decoding for the source message. The values ofand , the parameters of the proposed LCAC code, should be optimized by jointly considering the covertness and robustness of authentication message, which will be analyzed in Section VI.
Besides the embedding length , The embedding locations should be carefully designed as well. In this paper, we consider two embedding strategies to define different embedding locations. In the first strategy, as shown in Fig. 2(a), which is short as Strategy for simplicity, is randomly embedded into the redundant bits of . In the second strategy, as shown in Fig. 2(b), which is short as Strategy , is randomly embedded into the entire bits of . In the sender of an LCAC code, the specific embedding locations are defined through a one-way, collision-resistant hash function with the source message and the secret key , expressed as
where the hash function is robust against input error for generating the random locations. The secret key is generated and allocated by the sender. For higher security, is different for different source messages , which means that different keys are generated for different products. Before each verification attempt, the legal receiver sends an authentication request to the sender, and the sender feedbacks and to the receiver via a secure way, e.g., encryption. Note that we can use some advanced key agreement protocols [27, 28] to achieve the allocation of secret keys for further improving the security of the considered 2D barcode.
Note that both and are only secret information required in the LCAC codes and the exchange of secret information occurs only once, thus the overhead for anti-copying in the LCAC is very low. An alternative solution is to allocate both and when the authentication program is installed into a mobile phone, which avoids the exchange of secret information. Note that, before a legal receiver accepts a D barcode, the authentication message should be treated as a noise signal as well since the legal receiver does not know whether the authentication message exists or not in the received signal.
For two embedding strategies, we have the following observations:
Observation : Strategy has better covertness performance than Strategy since the impact of errors occurred in the redundant bits to the decoding performance of source message is smaller than that in the information bits according to the coding structure of RS codes.
Observation : Strategy has better robustness performance than Strategy since Strategy has larger embedding range, which spreads the authentication message into a larger area and lowers the error probability caused by some local distortion, e.g., a part of the D barcode is shaded.
Observation : Strategy has better security performance than Strategy since each bit of the authentication message is embedded in a larger space, which intuitively increases the uncertainty of detecting the authentication message by an adversary. The first two observations are verified through experimental results in APPENDIX A.
The two embedding strategies in LCAC codes are illustrated in Fig. 2 as two toy examples, where the case of is considered. The blue modules represent the modulated symbols of the authentication message. Note that, as the last step of encoding a D barcode, a finder pattern should be attached to facilitate the detection of a D barcode reader ; however, without causing any confusion, the finder pattern is omitted in Fig. 2 for conciseness.
After the embed block, we obtain a signal with embedding message . Then, through a pulse amplitude modulation (PAM) with order  to yield a modulated signal . After inserting the header and training symbols into the modulated signal , the original version of a D barcode, , is generated.
Iii-B Description for the Receiver
When a printed D barcode is captured by a receiver, a series of standard operations should be proceeded to extract the source message. The block diagram of the receiver in the proposed LCAC Code is illustrated in Fig. 6. Similar to Fig. 1, the blue blocks represent the additional one for anti-copying but the remaining blocks are the same as those of considered D barcodes. The first block of a receiver is the detection block which scans the printed D barcode with a mobile phone camera or even optical scanner. Fig. 4(d) and Fig. 4(e) illustrate the results of the detection block in a legal D barcode and an illegally copied D barcode, respectively. Then, the detection block quantizes the mean intensity within each partitioned area to obtain a gray-scale signal .
In the verification process, the receiver first generates the estimated embedding locations using (3) with the secret key . And, the can be generated without error () even when contains some error since is robust against input error, e.g., robust hash functions [29, 30]. According to the location specified by , the receiver extracts from through the extraction block and decodes it via a BCH Decoder to obtain . By comparing the values of and , the receiver makes a final authentication decision. For example, if the number of different bits between and is beyond a predetermined threshold , the questioned D barcode is judged as an illegal one; otherwise, it is a legal one. The specific value of threshold is determined by exploiting the characteristics of the illegal channel. The model analysis of illegal channel and parameter optimization of the proposed LCAC code are presented in the following two sections, Section IV, Section V, respectively.
Iv Theoretical Modeling of an Illegal Channel
This section describes the modeling process of an illegal channel based on various printers and scanners. A typical Print & Scan channel introduces several types of distortions, e.g., intensity variation, scaling, rotation, low-pass filtering, aliasing, and noise. The single print & scan (SPS) process has been modeled and analyzed . In this work, a series of experiments have been conducted to model an illegal channel in a DPS process. The devices used and the corresponding parameters are listed in Tab. I, where two printers, two scanners, and one mobile phone are chosen from various manufacturers. Here, the remaining parameters of these devices are set as their default values.
|Laser Printer 1||HP LaserJet P1108||1200 DPI|
|Laser Printer 2||FUJI P355D||600 DPI|
|CCD Scanner 1||BENQ K810||1200 DPI|
|CCD Scanner 2||EPSON V330||600 DPI|
|Mobile Phone||HONOR V20||48 MP|
Without loss of generality, the source and authentication messages are uniformly generated as two random sequences, thus, the number of symbols in different constellations are roughly equal. As illustrated in Fig. 7, a total of 16 combinations is available to emulate a DPS process with printers and scanners in Tab. I plus one combination of .
Similar to the findings in 
, by observing the experimental results, the intensity variation in the barcode over a DPS channel can be modeled with a generalized Gaussian distribution (GGD). For a GGD random variable (RV),i.e., there are three parameters, including the mean , the variance , and the shape factor . According to , the PDF and CDF of can respectively be given as
where , is the lower incomplete gamma function, is the gamma function, and represents a symbol decision function, i.e., , if , and otherwise.
Now we introduce how to estimate three parameters of a GGD distribution from experimental results. For a PAM signal with order , the transmitted signal is denoted by , , and the corresponding received signal through a channel is denoted by , , where is the total number of experimental results on each constellation point. Following , the sample mean and sample variance of are obtained as
The estimation of the shape factor is more difficult than the other two parameters. According to the results of [33, 34], we obtain generalized Gaussian ratio function which is a function of and is defined as
By setting , a feasible solution of can be found as
where an exhausted search approach is employed for solving the (9) to obtain an estimate of . Then, the value of gradually increases from zero and the search process is completed until . Although the GGD has been also employed in  to model the channel of a D barcode, there is a fundamental difference. It only considers the model of an SPS process rather than a DPS process in an illegal copying attack.
V Experiment Results
V-a Experimental Results of Channel Modeling
In our experiment, the parameters of our approach are given as follows: bits, bits, , bits, bits, , , bits, bits, and bits. Unless otherwise specified, our experiments follow these settings. First, the printing material is chosen as the A paper with weight from the Xerox. Second, an original D barcode with modules is printed on the chosen paper, where the printed size of each barcode is set as . Last but not least, each combination is repeated times to obtain the average results. The general experimental settings are summarized as follows:
Printing : HP LaserJet P printer in DPI on paper with grams per square meter (gsm), and a rendering size of cm;
Printing : FUJI PD printer in DPI on paper with gsm, and a rendering size of cm;
Scanning : BENQ K scanner in DPI;
Scanning : EPSON V scanner in DPI;
Camera Phone: HONOR V with MP resolution;
Barcode Design: A multilevel barcode with modules;
Capture Angle: Within degrees between the barcode image plane and the camera sensor plane;
Capture Distance: About cm in the in-focus case.
Lighting: lux for the bright case and lux for the dim case.
Four metrics of bit error rates (BERs) can be calculated to characterize the reception performance against channel distortion. The first two metrics are used to measure the robustness of the authentication message. The first metric is the demodulated BER of the authentication message which is calculated by comparing and , while the second metric is the decoded BER of the authentication message, , obtained by comparing and . Moreover, the remaining two metrics are used to represent the robustness of the source message, which also represents the covertness of the proposed LCAC code. The third metric is the demodulated BER of the source message, computed by comparing and , while the fourth metric is the decoded BER of the source message, by comparing and , and determined by the following formula: .
According to (6), (7) and (9), the estimation results of three parameters of illegally copied D barcode under combinations are given in Tab. II. We accumulated the samples obtained from each combination, and the blocks corresponding to the four gray values were superimposed respectively to calculate the frequency of the actual gray values. Then the corresponding histogram of the received signal constellations in an illegally copied D barcode and GGD approximation are shown in Fig. 8. We can see that the experimental results match well with a GGD approximation for all constellations except . It is conjectured that since the points of have the lowest intensity level as compared with the other constellations, which is more sensitive to the distortions in an illegal copying process .
Moreover, from Fig. 8, we can also obtain the following observations. First, by comparing the results of the subfigures in the first two rows of Fig. 8 with those in the last two rows, we find that the sample mean of in the former group is larger than those in the latter group, which is due to the different printers in the first printing process. Second, by comparing the results of the subfigures in the first and the third rows of Fig. 8 with those in the second and fourth rows, we find that the peak value of histogram at in the former group is smaller than those in the latter group, i.e., about and , which is determined by the chosen scanner in the first scanning process; Finally, by comparing the results of the subfigures in the first and third columns of Fig. 8 with those in the second and fourth columns, we find that the peak value of histogram at in the former group is smaller than those in the latter group, which is determined by the chosen scanner in the second scanning process.
V-B Advanced Illegal Copying Strategy
The experimental results given in the previous subsection are based on a simple illegal copying strategy, i.e., direct-copying (DC) attack. If an attacker can capture multiple printed samples of the same legal D barcode, he or she can utilize all samples to improve the probability of a successful attack. For example, the attacker first generates a synthesized D barcode with better quality by averaging the intensities over all received barcode samples and then illegally prints it. This strategy is termed as a synthesized-copying (SC) attack.
For convenience, the device combination of is chosen to emulate an SC attack. We still use a GGD to model an SC attack, i.e., , where is the number of synthesized samples. Similar to the equations from (6) to (9), three parameters are obtained as
Note that if , an SC attack reduces to a DC attack.
V-B1 Experimental Results at an Attack’s Receiver
The estimated parameters of an SC attack with (10), (11) and (12) are presented in Fig. 9. We can see that as increases, the sample mean gradually closes the corresponding ideal constellation point, and the sample variance decreases as expected. However, the decrease rates of the variance become slower gradually. For example, by comparing the case of for with that of , the variance is decreased from 28.20 to 24.48 and the decreasing ratio is . In contrast, by comparing the case of for with that of , the variance is only decreased from to and the decreasing ratio is . Thus, we can draw an important conclusion of an SC attack: although a synthesized operation can improve attack accuracy, this improvement gradually approaches a bottleneck.
V-B2 Experimental Results at a Legal Receiver
Through a synthesized operation, an attacker generates D barcode and prints it on a paper. Then, the legal receiver can scan it and perform authentication to detect an illegal copying D barcode. Now, we present the BERs analysis of an SC attack for a legal receiver, where both scanner and mobile phone are considered as the capturing device of a legal receiver, as shown in Fig. 10 and Fig. 11, respectively. From Fig. 10 and Fig. 11, we can see that as increases, the values of all BERs are decreased as expected. At the same time, the probability that the BERs is equal to also increases gradually with the increase of . For example, as shown in Fig. 10, when , and ; when , and . Here, denotes a probability measure. Moreover, by compare the results of Fig. 11 with those of Fig. 10, we find that the results under a mobile phone is better than those under a scanner. For example, as shown in Fig. 11, when , and ; when , and . The advantage under a mobile phone is because the selected mobile phone has better capturing resolution than that under the selected scanner, which is further verified in the next section by comparing the bias from the standard constellation point to the recovered constellation point. Note that, since the channel distortions in a DPS process are more severe than those of an SPS process, the legal receiver cannot always decode both the source and authentication messages without errors.
V-B3 Verification Decision in the Proposed LCAC code
Note that the main objective of this paper is to find an effective and low-cost approach to authenticate an illegal copying D barcode. Based on the experimental results of both Fig. 10 and Fig. 11, we consider two authentication approaches. In the first approach, the authentication decision is made by checking whether the source message can be ideally decoded, i.e., . In the second approach, the authentication decision is made by checking whether the authentication message can be ideally decoded, i.e., . Thus, the results of both and are also provided in both Fig. 10 and Fig. 11.
Although the first authentication approach is simple even no embedding of authentication message, it has two obvious drawbacks. First, as increases, the value of is obviously increased, which lowers the efficiency of the first approach. Second, the parameters of a source message are predetermined according to certain considered of a D barcode, and it cannot be arbitrarily changed for improving the authentication accuracy. In contrary, the second authentication approach is a better option, although the value of is also increased as increases. This is because the parameters of an authentication message are freely adjustable to improve the authentication accuracy, which overcomes the second drawback of the first authentication approach and is the most attractive feature of the proposed LCAC code. Therefore, we use the second authentication approach as the authentication decision block of the receiver in the proposed LCAC code, as shown in Fig. 6, which is specifically described as the following definition.
Definition 1: The authentication decision block of the receiver in the proposed LCAC code identifies the captured D barcode as an illegal copying one, if , where is a threshold of the authentication decision.
Note that a smaller value of corresponds to higher security, e.g., indicates that the captured D barcode is identified as an illegal copying one if there is any decoded error. However, a false rejection decision may accidentally occur, since there is also a decoded error () for a legal D barcode under some unideal situations, e.g., the resolution of a capturing device is not sufficiently high or the lighting is poor. Thus, the value of should not be set too small to avoid false decision. On the contrary, the value of also should not be set too large, otherwise, it will increase the success possibility of illegally-copying attacks. In the next section, the criterion for selecting will be discussed based on the chosen device and the parameters of the proposed LCAC code can then be optimized.
Vi Optimization of Embedding Parameters
In this section, we optimize the parameters of the proposed LCAC D barcode in order to increase the cost of copying attack and achieve a better anti-copying effect, which consists of four steps. First, the experimental results of modeling for an SC attack is presented. Second, based on the modeling results, a prediction function is established. Third, based on the prediction function, the parameters of the proposed LCAC code will be optimized. Finally, the selection of is discussed and experimental results are given.
Vi-a Experimental Results of Modeling for an SC Attack
Although the modeling results of an SC attack given in the previous subsection work well, it is mathematically intractable to obtain an exact theoretical expression for the sum of multiple GGD RVs. Thus, we propose a simple method to simplify the process of establishing the prediction function. First, following , we assume the sum of multiple GGD RVs can be approximated by a new GGD RV, i.e., . Then the three parameters of the new GGD RV can be estimated as follows. It should be noted that we have fitted all three parameters of the curve, which is a process of correction. According to the actual fluctuations of each parameter, we used a variety of common curve fitting functions (Exponential, Gaussian, Linear Fitting, Polynomial, Power with one term or two terms and so on) for correction, and finally chose one of them with the smallest error.
According to (10), (11) and (12), the estimates of three parameters of a GGD approximation for an SC attack under cases under a mobile phone are given in Tab. III. Then the corresponding normalized histogram of the received signal points in an illegally copied D barcode and GGD approximation for an SC attack are given in Fig. 12. Similar to Fig. 8, Fig. 12 shows that the experimental results match well with a GGD approximation for all constellation points except . As increases, we obtain two conclusions. First, the sample mean of all received signal points gradually close the ideal constellation point. Second, the sample variance of all received signal points gradually decreases except that , which indicates the complexity of a DPS process and the model is more accurate in the mid-range region of the histogram.
Vi-B Prediction Function
In the previous section, through experimental results, we find that as increases, the success possibility of an SC attack is increased. It is desirable to optimize the parameters of the proposed LCAC code (, and ) to lower the success possibility of an SC attack. In other words, the attacker has to increase the value of to satisfy the condition of authentication decision, i.e., . The attacker is required to obtain more numbers of legal D barcodes from the manufacturer, which significantly increases the cost of illegally-copying attacks. If the manufacturer can predict the value of , the used times of a D barcode can be determined to make a tradeoff between the costs of production and illegal copying. Specifically, a larger corresponds to a lower production cost but increase the cost of illegally-copying attacks and vice versa. An extreme case is that if the D barcode generated by the merchant is unique, then his production cost is very high, and the return is that the attacker cannot generate an illegal D barcode through synthetic attacks. So we need to make a trade-off to estimate a reasonable .
It is tedious and difficult to predict the value of by modeling an SC attack based on various experiments and all numbers of synthesized samples. It is even impossible under certain situation, e.g., the device used by an attacker is unknown to the manufacturer. Thus, this paper considers a feasible solution to predict the value of . Specifically, we first establish a prediction function based on the modeling results of an SC attack with a finite number of synthesized samples. Then, based on the prediction function, the manufacturer can effectively estimate the value of .
First, we use a power fitting function with two variables to estimate as
where represents the estimated number of synthesized samples, two variables ( and ) are obtained according to .
Second, we use a power fitting function with three variables to estimate as
where three variables (, , and ) are obtained according to .
Third, since from Tab. III., we can see that the value of the shape factor fluctuates around a certain constant, we directly use an average fitting function to estimate as
Based on the results of Tab. III, prediction functions under a mobile phone are devised. For the mobile phone , the estimated parameters and predicted parameters for are illustrated in Fig. 13, where , , , , and . From Fig. 13, we can see that the estimated parameters oscillate around the predicted parameters, which verifies the efficacy of the prediction function.
Vi-C Parameter Optimization
Based on a prediction function , we can predict and even . Due to the space limitation, we briefly introduce how to obtain . First, the BER of certain constellation point can be calculated as
where represents decision threshold, e.g., the case of , , , , , and , is a correction factor, e.g., the case of , for ; otherwise , represents a CDF based on the predicted parameters, expressed as
Then the theoretical expressions of is given as
Now we introduce a simple strategy of parameter optimization (, and ) for the proposed LCAC code to increase the cost of illegally-copying attacks. First, by considering the impact of embedding operation on the source message, the value of is determined to satisfy the covertness requirement of the proposed LCAC code. Second, through some experimental results under a practical condition, the value of is determined to correctly decode the authentication message for satisfying the robustness requirement of the proposed LCAC code. At last, based on a prediction function, the value of is optimized to achieve a tradeoff between the production cost and the cost of illegally-copying attacks. In the next subsection, the experimental results of the parameter optimization are presented.
Vi-D Experimental Results
In this subsection, we present the experimental results under a mobile phone in both Fig. 14 and Fig. 15, where the other parameters are the same as those of Tab. I. Fig. 14 shows the instantaneous BER of authentication message for a legal D barcode, while Fig. 15 shows the average BER of authentication message for an SC attack. The authentication threshold is also illustrated in Fig. 14 for a comparison purpose. From Fig. 14, we can see that some non-zero instantaneous occurs occasionally although most of them are zero. Thus, under the current conditions, we set the value of as the maximum instantaneous , i.e., for satisfying the robustness requirement of the proposed LCAC code.
Fig. 15 shows the average simulation results of and based on a prediction function, and the theoretical results of defined in (19). From Fig. 15, we can see that the average simulation results of matches perfectly with the corresponding theoretical results. As the estimated number of synthesized samples increases, the values of both and gradually decrease as expected. Moreover, two cases of ( and ) are simultaneously illustrated in Fig. 15, which indicates that the can be controlled by setting the value of . Based on this trend, the value of can be determined by making , when the estimated number of synthesized samples is beyond a certain value. A simple example is given as follows to verify the efficacy of the parameter optimization.
|Parameters||, and||, and|
Based on the experimental conditions of Fig. 14, a BER comparison between before and after optimizations are given in Tab. IV, where the threshold is set as . From Tab. IV, we can see that, before optimization, the average value of equals to for an SC attack with , and even equals to . After optimization, the value of is increased from to , which indicates that the error correction capability of authentication message is reduced from to . Then, the average value of is increased to for an SC attack with , and obviously drops to . While an attacker should increase the number of synthesized samples to , the probability of attack success can be improved to a similar level which happens before optimization. In other words, the results predicted in Fig. 15, before the parameter optimization can be successfully attacked whereas after the parameter optimization can be successfully attacked. Thus, an attacker should increase the number of synthesized samples to achieve the probability of attack success as a similar level which happens before optimization, as shown in Fig. 15. After supplementing the experiment, we can find that the prediction and optimization is still effective, that is,