What are different types of attacks that are used to manipulate forensic watermarks?

Due to the recent surge in streaming and OTT content, copyright protection and video piracy have gained a lot of attention, especially among content creators, owners, and distributors. This has increased the adoption of digital watermarking techniques to enhance the security of DRM protected content.

However, adversaries often try to compromise forensic video watermarking by attacking either the robustness or security of the watermarking technique. Some common attacks used to manipulate forensic watermarking techniques are:

1. Copy attack: The attacker obtains a legitimate watermark from a watermarked content and copies or embeds it into another carrier (an unwatermarked work).
2. Ambiguity attack: This attack generates a fake watermark from a watermarked work to puzzle the detector, thereby leading to ambiguity in the ownership of the content. It is also known as the IBM attack or Craver attack.
3. Collusion attack: In this type of attack, the attacker has more than one watermarked work with the same watermark which helps in identifying the pattern of the watermark. The attacker could also possess several copies of the work, each with a different watermark, which can then be combined to make the watermarks undetectable.
4. Oracle attack: Here, the attacker can apply a few modifications to the work to find out whether they are within the detection range or not. Repeating this process of modification and testing provides the adversary with information about the detection algorithm. Sensitivity analysis attack and gradient descent attack are two well known attacks under this category.
5. Simple attack: In this case the embedded watermark is harmed without recognizing it. It is also called noise or waveform attack. Examples are waveform based compression, addition of noise, gamma correction, etc.
6. Cryptographic attack: This attack breaks the security method in the watermarking technique to find the mode of removal of the information in already inserted watermarks.
7. Pathological distortions: These attacks involve removal or masking of the watermark to prevent detection. The most common types of pathological distortions are linear filtering and noise removal, and geometric/temporal distortions (synchronization attack).
8. De-synchronization attack: This attack is aimed at making the detection of watermark tough by misaligning the watermark and the detector.

Thus, in order to counteract these attacks, video watermarking systems must be made as secure as possible while maintaining the robustness of the watermarking schemes against such type of attacks.