+ All Categories
Home > Documents > 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649,...

1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649,...

Date post: 18-Dec-2015
Category:
View: 216 times
Download: 0 times
Share this document with a friend
58
1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643- 649, April 2001 Multimedia Security
Transcript
Page 1: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

1

A Buyer-Seller Watermarking Protocol

IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001

Multimedia Security

Page 2: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

2

Invisible Watermark

Copy Deterrence Copy protection

• If unauthorized copies of the data are found, the origin of the copy can be determined by retrieving the unique watermark corresponding to each buyer. → Fingerprinting.

• Every time a copy is made the watermark can be modified by the hardware and after a point the hardware would not create further copies of the data. →DVD

Page 3: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

3

Problems of the Traditional Fingerprinting Techniques

products watermarked

Seller embedding buyers products

watermarks

(Fingerprints)

Since the watermark is inserted solely by the seller.

A buyer whose watermark has been found in unauthorized copies can claim that the unauthorized copy was created by the seller!

Page 4: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

4

This could be done by a malicious seller who may be interested in framing the buyer. It could be possible when the seller is not the original owner but a reselling agent who could potentially benefit from making unauthorized copies.

Even if the seller was not malicious, an unauthorized copy containing the buyers’ fingerprint could have originated from a security breach in the sellers system and not from the buyer.

Page 5: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

5

The Owner-Customer Watermarking protocol

• A customer supplies the owner with an Encrypted version of a predetermined and fixed bit-sequence.

• Upon receiving this, the owner embeds the Encrypted sequence into the image using an Invisible watermark algorithm.

• This watermarked copy is then transmitted to the buyer.

Since only the buyer knows the decryption key, he can prove to a third party the legitimate ownership of the copy in his possessions.

Page 6: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

6

However, the protocol does not solve the problem of Irrevocably Binding (不能變更的約束) the customer the specific copy sold to him and holding him responsible for any unauthorized copies of the same found in the market.

Page 7: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

7

This is because the owner knows the exact copy in each buyers possession and the buyer can claim that an unauthorized copy was created by the seller or caused by a security breach in the seller system.

Page 8: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

8

What kind of protocol will work better?

• The seller does not get to know the exact watermarked copy that the buyer receives.

→ the seller cannot create copies of the original content containing the buyers watermark.

Page 9: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

9

• In case the seller finds an unauthorized copy, she can identify the buyer from whom this unauthorized copy has originated and furthermore also prove this fact to a third party by means of “Dispute Resolution (爭論(執)決議案) protocol”.

The dispute resolution protocol is a three-party protocol and requires the buyer to participate in order to prove his innocence in case the seller accuses him of making unauthorized copies.

Page 10: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

10

Common/Mutual Agreement

• If a buyer refuses to participate then this would be taken as an admission of guilt on the part of the buyer.

Page 11: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

11

Image X →a vector of features,

and Watermark W → a vector of watermark elements with n m.≧Assume “Linear Watermarking Techniques” is adopted ,that is, the watermark insertion step can be represented as :

nxxxX ,...,, 21

mwwwW ,...,, 21

Page 12: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

12

W

X

X

WXX

watermarked image

original image

watermark information being embedded

insertion operation

where

nmmm xxwxwxWX

meanweWXBy

,...,,,..., 111

Page 13: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

13

We assume the existence of a “Public Key Cryptosystem” that is “Privacy Homomorphism” with respect to the binary operator ⊕.

By privacy homomorphism w.r.t. we mean it ⊕has the property that

for every a and b in the message space.

where, is the encryption function and k is the public (encryption) key.

• RSA public key cryptosystem is a privacy homomorphism w.r.t. multiplication.

bEaEbaE kkk

.kE

Page 14: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

14

The Buyer-Seller Watermarking Protocol

There are 4 subprotocols in the buyer-seller watermarking protocol:

Watermark Generation Watermark certification

Bob Protocol Authority. C

Watermark Insertion

Alice Protocol Bob

Copyright Violator

Alice Identification Protocol Judge

Dispute Resolution

Alice Protocol Bob

Page 15: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

15

Alice : the agent selling the content

Bob : the buyer

Alice and Bob have public keys and private keys , respectively, and all of which have been registered with appropriate certification authority.

BA KandKBA KandK

Page 16: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

16

• There is a trusted watermark certification authority, C, who generates random watermarks in the required manner and issues them to any user upon request.

• The watermark certification authority is memoryless and does not maliciously or otherwise keep track of the different watermarks issued to different users.

Page 17: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

17

The Watermark Generation Protocol

Bob send certification of Bob’s identity C

Bob’s public key request

valid watermark

C : after establishing Bob’s credentials, generates a random but valid watermark W and sends to Bob “ ”, the watermark encrypted with Bob’s public key, along with a digital signature that certifies the validity of the watermark.

wEBK

wESignBKC

Page 18: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

18

By we mean

That is, each of the individual elements of the watermark W are encrypted as separate messages but with the same key.

wEBK

nKKK

nKK

wEwEwE

wwwEwE

BBB

BB

,...,,

,...,,

21

21

Page 19: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

19

ID,

Bob C

wESignwEBB KCK ,

BK

the Watermark Generation Protocol

Page 20: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

20

The Watermark Insertion Protocol

This is a two-party protocol between Alice and Bob which proceeds as follows.

(1) Bob sends to Alice the encrypted watermark, , along with the signature of the certification authority C.

Alice verifies in order to be sure that

is indeed a valid watermark generated by C.

wEBK

wEBK

wESignBKC

wESignBKC

Page 21: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

21

(2) Let X denote the image that Bob wishes to purchase from Alice. Alice generates a unique watermark for this transaction, V, which she inserts into the image X to get the watermarked image .

In this step, Alice is free to use any watermarking scheme of her choosing, public or private, spatial domain or transform domain, linear or nonlinear.

X

Page 22: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

22

The sole purpose of the watermark V is to enable Alice to identify the specific user an illegal copy has potentially arisen from. That is, V is not the watermark the Alice will use to prove that Bob has made illegal copies of an image.

Page 23: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

23

(3) Alice then generates a random permutation σof degree m which she uses to permute the elements of the encrypted watermark received from Bob. That is, Alice computes

The above is true as is of the form

and “Permuting first and Encrypting later” gives us the same result as “Encrypting first and permuting later”.

wEBK

wEBK

wEwEBB KK

nKK wEwEBB

,...,1

Page 24: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

24

(4) Alice inserts the “permuted watermark” obtained above as a second watermark into the already watermarked image .

Since the watermark received from Bob is encrypted with Bob’s public key , Alice inserts this second watermark in the encrypted domain also using which is known to her.

Inserting a watermark in the encrypted domain is possible as we assume that the public-key cryptosystem being used is a “Privacy Homomorphism” with respect to . ⊕

BK

BK

'X

Page 25: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

25

Alice computes,

Alice then transmits to Bob. xEBK

ˆ

wxE

wExExE

B

BBB

K

KKK

ˆ

Page 26: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

26

(5) Alice stores ID of Bob, and σ in Table X. Table X is a table of records maintained by Alice for image X containing one entry for each copy of X that she sells.

wESignVwEBB KCK ,,

Page 27: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

27

The table contains the identity of the buyer, the unique watermark V known only to her that corresponds to the particular buyer, the encrypted watermark which she received from the buyer along with the certificate authorities signature attesting the validity of the watermark, and finally the permutation σthat she used to permute the encrypted watermark before inserting into the copy which was sold to the buyer.

wEBK

wESignBKC

Page 28: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

28

(6) Bob decrypts the data he received from Alice to obtain a watermarked image . That is Bob computes

where is the private decryption key corresponding to the public encryption key

and D(.) is the decryption function.

wxxxEDBB KK ˆˆ

BK

BK

Page 29: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

29

Now Bob has a watermarked copy of X that Alice cannot reproduces since she does not know the corresponding private key .

Also, since Bob does not know σhe cannot remove σ(w) from even through he knows W. Neither can he remove V which is also unknown to him.

BK

Page 30: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

30

The copyright Violator Identification Protocol

On discovering an unauthorized copy of X, say Y, Alice can determine the buyer from whom this copy has originated by detecting the unique watermark that she inserted for each buyer.

This is done by means of a watermark extraction function Ex which takes Y, and depending on the watermarking technique, X as inputs.

Page 31: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

31

Let U denote the watermark that is returned by the watermark extraction function Ex(X,Y). Using this extracted watermark U Alice then locates the buyer in Table X to whom Y was sold. The exact mechanism for locating the buyer in Table X depends on the watermarking technique used.

Page 32: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

32

For robust watermarks, this would generally be accomplished by “Correlating” U with every watermark V in Table X and selecting the one with the highest correlation beyond a confidence threshold. Once this V is located in Table X, Alice reads the Buyer ID field to obtain the identification of the buyer from whom this copy has originated.

If U cannot be matched to any watermark V in Table X, then the protocol returns failure.

Page 33: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

33

The Dispute Resolution Protocol

In case Bob denies that an unauthorized copy Y has originated from his version of the image, Alice can reveal σ and and to the judge.The judge first verifies He would then ask Bob for his “Private Key” using which he can compute W and check for the presence of σ(w) in Y.

wEBK

wESignBKC

wESignBKC

Page 34: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

34

Actually, Bob need not reveal his private key, as this is undesirable. He could just reveal (w) to the judge by decrypting . The judge could then verity W by encrypting it with Bob’s public key and checking if it equals to

After verifying W, the judge can then run the watermark extraction algorithm on Y and check if σ(w) is indeed present in Y.

If σ(w) is found in Y, Bob is found guilty otherwise Bob is innocent.

wEBK

wEBK

Page 35: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

35

Note that the dispute resolution protocol is a “three-party” protocol. Bob has to take part in the protocol by revealing W to the judge!

Constraints of this protocol :(1) the cryptosystem must be a privacy

homomorphism w.r.t.⊕(2) The certification authority is trustful (Not

malicious).(3) The buyer must participate in the dispute

resolution protocol.

Page 36: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

36

An Example Construction

Watermarking : Spread-Spectrum technique.Cryptosystem : RSA public-key system.

real numbers draw from a zero-mean, variance-1, Gaussian distribution, this set of real numbers is embedded into the m largest DCT AC coefficients of an image. That is,

where α is a small constant.

mwwwW ,...,, 21

mm xxxX ,...,, 21

iii wxx 1

Page 37: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

37

A 2-D IDCT is than taken,yielding the watermarked image .To determine if a given image Y contains the watermark W, the decoder extracts from Y by taking the largest m DCT AC coefficients of Y and subtracting their value from , that is, The confidence measure on the presence of the watermark W in Y is taken to be the correlation between W and T.

mtttT ,...,, 21

iii yxt ix

'X

Page 38: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

38

The adopted RSA public key system operates in , where n is a product of two very large primes p and g.A message x is then encrypted as

where a is the public encryption key and the corresponding decryption function is

where b is the private decryption key.

nxxEy aa mod

nyyEx bxb

mod

nZ

Page 39: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

39

For a practical implementation, the samples would be truncated to some fixed precision, say 64 bits. They would then be used to generate the watermark and encrypting them, element by element, with Bob’s public key. This encrypted watermark vector along with its signature is transmitted to Bob who may keep a copy of it before transmitting to Alice.

meff wwW 1,...,1 1

wEBK

Page 40: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

40

Alice then inserts her own watermark V into the original image X to get . V could be based on any watermarking technique of her choice. She then permutes the elements of and embeds them into the m largest AC coefficients by computing

wEBK

wxE

wExE

wExEx

B

BB

BB

K

KK

KK

ˆ

'X

Page 41: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

41

Since the RSA cryptosystem has the property that , the watermark W gets embedded into the image in the encrypted domain.

Here again, each DCT coefficient can be represented with some fixed precision, say 64 bits.

In order for Bob to be able to recover xy, we have to select the modulus n of RSA to be large enough such that xy < n. (i.e. n should be at least 128 bits)

xyEyExE

Page 42: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

42

Alice transmits this encrypted and doubly watermarked image to Bob who can decrypt and then compute an IDCT to get his unique watermarked copy.

Since Alice has permuted the elements of W, Bob cannot remove W from his copy although he is the only party (aside from the watermark certification authority which we assumed is memoryless) that knows W.

Also Alice can only compute an “encrypted version” of Bobs unique copy which is useless as she cannot decrypt and distribute to falsely frame Bob.

Page 43: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

43

The security of purposed protocol relies critically on the security of the underlying watermarking and encryption techniques used in the specific construction.

RSA : secure if properly used

watermarking : the ability to withstand attacks is still under question

→the proposed protocol is secure only as much as the underlying watermarking techniques are secure and robust.

Discussion – Attacks, Weakness, and Countermeasures

Page 44: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

44

The protocol with “Malicious Participants”

A. Watermark Generation Protocol

If the encryption and digital signature techniques used are secure, and the underlying public key infrastructure (PKI) enables the watermark certification authority to reliably verify Bob’s identity then there is no way Bob could change or substitute the watermark. Furthermore, inclusion of a time stamp along with information about the transaction would prevent Bob from replacing the watermark with an older one he may have obtained previously from the watermark certification authority.

Page 45: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

45

Since the different watermark elements are being encrypted individually, the “precision” with which the watermark is being represented can have “significant” impact on the security of the encryption.For example, if each watermark element has 32 bits of precision then Alice (the seller) can exhaustively try all possible watermark elements and completely determine W.Hence each element in W must at least have 64 bits of precision (preferably 128) to make such brute force attacks infeasible.

322

Page 46: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

46

B. Watermark Insertion Protocol

• Alice inserts a watermark V which she can later use to determine the source of an illegal copy. – it is against her own interest not to perform this step in the right manner.

• Alice inserts σ(w) into . – it is against her interest not to perform this step in the proper manner.

'X

Page 47: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

47

For example, Alice could use a watermark obtained from another user obtained from a prior transaction. This serves no purpose as it would result in a severely corrupted image when Bob decrypts the encrypted watermark image with his own key.

This is because the watermark and image would have been encrypted with different keys.

Page 48: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

48

Alice could also use a watermark obtained from Bob, but from a prior transaction. This could be revealed during the dispute resolution protocol and as a result Alice will no longer be able to prove to an adjudicator (判決者) that Bob has made illegal copies.This is against her interest.Also, since the watermark W sent to her by Bob is encrypted, she has no way of gleaning (蒐集 ) any information about it as long as the underlying encryption scheme is secure.

Page 49: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

49

C. Copyright Violator Identification

At this point Alice could try and find another watermark inserted into the copy of another buyer, say Trevor, that is declared present in the image by the watermark detection function. – a false positive.

In this case, Alice could conceivably hold Trevor responsible for the illegal copy.

Page 50: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

50

Since the different watermarks inserted into different copies of the content have been generated randomly by the watermark certification authority, they are uncorrelated and it is highly unlikely that Alice would detect a false positive in the relatively small number of instances which she has at her disposal (處置權,配置權 ) to try.This is especially difficult as she has no knowledge about the watermark inserted in Trevor’s copy and has seen it only in the encrypted form.

Page 51: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

51

If Alice obtains a copy of the image sold to Bob, that is I+V+σ(w), she can compute W as she knows I, V, and σ. However, this really is of no use to her as now she has a copy of the image sold to Bob she can in any case make as many copies of it as she wants, whether she knows W or not.

Page 52: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

52

Removing σ(w) also is of no use as she already knows I+V. Nor can she embed W in another image with malicious intent as W is bound to the specific transaction between Alice and Bob by the signed message she received from the watermark authority which she has to produce in case of dispute resolution.

Page 53: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

53

D. Dispute Resolution Protocol

Can Alice fabricate evidence?

The answer is no. As she does not know W she is unable to do this. Bob on the other hand can refuse to cooperate, but as mentioned before, this would be taken as an admission of guilt.

Page 54: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

54

For example, when the Judge asks Bob for W, Bob can send some random watermark T instead. However, Alice has presented the Judge with a signed and encrypted copy of W and this would not match with . If the watermark certification authority is to be trusted, Bob would be considered the culprit (罪犯 ).

TEBK

X

Page 55: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

55

E. Watermark Certification Authority

The most undesirable feature of the proposed protocol is the requirement of a watermark certification authority C who generates valid watermarks upon request, and sends them along with a time-stamp and a digital signature.

Given the current structure of the proposed protocol, the watermark W needs to originate from a third party.

Page 56: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

56

Otherwise, Bob could generate a malicious designed watermark that would be approximately “invariant to permutation” and send this to Alice. Since Alice only sees the encrypted watermark she is unable to tell the difference between a valid watermark and an invalid watermark.A simple way of avoiding this problem is to originate the watermark from an independent and trusted third party.

Page 57: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

57

Placing complete trust in a single source is still undesirable. For example, if Alice and C collude (串通 ) then they can frame Bob.Similarly if Bob and C collude then they can cheat Alice.However, C by itself cannot cheat as it knows only W and not σ, just as Bob.Nevertheless, the requirement of a trusted watermark certification authority can indeed be reduced by using some sophisticated tools from cryptography, like “oblivious transfers and blind signatures”.

Page 58: 1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

58

Another undesirable consequence is that the watermark is generated by the watermark certification authority, the seller may not possible to “shape” the watermark to the given image in order to make it perceptually imperceptible. This will restrict the “strength” of the watermark signal which in turn effects the robustness of the underlying watermarking technique.


Recommended