Text Watermarking,Text watermarking Techniques,Survey text watermarking,
A Buyer-Seller Watermarking...
Transcript of A Buyer-Seller Watermarking...
A Buyer-Seller Watermarking Protocol
Nasir Memon∗
Polytechnic UniversityPing Wah Wong
Apalo.com
Abstract
Digital watermarks have recently been proposed for the purposes of copy protec-tion and copy deterrence for multimedia content. In copy deterrence, a content owner(seller) inserts a unique watermark into a copy of the content before it is sold to abuyer. If the buyer sells unauthorized copies of the watermarked content, then thesecopies can be traced to the unlawful reseller (original buyer) using a watermark detec-tion algorithm. One problem with such an approach is that the original buyer whosewatermark has been found on unauthorized copies can claim that the unauthorizedcopy was created or caused (for example, by a security breach) by the original seller.In this paper we propose an interactive buyer-seller protocol for invisible watermarkingin which the seller does not get to know the exact watermarked copy that the buyerreceives. Hence the seller cannot create copies of the original content containing thebuyer’s watermark. In cases where the seller finds an unauthorized copy, the seller canidentify the buyer from a watermark in the unauthorized copy, and furthermore theseller can prove this fact to a third party using a dispute resolution protocol. Thisprevents the buyer from claiming that an unauthorized copy may have originated fromthe seller.
∗N. Memon was partially supported by NSF Grant NCR-9996145.
1
1 Introduction
Recent years have seen a rapid growth in the availability of multimedia content in digital
form. Given the ease by which content in digital form can be duplicated there has been
an increasing interest in developing copy protection or copy deterrence mechanisms. Digital
watermarks represent one particular approach that have been proposed for solving these
problems [14, 22]. A watermark is a secret key dependent signal added to digital data
(namely audio, video or an image) which can later be extracted or detected to make an
assertion about the data. In general, the watermark could be visible or invisible1. A visible
watermark typically contains a conspicuously visible message or a company logo indicating
the ownership of the image. On the other hand, invisibly watermarked content appears
perceptually identical to the original. The existence of an invisible watermark can only be
determined using an appropriate watermark extraction or detection algorithm. In this paper
we restrict our attention to invisible watermarks. For some excellent and recent reviews on
invisible watermarking techniques the reader is referred to [5, 10, 21]
Invisible watermarks can potentially be used for both copy protection and copy deterrence
applications. For an example of a copy protection application, consider a closed system where
the multimedia content needs special hardware for copying and/or viewing. An invisible
watermark can be inserted into this content indicating the number of copies, if any, that will
be permitted by the hardware. Every time a copy is made the watermark can be modified
by the hardware and after a point the hardware would not create further copies of the data.
An example of such a system is being standardized for the second generation Digital Video
Disc (DVD) [1, 13].
Copy deterrence, on the other hand, is achieved by a mechanism that can trace unau-
thorized copies to the original owner of the content. For example, in applications where
multimedia content is electronically distributed over a network, the content owner can em-
1In a strict sense this terminology is incorrect when watermarking other forms of multimedia data suchas sound clips. We say “visible” and “invisible” when in a wider sense we mean “perceptible” and “imper-ceptible” respectively.
2
bed a distinct watermark, (a fingerprint), in each copy of the data that is distributed. If,
at a later point in time, unauthorized copies of the data are found, then the origin of the
copy can be determined by retrieving the unique watermark corresponding to each buyer.
This discourages unauthorized duplication and distribution. For such a scheme to work, the
watermark clearly needs to be invulnerable against deliberate attempts to forge, remove or
invalidate.
One problem, first identified in [17], with traditional watermarking based fingerprinting
techniques is that the watermark is inserted solely by the seller. A buyer whose watermark
has been found in unauthorized copies can claim that the unauthorized copy was created by
the seller! This could be done for example, by a malicious seller who may be interested in
framing the buyer. It could also be possible when the seller is not the original owner but a
reselling agent who could potentially benefit from making unauthorized copies [17]. Finally,
even if the seller was not malicious, an unauthorized copy containing the buyers fingerprint
could have originated from a security breach in the sellers system and not from the buyer.
In order to deal with this problem, Qian and Nahrstedt [17] propose a owner-customer
watermarking protocol. In this scheme, a customer supplies the owner with an encrypted
version of a pre-determined and fixed bit-sequence. Upon receiving this, the owner embeds
the encrypted sequence into the image using an invisible watermarking algorithm. This wa-
termarked copy is then transmitted to the buyer. Since only the buyer knows the decryption
key, he can prove to a third party the legitimate ownership of the copy in his possession.
However, the protocol does not solve the problem of irrevocably binding the customer the
specific copy sold to him and holding him responsible for any unauthorized copies of the
same found in the market. This is because, as with traditional fingerprinting, the owner
knows the exact copy in each buyers possession and the buyer can claim as mentioned above
that an unauthorized copy was created by the seller or caused by a security breach in the
sellers system.
In this paper we propose an interactive buyer-seller protocol for invisible watermarking
3
in which the seller does not get to know the exact watermarked copy that the buyer receives.
Hence the seller cannot create copies of the original content containing the buyers watermark.
However, in case the seller finds an unauthorized copy, she can identify the buyer from whom
this unauthorized copy has originated and furthermore also prove this fact to a third party by
means of dispute resolution protocol. Hence, the buyer cannot claim that an unauthorized
copy may have originated from the seller. The watermark embedding protocol is based on
public key cryptography and has little overhead in terms of the total data communicated
between the buyer and the seller. The dispute resolution protocol is a 3-party protocol and
requires the buyer to participate in order to prove his innocence in case the seller accuses
him of making unauthorized copies. If a buyer refuses to participate then this would be
taken as an admission of guilt on the part of the buyer.
The rest of this paper is organized as follows: in the next section we first give a general
description of our protocol which is followed by an explicit construction in section 3. In
section four we discuss possible attacks. In section five we conclude and discuss future
avenues of research.
2 The Buyer-Seller Watermarking Protocol
Before we describe the watermarking protocol in detail, we first establish some notation,
introduce some terminology, and state certain assumptions. For ease of exposition we assume
that the content being sold is a still image, though in general the protocol is also applicable to
audio and video data. We view an image X to be a vector of “features” X = {x1, x2, . . . , xn}and the watermark as a vector of “watermark elements” W = {w1, w2, . . . , wm} with n ≥m. We restrict our attention to linear watermarking techniques where the watermarking
insertion step can be represented as:
X ′ = X ⊕W (1)
4
where X ′ is the watermarked image, X is the original image, W is the watermark information
being embedded, and ⊕ is the insertion operation. By X ⊕W we mean
X ⊕W = {x1 ⊕ w1, . . . , xm ⊕ wm, xm+1, . . . , xn}. (2)
We assume the existence of a public key cryptosystem that is a privacy homomorphism
with respect to the binary operator ⊕. By privacy homomorphism with respect to ⊕ we
mean it has the property that
EK(a⊕ b) = EK(a)⊕ EK(b) (3)
for every a and b in the message space. Here EK(·) is the encryption function and K is the
public (encryption) key. For example, the well known RSA public key cryptosystem [18] is a
privacy homomorphism with respect to multiplication [20]. A public key encryption function
that is a privacy homomorphism with respect to addition is given in [3].
The Buyer-Seller watermarking protocol that we present in this section has four sub-
protocols as shown in Figure 1: Watermark generation protocol, Watermark insertion pro-
tocol, Copyright violation detection protocol and Dispute resolution protocol. In our presen-
tation of the protocol we assume that Alice is the agent selling the content and Bob is the
buyer. We assume that Alice and Bob have public keys KA and KB respectively, and the
corresponding private keys K ′A and K ′
B, all of which have been registered with appropriate
certification authorities.
Finally, we assume there is a trusted watermark certification authority who generates
random watermarks in the required manner and issues them to any user upon request.
For clarity of exposition, we first describe our buyer-seller watermarking protocol assuming
the watermark certification authority is memoryless and does not maliciously or otherwise
keep track of the different watermarks issued to different users. Later, we discuss how this
assumption can be weakened. We now describe the four sub-protocols in general terms.
5
2.1 Watermark generation protocol
Bob sends a certification of his identity and his public key to the trusted watermark certifi-
cation authority C and requests a valid watermark. The watermark certification authority,
after establishing Bob’s credentials, generates a random but valid watermark W and sends to
Bob EKB(W ), the watermark encrypted with Bob’s public key, along with a digital signature
SignC(EKB(W )) that certifies the validity of the watermark. Note that by EKB
(W ) we mean
EKB(W ) = EKB
({w1, w2, . . . , wn}) = {EKB(w1), EKB
(w2), EKB(wn)}. (4)
That is, each of the individual elements of the watermark W are encrypted as separate
messages but with the same key.
2.2 Watermark insertion protocol
This is a 2-party protocol between Alice and Bob which proceeds as follows:
1. Bob sends to Alice the encrypted watermark, EKB(W ), along with the signature
SignC(EKB(W )) of the certification authority C. Alice verifies SignC(EKB
(W )) in
order to be assured that EKB(W ) is indeed a valid watermark generated by C.
2. Let X denote the image that Bob wishes to purchase from Alice. Alice generates a
unique watermark for this transaction, V , which she inserts into the image X to get the
watermarked image X ′. Note that in this step Alice is free to use any watermarking
scheme of her choosing, public or private, spatial domain or transform domain, linear
or non-linear. The sole purpose of the watermark V is to enable Alice to identify the
specific user an illegal copy has potentially arisen from. That is, V is not the watermark
the Alice will use to prove that Bob has made illegal copies of an image.
3. Alice then generates a random permutation σ of degree m which she uses to permute
the elements of the encrypted watermark EKB(W ) received from Bob. In other words,
Alice computes
σ(EKB(W )) = EKB
(σ(W )). (5)
6
The above is true as EKB(W ) is of the form {EKB
(w1), EKB(w2), EKB
(wn)} and per-
muting first and encrypting later gives you the same result as encrypting first and
permuting later.
4. Alice inserts the permuted watermark obtained above as a second watermark into the
already watermarked image X ′. Since the watermark received from Bob is encrypted
with Bob’s public key KB, Alice inserts this second watermark in the encrypted domain
also using KB which is known to her. Inserting a watermark in the encrypted domain
is possible as we assume that the public-key cryptosystem being used is a privacy
homomorphism with respect to ⊕, the operation that inserts a watermark in the image.
That is, Alice computes
EKB(X̂) = EKB
(X ′)⊕ EKB(σ(W )) = EKB
(X ′ ⊕ σ(W )). (6)
Alice then transmits EKB(X̂) to Bob.
5. Alice stores ID of Bob, EKB(W ), V, SignC(EKB
(W )) and σ in TableX . TableX is a ta-
ble of records maintained by Alice for image X containing one entry for each copy of
X that she sells. The table contains the identity of the buyer, the unique watermark
V known only to her that corresponds to the particular buyer, the encrypted water-
mark EKB(W ) which she received from the buyer along with the certificate authorities
signature SignC(EKB(W )) attesting the validity of the watermark, and finally the per-
mutation σ that she used to permute the encrypted watermark before inserting into
the copy which was sold to the buyer.
6. Bob decrypts the data he receives from Alice to obtain a watermarked image X̂. That
is Bob computes
DK′B(EKB
(X̂)) = X̂ = X ′ ⊕ σ(W ) (7)
where K ′B is the private decryption key corresponding to the public encryption key
KB and D(·) is the decryption function. Now Bob has a watermarked copy X̂ of X
7
that Alice cannot reproduce since she does not know the corresponding private key
K ′B. Also, since Bob does not know σ he cannot remove σ(W ) from X̂ even though he
knows W . Neither can he remove V which is also unknown to him.
2.3 Copyright violater identification protocol
On discovering an unauthorized copy of X, say Y , Alice can determine the buyer from whom
this copy has originated by detecting the unique watermark that she inserted for each buyer.
This is done by means of a watermark extraction function D which takes Y , and depending
on the watermarking technique, X as inputs. Let U denote the watermark that is returned
by the watermark extraction function D(X, Y ). Using this extracted watermark U Alice
then locates the buyer in TableX to whom Y was sold. The exact mechanism for locating
the buyer in TableX depends on the watermarking technique used. For robust watermarks
this would generally be accomplished by correlating U with every watermark V in TableX
and selecting the one with the highest correlation beyond a confidence threshold. Once this
V is located in TableX , Alice reads the Buyer ID field to obtain the identification of the
buyer from whom this copy has originated. If U cannot be matched to any watermark V in
TableX , then the protocol returns failure.
2.4 Dispute resolution protocol
In case Bob denies that an unauthorized copy Y has originated from his version of the image,
Alice can reveal σ and EKB(W ) and SignC(EKB
(W )) to the judge. The judge first verifies
SignC(EKB(W )). He would then ask Bob for his private key DB using which he can compute
W and check for the presence of σ(W ) in Y . Actually, Bob need not reveal his private key,
as this is undesirable. He could just reveal (W ) to the judge by decrypting EKB(W ). The
judge could then verify W by encrypting it with Bob’s public key and checking if it equals
to EKB(W ).
After verifying W , the judge can then run the watermark extraction algorithm on Y and
check if σ(W ) is indeed present in Y . If σ(W ) is found in Y , Bob is found guilty otherwise
8
Bob is innocent. Note that the dispute resolution protocol is a 3-party protocol. Bob has to
take part in the protocol by revealing W to the judge.
3 An example construction
In the previous section we gave a general description of the buyer-seller watermarking proto-
col where we assumed the existence of appropriate watermarking and encryption techniques
such that the watermark could be inserted in the encrypted domain. In this section we give
a specific construction which uses a spread-spectrum watermarking techniques proposed by
Cox et al [4] along with the RSA cryptosystem [18].
Cox et al [4] embed a set of independent real numbers W = {w1, w2, . . . wm} drawn from
a zero mean, variance 1, Gaussian distribution into the m largest DCT AC coefficients of
an image. Results reported using the largest 1000 AC coefficients show the technique to
be remarkably robust against various image processing operations, and also after printing
and re-scanning. Specifically, they take the 2-dimensional DCT of an image X and the
watermark W is inserted into the largest m AC coefficients {x1, x2, . . . , xm} by a suitable
insertion formula to yield modified coefficients {x′1, x′2, . . . , x′m}. For example, the insertion
formula used could be
x′i = xi(1 + αwi)
where α is a small constant. An inverse 2D DCT is then taken, yielding the watermarked
image X ′. To determine if a given image Y contains the watermark W , the decoder extracts
T = {t1, t2, · · · tm} from Y by taking the largest m DCT AC coefficients of Y and subtracting
their value from xi. That is,
ti = xi − yi. (8)
The confidence measure on the presence of the watermark W in Y is taken to be the corre-
lation between W and T . Watermark detection can also be done without using the original
image in the process [24], but then the robustness of the technique is diminished.
9
The above watermarking technique can be used along with the well known RSA public
key system to provide a specific construction of the general buyer-seller protocol described
in the previous section. The RSA crytosystem operates in Zn where n is a product of two
very large primes p and q. A message x is then encrypted as
y = Ea(x) = xa mod n (9)
where a is the public encryption key and the corresponding decryption function is
x = Db(y) = yb mod n (10)
where b is the private decryption key.
In the context of the proposed buyer-seller watermarking protocol, the watermark gen-
eration step consists of the watermark certification authority constructing a watermark
W for Bob by using M randomly chosen samples from a zero mean, variance 1, Gaus-
sian distribution. For a practical implementation, the samples would be truncated to
some fixed precision, say 64 bits. They would then be used to generate the watermark
W = {(1 + α · w1), . . . , (1 + α · wm)} and encrypting them, element by element, with Bob’s
public key. This encrypted watermark vector EB(W ) along with its signature is transmitted
to Bob who may keep a copy of it before transmitting it along to Alice. Alice can verify the
certification authorities signature to ensure the validity of the encrypted watermark vector
she has received. Alice then inserts her own watermark V into the original image X to
get X ′. As we mentioned before, V could be based on any watermarking technique of her
choice. She then permutes the elements of EB(W ) and embeds them into the N largest AC
coefficients by computing
X̂ = EB(X ′) · σ(EB(W )) = EB(X ′) · (EB(σW )) = EB(X ′ · σW ). (11)
Since the RSA cryptosystem has the property that E(x) · E(y) = E(xy) the watermark W
gets embedded into the image in the encrypted domain. Here again, each DCT coefficient
can be represented with some fixed precision, say 64 bits. In order for Bob to be able to
10
recover xy we have to select the modulus n of RSA to be large enough such that xy < n.
Hence if W and X have 64 bit precision then n should be at least 128 bits. But this is not a
problem in practice, n is usually 512 or 1024 bits. Alice transmits this encrypted and doubly
watermarked image to Bob who can decrypt and then compute an inverse DCT to get his
unique watermarked copy.
It is easy to see that since Alice has permuted the elements of W , Bob cannot remove W
from his copy although he is the only party (aside from the watermark certification authority
which we assumed is memoryless) that knows W . Also, Alice can only compute an encrypted
version of Bobs unique copy which is useless as she cannot decrypt and distribute to falsely
frame Bob. In the case of a dispute Alice takes the evidence listed in the previous section
to the judge who can determine whether an unauthorized copy belongs to Bob.
Although we have presented in this section an example implementation that uses a spread-
spectrum watermarking technique and the RSA cryptosystem, similar examples can be con-
structed using other techniques. The above framework, for example, also holds for any
additive technique (in the spatial or transform domain) and an appropriate public key cryp-
tographic system that is a privacy homomorphism with respect to the addition operation.
In a conference paper [15], the authors used the El-Gamal cryptosystem [20] and a spatial
domain amplitude modulation watermarking technique [11] to provide another implementa-
tion. It was subsequently brought to our notice that the El-Gamal cryptosystem is not a
privacy homomorphism with respect to addition [8]. However, there exist other public key
encryption systems that are privacy homomorphisms with respect to addition [3] and can be
used instead. We omit a detailed description of such an implementation as it would provide
no new insight to the basic framework presented in the previous section.
11
4 Discussion - Attacks, Weaknesses and Countermea-
sures
The security of proposed protocol relies critically on the security of the underlying wa-
termarking and encryption techniques used in the specific construction. The encryption
technique we have used, the RSA cryptosystem is a mature and well studied technique that
is believed to be secure if properly used [20].
Watermarking techniques, on the other hand, are a relatively new phenomenon and their
ability to withstand attacks is still under question [7, 16]. However, there are many robust
watermarking techniques that have been developed in the past few years. See, for example,
[4, 9, 23, 25]. Among them, the Cox. et. al. scheme used in the previous section is one
of the best known and has been shown to be remarkably robust against common image
processing attacks and even several cycles of analog to digital conversions. The robustness
of the scheme critically relies on the availability of the original image which can be used to
undo operations like scaling, cropping, rotations etc. prior to watermark detection.
Hence the protocol we propose is secure only as much as the underlying watermarking
techniques are secure and robust. Nevertheless, it should be noted that our protocol does not
critically make use of the properties of any one particular watermarking technique. As long as
the watermark is linear (in the transform or spatial domain), it can be used in conjunction
with an appropriate cryptosystem which is a privacy homomorphism with respect to the
insertion operation. Hence, if a better watermarking technique is discovered, it could be
readily used in the proposed protocol. Note that the proposed protocol does not require the
watermarking technique to be either public or private. Either type of technique can be used.
However, private watermarking techniques typically are much more robust than their public
counterparts as the original image can be used to undo many image processing operations
like scaling, cropping and rotation[2, 12]. Hence, it is expected that the watermark W would
be inserted using a private technique.
Having said that, let us examine the protocol itself and different ways in which a malicious
12
participant or observer may attempt to circumvent it. We do this by examining each of the
four sub-protocols individually.
4.1 Watermark generation protocol
Here, Bob requests and obtains an encrypted and signed watermark from a trusted water-
mark certification authority. If the encryption and digital signature techniques used are
secure, and the underlying Public Key Infrastructure (PKI) enables the watermark certifi-
cation authority to reliably verify Bob’s identity then there is no way Bob could change or
substitute the watermark. Furthermore, inclusion of a time stamp along with information
about the transaction would prevent Bob from replacing the watermark with an older one
he may have obtained previously from the watermark certification authority.
It should also be noted that since the different watermark elements are being encrypted
individually, the precision with which the watermark is being represented can have significant
impact on the security of the encryption. For example if each watermark element has 32 bits
of precision then Alice (the seller) can exhaustively try all 232 possible watermark elements
and completely determine W . Hence each element in W must at least have 64 bits of
precision (preferably 128) to make such brute force attacks infeasible.
4.2 Watermark insertion protocol
Here, Alice first inserts a watermark V which she can later use to determine the source
of an illegal copy. Clearly, it is against her own interest not to perform this step in the
right manner as she will not be able to identify the source of an illegal copy. In the second
step, she inserts σ(WB) into X ′. Again, it is against her interest not to perform this step
in the proper manner. For instance, she could insert another watermark in X ′ instead of
σ(WB). Specifically, she could use a watermark obtained from another user obtained from
a prior transaction. This serves no purpose as it would result in a severely corrupted image
when Bob decrypts the encrypted watermarked image with his own key. This is because the
watermark and the image would have been encrypted with different keys. Alice could also
13
use a watermark obtained from Bob, but from a prior transaction. This, however, would be
revealed during the dispute resolution protocol and as a result Alice will no longer be able
to prove to an adjudicator that Bob has made illegal copies. This is against her interest.
Also, since the watermark W sent to her by Bob is encrypted, she has no way of gleaning
any information about it as long as the underlying encryption scheme is secure.
4.3 Copyright violator identification
This protocol is run by Alice to check the identity of the buyer from whom an unauthorized
copy has originated. At this point she could try and find another watermark inserted into the
copy of another buyer, say Trevor, that is declared present in the image by the watermark
detection function. That is, a false positive. In this case Alice could conceivably hold
Trevor responsible for the illegal copy. However, since the different watermarks inserted into
different copies of the content have been generated randomly by the watermark certification
authority, they are uncorrelated and it is highly unlikely that Alice would detect a false
positive in the relatively small number of instances which she has at her disposal to try.
This is especially difficult as she has no knowledge about the watermark inserted in Trevor’s
copy and has seen it only in the encrypted form.
Another interesting issue is the fact that if Alice obtains a copy of the image sold to
Bob, that is I + V + σ(W ), she can compute W as she knows I, V and , σ. However, this
really is of no use to her as now that she has a copy of the image sold to Bob she can in
any case make as many copies of it as she wants, whether she knows W or not. Removing
σ(W ) also is of no use as she already knows I + V . Nor can she embed W in another image
with malicious intent as W is bound to the specific transaction between Alice and Bob by
the signed message she receives from the watermarking authority which she has to produce
in case of dispute resolution.
14
4.4 Dispute resolution protocol
Here Alice takes evidence to the Judge that incriminates Bob for copyright violation. So
the question arises, can Alice fabricate evidence? The answer is no. As she does not know
W she is unable to do this. Bob on the other hand can refuse to co-operate, but as we said
before, this would be taken as an admission of guilt. For example, when the Judge asks Bob
for W , Bob can send some random watermark T instead. However, Alice has presented the
Judge with a signed and encrypted copy of W and this would not match with EB(T ). If the
watermark certification authority is to be trusted Bob would be considered the culprit.
4.5 Watermark certification authority
Perhaps the most undesirable feature of the proposed protocol is the requirement of a wa-
termark certification authority C who generates valid watermarks upon request, and sends
them along with a time-stamp and a digital signature. However, given the current structure
of the proposed protocol, the watermark W needs to originate from a third party. Otherwise,
Bob could generate a maliciously designed watermark that would be approximately invari-
ant to permutation and send this to Alice. Since Alice only sees the encrypted watermark
she is unable to tell the difference between a valid watermark and an invalid watermark. A
simple way of avoiding this problem is to originate the watermark from an independent and
trusted third party. The practice of using a trusted third party is actually quite common in
cryptographic protocols where keys are often obtained from trusted key distribution centers.
However, placing complete trust in a single source is still undesirable. For example, if Alice
and C collude then they can frame Bob. Similarly if Bob and C collude then they can
cheat Alice. However, C by itself cannot cheat as it knows only W and not σ, just as Bob.
Nevertheless, the requirement of a trusted watermark certification authority can indeed be
reduced by using some sophisticated tools from cryptography, like oblivious transfers and
blind signatures. Discussion of these mechanisms would take us far out of the scope of the
current paper and would take away from the simplicity of the proposed technique.
15
Another undesirable consequence of the fact that the watermark is generated by the
watermark certification authority is that it is not possible to “shape” the watermark to the
given image in order to make it perceptually imperceptible. This inherently restricts the
“strength” of the watermark signal which in turn effects the robustness of the underlying
watermarking technique. However, a technique like the NEC scheme already shapes the
watermark to a limited extent by embedding it only in, say, the first 1000 AC coefficients of
the image.
5 Conclusions
In this paper we have presented a interactive buyer-seller protocol for invisible watermarking
in which the seller does not get to know the exact watermarked copy that the buyer receives.
Hence the seller cannot create copies of the original content containing the buyers watermark.
However, in case the seller finds an unauthorized copy, she can identify the buyer from whom
this unauthorized copy has originated and furthermore also prove this fact to a third party by
means of dispute resolution protocol. Hence, the buyer cannot claim that an unauthorized
copy may have originated from the seller. The watermark embedding protocol is based on
public key cryptography and has little overhead in terms of the total data communicated
between the buyer and the seller. Furthermore, the protocol we have presented is quite
general and can be used with different watermarking techniques and appropriate public key
encryption techniques.
References
[1] J. Bloom et. al., “Copy protection for DVD video,” IEEE Proceedings, vol. 87, No. 7,
pp 1267-1276, July 1999.
[2] G. W. Braudaway, F. C. Mintzer, “Automatic recovery of invisible image watermarks
from geometrically distorted images,” Security and Watermarking of Multimedia Con-
tents II, SPIE Proceedings, 3971-06, February 2000.
16
[3] Josh D. Cohen and Michael J. Fischer. “A robust and verifiable cryptographically se-
cure election scheme (extended abstract)”. In 26th Annual Symposium on Foundations
of Computer Science, pages 372-382, Portland, Oregon, 21-23 October 1985. IEEE.
[4] I. J. Cox, J. Kilian, T. Leighton, and T. Shamoon, “Secure spread spectrum water-
marking for multimedia,” IEEE Transactions on Image Processing, vol. 6, no. 12, pp.
1673–1687, 1997.
[5] I. J. Cox and M. L. Miller. A review of watermarking and the importance of perceptual
modeling. In Proceedings, SPIE Human Vision and Electronic Imaging II, volume SPIE
Vol. 3016, February 1997.
[6] I. J. Cox and J.-P. M. G. Linnartz, “Some general methods for tampering with water-
marks,” in IEEE Journal on Selected Areas in Communications 16, no. 4, pp. 587–593,
May 1998.
[7] S. Craver, B. L. Yeo and M. Yeung, “Technical trials and legal tribulations,” Commun.
ACM, 4, no. 7, pp. 44-54, July 1998.
[8] K. Gopalakrishnan. Private communication.
[9] F. Hartung and B. Girod. “Digital watermarking of uncompressed and compressed
video,” Signal Processing, vol. 66, no. 3, pp. 283-301, May 1998.
[10] F. Hartung and M. Kutter, “Multimedia Watermarking Techniques,” IEEE Proceed-
ings, vol. 87, No. 7, pp 1079-1107, July 1999.
[11] J. R. Hernandez, F. Perez-Gonzalez, J. M. Rodriguez and G. Nieto, Performance
Analysis of a 2-D Multipulse Amplitude Modulation Scheme for Data Hiding and
Watermarking of Still Images. IEEE Journal on Selected Areas of Communication,
16:4, 510-524, May 1998.
17
[12] Neil F.Johnson, Zoran Duric and Sushil Jajodia, “ Recovery of Watermarks from
Distorted Images,” Proceedings of the Third Information Hiding Workshop, - Dresden,
Germany - October 1999.
[13] T. Kalker, “Digital Video Watermarking for DVD Copy Protection,” In proceed-
ings,Multimedia Archival and Storage, Photonics East, Boston, Sept. 1999.
[14] N. Memon and P. W. Wong, “Protecting digital media content,” Communications of
the ACM, 4, no. 7, pp. 11-24, July 1998.
[15] N. Memon and P. W. Wong, “ A Buyer-Seller Watermarking Protocol Based on Ampli-
tude Modulation and the El Gamal Public Key Crypto System,” Image and Multimedia
Security, Electonic Imaging, Photonics West, SPIE Proceedings, San Jose, Jan 1999.
[16] F. Petitcolas, R. Anderson and M. Kuhn. “Attacks on copyright marking systems”.
In Information Hiding, @nd International Workshop, Lecture Notes in COmputer Sci-
ence, Vol 1525, D. Aucsmith Ed., Berlin, Germany, Springer-Verlag, pp 218-238, 1998.
[17] L. Qian and K. Nahrstedt, “Watermarking Schemes and Protocols for Protecting
Rightfuk Ownership and Customer’s Rights,” Jounal of Visual Commun. and Image
Rep., 9, no. 3, pp. 194-210, Sept. 98.
[18] R. Rivest, A. Shamir and l. Adelman, “A method for obtaining digital signatures and
public key cryptosystems,” Communications of the ACM, 21, pp. 120-126, 1978.
[19] J. R. Smith and B. O. Comiskey. Modulation and Information Hiding in Images. In
Proceedings of Internaitonal Waorkshop on Information Hiding, Cambridge, UK, May
1996 pp 39-48.
[20] D. Stinson, Cryptography: Theory and Practice, CRC Press, 1995.
[21] M. Swanson, M. Kobayashi, and A. Tewfik, “Multimedia Data Embedding and Wa-
termarking Technologies,” IEEE Proceedings, vol. 86, No. 6, pp 1064-1087, June 1998.
18
[22] G. Voyatzis and I. Pitas, “The use of watermarks in the protection of digital multimedia
products,” IEEE Proceedings, vol. 87, No. 7, pp 1197-1207, July 1999.
[23] R. Wolfgang, C. Podilchuk and E. Delp, “Perceptual watermarks for digital images
and video ,” IEEE Proceedings, vol. 87, No. 7, pp 1108-1126, July 1999.
[24] W. Zeng and B. Liu, ”A statistical watermark detection technique without using o-
riginal images for resolving rightful ownerships of digital images,” IEEE Trans. Image
Processing, vol. 8, no. 11, pp. 1534-1548, Nov. 1999
[25] J. Zhao and E. Koch, “Embedding Robust Labels into images for Copyright Pro-
tection,” Intellectual Property Rights and New Technologies, Proceedings of the
KnowRight’95 Conference 1995, pp. 242–51.
19
Watermark Insertion Protocol
Bob Watermark GenerationProtocol
Copyright Violator
Identification Protocol
Dispute ResolutionProtocol
Bob
Bob
Judge Alice
Alice
Alice
Watermark
Certification
Authority
Figure 1: The Four sub-protocols that comprise the Buyer-Seller Watermarking Protocol
Captions
Figure 1: The Four sub-protocols that comprise the Buyer-Seller Watermarking Protocol
Nasir Memon received his M. S. and Ph.D. from the University of Nebraska in 1989 and
1992 respectively. He was an Assistant Professor of Computer Science at Arkansas State
University from Aug 1992 to July 1994 and at Northern Illinois University from 1994 to 1998.
He is currently an Associate Professor in the Computer Science department at Polytechnic
University, New York. He was a visiting Faculty at HP Labs Palo-Alto from August 1997
to July 1998 and From June to August 1999. Prof. Memon’s research interests include
Data Compression, Data Encryption, Image Processing, Multimedia Content Protection
and Multimedia Communication and Computing. He has published more than 100 articles
in journals and conference proceedings and holds two patents in image compression. He
was actively involved in the formation of a new international standard on lossless image
compression, called JPEG-LS. He has been the principal investigator on funded research
projects from HP, Intel, Panasonic, Mitsubishi and Sun Microsystems. In 1996 he received
an NSF CAREER award for research in lossless image compression. He has organized and
chaired many sessions in international conferences and is currently an associate editor for
the IEEE Transactions on Image processing.
Ping Wah Wong Ping Wah Wong received the B.Sc.(Eng.) degree from the University
of Hong Kong in 1977, the M.S.E.E. degree from the University of Michigan-Dearborn in
1985, and the Ph.D. degree from Stanford University in 1989.
From 1977 to 1981, he was with Coronet Industries Limited, Hong Kong where he de-
signed radio frequency circuits and digital tuning systems. From 1981 to 1983, he worked
on an automatic train control system at Mass Transit Railways Corporation, Hong Kong.
From 1989 to 1992, he was an Assistant Professor at the Department of Electrical and
Computer Engineering, Clarkson University, Potsdam NY. From 1992 to 1999, he was been
with Hewlett-Packard Company, first with HP Laboratories where he was Project Manager
in Halftoning and Image Processing, and then Manager with Internet Imaging Operation
of HP responsible for imaging server/client software. He co-founded IDzap LLC in 1999
that provides anonymous web services. He co-founded Apalo.com in 2000 to provide digital
photo services in Hong Kong. His interests are in digital signal processing, data security,
compression, and communications.
Dr. Wong was an Associate Editor for IEEE Transactions on Image Processing from
1995 to 1997. He is now an Associate Editor for Journal on Electronic Imaging. He has been
a co-chair of the Conference on Security and Watermarking of Multimedia Contents at the
SPIE/IS&T Symposium on Electronic Imaging since 1999. He is a Senior Member of IEEE.