220 likes | 259 Vues
An Efficient and Anonymous Buyer-Seller Watermarking Protocol C. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL. 13, NO. 12, December 2004. Multimedia Security. Outline. Customer’s Right Problem Buyer-Seller Watermarking Protocol Unbinding Problem
E N D
An Efficient and Anonymous Buyer-Seller Watermarking ProtocolC. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL. 13, NO. 12, December 2004 Multimedia Security
Outline • Customer’s Right Problem • Buyer-Seller Watermarking Protocol • Unbinding Problem • The Proposed Watermarking Protocol • Discussion
Customer’s Right Problem • In traditional watermarking scenarios, the seller is entitled to the responsibility of generating and inserting digital watermarks. As a result, the seller is granted access to each watermarked copy. • A malicious seller can easily frame the buyer by releasing corresponding watermarked copy afterwards.
Memon and Wong’s Protocol EB(W’)=P(EB(W)) EB(X’)=EB(X+W’)= EB(X)+EB(W’) SignWCA(EB(W)) Privacy Homomorphism W SignWCA(EB(W)) B & IDB X’=DB-1(EB(X’))
Unbinding Problem • Failure to bind a watermark to a certain piece of content • U’=U+P1(W1), V’=V+P2(W2) • If Seller gets V’, P2(W2) is available to seller. • EB(U+P2(W2)) now can be generated
Roles • S: seller • B: buyer • CA: A trusted certification authority, issuing anonymous certificate • WCA: a trusted watermark certificate authority • ARB: arbiter
Notations • (pkI, skI) : a public-private key pair for owner I • (pk*, sk*): a one-time key pair • SignI(M): digital signature of message M signed by I • DskI /EpkI : Decryption and encryption function • X+W: watermarked version of X, + standards for watermark insertion • ARG: common agreement between buyer and seller, negotiated in advance
Registration Protocol • B first sends a randomly selected pkB to CA. When CA receives pkB,, it generates an anonymous certificate CertCA(pkB) and sends it back to B. • The registration process can be skipped if anonymity is not a concern
The Proposed Protocol X’=X+V Epk*(X’’)=Epk*(X’+W)=Epk*(X’)+Epk*(W) Store sales records
Identification and Arbitration Y, X’, CertCA(pkB), CertpkB(pk*), ARG, Signpk*(ARG), Epk*(W), Epkwca(W), SignWCA(Epk*(W), pk*, Signpk*(ARG)) W Arbiter WCA Seller Buyer using pk* CA
Solving Unbinding Problem • SignWCA(Epk*(W), pk*, Signpk*(ARG)) explicitly binds W to ARG • By introducing the one-time key pairs, it is impossible for S to fool B.
Accomplishment of Other Goals • Buyer’s privacy is well protected by using anonymous certificate. • Only one communication with seller is required for the buyer now • Trusted third parties are capable of making appropriate adjudications, no cooperation from buyer is required. • The WCA gets information about the digital content, thus a more robust watermark may be tailored.