The protection of the rights possessed by the creator, or the legitimate
owner, of a multimedia piece of work encompasses many different aspects
including copyright protection and moral rights protection, e.g. the insurance
that the integrity of the work is respected not to violate the moral
beliefs of the owner/creator. In the sequel we will refer globally to such
rights as Intellectually Property Rights (IPR), even if, rigorously speaking,
IPR protection should consider topics such as patents and trademarks as
well. Due to the wide variety of situations encountered in practical applications,
to the large number of objectives possibly pursued by an IPR
protection system, and to the different legislations holding in different countries,
it is impossible (and beyond the scope of this book) to give a unified
treatment of watermarking-based IPR protection. We then present here
only the major tasks watermarking may be used for and the corresponding
watermarking paradigms, by keeping in mind that any practical IPR protection
system will need to address these tasks, and a considerable number
of other security and economic issues all together1.
2.1.1 Demonstration of rightful ownership
This is the most classical scenario served by watermarking: the author of a
work wishes to prove that he/she is the only legitimate owner of the work.
To do so, as soon as he/she creates the work, he/she also embeds within it a
watermark identifying him/her unambiguously. Unfortunately, this simple
scheme can not provide a valid proof in front of a court of law, unless the
1In general, the design of an IPR protection system goes through the definition of
a Business Model (BM) describing the way electronic transactions are performed, an
Electronic Copyright Management System defining how IPRs are handled within the
BM, and the specification of how the BM and the ECMS are implemented in practice,
e.g. through digital watermarking or cryptography.non-invertibility (non-quasi-invertibility) of the watermarking algorithm is
demonstrated (see section 1.2.7). Nevertheless, the watermark may still
be used by the rightful owner for his/her own purposes. For example, the
author may wish to detect suspicious products existing in the distribution
network. Such products could be individuated by an automated search
engine looking for the watermark presence within all the works accessible
through the network. Then, the author may rely on more secure mechanisms
to prove that he/she was the victim of a fraud, e.g. by depositing
any new creation to a registration authority.
A common way to confer the watermark verification procedure a legal
value, is to introduce the presence of a Trusted Third Party (TTP) in
the watermarking protocol. For example, the watermark identifying the
author may be assigned to him/her by a trusted registration authority, thus
preventing the possibility to use the SWICO attack to fool the ownership
verification procedure. In this way, in fact, it would be by far more difficult
to invert the watermarking operation, especially when blind watermarking
is used, since pirates can not rely on the design of an ad hoc fake original
work.
As to the requirements a watermarking algorithm to be used for rightful
ownership verification must satisfy, it is obvious that for any scheme to
work, the watermark must be a secure one, given that pirates are obviously
interested in removing the watermark, possibly by means of computationally
intensive procedures. In addition, private watermarking is preferable,
due to its inherently superior security. Finally, capacity requirements depend
on the number of different author identification codes the system must
accommodate for.
2.1.2 Fingerprinting
A second classical application of digital watermarking is copy protection.
Two scenarios are possible here; according to the first one, a mechanism
is envisaged to make it impossible, or at least very difficult, to make illegal
copies of a protected work (see section 2.1.3 for a discussion on copy
control mechanisms). In the second scenario, a so called copy deterrence
mechanism is adopted to discourage unauthorized duplication and distribution.
Copy deterrence is usually achieved by providing a mechanism to
trace unauthorized copies to the original owner of the work. In the most
common case, distribution tracing is made possible by letting the seller
(owner) inserting a distinct watermark, which in this case is called a fingerprint,
identifying the buyer, or any other addressee of the work, within
any copy of data which is distributed. If, later on, an unauthorized copy of
the protected work is found, then its origin can be recovered by retrieving
To take into account buyer's right, it is necessary that the situation
depicted in the figure, where several copies of the host asset containing the
identification code of client B\ are distributed to other purchasers, is avoided.
the unique watermark contained in it.
Of course, the watermark must be secure, to prevent any attempt to
remove it, and readable, to make its extraction easier. Note that the readability
requirement may be relaxed if the owner has the possibility to guess
in advance the watermark content.
A problem with the plain fingerprinting protocol described above, is
that it does not take into account buyer's rights, since the watermark is
inserted solely by the seller. Thus, a buyer whose watermark is found
in an unauthorized copy can not be inculpated since he/she can claim
that the unauthorized copy was created and distributed by the seller. The
possibility exists, in fact, that the seller is interested in fooling the buyer.
Let us consider, for example, the situation depicted in figure 2.1, where
the seller is not the original owner of the work, but an authorized reselling
agent. The seller may distribute many copies of a work containing the
fingerprint of buyer E\ without paying the due royalties to the author, and
claim that such copies were illegally distributed or sold by B\.
As in the case of rightful ownership demonstration, a possible solution
consists in resorting to a trusted third party. The simplest way to exploit
the presence of a TTP to confer a legal value to the fingerprint protocol, is
to let the TTP insert the watermark within the to-be-protected work, and
retrieve it in case a dispute resolution protocol has to be run. Despite its
simplicity, such an approach is not feasible in practical applications, mainly
because the TTP must do too much work, then it may easily become the
bottleneck of the whole system. In addition, the protected work must be
transmitted from the seller to the TTP and from the TTP to the customer,
or, in an even worse case, from the TTP to the seller and from the seller to
the customer, thus generating a very heavy traffic on the communication
channel.
An ingenious way to avoid the above difficulties and still ensure that
buyer's rights are respected, relies on the joint exploitation of watermarking
and cryptography, as suggested by the Interactive Buyer-Seller (IBS)
protocol. Even in this case, the the presence of a TTP is envisaged, however
TTP's role is minimized, thus making the IBS protocol more suited
to practical applications. Data exchange is kept to a minimum as well,
resulting in a very low communication overhead. The basic idea the IBS
protocol relies on, is that attention is paid not to let the seller get to know
the exact watermarked copy received by the buyer, hence he/she can not
distribute or sell copies of the original work containing the buyer's identification
watermark. In spite of this, the seller can identify the buyer
from whom unauthorized copies originated, and prove it by using a dispute
resolution protocol. The same protocol can be used by the buyer to
demonstrate his/her innocence. In order to exemplify the IBS protocol, let
Alice be the author of the work and Bob the buyer. We assume that Alice
and Bob possess a pair of public /private keys denoted by KA, KB (public
keys) and K'A, K'B (private keys). Let the encryption of a, message with a
key K be indicated by EK • After sending an identification of his identity,
Bob requests the TTP to send him a valid watermark w (once again we
assume that w coincides with b). The TTP checks Bob's credentials and
generates the watermark w. It then sends back to Bob w encrypted with
Bob's public key:
(wn)}, (2.1)
along with a signature of EKB(W), STTP(EKB(W})- For example,
))), (2.2)
where H is a proper hash function. Note that we assumed that watermark
components Wi's are watermarked independently by using the same
encryption key.
As a second step, Bob sends Alice EKB(W) and STTP(EKB(W}), so
that Alice can verify that EKB(W) is a valid encrypted watermark. Let
A be the digital asset Bob wants to buy. Before sending A to Bob, Alice
inserts within it two distinct watermarks. For the first watermark v,
which conveys a distinct ID uni vocally identifying the buyer, Alice can use
the watermarking scheme she prefers, since such a watermark is used by
Alice only to identify potentially deceitful customers through plain fingerprinting.
The second watermark is built by relying on EKB(\V). As for
EK, we require that the watermarking scheme acts on each host feature
independently, that is we require that:
fAw = {/I ® Wi, h © W>2 • • • fn 0 Wn},
where f^ = {/i, /2 • • • / « } represents the set of non-marked host features.
As a second requirement, we ask that the cryptosystem used by the IBS
protocol is a privacy homomorphism with respect to ®, that is:
EK(x®y) = EK(x)®EK(v'), (2.4)
where x and y are any two messages. Strange as it may seem, the privacy
homomorphism requirement is not difficult to satisfy. For instance, it is
known that the popular RSA cryptosystem is a privacy homomorphism
with respect to multiplication.
To insert the second watermark within A, Alice performs the following
steps. First she permutes the watermark components through a secret
permutation a:
inserts EKB(CT(W)) within A directly in the encrypted domain. This is
possible due to (2.4) and because Alice knows Bob's public key. Stated
in another way, Alice sends to Bob an encrypted version of A containing
It is worth stressing again that in order to produce £KB(^V,
performed in the encrypted domain.
When Bob receives EKB(AV^^), he decrypts it by using his private
key K'B, thus obtaining AVj(7(w). Note that Bob can not read the watermark
cr(w), thus it is not necessary to ensure the non reversibility of the
watermarking scheme.
In order to recover the identity of potential copyright violators, Alice
first looks for the presence of v. Upon detection of an illegal copy of A,
say A', she can use the second watermark to effectively prove that such
a copy originated from Bob. To do so, Alice must reveal to a judge the
permutation a, the encrypted watermark EKB(W), and STTP(EKB('W)).
After verifying STTP(EKB(w)), the judge asks Bob to reveal its private
key K'B to calculate w (actually it is not necessary that Bob reveals K'B,
it is only necessary that he reveals w whose validity can be verified by
applying KB to it and checking whether it equals EKB(*W)}- Now it is
possible to check A' for the presence of
that if cr(w) is found in A', Bob can not maintain that A' originated from
Alice, since to do so Alice should have known either w to insert it within
the plain asset A, or K'B to decrypt EKB(AV!
The protocols described in this and in previous section, are just two examples
of how illegal copy deterrence can be achieved by relying on watermarking
technology. With regard to the effective value of such mechanisms
as proofs in front of a judge, it must be said that the current state-of-the-art
allows this possibility only if a watermarking/certification authority acting
as a TTP is included within the copyright protection protocol. Nevertheless,
it is important to stress out that, even if plain fingerprinting may not
be considered a proof from a legislative point of view, it may useful in several
situations. For instance, the seller may use it to identify potentially
deceitful customers and break off any further business with them.
2.1.3 Copy control
When copy deterrence is not sufficient to effectively protect legitimate rightholders,
a true copy protection mechanism must be envisaged. Having said
that a comprehensive solution of copy protection mechanisms goes well
beyond watermarking technology, we describe a mechanism which has been
considered for protection of DVD video. This scenario, in fact, represents
a good example of how watermarking can be integrated in a complex copy
protection system and effectively contribute to its efficacy.
The DVD copy protection system outlined below, is the result of the
efforts of many important companies, including IBM, NEC, Sony, Hitachi,
Pioneer, Signafy, Philips, Macrovision and Digimarc. Though the systems
proposed by various companies differ with respect to many important issues
such as, for example, the choice of the underlying watermarking technology,
the overall protection scheme and the role of watermarking within it are
very similar, thus allowing us to briefly describe them without delving into
implementation details.
The mechanism employed to make illegal duplication and distribution
difficult enough to keep losses caused by missed revenues sustainable, relies
on the distinction between copyright compliant devices (CC-devices) and
non compliant devices (NC-devices). In particular, the DVD copy protection
system is designed in such a way that the CC world and the NC world
are kept as distinct as possible, for example, by allowing NC devices to
play only illegal disks and CC devices to play only legal disks. In this way,
users willing to draw from both the worlds must buy two series of devices,
one for legal and one for illegal disks, in the hope that this will prevent
massive, unauthorized, copying, as it happened in the case of audio.
A first important feature of a protected DVD is that its content is scrambled
through a Content Scrambling System (CSS). Descrambling requires
a pair of keys, one of which is unique to the video file, while the other is
unique to the DVD. Keys are stored on the lead-in area of the DVD, an area
that is only read by CC devices. The use of CSS results in the situation
depicted in figure 2.2: a protected DVD can only be played and recorded in
the CC world. It is not possible, in fact, that the output of a CC player is
connected to a NC recorder, since CC devices are not allowed to dialog with
NC-devices. On the other side, recording through CC devices is governed
by a Copy Generation Management System (CGMS) which allows copying
only if this is permitted for that particular disk. Simply speaking, CGMS
relies on two bits stored in the header of an MPEG stream, encoding one
of the following three indications: copy-freely, copy-never and copy-once,
where the result of the copy-once indication is that the video can be copied
but after copying, the CGMS bits are changed to copy-never.
CSS and CGMS prevent the flow from the legal world toward the NC
world, nevertheless, in order to discourage illegal copying the reverse must
also be true, i.e., it should not be possible to use a CC device to play or
record an illegal disk. Otherwise the whole protection mechanism would
only succeed in stimulating the diffusion of CC devices. To this aim, the
sole CSS is not sufficient. Consider, for example, the case of a pirate using
the analog RGB output of a compliant to make an unencrypted copy of the
video by means of a NC recorder. Such a copy can be played, and recorded,
on CC devices as well, since they would mistake the illegal video for a free
video without protection. This is because both scrambling and CGMS bits
are no longer present. Data hiding can help solving this problem, it suffices
that CGMS bits are embedded within the video in the form of a secure
watermark. It is obvious that the presence of CGMS bits prevents video
recording on a CC recorder, since, upon reading the CGMS bits, the CC
devices refuse to copy the video if CGMS bits indications do not allow it.
At the same time, CC players can be designed so to recognize as illegal a
DVD copy without CSS, yet containing the CGMS watermark, and refuse
playing it. A summary of the effect of embedding CGMS bits within DVD
video by means of digital watermarking is given in figure 2.3. As desired,
the worlds of CC- and NC-devices are kept separate, since illegal disks can
only be managed by NC devices and legal disks by CC devices.
No comments:
Post a Comment