Security and Privacy in Web-Oriented Watermarking Protocols
The progress in digital technologies and the popularity of the Internet have posed the problem of the copyright protection of digital content distributed on the web, whose solution has become a well-known and important research topic. In fact, people can easily and efficiently download digital content from the Internet, and the quality of digital content is not reduced after each time of duplicating. As a consequence, digital piracy causes a great economic loss for many consumer electronics manufactures and web-based content providers (CPs).
Among the main security technologies usually used to implement the copyright protection of digital content distributed on the Internet, digital watermarking , particularly that based on fingerprinting techniques , can be considered very promising. However, the goal of protecting digital copyright can be achieved only if digital watermarking is combined with watermarking protocols, which define the scheme of the interactions that have to take place among the entities involved in the processes of content protection and web-based distribution .
The research field of watermarking protocols is rich of relevant proposals [3, 4, 5, 6, 7, 8, 9, 10, 11]. In fact, these protocols appear to be secure and robust, but most of them do not solve or at least address specific problems documented in literature, which end up making the protocols not suited to be used in web contexts [3, 4, 5].
This paper focuses on one of the unresolved problems concerning with watermarking protocols, that is the need to guarantee an adequate level of robustness and security to such protocols without limiting or only conditioning the web users’ right to preserve privacy during the e-commerce transactions by which users can purchase digital content distributed by CPs . In fact, the problem arises because CPs have to identify users wanting to buy digital content in order to generate and insert the correct watermarks in the sold content. Such watermarks create perceptually invisible links between buyers and content. This means that CPs are allowed to collect sensitive data about buyers, and so they could also benefit from reselling them to other parties or making criminal actions.
To overcome such a drawback, many recent proposals in the field of watermarking protocols preserve the buyer’s privacy by adopting negotiation mechanisms based on digital certificates issued by certification authorities (CAs). More precisely, buyers can participate in the web transactions needed to purchase digital content by presenting anonymous certificates, which enable them to keep their identities unexposed [8, 9, 10, 11]. However, such proposals make the participation of buyers in watermarking protocols a difficult task, since digital certificates issued by CAs are widely used for e-commerce transactions by buyers who reside within specific areas, such as Western Europe, the U.S., and Japan, but their spread and adoption within many other geographical areas with high population densities are still a slow process. As a consequence, most potential buyers wishing to buy content in the Internet are usually not provided with digital certificates and do not know how they can obtain them from CAs. Moreover, they cannot often autonomously perform security actions that cannot be automatically carried out by commonly used web browsers. Therefore, CPs that require buyers to have such capabilities without supporting multiple negotiation mechanisms end up limiting their sale possibilities.
A possible solution to the problems concerning with the limited spreading of digital certificates among web users could consist in promoting awareness campaigns, conducted, for instance, by public or private entities, aimed at informing people about how to obtain valid certificates and how to use them in e-commerce transactions. Furthermore, public or government entities within each nation could also start specific institutional activities by which to autonomously release valid certificates to people so as to facilitate their participation in e-commerce transactions.
However, such solutions require carrying out slow and laborious procedures. As a consequence, they cannot be adopted in the short term. In addition, they give rise to a number of questions about the respect for the individual rights of web users: a user who wants to buy a digital content must possess a valid digital certificate. On the contrary, users would like to choose among different negotiation mechanisms .
Based on the considerations reported above, the paper addresses the problem of developing watermarking protocols able to adopt multiple negotiation mechanisms that carefully balance the need for security and the users’ right to preserve privacy. In fact, the paper discusses the negotiation mechanisms currently adopted by the major watermarking protocols existing in literature, and proposes a new design approach in which buyers, depending on the negotiation context [3, 4, 5] and consistently with the commonly accepted rules about privacy protection, are no longer forced to adhere to a unique and rigid identification method. Such approach allows buyers to come into the situation to accept tradeoffs between some of their goals, such as simplicity and anonymity.
 I. Cox, J. Bloom, and M. Miller, Digital Watermarking: Principles & Practice, Morgan Kaufman, San Mateo, CA, USA, 2001.
 K.J.R. Liu, W. Trappe, Z.J. Wang, M. Wu, and H. Zhao, Multimedia Fingerprinting Forensics for Traitor Tracing, Hindawi, New York, USA, 2005.
 F. Frattolillo and S. D’Onofrio, “A web oriented and interactive buyer-seller watermarking protocol,” in Security, Steganography, and Watermarking of Multimedia Contents VIII, Proc. SPIE, E. J. Delp and P. W.Wong, Eds., San Jose, CA, 2006, vol. 6072, pp. 718–726.
 F. Frattolillo and S. D’Onofrio, “A model for the distribution of watermarked digital contents on mobile networks,” in Multimedia Systems and Applications IX, Proc. SPIE, S. Rahardja, J. Kim, Q. Tian, and C. W. Chen, Eds., Boston, MA, 2006, vol. 6391, pp. 639110–639110.
 F. Frattolillo, “Watermarking Protocol for Web Context”, IEEE Trans. Information Forensics and Security, vol. 2, no. 3, Sept. 2007, pp. 350-363.
 L. Qiao and K. Nahrstedt, “Watermarking schemes and protocols for protecting rightful ownership and customer’s rights,” J. Vis. Commun. Image Representation, vol. 9, no. 9, 1998, pp. 194-210.
 N. Memon and P.W. Wong, “A buyer-seller watermarking protocol,” IEEE Trans. Image Process., vol. 10, no. 4, Apr. 2001, pp. 643-649.
 C.L. Lei et al., “An efficient and anonymous buyer-seller watermarking protocol,” IEEE Trans. Image Process., vol. 13, no. 12, Dec. 2004, pp. 1618–1626.
 M. Kuribayashy and H. Tanaka, “Fingerprinting protocol for images based on additive homomorphic property,” IEEE Trans. Image Process., vol. 14, no. 12, Dec. 2005, pp. 2129–2139.
 J. Zhang, W. Kou, and K. Fan, “Secure buyer-seller watermarking protocol”, IEE Proc. Inf. Secur., vol. 153, no. 1, March 2006, pp. 15-18.
 C.-I. Fan, M.-T. Chen, and W.-Z. Sun, “Buyer-Seller Watermarking Protocols with Off-line Trusted Parties”, in Proc. IEEE Int. Conf. on Multimedia and Ubiquitous Engineering, 2007.
 K. Rannenberg, “Multilateral security. A concept and examples for balanced security,” in Proc. 9th ACM Workshop on New Security Paradigms, Cork, Ireland, 2000.