Presentation is loading. Please wait.

Presentation is loading. Please wait.

Birthday Attack on Efficient and Anonymous Buyer-Seller Watermarking Protocol BY Qurat-ul-Ain M. Mahboob Yasin COMSATS Institute of Information Technology,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Birthday Attack on Efficient and Anonymous Buyer-Seller Watermarking Protocol BY Qurat-ul-Ain M. Mahboob Yasin COMSATS Institute of Information Technology,"— Presentation transcript:

1 Birthday Attack on Efficient and Anonymous Buyer-Seller Watermarking Protocol BY Qurat-ul-Ain M. Mahboob Yasin COMSATS Institute of Information Technology, Islamabad

2 Presentation Scheme What is a Digital Watermark Use of the digital watermarks Watermarking Protocols: Qiao and K. Nahrstedt watermarking Protocol Memon and Wong watermarking Protocol Lie et all watermarking protocol Birthday Paradox Birthday Attack on Efficient and Anonymous Buyer- Seller Watermarking Protocol Proposed Solution Conclusion

3 What are Digital Watermarks? Copyright marks embedded into digital content to prove legal ownership of an intellectual property The embedding is performed with the help of a key and recovery of the embedded mark will reveal the actual owner of the digital contents

4 Customers’ Right Problem A B O Digital Content X’ with W Digital Content X’ with W Cant tell who is has legally bought the product. Its impossible to pinpoint who is behind pirating the contents if illegal copies are found X W X’ +

5 Protecting rightful ownership and customer’s rights The buyer sends the encrypted data to the seller. The seller generates a unique watermark based on the encrypted data received and inserts it into the digital content Seller sends X‘ to the buyer. The buyer can prove his possession of the watermarked copy. E KB (Bits) X’ BuyerSeller [L Qiao and K. Nahrstedt, Sept 98]

6 What if The Seller is Malicious As the seller has the exact watermarked copy which is sold to the buyer, an illegal copy cannot prove a buyer guilty of pirating the copy after analyzing the embedded watermark. [N. Memon and P. W. Wong, Apr. 2001.]

7 How Memon & Wong Solved the Problem There is a third trusted party, to generate watermarks, called WCA. Seller need not to know the watermark. The seller inserts the watermark in encrypted domain. So seller has no access to the final water marked copy which the buyer gets

8 Privacy Homomorphic Encryption function Epk is privacy homomorphic if following equation holds Epk (a  b)= Epk (a)  Epk (b)  a & b

9 Memon and Wong Watermarking Protocol ID B, P B E PB (W), S WCA (E PB (W)) E PB (X``) BuyerWCA Seller

10 Unbinding Problem Unable to bind a watermark to particular digital contents or transaction. [C.L. Lei, P.L. YU, P.L Tsai and M.H Chan, Dec 2004 ]

11 Example: A buys digital contents X’’ containing watermark Wx. Now if X’ is illegally distributed by A, the seller can extract the watermark from the pirated copy and insert it to the other expensive product Y to get Y’’ and can prove that Y’ is being pirated to be compensated more. Secondly seller can ignore the watermark and insert the previously used watermark by the same buyer in some previous transaction to prove piracy of both digital contents if the buyer illegally distribute one.

12 Efficient and Anonymous Buyer-Seller Watermarking Protocol Buyer can remain anonymous by getting several anonymous certificate from a CA. Buyer has to generate new public private key for each transaction to solve the unbinding problem.

13 Continued… Cert CA (p B ), Cert pB (pk*), ARG, Spk*(ARG) Cert pB (pk*), ARG, Spk*(ARG), X` E pk* (W), pk WCA (W), Sign WCA (E pk* (W),pk*, S pk* (ARG)) E pk* (X``) The Seller The Watermark Certification Authority WCA The Buyer [C.L. Lei, P.L. YU, P.L Tsai and M.H Chan, Dec 2004 ]

14 Problems with EASBW Protocol Buyer’s anonymity allows a malicious buyer to collect digital content time and again and abort the transaction saying he cannot decrypt the contents provided. Seller sends the watermark copy X’ to WCA. With X’ in hand WCA can generate X’’. Seller is maintaining a huge database having unique public key for each transaction.

15 Birthday Paradox What is the minimum value of k such that the probability is nearly 50% that at least 2 people in a group of k people have the same birthday

16 Example: In a group of 23 people, though the probability that birthday a member A shares his birthday with another group member is 23/365, but the probability is more than 50% that at least two of them will have the same birthday.

17 Birthday Attack on the EABSW protocol The security of EASBW requires that for each transaction buyer must generate new public private key pair. The final watermarked copy is encrypted using the key generated for a specific transaction.

18 Continued… Suppose a seller has a million entries for different buyers and the seller generates a million entries for different private public key of n bits in size. For the probability of success in matching to be 50%, the database size should be √n that is much less than n as expected from a key size of n bits The probability of a success increases if elliptic curve cryptography is used

19 What if The Attack is successful Cert pB (pk*), ARG, Spk*(ARG), X E pk* (W), pk WCA (W), S WCA (E pk* (W),pk*, S pk* (ARG)) The SellerThe Watermark Certification Authority WCA

20 Arbitration Process Seller generate X’’ by inserting W after decrypting Epk*(W). In arbitration process the seller has all the evidence to prove an innocent buyer guilty of pirating the digital contents.

21 Proposed Solution Watermarking Certification Authority should not be memory less WCA should maintain a database of public keys used in each transaction. Before generating watermark WCA must ensure pk* is not used in any transaction. Seller must only give specification to WCA not the Watermarked copy X’ to prevent WCA of pirating digital contents

22 Conclusions The watermark certification authority should maintain a database of all public keys against which it has issued watermarks. We propose that the seller may only tell the characteristics of the original digital contents. If anonymity is given to the buyer then there should be a mechanism to avoid malicious buyer to cancel the transaction.

23 Questions?

Download ppt "Birthday Attack on Efficient and Anonymous Buyer-Seller Watermarking Protocol BY Qurat-ul-Ain M. Mahboob Yasin COMSATS Institute of Information Technology,"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Introduction of Grid Security

Introduction of Grid Security
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.

A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Anonymous Fingerprinting Paper by: Birgit Pfitzmann, and Michael Waidner Presentation by: James Campbell.

Anonymous Fingerprinting Paper by: Birgit Pfitzmann, and Michael Waidner Presentation by: James Campbell.
N-Secure Fingerprinting for Copyright Protection of Multimedia

N-Secure Fingerprinting for Copyright Protection of Multimedia
1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp. 643-649, April 2001 Multimedia Security.

1 A Buyer-Seller Watermarking Protocol IEEE Trans. On Image Processing, Vol.10,No.4, pp , April 2001 Multimedia Security.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
ICWS 2003 Implementing Watermark Token in WS-Security for Digital Contents Distribution Presenter: Patrick Hung Co-authors:

ICWS 2003 Implementing Watermark Token in WS-Security for Digital Contents Distribution Presenter: Patrick Hung Co-authors:
An Efficient and Anonymous Buyer- Seller Watermarking Protocol C. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL.

An Efficient and Anonymous Buyer- Seller Watermarking Protocol C. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL.
Buyer-Seller Watermarking (BSW) Protocols Geong Sen Poh 31 Oct 2006.

Buyer-Seller Watermarking (BSW) Protocols Geong Sen Poh 31 Oct 2006.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies

Similar presentations

Ads by Google