Cryptanalysis of Two Non-anonymous Buyer-Seller Watermarking Protocols for Content Protection

摘要

The "anytime, anywhere" concept of human-oriented ubiquitous computing and communication environment (UE) provides an avenue for people to access to everyday devices with some built-in intelligent feature. This allows for them to conveniently access to vast amounts of information including multimedia services in real time from the comfort of their homes e.g. payTV and interactive TV, streaming audiovisuals, video conferencing and video phones, interactive gaming and online merchandising. With this vast amount of multimedia content being distributed in the environment, there is a need to provide protection for the content from piracy and illegal duplication, which is an important security issue if the UE is to gain popularity and widespread usage. One method to provide content protection and tracing of illegal duplications is using buyer-seller watermarking protocols. In particular, owner-specific marks are embedded into the content to allow content protection and buyer-specific marks are embedded to trace illegal duplications. Two such protocols were independently proposed by Chang and Chung, and Cheung et al., at ICCT 2003 and HICSS 2004, respectively. We show that both the seller's and buyer's rights are not protected in both protocols and therefore the protocols fail to provide even the most basic security requirement of buyer-seller protocols. It is important that these protocols not be deployed for securing UE, but to undergo redesign and thorough security analysis before being reconsidered.