Commutative Watermarking-Encryption of Audio Data with Minimum Knowledge Verification

Advances in Multimedia, Mar 2017

We present a scheme for commutative watermarking-encryption (CWE) of audio data and demonstrate its robustness against an important class of attacks, Time-Scale Modifications (TSM). In addition, we show how the proposed CWE scheme can be integrated into a cryptographic protocol enabling public verification of the embedded mark without disclosing the mark or the watermarking key used for embedding.

Article PDF cannot be displayed. You can download it here:

http://downloads.hindawi.com/journals/am/2017/5879257.pdf

Commutative Watermarking-Encryption of Audio Data with Minimum Knowledge Verification

Hindawi Advances in Multimedia Volume 2017, Article ID 5879257, 10 pages https://doi.org/10.1155/2017/5879257 Research Article Commutative Watermarking-Encryption of Audio Data with Minimum Knowledge Verification Roland Schmitz and Jan Gruber Stuttgart Media University, Nobelstrasse 10, 70569 Stuttgart, Germany Correspondence should be addressed to Roland Schmitz; Received 30 September 2016; Accepted 20 February 2017; Published 20 March 2017 Academic Editor: Akram M. Z. M. Khedher Copyright Β© 2017 Roland Schmitz and Jan Gruber. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. We present a scheme for commutative watermarking-encryption (CWE) of audio data and demonstrate its robustness against an important class of attacks, Time-Scale Modifications (TSM). In addition, we show how the proposed CWE scheme can be integrated into a cryptographic protocol enabling public verification of the embedded mark without disclosing the mark or the watermarking key used for embedding. 1. Introduction Commutative watermarking-encryption (CWE) means the combination of watermarking and encryption in such a way that the encryption and watermarking functions commute; that is, Mπ‘ŠπΎ (E𝐾 (𝑂) , π‘š) = E𝐾 (Mπ‘ŠπΎ (𝑂, π‘š)) , (1) where E is the encryption function, 𝐾 is the encryption key, π‘ŠπΎ is the watermarking key, 𝑂 is the cleartext media data, and π‘š is the mark to be embedded. If encryption and watermarking do commute, their combination can serve as an important building block within a Digital Rights Management (DRM) System, as detailed further in Section 2. In the present paper, an existing CWE concept for still images [1] is extended to audio files. To the best of our knowledge, this is the first CWE scheme for audio files to appear in the literature. In addition, we show that the presented CWE scheme can be integrated into a modified version of a protocol due to Craver and Katzenbeisser [2], enabling zero-knowledge verification of the watermark, meaning a verifier can verify the presence of a watermark without disclosure of the mark M or the watermarking key π‘ŠπΎ . The rest of the paper is organized as follows: in Section 2, we motivate the need for CWE schemes and identify some basic requirements. In Section 3, we shortly review existing CWE schemes for still images and encryption/watermarking techniques for audio files, with a special emphasis on those algorithms using similar techniques as in our approach. In Section 4, we present our CWE scheme in detail. Section 5 provides experimental results on the robustness and fidelity of the watermarking part. Section 6 presents the integration of the CWE scheme into a zero-knowledge protocol for verifying the mark, and Section 7 concludes the paper. 2. Motivation for CWE The concept of commutative watermarking-encryption (CWE) was first discussed in [3] with a special emphasis on watermarking in the encrypted domain. From the left-hand side of (1) it is clear that the watermarking function M must be able to act in the encrypted domain, which means that only a limited set of audiovisual features (if any) is available to the embedder and can be used to embed the mark. 2.1. Dispute Resolve Protocols. The prime motivation to look at CWE schemes originates from the need to implement socalled Dispute Resolve Protocols, where a rights owner 𝑅 provides a digital media object 𝑂 to a distributor 𝐷, who in turn sells 𝑂 to some customer 𝐢. In this scenario, a number of attacks are possible, most importantly the case where 𝐢 sells a copy of 𝑂 in his own right. In particular, if such a 2 Advances in Multimedia copy is detected, the Dispute Resolve Protocol must be able to identify 𝑅 as the rightful owner of 𝑂 and to identify 𝐢 as the offending party. An obvious solution is that 𝑅 embeds a watermark identifying 𝑅 as the rightful owner into 𝑂 and provides the marked object 𝑂 to 𝐷. The distributor 𝐷 in turn marks 𝑂 for each customer 𝐢 with an additional watermark uniquely identifying 𝐢. Unfortunately, in this scenario the distributor 𝐷 is able to generate 𝑛 identical copies of 𝑂 and sell them to 𝑛 customers 𝐢𝑖 . If these copies are marked with the identifier of some specific customer 𝐢, the distributor 𝐷 can repudiate having generated the copies and the customer 𝐢 could be held responsible for the offence of 𝐷. The basic problem here is that 𝐷 has access to the marked object 𝑂 in plaintext. If a CWE scheme is available, however, the following protocol between a generic seller 𝑆 and a generic buyer 𝐡 becomes possible, as proposed in [4]: (1) 𝑆 encrypts 𝑂 with her symmetric key 𝐾𝑆 . The result is 𝐢 = E𝐾𝑆 (𝑂). (2) 𝑆 sends 𝐢 to 𝐡, together with an individual mark π‘šπ΅ that 𝐡 is to embed into 𝐢. (3) 𝐡 embeds π‘šπ΅ into 𝐢 and encrypts the result with his own key 𝐾𝐡 . The final result π‘ˆ = E𝐾𝐡 (M(𝐢, π‘šπ΅ )) is sent to 𝑆. (4) 𝑆 verifies that π‘ˆ contains π‘šπ΅ as watermark. If the verification is successful, 𝑆 removes her own encryption and sends the result 𝑉 = E𝐾𝐡 (M(𝑂, π‘šπ΅ )) back to the buyer. (5) 𝐡 removes his encryption from 𝑉 and is in possession of the individually marked object 𝑂 = (M(𝑂, π‘šπ΅ )). If the distributor 𝐷 takes the role of the seller in this protocol and the rightsholder 𝑅 performs the en- and decryption operations in steps (1) and (4), respectively, the problem mentioned above can be solved, if a CWE scheme for the media object 𝑂 is available. The need for a CWE scheme becomes obvious in steps (3) and (4), where an encrypted media object is watermarked and the presence of a watermark is verified in an encrypted object, respectively. Moreover, steps (3) and (4) call for a public key watermarking scheme, where there is a private embedding key and a public detection key, or an asymmetric scheme, where it is possible to verify the existence of a watermark without fully disclosing the embedding key or the watermark itself. 2.2. DRM Systems. In Digital Rights Management (DRM) Systems [5], encryption and watermarking are often combined in a natural way: the media data are transferred to a compliant media player in encrypted form, so that access to the plaintext data happens only under control of the compliant player. In addition, watermarks are embedded into the media data to have an additional layer of protection which is present even after the data have been decrypted. These watermarks can be used to claim copyright, enforce copying restrictions, or track illegal copies offered on the Internet. If a CWE scheme is used, compliant media players have the opportunity to detect and insert watermarks even in encrypted data. More generally, it should be possible to protect multimedia data throughout the distribution chain in a flexible way by allowing the encryption and watermarking operations to commute [6]. 2.3. Searching in Encrypted Databases. With the advent of cloud computing, new security challenges h (...truncated)


This is a preview of a remote PDF: http://downloads.hindawi.com/journals/am/2017/5879257.pdf
Article home page: https://www.hindawi.com/journals/am/2017/5879257/

Roland Schmitz, Jan Gruber. Commutative Watermarking-Encryption of Audio Data with Minimum Knowledge Verification, Advances in Multimedia, 2017, 2017, DOI: 10.1155/2017/5879257