Vbswp-CeaH: Vigorous Buyer-Seller Watermarking Protocol without Trusted Certificate Authority for Copyright Protection in Cloud Environment through Additive Homomorphism

Abstract

Cloud-based storage ensures the secure dissemination of media. Authentication and integrity are important aspects in the distribution of digital media. Encryption-based techniques shelter this media between the communicating parties which are involved in a transaction. The challenge is how to restrict the digital media which is illegally redistributed by the authorized users. However, the digital watermarking technique and encryption-based methods are also not sufficient enough to provide copyright protection. The watermarking protocol is used to provide intellectual property for the customer and the service provider. This research paper provides a vigorous buyer-seller watermarking protocol without trusted certificate authority for copyright protection in the cloud environment. This research work uses the cloud environment which enables the cloud as a service infrastructural provider for storing credentials such as public and private secret keys and the digital certificates of interacting parties. The scheme uses additive homomorphism encryption with an effective key exchange algorithm for exchanging digital media. This proposed approach addresses the problems of anonymity and copy deterrence and protects the digital rights of the buyer and seller; these most up-to-date issues are related to information security. Furthermore, the experiment results conclude that the proposed protocol is flexible and secure even in a non-secure communication channel. We have used performance measures such as PSNR, NCC and cost in time methods for checking the integrity of the proposed protocol. The conducted experiments show a stronger robustness and high imperceptibility for the watermark and watermarked images.

1. Introduction

Interactive media can be easily stored, distributed and replicated in a digital form, enabling the illegal copying and distribution of digital products [1]. A BSWP integrates watermarking, cryptography and digital signatures to ensure copyright protection [2]. The BSWP basically comes from the field of digital watermarking [3]. Cloud computing is becoming the emerging cutting-edge technology nowadays to provide the secure distribution of data among participants [4]. The issue of customer rights is a problem when duplicate copies of content are found. There have been numerous BSWPs published in the past which use cryptography techniques [5,6,7]. The previous published BSWP does not use an efficient cloud-based environment for storing the credentials of interacting parties (buyer and seller) or watermarks [8,9,10,11]. These existing protocols are not fair for customers and owners. In Salim et al.’s scheme, a visual technique was used to protect the privacy and secrecy of digital media by identifying and localizing forgeries. They used SIPI datasets for checking the authenticity and performance of the scheme [12]. Pavlović proposed a robust scheme by making use of a jointly trained embedder/detector based on a deep neural network [13]. The embedder is responsible for obtaining imperceptible watermarks, whereas the detector ensures errorless watermark detection. The authors claim that the method achieves high robustness against attacks. Namita et al. proposed a scheme by integrating DCT with a genetic algorithm to achieve highly imperceptible and robust watermarked images [14]. Watermarking methods are used to conceal images and embed this information to the receiver with low distortion. The classification of watermarking, functions, benchmarks and measurements are discussed by Wang and Huang in their research [15,16].

The prime goal of this work is to achieve conceptual modelling for a buyer-seller watermarking protocol. The proposed work is the extension of our previous work [17]. The spatial domain and frequency domain techniques give a better robustness and imperceptibility. Cloud services provide great computation and the secure transmission of digital data. To achieve robustness and fair watermarking, a watermarking system should have requirements such as Kerckhoff’s principle, capacity, durability and perceptual quality.

The key goals of our research motivation are given below:

• The protocol is able to address the existing problems associated with the BSWP without making use of a third party; instead, the protocol uses cloud capabilities.
• The proposed protocol shifts all the watermarking process on to the cloud, eliminating the role of a TTP.

This research article is structured as follows. Section 1 represents digital watermarking along with cloud computing technologies. Section 2 reviews the conventional BSWP. In Section 3, the various requirements of the proposed Vbswp-CeaH in the cloud environment are shown. Section 4 shows the proposed Vbswp-CeaH with a focus on copyright protection in the cloud environment without trusted certificate authority. Section 5 discusses the experimental setup of Vbswp-CeaH in the cloud environment, then analyzes the performance of the Vbswp-CeaH. Finally, Section 6 concludes the research paper.

2. Reviewing the Conventional BSWP

The process of a BSWP is described as follows. First, the buyer requests a valid watermark from the WCA. Second, the generated watermark for the buyer returns. Third, the buyer sends the purchase order to the seller. Last, the seller delivers the digital content back to the buyer. Zhang et al. proposed a robust deep hiding technique for blind watermarking in 2021. Their approach uses a disentangling forward and backward propagation deep learning approach for an attack simulation layer (ASL) to support data hiding. The authors claim that the proposed approach achieves good performance by adopting a standard ASL inspired by a forward ASL, which is a simple effective method to improve the deep watermarking process [18]. Li et al. proposed that secure watermarking depends on a generative model for concealed attacks. In their approach, the authors use generative networks which consist of an encoder–decoder framework to achieve imperceptibility in the produced digital content. In Pan et al.’s research, a new aggregation function that is named a Network Architecture Probabilistic Aggregation is used to treat the network architectures as graphs [19]. Liu et al. provide a solution against an image encryption which depends on a discrete-time alternating quantum walk (AQW) along with the advanced encryption standard (AES) [20,21].

2.1. Sub-Protocols of Conventional BSWP

A conventional BSWP addresses issues such as copy detection, piracy tracing, man-in-the-middle attacks, customer digital rights and certificate authority issuing [22,23,24,25,26].

2.2. Different Attacks on Security of Conventional BSWP

An attack is any processing that impairs or misleads the watermark detector. Attacks are divided mainly into three parts: attacks on buyer security, attacks on seller security, and attacks on watermarks. The performance of a watermarking algorithm against these attacks reflects its quality.

2.3. Significance and Motivation

The significance of this research work is to provide a solution without using a trusted third party. The motivation of this research work is to eliminate the role of a trusted third party so that the proposed BSWP with the cloud environment can achieve high flexibility and become light-weighted.

2.4. Security and Usability

To ensure adequate security in a BSWP, the digital media should be encrypted before distribution and uploaded into the cloud in an encrypted manner. The proposed algorithm ensures that only the digital media owner can grant and decrypt the media; no one else can do it. The goal of the proposed algorithm is to prevent the identification of the users without affecting the usability of the compromised digital media.

2.5. Motivation and Contribution

The main contribution of this research work is to provide an effective solution for buyers and sellers to securely exchange digital media without trusted certificate authority in the cloud environment through additive homomorphism. The following are key contributions:

(1)

The cloud service provider eliminates the role of trusted certificate authority.

(2)

The scheme provides sheltered dealing of digital content over the cloud.

(3)

The scheme uses a fingerprinting-based watermarking method to ensure digital rights.

(4)

This is a new technique to address the security gaps in the existing watermarking system.

3. Requirements of Proposed Vbswp-CeaH in the Cloud Environment

The proposed Vbswp-CeaH requires a secure fragile image watermarking scheme, an effective key exchange watermarking scheme and additive homomorphism encryption. This work is the extension of the previous research [17]. The proposed approach uses a fragile watermarking and additive homomorphism encryption-based method to achieve an encrypted domain.

Additive Homomorphism Encryption in the Cloud Environment

There was additive homomorphism encryption in the cloud environment in 1978 [26,27,28]. Hussain et al. provided a solution for the efficient resource utilization of IoT networks [29,30]. Our scheme adopts additive homomorphism encryption and an efficient key exchange algorithm. The reason to choose additive homomorphic encryption over multiplicative homomorphism encryption is as follows. In the case of multiplicative homomorphism with a small change in plaintext space, it creates a huge difference in ciphertext space. So, to avoid it, we used an addition operation instead of a multiplication operation. The second advantage of an additive homomorphic is that we can store encrypted data in the cloud and perform transforms on it without decrypting it. The following steps are required to achieve secure encryption using additive homomorphism:

• Step (1) Select two global public elements $\mathrm{𝕢}$ and $\alpha$ where $\mathrm{𝕢}$ is a prime $( \alpha <\mathrm{𝕢} )$ and $\alpha$ is a primitive root of $\mathrm{𝕢}$.
• Step (2) Buyer $B$ key generation takes place as follows.

• Select a private key $PR{k}_B$ where $PR{k}_B<\mathrm{𝕢}$.
• Calculate the public key $PU{k}_B$ such that $PU{k}_B={\alpha }^{PR{k}_B}$ mod $\mathrm{𝕢}$

• Step (3) Content owner $CO$ key generation takes place as follows.

• Select a private key $PR{k}_{CO}$ where $PR{k}_{CO}<\mathrm{𝕢}$
• Calculate public key $PU{k}_{CO}$ such that $PU{k}_{CO}={\alpha }^{PR{k}_{CO}}$ mod $\mathrm{𝕢}$

• Step (4) Buyer $B$ calculates the secret key.

• $K={\left(PU{k}_{CO}\right)}^{PR{k}_B}{}^{ }$ mod $\mathrm{𝕢}$

• Step (5) Content owner $CO$ calculates the secret key.

• $K={\left(PU{k}_B\right)}^{PR{k}_{CO}}{}^{ }$ mod $\mathrm{𝕢}$

• Step (6) Feed this secret key $K$ into the additive homomorphism encryption function.

• $D_K(E_K\left(n\right)\times (E_K\left(m\right))=n\times m OR Enc \left(x\otimes y\right)=Enc\left(x\right)\otimes Enc{\left(y\right)}^{ }$
• $D_L(E_L\left(n\right)\times (E_L\left(m\right))=n+m OR Enc \left(x\oplus y\right)=Enc\left(x\right)\oplus Enc{\left(y\right)}^{ }$

where $E_K$ and $D_K$ are the encryption and decryption algorithm, respectively, with key $K$.

In this paragraph, the various challenges and design choices for the proposed Vbswp-CeaH are given, such as the cloud service provider eliminating the role of the trusted certificate authority. The scheme provides the sheltered dealing of digital content over the cloud. The scheme uses a fingerprinting-based watermarking method which has negotiation mechanisms, and a single watermark insertion is used to ensure digital rights. A new technique to address the security gaps in the existing watermarking system is used. The conventional BSWP addresses issues such as copy detection, piracy tracing, man-in-the-middle attacks, customer digital rights and certificate authority issuing problems without using the cloud environment.

4. Proposed Vbswp-CeaH for Copyright Protection

In this section, a BSWP without trusted certificate authority through additive homomorphism is presented. The proposed protocol does not use a trusted third party; instead, it uses the cloud environment for providing secure communication between buyers and sellers, hence ensuring copyright protection. Before outsourcing digital media, it is encrypted using secure additive homomorphism encryption. The protocol uses different services of the cloud environment to eliminate the need for a TTP. The protocol uses Identity as a service (IdaaS) which provides credentials such as public and private secret keys, watermarks and digital certificates. The watermarking embedding process takes place in a secure way because it uses robust watermarking techniques along with PCA, SVD and DWT. The integration of two domains’ cloud and image processing enhances the participants’ security against various types of attacks which leads to a better performance. The use of the cloud as a repository to store image data allows users to upload images in enormous quantities and of varying sizes. This protocol provides an encrypted domain using the cloud environment without trusted certificate authority for copyright protection. The role of the cloud is vital in our proposed scheme because it reduces communication overheads, saves storage and increases the watermark embedding process i.e., the watermarking bit rate. More specifically, the following research questions are addressed by the protocol. This reported research is an extension of our previous study [17,23,31].

• Why is the Watermark Certificate Authority (WCA) always considered as the TTP?
• Is the protocol still vulnerable to any kind of attack?
• How does replacing the WCA with a content service provider (CSP) make the protocol fast and efficient?

Figure 1 illustrates the framework of the Vbswp-CeaH. The authors have used public cloud and cloud instances for carrying out sessions between the buyer and seller. Only watermarked digital content is encrypted on the cloud [32]. We further improved our previous [31] scheme to achieve higher imperceptible images along with Zhang et al. [33].

Figure 2 shows the watermarking scheme applied in the proposed protocol. The watermark can be detected by applying the reverse process of the algorithm. To achieve a fair watermarking scheme, the watermarked bits are embedded using DWT and PCA techniques so that the watermarks can resist against any type of image processing attacks. The cloud computing environment provides a way to restrict the involvement of buyers and sellers to obtain encrypted watermarks. The general process of watermarking is given by [34]. Some previous studies address the problems associated with effective digital watermarking [35,36,37].

$$DM=\left\{\begin{array}{c}D{M}_{ }{}_1\\ D{M}_{ }{}_2\\ D{M}_{ }{}_3\\ .\\ .\\ .\\ .\\ D{M}_{ }{}_{\mathrm{n}}\end{array}\right\} W=\left\{\begin{array}{c}{W}_1\\ W_2\\ W_3\\ .\\ .\\ .\\ .\\ W_n)\end{array}\right\}$$

(1)

$$XDM=\left\{\begin{array}{c}{W}_1\otimes D{M}_1\\ W_2\otimes D{M}_2\\ W_3\otimes D{M}_3\\ .\\ .\\ .\\ W_n\otimes D{M}_n\\ W_{n+1}\otimes D{M}_{n+1}\\ \end{array}\right\}$$

(2)

where $\otimes$ represents the watermarking embedding function. Equations (2) and (3) show the watermarking system.

$$En{c}^N{}_{pk}\left(XDM\right)=En{c}^N{}_{pk}\left\{\begin{array}{c}{W}_1\otimes D{M}_1\\ W_2\otimes D{M}_2\\ W_3\otimes D{M}_3\\ .\\ .\\ .\\ W_n\otimes D{M}_n\\ W_{n+1}\otimes D{M}_{n+1}\\ \end{array}\right\}$$

(3)

The encryption system $En{c}^N$ is additive homomorphism.

4.1. Registration Process

Before the start of a transaction, each party has to execute the registration process for communication by using a pair of keys $({PRU}_B, {PKR}_B)$ and a digital certificate $D{S}_{{UCert}_B}=E\left(P{R}_{CSP}\left({ID}_{CP},t,X,W,DM\right)\right)$.

Table 1. The interaction of buyer and certificate authority.

Buyer B	Certificate Authority CA
B →	: Buyer wants to purchase a digital media.
B→ CA	: M1 = { Request|| IDCO || CertB}
CA→ B	: $En{c}^N\left\{P{R}_{CA}{\left({ID}_{CO},t_1,N_{ },W,P{U}_{B,}Cer{t}_B\right)}_{ }\right\}$
B→ CO	: M2 = { $N_2$|| IDCO || CertB}
CO→ B	$:En{c}^N\left[P{R}_{CO}({ID}_{CO},t_2,N_{ },W,P{U}_{CO,}Cer{t}_{CO}) \right]$
B→ CO	: M3 = { Request for Digital Media DM}
CA→	: KeyDH-SHA512(SkCA), $\left({Rpk}_B,{Rsk}_B\right)$ $N{,}_{ }$ ${{Enc}^N}_{{PR}_B}$(${Enc}^N{}_{P{R}_{CA}}\left(DM\right))$
CA→ B	: M4 = {${ID}_{DM}, {Sk}_B$}
CA→ CO	: M5 = { ${ID}_{DM}, P{k}_B$,$P{U}_{CO,} S{k}_{CO}$,$E_{P{R}_{CA}}$,$E_{P{R}_{CA}}\left(DM\right)$}
CA→ B	$:D{S}_{{UCert}_B}=E\left(P{R}_{CA}\left({ID}_{CP},t,X,W,DM\right)\right)$

shows the complete process of registration.

4.2. Algorithm for Secure Watermark Embedding

The Algorithm 1 takes the cover image Cimage and original watermark Woriginal as inputs and performs watermarking embedding for copyright protection. In the below algorithm, the watermarked image C’image is generated by additive homeomorphism encryption Φ2←Φ1 × Φ1 along with the generation of Woriginal by an arbitrary generator which belongs to the Φ1 group, and the hash function.

Algorithm 1: Algorithm for Secure Watermark Embedding.

Input: Cimage, Woriginal (cover image, watermark, t, X, DM) Output: C’image, Pubkey (watermarked image, PUkey) begin           Cimage → (Woriginal, ∞, Sekey, Oimg)           Cimage→(Pubkey, ∞)           Ccloud_env → C’image, (Athkey)PUk           if C’image, = Cimage + Woriginal × PUkey                           ∞→ Embding Bits + Woriginal                           $P{R}_{CSP}$→Diffn(C’image - Cimage)               DS→ $E\left(P{R}_{CSP}\left(I{D}_{CP} ,t,X,W,DM\right)\right)$               PUkey (DS)= C’image, Pubkey             end If end

4.3. Algorithm for Watermark Extraction and Authentication

This watermark extraction is used to identify pirated media of the watermarked content. The importance of this Algorithm 2 is to prove the authentication of all users in order to prove copyright protection.

Algorithm 2: Algorithm for Watermark Extraction and Authentication.

Input: C’image, PRkey (watermarked image, private key) Output: Cimage, W’ (extracted watermark, cover image)   begin           if (W’recovered) == (Woriginal)             ∞ → $E\left(P{R}_{CSP}\left({ID}_{CP},t,X,W,DM\right)\right)$           DS → C’image, Pubkey                 if |C’image − Cimage| <45 db                     Resulted watermarked image is considered                       if DS = Extracted DS                         W’original, ∞, Sekey, Oimg → Cimage                           C’image, (Athkey)PUk →Ccloud_env                         end if                   end if                 end if     end

The above algorithm is used to identify the illegal distribution of digital media. Whenever there is a need to find out the true owner of the content, this algorithm is executed multiple times for extracting watermarks from the cover images.

5. Results and Discussion Section

5.1. Experimental Setup of Vbswp-CeaH in the Cloud Environment

The Vbswp-CeaH in the cloud environment was implemented in a MATLAB 2020a environment with a HP LAPTOP 14S-DQ2XXX 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz 2.40 GHz and 8.00 GB RAM. We used a standard dataset available at http://sipi.usc.edu/database (accessed on 17 May 2022). The existing BSWP uses Cox et al.’s [38] method to gain robust watermarking. The efficiency of the protocol was analyzed based on performance measures such as imperceptibility, robustness and cost. For checking the authenticity of the watermarking technique on the suggested protocol, we applied salt and pepper and speckle noise of a variable density to the covered images and watermarked, respectively.

Table 2. The PSNR (in dB) values for the proposed Vbswp-CeaH protocol.

		Speckle Attack			Salt and Pepper Attack
Watermarked Images	Original PSNR	0.04	0.06	0.08	0.04	0.06	0.08
“Peppers”	48.06	47.73	46.42	45.23	46.93	44.35	42.66
“House”	47.57	46.67	45.09	44.35	45.81	44.01	43.63
“Boat”	46.65	44.12	43.43	41.87	45.04	44.86	43.89
“Fishing Boat”	49.97	48.96	47.91	46.23	49.23	48.46	47.23

demonstrate the PSNR values of the obtained results. Figure 3 demonstrate original cover test images of size 512 × 512 used for experiment setup.

Figure 4a–c are the test watermark images used conducting the experiments of proposed vigorous buyer-seller watermarking protocol without trusted certificate authority for copyright protection in cloud environment through additive homomorphism. Figure 5 shows the various recovered watermarked images from the attacked images.

Figure 6 shows the various recovered watermarked images from the attacked images of Salt & pepper noise. In Figure 7, we show the PSNR values obtained from the simulation of the effective watermarking scheme in the cloud environment. We used geometric attacks on the covered and watermarked images with different density. The proposed scheme does not report any perceptual degradation on the watermarked images; the watermark is also still recoverable with good NCC values.

Figure 7 represent the PSNR values of the cover object against speckle noise with different noise density. These images show the relationship between the cover object and the noise.

5.2. Performance Analysis of Vbswp-CeaH in the Cloud Environment

In this section, the simulation result of the Vbswp-CeaH is shown. The efficiency of the protocol was analyzed using performance measures such as the No. of watermarked images embedded into the digital media and the time taken for embedding and extraction. The instances of cloud were used for carrying out sessions between buyers and sellers. These performance metrics affect the cost and bandwidth for every digital media content retrieved from the cloud in an encrypted domain [39].

Figure 8 represents the watermarked images in different environments such as cloud environment, client-side local computer and in hybrid cloud. We compared our proposed protocol with the traditional protocol, as depicted in

Table 3. Comparison of Vbswp-CeaH in cloud environment with previously published BSWPs [23,31,33,40,41,42,43,44,45,46].

S.N.	Conventional BSWP	Security Problems Solved by Vbswp-CeaH in Cloud Environment
		AP	NFP	NRP	CRP	TP	UP
1	Yu et al. (2012)	⨯	✔	✔	✔	✔	⨯
2	Shao (2007)	✔	✔	✔	⨯	⨯	Not Reported
3	Xie et al. (2012)	⨯	✔	✔	✔	✔	⨯
4	Kumar et al. (2017)	⨯	Not Reported	✔	⨯	✔	✔
5	Chang et al. (2010)	✔	✔	Not Reported	✔	✔	⨯
6	Kumar (2019)	⨯	✔	✔	⨯	Not Reported	Not Reported
7	Domingo-Ferrer and Megías (2013)	✔	✔	✔	Not Reported	⨯	Not Reported
8	Zhang et al. (2006)	Not Reported	✔	✔	⨯	✔	Not Reported
9	Frattolillo et al. (2016)	✔	✔	✔	⨯	✔	✔
10	Eslami et al. (2014)	✔	Not Reported	✔	⨯	✔	✔
11	Proposed Vbswp-CeaH in Cloud Environment	✔	✔	✔	✔	✔	✔

which shows a detailed comparison of Vbswp-CeaH in the cloud environment with conventional BSWP solutions. We tested performance against problems involving anonymity (AP), tamper detection (TD), non-framing (NFP), non-repudiation (NRP), customer rights (CRP), traceability (TP) and unbinding (UP).

6. Conclusions

In this paper, a cloud computing environment was used for the processing of watermarked images, storing them in an encrypted domain and preventing unauthorized access. This paper shows a new technique to address the security gaps in the existing watermarking system. The main contribution of this article is to ensure the safe transmission of data in the cloud environment, filter out fraudulent users and provide copyright protection for all parties involved in the transaction. The proposed protocol uses the cloud environment which enables a cloud-based watermarking scheme for ensuring robustness, imperceptibility and cost effective. By using the advantages of cloud computing such as the cloud as a service infrastructural provider for storing the credentials of buyers and sellers and the processing of the watermark generation and extraction and other services required for the interaction of buyers and sellers which makes the protocol efficient and secure. The enforcement of the protocol was evaluated, and extracted watermarks stand robustly against the attacks. The result show that the protocol achieves great computation power and secures storage in the cloud. In addition, researchers should focus on developing advanced methods such as IoT and blockchain-based authentication.