**Franco Frattolillo**

Department of Engineering, University of Sannio, Corso Garibaldi 107, 82100 Benevento, Italy; frattolillo@unisannio.it

Received: 27 September 2020; Accepted: 30 October 2020; Published: 2 November 2020

**Abstract:** Digital watermarking can be used to implement mechanisms aimed at protecting the copyright of digital content distributed on the Internet. Such mechanisms support copyright identification and content tracking by enabling content providers to embed perceptually invisible watermarks into the distributed copies of content. They are employed in conjunction with watermarking protocols, which define the schemes of the web transactions by which buyers can securely purchase protected digital content distributed by content providers. In this regard, the "buyer friendly" and "mediated" watermarking protocols can ensure both a correct content protection and an easy participation of buyers in the transactions by which to purchase the distributed content. They represent a valid alternative to the classic "buyer and seller" watermarking protocols documented in the literature. However, their protection schemes could be further improved and simplified. This paper presents a new watermarking protocol able to combine the "buyer friendly" and "mediated" design approach with the blockchain technology. The result is a secure protocol that can support a limited and balanced participation of both buyers and content providers in the purchase transactions of protected digital content. Moreover, the protocol can avoid the direct involvement of trusted third parties in the purchase transactions. This can reduce the actual risk that buyers or sellers can violate the protocol by illicitly interacting with trusted third parties. In fact, such peculiarities make the proposed protocol suited for the current web context.

**Keywords:** watermarking protocols; digital copyright protection; blockchain

### **1. Introduction**

Social networks and user-generated content platforms have turned common web users into actual producers of multimedia digital content. Such content can be easily duplicated without reducing their perceptual quality. They can be also maliciously modified and/or re-distributed, thus damaging the reputation of their legitimate owners, or revealing their private information, or causing economic loss. In addition, current mechanisms implemented to protect the copyright of multimedia digital content cannot adequately meet the protection requirements needed to solve piracy problems on the Internet.

One of the technologies proposed to protect the users' copyrights on their multimedia digital content is "digital watermarking" [1,2] used in conjunction with "watermarking protocols" [3–5].

Digital watermarking makes it possible to insert hidden information, such as, for example, a "fingerprint" [6–8], within any copy of content that has to be protected. Such information, called a "watermark", can be used to identify the user who possesses the content, and makes the copy of the content unique and personalized.

However, to combat the unauthorized sharing of multimedia digital content on the Internet, it is necessary to distribute the watermarked content according to specific interaction schemes defined by watermarking protocols. Thus, whenever a copy of watermarked content is found in a suspicious location, such as in file repositories shared by peer-to-peer applications, the embedded watermark can be used as a proof of ownership to establish who has initially obtained the copy and then illegally shared it on the Internet.

The most relevant watermarking protocols documented in the literature enable the implementation of mechanisms for copyright protection based on content tracking by fingerprinting [3–5,8,9]. They mainly involve two parties: the "buyer" and the "seller". The former wishes to get content from a web content provider, whereas the latter wishes to release it in a digitally protected form obtained by inserting a watermark. In particular, the early experiences also involve specific trusted third parties (TTPs), called "watermark certification authorities" (WCAs), whose main function is to guarantee the correct execution of the protocols [4,10–15]. However, the introduction of WCAs can reduce the security level of the protocols, since TTPs can give rise to potential collusive behaviors with buyers or sellers [2,16]. As a consequence, a number of watermarking protocols are based on "simplified" interaction schemes that do not exploit WCAs [17–21]. Such approaches appear to be more secure, but they turn out to be impracticable in the current web context, since they are characterized by interaction schemes that force buyers to perform complex security actions to complete content purchase transactions [22].

The watermarking protocols described in [22–24] attempt to overcome the drawbacks affecting previous solutions existing in the literature by proposing a new "buyer friendly" and "mediated" design approach. Such an approach reintroduces the TTP, but its role is carefully limited to a restricted part of the protocol, so as to enable a simplified participation of buyers in the content purchase transactions without reducing the security level of the protocol.

Although such experiences represent a good balance between security and easy participation of buyers in the protocol, further efforts are needed to simplify the interaction schemes of such watermarking protocols, so as to make them best suited to the current web context that does not like the presence of TTPs. In this regard, it is worth noting that blockchain technology has begun to be employed in the area of digital copyright protection [25–29]. In fact, blockchain belongs to the category of distributed ledger technologies that enable commercial or network transaction data to be recorded in cryptographic chained blocks by employing several security technologies, such as cryptographic hash, digital signature, and distributed consensus mechanism. When they are appended to a chain, blocks are timestamped and linked in a way that makes them resilient to modifications. Therefore, they are considered to be trusted for transactions among web entities, and can be verified in a decentralized way by exploiting multiple web nodes to form a consensus on whether a transaction is valid or not. In addition, blockchain supports the so-called "smart contracts", which represent a way to automatically execute the terms of an agreement reached between distinct web entities. More precisely, a smart contract encapsulates a number of preset rules in the form of code, and sets corresponding trigger events under specific conditions: when the conditions are met, the terms of the agreement are automatically executed without control from a central authority [26–31].

This paper presents a new watermarking protocol based on blockchain technology. The protocol is built on the experiences previously conducted with the protocols documented in [22–24], and follows the buyer friendly and mediated design approach. The main aim is to simplify the interaction scheme of the protocol by exploiting the blockchain technology, which makes it possible to better control the involvement of the TTP in the protocol. In fact, such an involvement has been further restricted in order to reduce the possibility of collusive actions from the TTP, making the developed protocol more secure and suited to the current web context.

The paper is organized as follows. Section 2 reports on related work. Section 3 introduces the main challenges faced in developing the proposed protocol. Section 4 reports the basics of the proposed protocol, whereas Section 5 describes the protocol in detail. Section 6 analyzes the proposed protocol. Section 7 focuses on the main implementation aspects of the watermarking protocol. The final remarks are in Section 8.

#### **2. Related Work**

Most of the watermarking protocols documented in the literature do not exploit blockchain technology, but they are based on the well-known "buyer and seller" protection schemes and their variants characterized by the absence of TTPs. They are widely described and discussed in [5,22–24]. Some of them also inspire the so-called DRM (digital rights management) systems, which are complex web platforms that adopt specific technologies and interaction schemes to enable the copyright protection of digital content on the Internet [32,33]. More precisely, DRM systems do not actually define watermarking protocols, but they still implement mechanisms by which to prevent the unauthorized use of protected digital content without payment. To achieve such a goal, DRM systems use technologies based on encryption and key management [34]. However, such technologies cannot inhibit legitimate users from illegally sharing their purchased content on the Internet.

To overcome the drawbacks reported above, a number of DRM systems implement protection schemes based on "trusted computing". They prevent the sharing of illegal keys and protected content by enabling the access to such content on the basis of the web users' biometric features [35,36]. In fact, such systems appear to be very promising, but they lack flexibility, since they need particular hardware, such as "trusted platform modules" (TPMs) or fingerprint recognizers, and cannot defend against specific attacks, such as screen recording or I/O monitoring.

The blockchain technology, in conjunction with digital watermarking, is employed in a number of DRM systems to provide some copyright management services, such as to keep track of possible and required content modifications, copyright transfers or other transaction trails related to the managed digital content [37–39]. In particular, digital watermarking is mainly used to provide content tracking by fingerprinting. However, such DRM systems do not implement protection schemes able to address the peculiar problems that affect watermarking protocols, such as the "customer's right problem" or the "unbinding problem" [4,11,22]. As a consequence, once content is downloaded and tampered, there is no legal way to prove the ownership of the content and to trace who should be responsible for copyright infringement. In fact, such considerations motivate the design of innovative watermarking protocols able to exploit the blockchain technology to overcome the limitations described above.

#### **3. Main Challenges**

One of the main challenges in designing watermarking protocols consists of accurately defining the role played by TTPs in the purchase transactions, since TTPs could collude with the other parties involved in the protocols [17,20,40] so as to impair them. In this regard, the best solution would be to totally eliminate TTPs from protocols. However, such a solution is not always possible, since protocols often need TTPs to validate specific data, or some phases of the protocol, or, for example, the plug-ins that have to be downloaded and installed in the buyers' web browsers to complete the purchase transactions [22,23]. Furthermore, when TTPs play a limited role in the protocols, buyers end up being forced to perform complex security actions to complete the purchase transactions, and this makes the protocols impractical for the web context [17–21,40–44].

The watermarking protocols presented in [22–24] do not completely eliminate the TTP, but they carefully exploit it without assigning it a central role in order to simplify the buyer participation in the protocols. In particular, the TTP participates only in the initial phase of the protocols and restricts its role to the generation of a number of tokens needed to unambiguously bind the chosen content to the buyer, the seller and the ongoing purchase transaction.

Although the role of the TTP is rather restricted in the protocols described in [22–24], it has to be further limited if the main goal is to develop an innovative watermarking protocol suited for the current web context. In this regard, blockchain technology represents a challenge to achieve such a goal. In fact, it can be exploited in the proposed protocol with the aim of securely tracking the purchase transactions in a public ledger that can be updated by automatically executing smart contracts without resorting to the control of a TTP [26–29]. Thus, the TTP involved in the proposed protocol can act as a simple and trusted web distributor of secure tokens needed to complete the purchase transactions of protected digital content. In fact, it is not a WCA, even though it has to behave as a TTP in the sense of a common certification authority (CA) [45–47].

The adoption of blockchain technology to strongly restrict the role of TTP makes it necessary to accurately design and code the smart contract that controls the execution of the proposed watermarking protocol and validates each purchase transaction. In fact, this represents a relevant practical challenge well documented in the literature, since the code that implements the contract, once it has been released, can no longer be modified or updated. Therefore, if the code of the contract is incorrect or gives rise to a problem during use, it ends up impairing the entire protocol [48].

#### **4. Basics of the Protocol**

The proposed watermarking protocol is based on a limited set of well-known security facilities: public key infrastructure (PKI), homomorphic cryptosystem [49], encrypted and signed tokens [4,5,22], and blind and readable watermarking scheme [1]. Furthermore, it exploits the public key and secure communication support implemented by the SSL/TLS protocol for all the messages exchanged among the web entities involved in the protocol [46].

In more detail, if a piece of content and a watermark can be described according to a block-wise representation in the form of *X* = {*x*1, *x*2,... *xl*} and *W* = {*w*1, *w*2,... *wl*} respectively, the watermark insertion adopted by the proposed protocol, denoted as ⊕, results in the following expression:

$$X \oplus W = \{ \mathfrak{x}\_1 \oplus \mathfrak{w}\_1, \mathfrak{x}\_2 \oplus \mathfrak{w}\_2, \dots, \mathfrak{x}\_l \oplus \mathfrak{w}\_l \} = \bar{X}\_l$$

since such an insertion is assumed to be based on linear watermarks [1,10,17,50]. Furthermore, if *<sup>X</sup>* <sup>=</sup> {*x*1, *<sup>x</sup>*<sup>2</sup> ... *xl*} is a digital content, its encryption by means of the function <sup>E</sup> results in the following expression:

$$\mathbb{E}\_{pk}(X) = \mathbb{E}\_{pk}(\mathbf{x}\_1, \mathbf{x}\_2 \dots \mathbf{x}\_l) = (\mathbb{E}\_{pk}(\mathbf{x}\_1), \mathbb{E}\_{pk}(\mathbf{x}\_2) \dots \mathbb{E}\_{pk}(\mathbf{x}\_l))$$

since E is assumed to be a block-wise function [10,50].

Finally, the encryption function E is assumed to be "homomorphic" with respect to the watermark insertion. This means that any linear watermark can be embedded directly into the encrypted domain according to the following expression [10,50]:

$$\mathbb{E}\_{pk}(X \oplus \mathcal{W}) = \mathbb{E}\_{pk}(X) \oplus \mathbb{E}\_{pk}(\mathcal{W}) = \mathbb{E}\_{pk}(\mathcal{X})$$

In fact, a cryptosystem <sup>E</sup> is homomorphic with respect to an operation if

$$\mathbb{E}\_{pk}(m\_1 \odot m\_2) = \mathbb{E}\_{pk}(m\_1) \odot \mathbb{E}\_{pk}(m\_2)$$

for any two plain messages *m*<sup>1</sup> and *m*<sup>2</sup> [49]. As a consequence, homomorphic encryption makes it possible to perform operations by directly working on encrypted data.
