Journal of Network and Computer Applications 75 (2016) 317–334

Contents lists available at ScienceDirect

Journal of Network and Computer Applications

journal homepage: www.elsevier.com/locate/jnca

Review

Buyer seller watermarking protocols issues and challenges – A survey

Abid Khan a, Farhana Jabeen a,n, Farah Naz a, Sabah Suhail a, Mansoor Ahmed a,
Sarfraz Nawaz b
a
COMSATS Institute of Science and Technology Islamabad, Pakistan
b
Computer Laboratory, University of Cambridge, Cambridge, United Kingdom

art ic l e i nf o a b s t r a c t

Article history: Advancements in computing and networking technologies have opened gateways for the content owners
Received 7 March 2016 to produce and distribute their digital contents (e.g., audio/video/images) in a convenient and affordable
Received in revised form manner. Despite all the advantages promised by the advancement in digital technology and widespread
26 July 2016
use of Internet, piracy of content is still big concern. Digital content can be easily copied without any
Accepted 29 August 2016
Available online 7 September 2016
quality loss. Content creators and owners are concerned about the consequences of illegal copying and
distribution on a massive scale like loss of capital. As digital data can be duplicated and edited with great
Keywords: ease, this has led to Digital Rights Management (DRM) systems that can address the issues related to
Trust privacy and security of the digital contents. Digital watermarking is a promising technology employed by
Security
various DRM systems to achieve rights management. Buyer-Seller Watermarking (BSW) protocol in-
Privacy
tegrates encryption, with digital watermarking and other techniques to ensure rights protection & se-
E-commerce
Watermarking curity for seller as well as the buyer of the digital content. BSW protocols support copyright protection,
Fingerprinting piracy tracing, and privacy protection. Various approaches have been proposed for BSW protocols. In this
Buyer-seller watermarking context, the main contributions of this paper to the literature on BSW protocols are threefold: (i) it
identifies the challenges in designing a BSW protocol; (ii) provides the taxonomy of existing approaches;
and (iii) describes the strengths and weaknesses of the presented approaches by comparison and some
open issues are highlighted.
& 2016 Elsevier Ltd. All rights reserved.

Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
1.1. Organization of the paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
2. Security and performance challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
2.1. Security challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
2.2. Performance challenges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
3. Buyer seller watermarking schemes taxonomy and review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
3.1. Symmetric approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
3.1.1. ZKP with trusted WCA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
3.1.2. Others. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
3.2. Asymmetric non-homomorphic approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
3.2.1. Trusted WCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
3.2.2. No TTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
3.2.3. Others. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
3.3. Asymmetric additive homomorphic approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
3.3.1. ZKP with trusted WCA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
3.3.2. ZKP without trusted WCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

n
Corresponding author.
E-mail addresses: abidkhan@comsats.edu.pk (A. Khan),
farhanakhan@comsats.edu.pk (F. Jabeen), sabahsuhail@comsats.edu.pk (S. Suhail),
mansoorahmad@comsats.edu.pk (M. Ahmed),
sarfraz.nawaz@cl.cam.ac.uk (S. Nawaz).

http://dx.doi.org/10.1016/j.jnca.2016.08.026
1084-8045/& 2016 Elsevier Ltd. All rights reserved.
318 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334

3.3.3. Trusted WCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

3.3.4. No TTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
3.3.5. Others. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
3.4. Asymmetric multiplicative homomorphic approaches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
3.4.1. ZKP with trusted WCA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
3.4.2. No TTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
3.4.3. Semi-trusted third party . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
3.5. Hybrid approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
3.5.1. Trusted WCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
4. BSW evaluation framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
4.1. Discussion on security metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
4.1.1. Traceability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
4.1.2. Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
4.1.3. Dispute resolution, non-repudiation, unlinkability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
4.2. Discussion on scalability, efficiency and robustness of BSW protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
4.2.1. Scalability (SC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
4.2.2. Efficiency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
4.2.3. Robustness (RB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
5. BSW protocols evolution timeline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
6. Open issues and future research. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
7. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

1. Introduction files was over 40 billion (Kennedy, 2009) in 2008. Moreover, in

Over the last two decades the pace of technological changes in
digital and high-speed communication technologies opened up
new ways for the distribution of digital contents (audio/video/
images). Internet computing is the basis of all large-scale dis-
tributed paradigms. The continuous development of Internet and
the construction of new peer-to-peer (P2P), Grid, and Cloud (Furht
and Escalante, 2010) computing infrastructures are improving the
opportunities for e-businesses. These technologies allow people to
buy and sell digital content from each other with great ease. There
is an increase in the number of consumers shopping online.
A significant portion of peer-to-peer (P2P) file sharing, how-
ever, is without permission of the copyright owner and thus ille-
gal. According to the recent survey by Chiang et. al. in 2007
(Chiang and Assane, 2002), on investigating US college students’
file sharing and music consumption behavior, 83% of the students
revealed that cost is a major factor in influencing their file sharing
behavior. While about half of the students (i.e., 53%) indicated that
time is a major factor. Advancement in digital and communication
technologies, while of great potential, have caused piracy (the il-
legal sharing of digital media) to become a much more serious
concern. A major challenge for digital media distribution is the
possibility of unlimited consecutive copying without the consent
of content owner, which threatens intellectual property rights.
Apart from the technical difficulties, cultural issues play a vital role
in creating hurdles to discourage digital piracy. Cultural differences
influence not only the social behaviors but also how we view so-
cial behavior. The most important cultural difference is the dif-
ference between individualism and collectivism (Triandis, 1994).
According to Donalson, Asian people have a collectivistic culture;
their ethical norms put emphasis on the fact that individuals
should share with society what they created (Husted, 2000).
Asians consider copyright as a western concept, which is created
“to preserve a monopoly over the distribution and production of
knowledge and knowledge-based products” (Swinyard et al.,
1990). According to figures from the music trade body Interna-
tional Federation of the Phonographic Industry (IFPI), global re-
corded music sales went down 15.4% in 2008 (Adegoke, 2009).
Moreover, IFPI estimated from the studies in sixteen countries
over the period of four years, that the number of illegally shared
France about 13.7 million films were distributed on P2P networks
in May 2008, compared to 12.2 million cinema tickets sold. In
addition, about 1.6 billion songs were downloaded illegally in
Spain in 2008, compared to two million legal downloads (Ken-
nedy, 2009). Recently efforts have been made nationally and in-
ternationally to bring copyright laws up- to-date and to crim-
inalize the avoidance of Digital Rights Management (DRM) (W. I. P.
Organization, 2014). According to the recent survey (Karaganis,
2013) on practices regarding copying and downloading, and public
sentiments regarding punishment in the United States (US) and
Germany, nearly half of the population (45% of US citizens and 46%
of German citizens) are actively involved in piracy. The percentage
increases significantly (i.e., 70%) among the young generation of
18–19 years old. 59% of Germans support penalties, while 52% of
US citizens back punishments for file sharers. In US, 37% of
younger demographic support penalties, while 56% of Germans
support penalties. Majority (i.e., about 75%) of the younger de-
mographics support the practice of sharing with friends as rea-
sonable. In US support for penalties is lower (i.e., 53% oppose
penalties) among the younger demographics as compared to
German young generation (56% support the penalties). In both
countries majority support that penalty should be limited to
warnings and fines.
As digital data can be duplicated and edited with great ease,
this has led to DRM systems (Jonker and Mauw, 2004; Taban et al.,
2006). A DRM system has to provide sufficient support for pro-
tecting the activities including content protection and rights
management of purchasing, consuming, editing, storing, and dis-
tributing digital content. Existing DRM systems incorporate many
different mechanisms, such as encryption, watermarking, and di-
gital fingerprinting, to address the privacy and security issues re-
lated to the digital content.
Cryptography is a digital content protection technique against
piracy (Liu and Li, 2004), which encrypts the digital content to
protect the content from the attackers. Cryptography addresses
network security issues by ensuring confidentiality, authenticity
and integrity (e.g., authenticity is ensured with public key cryp-
tography; integrity with digital signatures and hashing; and con-
fidentiality with secret key cryptography) of digital content
transmitted through a shared medium (Kessler, 2016). However,
 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
once the data is decrypted, it can be duplicated and distributed
illegally.
Digital watermarking (Cheng and Huang (2000)) is one of the
best solutions to prevent illegal copying, modifying and redis-
tributing multimedia data. Digital watermarking (Wang et al.,
2008) is a technique to embed copyright or other information
(such as related to the buyer or seller) into the underlying digital
content (Cox et al., 1997). For copy protection a watermark can be
inserted into digital content to indicate number of copies allowed.
Although it will help to detect illegal usage of the content, it is
unable to help in identifying the copyright violator. Fingerprinting
(Kundur et al., 2004) is a special application of watermarking in
which the embedded watermark is unique and thus can be asso-
ciated to a specific buyer. Fingerprinting can be used to trace the
illegal distributor of a digital content. Other than multimedia ob-
jects watermarking and fingerprinting techniques have been used
to protect the authenticity and ownership of a variety of other
digital objects including software (Collberg and Thomborson,
2002), databases (Halder et al., 2010), data collected by WSNs
nodes (Sultana et al., 2015; Ding et al., 2015) etc.
Whenever an illegal copy of digital content is found, the con-
tent owner can trace it back to the illegal distributor, by water-
mark detection algorithm. Unfortunately, digital fingerprinting
schemes assume that the content provider is honest and give
complete control of the fingerprinting process to them, resulting
in bias and unfairness with customers. The content provider with
malicious intentions can easily reproduce the pirated copies of
content by embedding customer fingerprint in pirated copies, as
he/she have information about the fingerprint inserted into cus-
tomer’s copy. This action of content provider can falsely accuse and
frame an innocent customer resulting in nullifying the objective of
fingerprinting itself. It can result in irresolvable dispute by al-
lowing the malicious customer to deny this unlawful act and claim
that the unauthorized copy originated from the content provider.
To the best of the author’s knowledge in the watermarking pro-
tocols for piracy tracing, the customer’s right problem was first
reported in (Qiao and Nahrstedt, 1998). However, the scheme
proposed in (Qiao and Nahrstedt, 1998) does not guarantee buyer’s
security. To address this problem, the first known Buyer-Seller
Watermarking (BSW) protocol (Memon and Wong, 2001) was
proposed by Memon and Wong, accommodating the rights of both
buyer and seller. Later on many improvements to this protocol
have been suggested in the literature. A buyer-seller watermarking
protocol combines encryption, digital watermarking, and other
techniques to ensure digital copyrights and privacy rights protec-
tion for both the buyer and the seller before, during, and after
e-commerce related activities. The underlying idea of a buyer-
seller watermarking protocol is to insert a unique mark besides the
fingerprint into the digital content such that both content provider
and customer have no full knowledge of it. Both buyer and seller
take part in the process of special mark generation and each
contributes a part of the watermark produced. Therefore, none of
them knows about the exact mark being inserted into the content.
Some BSW schemes support trusting a third party to settle the
matters between the two parties (buyer and seller) in case of
dispute. In many BSW schemes, a Watermark Certification Au-
thority (WCA) responsible for generating and verifying water-
marks does this. The situation gets really complex when buyer or
seller conspires with WCA accusing each other to gain personal
advantage.
In this state of affairs, if content owner, seller was to try and
seek guidance in the literature as to which, among proposed
buyer-seller watermarking solutions, would perform better in the
specific scenario, the absence of literature that surveys existing
work would act as major drawback in taking the right decision.
This survey on buyer-seller watermarking protocols intends to
319
provide a detailed discussion of existing techniques tailored to
address the customer’s right problem. To the best of our knowl-
edge, there is no comprehensive survey available focusing on se-
curity and performance challenges of BSW protocols. Specifically,
our contributions in this survey are (i) We provide a taxonomy of
the existing approaches for BSW protocols, which is based on
three important characteristics: encryption scheme used, water-
marking algorithm used and the trust model used (ii) Security and
performance requirements are identified and a comparative ana-
lysis of existing BSW protocols in terms of these requirements is
also provided (iii) We have also identified future trends and open
issues in the BSW protocols, which should be focused by the re-
search community.
1.1. Organization of the paper
The remainder of the paper is organized as follows: Section 2,
reviews the existing literature on the BSW protocols. It focuses on
three key aspects of the BSW schemes including: (1) trust model,
(ii) encryption scheme, and (iii) watermarking scheme used. Sec-
tion 3 highlights the security and performance challenges of
buyer-seller watermarking protocols and provides detailed com-
parison of the existing work based on the identified security and
performance metrics; and Section 4 provided a comparative ana-
lysis of BSW protocols. In Section 5, discussion on evolution of the
BSW protocols is provided; Section 6 describes the current re-
search trends and future work on this problem. Section 7, con-
cludes the paper.
2. Security and performance challenges
Design of BSW protocols clearly raises several research ques-
tions. Some of the basic security and performance challenges,
which are expected to be addressed by the BSW protocols em-
ploying buyer–seller water marking protocol are as follows:
2.1. Security challenges
In principle a BSW protocol should have the following security
properties (SP) (Bok-Min Goi et al., 2004; Lei et al., 2004; Choi
et al., 2003)

Traceability (SP1): A DRM system must allow tracing the mal-
icious buyer or copyright violator. A malicious buyer who has
obtained some digital content legally may redistribute the
content to gain personal profit without the consent of the ori-
ginal seller.

Non-framing (SP2): A DRM system should not allow falsely ac-
cusing a “honest buyer” of illegally redistributing a digital con-
tent. This property is directly related to the customer’s right
problem (Qiao and Nahrstedt, 1998), which lead to the intro-
duction of BSW protocols.

Non-repudiation(SP3): A malicious buyer who has illegally re-
distributed pirated copies should not be able to deny this fact.
This allows the seller (content owner) to prove the illegal action
of the buyer to a third party.

Dispute Resolution (SP4): The malicious buyer who has illegally
redistributed the digital content should be identified and ad-
judicated without him revealing his private information (e.g.,
private keys or secret watermark).

Anonymity (SP5): During the purchase of a digital content a
buyer’s identity or location may be revealed to an eavesdropper
or seller without his consent. In addition to the identity the
buyer may not want others to know about the type of content
320 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
purchased by him due to privacy. Any information that uniquely
identifies a buyer should not be revealed to a content provider
during the purchase of a digital content. To handle this problem
a buyer may interact with seller (content owner) using pseu-
donyms (Riedl et al., 2008).

Unlinkability (SP6): Colluding sellers may exchange information
about their buyers. The main objective of such collusion can be
monetary as well as to enhance their business intelligence al-
lowing them to build comprehensive profile of their buyers. A
DRM system should not allow the intruder to detect whether
the same buyer has bought the digital content.
2.2. Performance challenges
Performance plays a very important role in BSW protocols. It is
expected that while protecting a digital content and providing
customer right’s protection, performance should not degrade.
Here, we identify the performance related challenges in BSW
protocols.

Robustness: A watermark is an integral part of data and there-
fore, must persist even after signal processing and data ma-
nipulation. It should be robust to resist common signal ma-
nipulations such as compression, filtering, noise addition, de-
synchronization, cropping, insertions, mosaicking, and collage.
Robustness is another important property that a DRM system
should guarantee. An intruder should not be able to obtain any
secret information about watermark embedding, such as per-
mutations of coefficients, quantization dithering, etc., which can
help to remove the watermark. The watermark must not affect
the quality of original signal. Some of the metrics that can be
used to quantify quality degradation includes: (i) Watermark
error rate, measuring the error that resulted due to distortion,
(ii) Watermark signal MSE measuring the mean square error
between extracted and reference watermark, and (iii) Water-
mark correlation measuring the correlation between extracted
watermark signal and the reference watermark signal.
Unauthorized users should not be able to remove the water-
mark. In other words, the DRM system should not allow the
attackers to alter or remove the unique identification without
causing significant damage to the content. A watermark though
being irremovable should also be imperceptible (i.e., should not
modify or alter the quality of content). Watermark must be
secretly embedded in content. A DRM system should never in-
sert the watermark into the content header lest pirates discard
the header to disable the tracking mechanism.

Reliability: In order to guarantee the reliability of the water-
mark, DRM must ensure that the scheme is collusion-resistant
and frame proof. Watermark in different copies of the content
must be different whether issued to same buyer or to different
buyers. So, that the pirates should not be able to remove the
watermark by comparing or composing there differently wa-
termarked copies. Tamper-resistance hardware or software,
must be used to restraint the pirates from stealing the protected
content. It is also important to ensure that the watermark is
embedded into the content itself and not into its header. The
fields in the file headers are often static, and therefore they can
be guessed. Besides protecting the digital content, the DRM
must protect the digital-to-analog conversion as well, by en-
suring that capturing the digital-to analog conversion will result
in a severely degraded copy of the content, or even result in a
totally random signal.

Efficiency: Efficiency measures the practicability of a DRM sys-
tem. The smaller amount of resources a DRM system needs, the
more feasible it is. For time efficiency, amount of time required
to apply security mechanisms before distribution and to per-
form pre-processing before the digital data can be used (such as
movies to be displayed on the screen) should be kept minimal.
For achieving storage efficiency, a DRM should have little or no
impact on the compression ratio of the content. Forensic-
tracking demands embedding a unique identification into each
copy of the digital content, to trace the illegal distributor of a
digital content. The designed scheme must be efficient enough
to accommodate the rights of both buyers and sellers. Forensic
tracking requires that a DRM system should embed unique
identification imperceptibly, such that it is impossible for at-
tackers to locate the position where the unique identification is
embedded without knowing the secret key used in the em-
bedding process. Renewability indicates the ability of a DRM
system to recover after a successful attack. It is important to
ensure that the system should be able to resume within a very
short period of time after a successful attack using fewer
resources.

Scalability: Scalability of a DRM system is defined as the flex-
ibility of the system’s network to be expanded with increasing
number of participants (i.e., buyers, sellers, distributors etc.). A
DRM system should be flexible to the network resizing without
compromising the quality, efficiency, and security aspect of the
system.
3. Buyer seller watermarking schemes taxonomy and review
Existing work on BSW can be classified based on the three
important features of the BSW protocols: (i) Encryption scheme,
(ii) Trust model, and (iii) Watermarking algorithm. The taxonomy
is shown in Fig. 1a–c. Taxonomy will aid content owner, seller, to
choose as to which, among proposed buyer-seller watermarking
solutions, would perform better in the specific scenario.
The protocols can be classified based on the encryption scheme
used i.e., symmetric or asymmetric as specified in Fig. 1a. The
protocols based on asymmetric encryption can be further classi-
fied as those, which are based on homomorphic encryption and
those, which are not. Homomorphic encryption provides the
ability to operate on encrypted data thus providing privacy of the
underlying data, however it is slow compared to non-homo-
morphic encryption. That’s why many BSW protocols have been
proposed, which are based on non-homomorphic encryption.
Homomorphic encryption algorithms are further classified as
those with additive homomorphic encryption and those with
multiplicative homomorphic encryption. Asymmetric BSW proto-
cols, which don’t use homomorphic encryption, use some other
encryption scheme. For example, partial encryption is used in
(Katzenbeisser et al., 2008), asymmetric pairing based crypto-
system is used in (Michael Backes and Kate, 2015), elliptic curve
cryptography (ECC) is used in (Juang and Chen, 2011), RSA based
asymmetric cryptographic algorithm is used in (Ashwani Kumar
et al., 2011).
In e-commerce trust is most difficult to built as compared to
offline business environments (Msanjila and Afsarmanesh, 2009;
Huang et al., 2007). Service consumer trust and satisfaction largely
impacts the business of a service provider. Trust can be broken
into two main types: (i) hard, and (ii) soft (Josang et al.; Conte and
Paolucci, 2002). Soft trust relationships are based on non-crypto-
graphic mechanisms while the hard trust relationships are based
on cryptographic mechanisms. Soft trust is context-dependent and
is derived using social control mechanisms, for example, it can be
based on the direct experience (direct trust), peers experience
collected during the period (indirect trust), combination of both,
or third-party certificates. Hard trust focuses on technical
 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
Fig. 1. (a): Encryption Scheme Used. (b): Existing literature on BSW protocols focuses on the trust relationships between buyers and sellers, that are established via
cryptographic means (i.e., hard trust). (c): Watermarking Algorithm Scheme used.
solutions to provide secure interactions between buyer and seller,
which in turn necessitates gratification of security properties in-
cluding authentication, confidentiality, integrity and non-re-
pudiation. It is derived from concrete security mechanisms, such
as digital certificates, signatures and cryptographic checksums.
BSW protocols focuses on the trust relationships, that are es-
tablished via cryptographic means (i.e., Hard Trust). For trust
verification, most of the existing research on BSW protocols as-
sume the availability of some kind of Trusted Third Parties (TTPs).
There exist work that emphasizes on the fact that framework
supporting hybrid trust model (using both soft and hard trust) can
improve the security of distributed systems (Lin et al., 2004; Habib
et al., 2013; Lin and Varadharajan, 2007; Ching et al., 2004), but
incorporation of soft-trust or hybrid-trust in BSW protocols is not
yet addressed by the research community and needs attention.
Existence of some kind of TTP cannot always be guaranteed. In
such scenarios, combination of soft trust with hard trust can be
used to make a combined decision on the trustworthiness of
e-commerce participant in question. For trust evaluation, soft trust
mechanisms can be used in situations where partial or non hard
trust mechanisms exist (Lin et al., 2004; Habib et al., 2013). It is
anticipated that Global B2C e-commerce sales to turn up to 1.92
trillion U.S. dollars in 2016 (B2C e-Commerce Sales Worldwide,
2018). Rule (2002) in his work discussed that about 3–5% of
e-commerce transactions end in a dispute. This percentage can
grow more, if the service consumers do not consult the reputation
or feedback of the service providers prior to their selection. Trust
and Reputation system (TRS) based on soft trust models (Conte
and Paolucci, 2002; Khan and Shaikh, 2009) compute the relia-
bility and credibility of participants to help the service consumers
in making better decisions about which services/service providers
can be safely accessed without risking damages from poor quality
or even deceptive services (Josang et al.,).
The work on BSW protocols can be further sub-divided, ac-
cording to the trust model used (specified in Fig. 1b), into five
321
categories: (i) Zero knowledge proof; (ii) trusted Watermark
Combination Authority (WCA); (iii) no trusted third party; (iv)
semi trusted third party; and (v) models which don’t used the
aforementioned models. A zero knowledge proof (ZKP) is a
method by which one party (the prover) can prove to another
party (the verifier) that a given statement is true, without con-
veying any information apart from the fact that the statement is
indeed true. BSW protocols, which are based on ZKP, preserve the
privacy of the buyers. For zero-knowledge proofs of knowledge,
the protocol must necessarily require interactive input from the
verifier, usually in the form of a challenge such that the responses
from the prover will convince the verifier if and only if the
statement is true. BSW protocols based on trusted WCA make sure
that the watermark embedded is undeniably inserted into the
digital content. Watermark combination authority is trusted both
by the seller and the buyer. BSW protocols, which required no
trusted third party, are comparatively more complex. These pro-
tocols either have used a commutative cryptosystem (Choi et al.,
2003) or anonymous certificates (Ju et al., 2003). BSW protocols
based on semi-trusted third party assumed that third party may
behave maliciously, but its behavior will be detected by the
protocol.
The BSW protocols can be classified by algorithm used to em-
bed watermark, which can be robust, fragile or other scheme as
specified in Fig. 1c, discussed in Section 4. Robust watermarking
algorithms are those, which are resilient against certain water-
marking attacks like, whereas fragile watermarking algorithms are
those in which the watermark can be destroyed. Fragile water-
marking techniques are used for content authentication, whereas
robust watermarking is used for copyright protection and owner-
ship proof. Blind watermarking techniques are those in which the
original content is not required in watermark detection phase.
Majority of the schemes presented in the literature use the robust
watermarking scheme. Robustness is also our BSW evaluation
framework performance metric. Therefore, in order to avoid the
322 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
Fig. 2. Taxonomy based on encryption and trust model used.
duplication of content we discussed the robust watermarking
schemes in Section 4.2.3.
Fig. 2 shows a cascade classification based on encryption and a
respective trust model used in the BSW protocols. This figure
signifies the distribution of existing literature in Section 3.
3.1. Symmetric approaches
3.1.1. ZKP with trusted WCA
Kumar et al. (2014) protocol is a wavelet based BSW protocol,
which integrates watermarking scheme and cryptography, to
provide piracy tracing and privacy protection. Digital content is
encrypted (partially) using symmetric encryption scheme. Public
key cryptography is only used to key exchange, which reduces
computational and communication complexity. The protocol has
used the same trust assumptions as in (Lei et al., 2004; Memon
and Wong, 2001), where a certificate authority is responsible for
issuing of anonymous certificates. A watermark certification au-
thority (WCA), in this protocol is responsible for generation of
watermark, which are random bits and are not revealed to the
seller.
Jeng et al. (2015) proposed a multi-watermarking protocol for
e-health information management, which is an extension of Kat-
zenbeisser et al. (2008) protocol. Due to its use of secure water-
mark embedding the computational cost of the proposed scheme
is lower than the asymmetric watermark embedding schemes. A
health insurance bureau (HIB) in the proposed scheme is re-
sponsible to act as TTP. The authors claimed to have provided all
the common security properties of a BSW protocol. The authors
have also provided an informal security proof of the proposed
scheme and also compared their scheme with the existing
approaches.
3.1.2. Others
Michael Backes and Kate (2015) have presented a novel data
transfer protocol, providing secure data transfer in major data
leakage scenarios occurred in data outsourcing as well as social
networks. It is based upon oblivious transferring of data, signature
primitives and robust watermarking technique. Buyer encrypts
purchase order using his secret key and applies signature on his
public key using his secret key. Buyer then sends encrypted
purchase order and digitally signed buyer’s public key to seller.
The protocol has considered both scenarios where the senders are
trusted or untrusted.
3.2. Asymmetric non-homomorphic approaches
3.2.1. Trusted WCA
Ju et al. (2003) presented an anonymous BSW scheme to pro-
tect the buyer’s privacy. The buyer can purchase a digital content
anonymously, however if copyrights are violated, a seller will de-
tect him. Each party involved has a pair of public and private keys,
which are issued by a certificate authority. Furthermore, both the
buyer and the seller are able to embed their own watermark in the
final copy of the digital content, without decryption. This is pos-
sible due the homomorphic property of the underlying encryption
scheme. The watermark insertion is asymmetric; as the seller does
not know the watermarked content because the buyer only knows
the decryption key and the buyer can obtain the watermarked
content. This protocol is quite significant in the sense that it of-
fered anonymity and unlinkability to the Memon and Wong’s BSW
protocol (Memon and Wong, 2001), which is based on Cox’s in-
visible watermarking scheme.
Ashwani Kumar et al. (2011) proposed BSW protocol is based
on discrete wavelet transform (DWT). Buyer encrypts purchase
order using his secret key and applies signature on his public key
using his secret key. Buyer sends encrypted purchase order and
digitally signed buyer’s public key to seller. Seller requests a WCA
for valid digital watermark, buyer’s public key and buyer contact
information. WCA sends watermark request to DWT device, which
generates watermark information’s index identity number using
DWT and sends back to WCA. It generates watermark based on
public keys of buyer and seller, and then sends encrypted water-
mark using seller’s public key to seller. Watermark is embedded
into digital content using secret homomorphic function. The en-
crypted buyer’s public key and watermark is forwarded to buyer.
Katzenbeisser et al. (2008) protocol has three parties, a service
provider, a customer and a watermark generation authority
(WGA). WGA ensures that watermark generation process is honest.
The protocol uses a secure embedding scheme (Celik et al., 2007),
which is based on partial encryption (Lemma et al., 2006). This
protocol assumes the existence of public key infrastructure (PKI)
 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
for the protocol to execute. WGA uses his private key to decrypt
the session key and then it randomly generates a valid watermark
and two key sequences, which are used to encrypt this watermark.
WGA encrypts the generated watermark using the seller session
key. Then this encrypted watermark, the key sequence, and a
cryptographic signature are forwarded to the seller. After this the
seller can update his local transactional database and can send the
encrypted digital content to the customer. This protocol still has
some drawbacks, including an improperly generated session key,
high computational cost for buyers, and no authentication strategy
between the seller and the watermark certification authority.
Yu et al. (2012) proposed the first watermarking scheme for
software protection in the cloud-computing environment. The
parties involved in this protocol are buyer, seller and a cloud ser-
vice provider (CSP). It is assumed that seller and CSP are trust-
worthy, while the buyer is untrustworthy. CSP provides two me-
chanisms: (i) watermark embedding algorithm embeds secret in-
formation inside digital content, and (ii) watermark detection al-
gorithm identifies a copyright violator. Alice uploads her software
to a cloud server, such that the uploaded copy belongs to Alice and
it can be distributed only to Bob. Thus, customer rights problem is
not solved in this protocol. CSP embeds watermark by using his
own secret key inside Alice digital content, which produces a
watermarked content. Secret key is known only to CSP; hence
watermark is not vulnerable to known-plaintext attack.
Fan et al. (2010) proposed protocol introduced the notion of fair
content exchange in the cloud-computing environment. The pro-
tocol is based on Weil pairing (Boneh and Franklin, 2001) and
partial encryption of the content (Kumar et al., 2015) in the con-
text of watermarking. An authentication server of a cloud can
authenticate users, and thus the proposed scheme can provide fair
and efficient exchange of the contents. The protocol satisfies mu-
tual authentication, key agreement without a WCA, besides also
being low in computational cost.
Kumar et al. (2015) proposed a BSW protocol, which is based on
identity based encryption. The proposed scheme allowed the seller
to generate the watermark with their private key. A watermark
certificate authority (same as TTP) is responsible for generating
digital signature using the identity of the seller, a time stamp of
the watermarked content, watermark and original content. This
information is then used in dispute resolution protocol with the
help of an arbitrator to trace malicious buyers. Cui et al. (2015)
proposed an impartial BSW protocol, which has primarily focused
on fairness and efficiency. However, the authors have not specified
which watermarking algorithm is used in their scheme nor did
they mention the type of content to which the digital water-
marking is applied. The protocol has assumed the existence of an
authentication center, which is similar to a trusted third party in
other protocols. An asymmetric encryption scheme is used in the
proposed scheme. Moreover, digital signatures and certificates are
used to provide necessary security properties.
3.2.2. No TTP
Jianquan and Qing (2012) protocol used asymmetric finger-
printing scheme of (Zhang et al., 2006), which without requiring a
third party can trace illegal duplication. The underlying encryption
used is RSA. The core idea is to collectively generate a batch of test
signals by both the publisher and the user, only one of which
contains the fingerprint. If the user makes the illegal copies, the
publisher can obtain an approximate fingerprint by comparing it
with the original content, and then the test signal that contains
fingerprint can be determined. No matter whether the judgment
of the publisher is correct or not, the user does not need to reveal
fingerprint, while the publisher does not have to betray the
scrambling method used. The entire process can be executed
without the participation of a third party. Moreover, the scheme
323
also ensures that buyer’s watermark is only generated by the
buyer, instead of a watermark certificate authority (WCA). The
protocol does not reveal user’s identity since during the entire
protocol, buyer and seller maintain their information secret. The
buyer also chooses a fingerprint independently and then uses his
public key to encrypt the fingerprint and sends it to the seller. A
scrambling sequence is then used by the seller, which prevents a
buyer from erasing the fingerprint.
Kumar et al. (2016) presented a robust BSW protocol, which
uses principle component analysis and wavelets to embed and
extract watermark in encrypted domain. The authors have as-
sumed the same trust assumption as made by Memon and Wong
(2001) and Lei et al. (2004) allowing seller to embed a watermark
in a digital content. As claimed by the author the proposed scheme
can resist against various geometric transformation and image
processing attacks.
3.2.3. Others
Ferrer and Megias (2013) presented a scalable solution for
distributed multicast of fingerprinted content, in which the re-
ceivers of content also cooperate in fingerprinting and spreading
of digital content. This protocol has used a registration center,
which can be used by the buyers to get a digital content and by a
merchant (seller) to recover the identity of a fraudulent buyer. The
protocol has deployed a distributed multicast fingerprinting and a
redistributor identification protocol. The buyer and seller used an
anonymous blind fingerprinting protocol in which, a trusted re-
gistration center is used to get a fingerprinted copy of the digital
content.
Juang and Chen (2011) introduced a BSW scheme, which en-
abled fair and secure exchange of digital content. Scheme is de-
signed to protect content ownership and authentication without
involvement of watermark certification authority (WCA). After the
customer finds out identification of the piece of content, and he
randomly generates a session key, which is used to generate sig-
nature. The signatures are used to generate valid watermarks by
the WGA. This scheme offers “forward security”, which means an
attacker cannot get the session key even if the attacker has com-
promised the private key of trusted server.
3.3. Asymmetric additive homomorphic approaches
3.3.1. ZKP with trusted WCA
Choi et al. (2003) BSW protocol has achieved privacy by using
commutative cryptosystem (Zhao et al., 2003). A watermark cer-
tification authority issues a unique watermark to each buyer, but
the authority cannot determine which watermark the buyer chose.
The watermark certificate authority issues a series of watermarks
encrypted with the buyer’s public key, and the buyer can choose a
watermark of his choice after decrypting the series of watermark
using his secret key. The seller cannot collude with the watermark
certification authority because of having no knowledge about the
private key and the watermark selected by the buyer.
Terelius (2013), proposed an efficient and secure BSW protocol
allowing distribution of digital content in peer to peer network to
multiple recipients while preserving the owner’s copyright. The
cryptosystem they used is homomorphic and commutative w.r.t
addition. The additive homomorphic scheme used is a variant of
Paillier encryption scheme. Zero knowledge proof (ZKP), is used by
each participant to convince that they are following the protocol.
Major drawback of this protocol is that at least two of three parties
must be trustworthy. Hence, the protocol is weak against collusive
attack.
Pehlivanoglu (2013) presented an asymmetric binary finger-
printing code based on the Boneh-Shaw code. The author provided
a rigorous formal description of the asymmetric fingerprinting
324 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
code and showed how an efficient application of the code cane be
realized in the context of buyer seller watermarking protocols. A
salient feature of their code is that it can be embedded in secure
watermarking to strengthen the buyer-seller watermarking pro-
tocols with collusion resistance. A comparison with the asym-
metric fingerprinting codes is also made to show that it is efficient
in terms of performance.
Frattolillo (2016) adopted a “buyer centric” approach to design a
BSW protocol which can be used a watermarking protocol for web
context. The author’s scheme is based on security delegates such
as registration authorities (RAs) to assist buyers by relieving them
from performing complex actions. The role of RAs is similar to the
role of TTP. For content protection homomorphic encryption
scheme is used and furthermore it is assumed that the participants
in the protocol have enough resources. Furthermore, content
protection is achieved without a double watermark insertion. Re-
gistration authority role is well defined and limited to the initial
protocol negotiation phase only.
Huang et al. (2016) have used visual cryptography to propose a
new secure and efficient BSW protocol. The proposed BSW scheme
is an extension of Lei et al. (2004) and have used t-out-of-n visual
cryptography scheme of Naor and Shamir. In this scheme a secret
is split into n shares and if t or more of the shares are gathered and
stacked, then the original secret can be disclosed. For the en-
cryption the authors have assumed RSA based privacy homo-
morphic encryption scheme. After a pirated copy is found, a seller
can construct the transaction watermark. BSW protocol identifies
malicious buyer and sends the transaction related information to
the judge as proof of buyer malicious behavior. The authors have
also compared their BSW protocol with existing schemes. The
authors claimed to have provided most of properties of Lei et al.
(2004) protocol, however unlike existing schemes these properties
have been provided without the insertion of multiple watermark,
which is highlighted as the main contribution of the proposed
protocol.
3.3.2. ZKP without trusted WCA
Bianchi and Piva (2014) presented an asymmetric buyer seller
fingerprinting protocol based on client side embedding. The
scheme works on two-client side embedding schemes to deliver a
binary fingerprint. In first scheme, a standard spread-spectrum
client side embedding is used, while the second relies on in-
novative client side embedding. This protocol has used a look-up
table (LUT) for encrypting the digital content to be distributed
among several users. Next, the server gets client’s fingerprint en-
crypted with the client’s public key. Using the homomorphic
property, sever can compute the encrypted message. Finally, the
server sends encrypted LUT to client who can decrypt it with his
private key. Proposed client side solution has advantage over ser-
ver side solutions as existing solutions are based on server side
embedding. Client side solution offers both computational as well
as communication cost advantages over previous techniques.
Rial et al. proposed two BSW protocols (Rial et al., 2011, 2010),
which are based on zero knowledge proof. Here the seller au-
thenticates buyers, but does not learn any information about the
items being purchased. However, both these protocols differ in
terms of encryption algorithm used in them. Group signatures are
used in (Rial et al., 2010), whereas price oblivious transfer (POT)
based technique is presented in (Rial et al., 2011). The protocol
(Rial et al., 2011) used an existing technique for asymmetric wa-
termark embedding. Another contribution of this protocol is that it
makes customer management easier as compared to anonymous
e-commerce protocols. The protocol is also formally analyzed in
universally compassable security model (Canetti, 2001). The im-
portant contribution of this protocol is that it provides privacy
preservation and fairness. Xu et al. (2012) protocol allows buyer
and seller to participate in watermarking process. Furthermore,
the underlying protocol assumed zero knowledge of proof, with-
out relying on a trusted watermarking combination authority.
Zhang et al. (2006) protocol is similar to Lei et al. (2004) pro-
tocol, however without the involvement of a TTP. This protocol
used Paillier cryptosystem (Boneh and Franklin, 2001), which
provided additive homomorphism. The buyer first negotiates with
seller anonymously to get a common agreement. The protocol
provided the buyer with the choice to remain anonymous by using
anonymous certificates issued by a trusted certificate authority.
However, as pointed out by the authors themselves, the protocol
requires the assistance of the buyer to resolve any piracy disputes.
3.3.3. Trusted WCA
Frattolillo (2007) proposed a BSW protocol in the web context
using a symmetric homomorphic encryption scheme. The protocol
has used a trusted protection center, which is a federation of web
entities implemented as web services. The trusted protection
center provides a number of services devoted to manage the
purchase and the protection of digital content distributed by
content providers (sellers). In particular, the main services sup-
plied by protection center are the implementation of the identi-
fication methods, the validation of the buyers’ payment cards, the
generation of the fingerprinting codes, the watermark insertion,
the payment service, and the control activity of the whole pur-
chase and protection process. However, as pointed out by (Zeng
et al., 2010), the privacy homomorphism scheme in this protocol
must be symmetric. But given the fact that there is no known
symmetric homomorphic encryption schemes available making it
difficult to put Frattolillo et al. protocol scheme into practice.
3.3.4. No TTP
Eslami and Kazemnasabhaji (2014), proposed a BSW protocol,
which used homomorphic encryption and proxy signature. This
protocol has also used Paillier cryptosystem and a certificate au-
thority. Buyer sends his identity and public key to certificate au-
thority, which calculates buyer’s proxy identity. Seong et al. (2014)
proposed scheme is based on block-DCT and homomorphic en-
cryption. The underlying asymmetric encryption scheme is based
on bilinear pairing. The proposed watermarking is robust and
supports blind detection of watermark. However, the size of the
watermark is very small in their making it vulnerable to con-
spiracy attack.
3.3.5. Others
Ye et al. (2014) has implemented the Tree-Structured Harr
(THS) transform based on homomorphic encryption to protect the
illegal distribution of media in social networks. To distribute
copyrighted media content to multiple users, the content should
appear random to make original content from encrypted content
computationally difficult, when there is no knowledge of decryp-
tion key. Idea is to map the community structure in hierarchical
tree structure way for JPEG2000 coding, fingerprinting and
encryption.
3.4. Asymmetric multiplicative homomorphic approaches
3.4.1. ZKP with trusted WCA
Memon and Wong (2001) proposed the first BSW protocol,
which is based on a private watermarking and a public key en-
cryption scheme with a homomorphic property. This protocol
avoids the customer’s right problem because the watermark inser-
tion operation is performed in encrypted domain and thus the
seller has no access to watermarked copy of the digital content in
its final form. On the other hand the seller’s ownership is well
protected because the buyer has no knowledge of the permutation
 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
function and therefore is unable to remove the watermark. The
protocol assumed existence of a trusted watermark certificate
authority responsible for generating random watermarks. Both
buyer and seller communicate with this trusted authority for is-
suing the watermarks.
Lei et al. (2004) protocol used a certificate authority re-
sponsible for issuing of anonymous certificates. A watermark cer-
tification authority (WCA), in this protocol is responsible for gen-
eration of watermark, which are random bits and are not revealed
to the seller. The underlying encryption scheme is homomorphic
with respect to addition (Paillier cryptosystem). To get a digital
content the buyer first negotiates with the seller anonymously
using his anonymous public identity. After this negotiation, the
buyer generates a one-time public private key pair randomly and
sends anonymous certificate and signatures to the seller.
3.4.2. No TTP
Chen et al. (2014) BSW protocol does not require trusted third
party to protect the customer’s rights. It uses RSA based multi-
plicative homomorphic cryptosystem. A certificate authority is
used, which sends an anonymous certificate to buyer. The seller
can embed the encrypted watermark inside encrypted digital
content by using the homomorphic property. Proposed scheme
prevents man-in-the-middle attack as the data transferred be-
tween buyer and seller is always encrypted.
3.4.3. Semi-trusted third party
Shao (2007) proposed a BSW protocol with semi-trust third
party. The protocol has used public key certificates, which are is-
sued by a certificate authority. The underlying cryptographic
scheme is homomorphic. The goal is to avoid the use of a trusted
third party, which has been used by previously proposed proto-
cols. The protocol allows a buyer to use anonymous certificates to
purchase a digital content from a seller. During the purchase phase
a watermark is generated and inserted in the presence of a notary
authority, which ensures the correctness of the data presented and
certifies the validity of the watermark generated by the buyer.
3.5. Hybrid approach
3.5.1. Trusted WCA
Chang et al. (2010) proposed a BSW scheme which is a com-
bination of symmetric and asymmetric encryption algorithms. The
scheme assumed that only the seller and watermark combination
authority (WCA) are associated with public key pairs cryptosys-
tem. In registration phase WCA chooses private key and computes
the corresponding public key. For each buyer, WCA generates a
master secret and master delegation key. The master secret key of
each buyer is concatenated with his identity is hashed, and then
send to the buyer along with a certificate. The authors do not
provide any details of the implementation and it’s hard to verify
the claims made by authors for large-scale networks.
4. BSW evaluation framework
We will evaluate the existing BSW’s solutions based on the
following performance and security features provided by these
schemes. Table 1 provides the comparison of existing BSW’s based
on important security and performance features.
4.1. Discussion on security metrics
4.1.1. Traceability
Different watermark elements are encrypted in Memon and
Wong (2001) protocol and hence the precision, with which the
325
watermark is represented, can have significant impact on the se-
curity of the encryption. In addition, to frame proofing the tech-
nique also provides non-repudiation and traceability. Lei et al.
(2004) protocol has focused on identifying the responsible dis-
tributor from whom an illegal replica of certain digital content is
originated, by embedding a unique watermark into each copy of
the digital content distributed by the seller.
Michael Backes and Kate (2015) protocol solves the customer’s
right problem in which the sender cannot frame recipients for the
sender’s leakages. It has also solved the piracy-tracing problem to
trace and recover the identity of guilty buyer by embedding un-
ique fingerprints for each copy sold. Ju et al. (2003) protocol is an
extension of Memon and Wong (2001) protocol, in which a time
stamp along with information about the transaction in watermark
generation protocol would prevent a malicious buyer from repla-
cing the watermark. Katzenbeisser et al. (2008) protocol does not
provide any authentication between the seller and the watermark
certification authority. Therefore, a malicious seller may frame an
innocent buyer. The protocol does not bind a particular transaction
to a buyer, which allowed buyers to cheat with the old watermarks
by embedding them into a new digital content and obtain a pi-
rated copy. Jeng et al. (2015) protocol provides traceability by
correlating the suspected pirated copy and encrypted watermark
stored in the database. If the correlation is high, it means the buyer
is malicious and the copy found is pirated. Pehlivanoglu (2013)
provides traceability using asymmetric fingerprinting codes,
Boneh Shaw are embedded in each copy sold to the buyer.
Bianchi and Piva (2014), combines the fingerprinting and
cryptography schemes to solve the customer’s right problem and
also provides protection against piracy to trace the identity. Chang
et al. (2010) protocol has used unique fingerprints for each buyer
in large-scale settings using an efficient elliptic curve im-
plementation. The extracted watermark can be used to identify a
malicious buyer, who may have redistributed a copy. The illegal
distributor can be found and identified by using the identification
arbitration protocol. Rial et al. (2011) protocol provided trace-
ability, because of the underlying unforgeability of the signature
scheme and the watermarking scheme used. Due to the collusion
resistance of the underlying watermarking scheme a malicious
buyer cannot conspire with other buyers or the watermark certi-
fication authority. Rial et al. (2010) protocol provided traceability,
if a pirated copy is found it can be traced to a malicious buyer
because during the content purchase phase each copy is water-
marked with a unique identifying information.
Frattolillo protocol (Frattolillo, 2007) allowed, traitors to be
identified in the web context by using a trusted protection center,
which provides many services to the parties participating in the
protocol. The protocol suffered from the customer’s right problem
as pointed by (Zeng et al., 2010), because the seller can autono-
mously generate and release the watermark copy, which is same as
the one purchased by the buyer to prove to a third party that the
buyer is unlawful distributor of the digital content. Similarly, this
protocol also does not bind a particular transaction to a buyer and
suffers from conspiracy attack. Chen et al. (2014) protocol has also
provided piracy tracing of malicious buyers. If a pirated copy is
found the watermark extraction algorithm can be used to extract
the transaction identifier number and watermark. The seller can
use this transaction identifier as an index to search for a corre-
sponding record and see if it can be extracted from digital content
successfully. When the record is found in the database the seller
can send the record, along with the pirated copy and the water-
mark extraction algorithm to a judge, who can arbitrate in a
malicious event.
Shao (2007) protocol solved the customer’s right problem and
also provided protection against piracy. To trace the copyright
violators, the protocol has embedded a unique watermark in the
 326
Table 1
Comparison of existing BSW’s based on important security and performance features.

S# Tech Encryption scheme Content Watermarking algorithm used Trust model Security property

SP1 SP2 SP3 SP4 SP5 SP6

1 Memon and Wong (2001) Asymmetric, RSA based homomorphic – Robust, Invisible watermarking scheme, spread Zero Knowledge Proof requires a WCA ✔ ✔ ✘ ✘ ✘ ✘
spectrum
2 Chang et al. (2010) Symmetric for buyer and asymmetric for – Not Specified Requires a Trusted Watermark Combination Au- ✔ ✔ ✔ ✔ ✔ ✘
seller OR Hybrid thority (WCA)
3 Rial et al. (2011) Asymmetric Group Signature, Homo- Images Robust Watermarking Zero Knowledge Proof ✔ ✔ ✔ ✔ ✘ ✔
morphic Paillier Encryption
4 Rial et al. (2010) Asymmetric, Homomorphic Paillier Images Blind & Robust Watermarking Zero Knowledge Proof ✔ ✔ ✔ ✔ ✔ ✘
Encryption
5 Ju et al. (2003) Asymmetric homomorphic Encryption – Robust, Invisible Watermarking Scheme Zero Knowledge Proof, used two trusted parties: ✔ ✔ ✘ ✘ ✘ ✘

A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334

the watermark certification authority and Judge
6 Choi et al. (2003) Asymmetric Encryption with homo- – Robust, Invisible Watermarking Scheme, spread Zero Knowledge Proof, watermark certification ✔ ✔ ✘ ✘ ✘ ✘
morphic, and commutative properties spectrum authority (WCA) issues watermark
7 Lei et al. (2004) Asymmetric homomorphic encryption – Robust Zero Knowledge Proof ✔ ✔ ✔ ✘ ✔ ✘
8 Zhang et al. (2006) Asymmetric Paillier cryptosystem which is – Robust, Invisible watermarking scheme, spread Zero Knowledge Proof, No TTP ✔ ✔ ✔ ✔ ✘ ✘
homomorphic w.r.t addition spectrum DCT
9 Frattolillo (2007) Asymmetric homomorphic encryption – Robust watermarking ONWA ✔ ✘ ✘ ✘ ✔ ✔
10 Katzenbeisser et al. (2008) Partial Encryption – Robust watermarking Trusted WGA ✔ ✘ ✘ ✘ ✘ ✘
11 Yu et al. (2012) Not specified Software Robust Trusted Cloud based Watermarking ✔ ✔ ✔ ✔ ✘ ✘
12 Seong et al. (2014) Pairing based asymmetric homomorphic Images Robust and blind – ✔ ✘ ✔ ✔ ✘ ✘
cryptography
13 Ashwani Kumar et al. (2011) Not specified or similar with MW (Lin and Images Robust, DWT Zero knowledge proof ✔ ✔ ✔ ✔ ✘ ✘
Varadharajan, 2007)
14 Xu et al. (2012) Symmetric encryption Images DCT spread spectrum Not specified ✔ ✔ ✔ ✔ ✔ ✘
15 Jianquan and Qing (2012) Asymmetric encryption Image Robust watermarking No third party involvement ✔ ✔ ✔ ✔ ✘ ✘
16 Kumar et al. (2014) Asymmetric encryption DWT Trusted WCA is required ✔ ✔ ✔ ✔ ✔ ✘
17 Chen et al. (2014) Asymmetric homomorphic (RSA – multi- Image Robust spread spectrum watermarking No third party involvement ✔ ✔ ✔ ✔ ✔ ✔
plicative) encryption
18 Terelius (2013) Asymmetric Paillier (its variant) Crypto- Image Robust watermarking Zero knowledge proof ✔ ✔ ✔ ✔ ✘ ✘
system
19 Ferrer and Megias (2013) Asymmetric encryption audio Blind/Robust double embedding Watermarking/ Trusted Registration Party ✔ ✔ ✔ ✔ ✔ ✔
double watermark embedding strategy
20 Michael Backes and Kate NA NA ✔ ✔ ✔ ✔ ✘ ✔
(2015)
21 Ye et al. (2014) Probabilistic homomorphic encryption image Blind/ robust watermarking – ✔ ✔ ✔ ✘ ✘ ✘
with additive property
22 Bianchi and Piva (2014) Asymmetric homomorphic encryption Image Blind watermarking TTP Free ✔ ✔ ✔ ✔ ✘ ✘
23 Juang and Chen (2011) Asymmetric pairing based crypto-system Image Robust watermarking ✔ ✔ ✔ ✔ ✘ ✘
24 Fan et al. (2010) Elliptic curve cryptograph using Weil Image Fragile or robust (not specific) No WCA just cloud is involved in fair exchange ✔ ✔ ✔ ✔ ✘ ✔
pairing and partial encryption
25 Shao (2007) Asymmetric RSA Homomorphic – Seems Robust Online certification authority to issue certificates ✔ ✔ ✔ ✔ ✔ ✔
semi trusted third party
26 Huang et al. (2016) RSA Asymmetric homomorphic Images Robust Zero knowledge proof ✔ ✘ ✔ ✘ ✔ ✘
encryption
27 Frattolillo (2016) Asymmetric homomorphic encryption – Robust watermarking ONWA ✔ ✘ ✔ ✔ ✔ ✔
28 Jeng et al. (2015) Symmetric encryption Images Robust watermarking TTP ✔ ✘ ✔ ✔ ✘ ✘
29 Cui et al. (2015) Asymmetric encryption NA NA TTP ✔ ✔ ✔ ✔ ✔ ✔
30 Kumar et al. (2015) Asymmetric identity based encryption Images Robust TTP ✘ ✘ ✔ ✔ ✔ ✔
31 Pehlivanoglu (2013) Asymmetric additive homomorphic Images Robust NA ✔ ✔ ✔ ✔ ✘ ✘
encryption
32 Kumar et al. (2016) Public key cryptography Images Robust NA ✔ ✘ ✘ ✘ ✘ ✘
33 Sun et al. (2015) Public key cryptography Images Robust NA ✔ ✘ ✘ ✘ ✘ ✘
34 Eslami and Kazemnasabhaji Asymmetric homomorphic cryptography, Images Robust No TTP ✔ ✔ ✔ ✔ ✔ ✔
(2014) Proxy signature
 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
digital content sold by the seller. This unique watermark can be
extracted by the watermark extraction algorithm, which provides
undeniable evidence and identify the responsible distributor. Ku-
mar et al. (2015) does not provide traceability. Furthermore, buy-
er’s identity is not used nor does the scheme have any signature or
fingerprints, which can bind a particular digital content to a buyer.
The presented techniques in (Yu et al., 2012; Kumar et al., 2015;
Cui et al., 2015; Jianquan and Qing, 2012; Kumar et al., 2016;
Terelius, 2013; Frattolillo, 2016; Huang et al., 2016; Zhang et al.,
2006; Zeng et al., 2010; Seong et al., 2014; Ye et al., 2014; Shao,
2007; Sun et al., 2015) provide traceability of malicious buyers in
the protocol. The protocol has used a unique watermark for each
copy of digital content sold by the seller, which allows the mal-
icious buyers to be traceable.
4.1.2. Anonymity
Memon and Wong (2001) protocol, suffered from the con-
spiracy attack, for example a malicious seller can collude with a
watermark certification authority to violate a buyer’s privacy. Thus
there is no anonymity provided to the user. Choi et al. (2003)
protocol improved the Memon and Wong (2001) protocol by ap-
plying an anonymous key pair in each transaction to provide
anonymity. However, protocol required the WCA to know the
buyer’s identity. Lei et al. (2004) proposed an anonymous buyer-
seller watermarking protocol in which the seller requests the
watermark certification authority for the watermark on behalf of
the buyer and hence anonymity of the buyer can be retained
through a trusted third party. Ju et al. (2003) proposed an anon-
ymous BSW scheme to protect the buyer’s privacy. The improve-
ment in security has been achieved by applying key-escrow
method using verifiable encryption scheme. However, as pointed
in Goi et al. (2004) buyer anonymity is achieved only when the
watermark certification authority can be trusted, and hence the
protocol only provided “partial anonymity”.
Ferrer and Megias (2013) proposed a specific multicast anon-
ymous fingerprinting protocol. The protocol has used anonymous
fingerprinting, so the receivers cannot know the identity of each
other. To make the anonymous purchase, identity of receiver is
encrypted by registration center’s public key. Rial et al. (2010) BSW
protocol is based on two cryptographic primitives: group sig-
natures and homomorphic encryption. Due to the group signature
the seller can verify the signature without knowing buyer’s iden-
tity, and thus the buyers remain anonymous. Eslami and Ka-
zemnasabhaji (2014) achieved buyer anonymity through proxy
identifier and unlinkability. The protocol has used proxy sig-
natures. However, when the seller suspects a pirated copy, he can
convince the judge to force certificate authority (CA) to extract the
identity of the malicious buyer from the proxy signature. Chang
et al. (2010) proposed scheme can protect the buyer’s anonymity
until there is an infringement accusation, and, then, the re-
sponsible distributor must be identified.
Kumar et al. (2015) provides buyer anonymity as in the regis-
tration protocol an anonymization key pair is used by the buyer
and send to a trusted WCA, can be used by the buyer if he wants to
remain anonymous. In Cui et al. (2015) a buyer’s anonymity is
provided as his public key encrypts a buyer’s ID. Frattolillo (2016)
provides buyer’s anonymity, since the protocol assumes that the
registration authority and judge cannot be corrupted. Huang et al.
(2016) provides buyer’s anonymity by using anonymous certifi-
cates since the scheme is an extension of Lei et al. (2004). Just like
most of the schemes the protocols (Fan et al., 2010; Shao, 2007)
achieved anonymity by employing one or more TTP. The techni-
ques presented in (Jeng et al., 2015; Kumar et al., 2016; Pehliva-
noglu, 2013; Zhang et al., 2006; Seong et al., 2014) do not provide
anonymity to the buyers, as the seller knows each buyer and the
fingerprint embedded.
327
4.1.3. Dispute resolution, non-repudiation, unlinkability
Memon and Wong (2001) protocol provided invisible water-
marking in which the seller does not know the exact watermarked
copy received by the buyers. It prevented illegal copying, editing
and the seller cannot create copies of the original content con-
taining the buyer’s watermark. To solve unlinkability problem,
Memon and Wong (2001) proposed a watermarking protocol
based on homomorphic public key encryption algorithm. How-
ever, it suffered from “the unbinding problem”, and failed to pro-
vide proper mechanism to binding a chosen watermark to a spe-
cific buyer transaction or a digital content. It is possible for a
malicious seller to transplant the watermark embedded in the
pirated copy into another copy of high-priced digital content as
pointed by (Lei et al., 2004). Lei et al. (2004) protocol suffers from
the conspiracy attack, because a malicious seller can collude with a
third party, to discover the buyer’s watermark. As to provide
anonymity it has applied anonymous certificates. Unfortunately,
transaction unlinkability is not achieved, because during all
transactions, anonymous certificates do not change and to change
it buyer must contact a CA, which is impractical in real life
applications.
Like Choi et al. (2003) this protocol also improved the Memon
and Wong (2001) protocol by applying an anonymous key pair in
each transaction to provide anonymity. However, both protocols
required the WCA to know the buyer’s identity, which means that
the buyer’s anonymity is not provided against conspiracy attacks.
Chang et al. (2010) protocol has made strong assumption about the
honesty of the (WCA), which is unrealistic. The protocol does not
provide any security against the conspiracy attacks (Bok-Min Goi
et al., 2004). The assumption that WCA destroys all the evidence
during the registration phase is unrealistic.
In Juang and Chen (2011) protocol, users can authenticate to
the other party via the Internet and fairly exchange their digital
contents in an efficient and secure way. A trusted server (TS) is
used in this protocol to provide dispute resolution. The protocol
provides non-repudiation as the trusted server (TS) keeps digital
content exchange agreement information. To provide unlinkability
in Juang and Chen (2011) a temporary symmetric shared key is
shared between the trusted server and buyer (or seller). Now if the
buyer wants to remain anonymous he can create a new such
symmetric key and share it with the TS. Similarly, if the buyer
wants to unlink his purchases to a particular symmetric key he can
run the key generation algorithm to get a new key. Ju et al. (2003)
protocol did not solve the unbinding problem. It also suffered from
the conspiracy attack, where a malicious seller can collude with an
untrustworthy third party to fabricate piracy to frame an innocent
buyer. Ashwani Kumar et al. (2011) and Kumar et al. (2014) pro-
tocols are based on discrete wavelet transform (DWT) to solve the
dispute resolution problem. However, unlinkability problem is
remained unsolved in this protocol.
Jeng et al. (2015) provides non-repudiation since all the parties
involved in the protocol used a pair of pubic-private keys. Yu et al.
(2012), BSW protocol has achieved privacy through embedded
watermarks to trace the identity of users. The protocol has also
achieved customer’s right problem, non-repudiation and dispute
resolution. Kumar et al. (2015) provides unlinkability and non-
repudiation as the WCA is directly negotiating with seller on
buyer’s behalf using his anonymous key. Cui et al. (2015) protocol
provides dispute resolution as the protocol has an arbitration
protocol. In this work non-repudiation is provided as the scheme
has used digital signature. The scheme provides unlinkability as
the buyer’s identity is encrypted and his private key can only de-
crypt it. In Domingo-Ferrer et al. Ferrer and Megias (2013) illegal
distributor of the content can be tracked with the unique finger-
print, which prohibits them to repudiate from their malicious
behavior. Unlinkability problem is also resolved by appending the
328 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
random nonce to the identity of each receiver before encrypting
with registration center’s public key. Terelius (2013) protocol
provides support for dispute resolution. The protocol also provides
non-repudiation as the buyer secret key and watermark is used in
the watermark transfer protocol. The protocol does not provide
any support for unlinkability and the seller can find the real
identity of the buyers by linking the buyer’s information.
Pehlivanoglu (2013) have provided an arbitration protocol to
resolve copyright disputes. The protocol provides support for non-
repudiation and non-framing, but does not provide unlinkability.
Frattolillo (2016) provides non-repudiation since a registration
authority is involved in registration protocol. The protocol does
not provide unlinkability and non-framing of innocent buyers.
Huang et al. (2016) provides non-repudiation since a certificate
authority is involved in registration protocol. The work does not
provide dispute resolution as the seller and TTP can collude with
each other. Rial et al. (2011) protocol does not provide unlink-
ability, as the protocol required buyers to be authenticated by the
sellers. The protocol supports dispute resolution and non-re-
pudiation as each user has their own identity used in each trans-
action made. Rial et al. (2010) protocol has provided support for
dispute resolution. A malicious seller, due to the group signature
primitive used by the underlying protocol, cannot frame an in-
nocent buyer. Similarly, the protocol has provided unlinkability
support as the group signatures allow buyers to sign the purchase
messages they send to the seller on behalf of the group of buyers.
The presence of a de-anonymization authority in the protocol
prevents malicious buyer to repudiate the transactions made.
Zhang et al. (2006) protocol ensured that only the buyers can
produce their own watermark and not the watermark certificate
authority (WCA) to avoid conspiracy problem. To resolve a dispute,
the protocol requires the buyers to reveal their secret keys to CA,
which in a real life scenario is very unrealistic (Zhang et al., 2006).
Frattolillo (2007) protocol claimed that it provides protection
against non-framing. However, as pointed out by (Zeng et al.,
2010), it is possible for content providers (sellers) and content
protectors to collude and frame an innocent buyer.
Eslami and Kazemnasabhaji (2014) BSW protocol achieved priv-
acy through embedded watermarks to trace the identity of users. The
watermark-embedding process is performed only between the buyer
and seller, no third party is involved, therefore conspiracy between
either of buyer or seller and a third party is ruled out. Moreover,
proxy signature and homomorphic encryption scheme is used to
provide the unlinkability. Ye et al. (2014) proposed scheme used
hybrid multicast-unicast distribution mode in social network. The
presented scheme does not provide anonymity and unlinkability as
the content is multicast. Similarly, the absence of an arbitration
protocol makes it difficult to resolve dispute. Chen et al. (2014)
protocol guaranteed transaction fairness. The seller cannot fabricate
piracy to frame an innocent buyer because of the privacy homo-
morphism property. The protocol has used a watermarks certification
authority and a public key Infrastructure (PKI) to solve rest of the
security properties similar to Kumar et al. (2014). Shao (2007), pro-
tocol has achieved authentication through a trusted certification
authority, which is responsible for authentication and digital certifi-
cates between users. In Sun et al. (2015) does not support dispute
resolution, non-repudiation and unlinkability. A malicious seller can
frame buyers, since a seller solely generates the watermark. Seong
et al. (2014) provide dispute resolution. The underlying scheme
provides non-repudiation, as the seller knows the pubic key of buyer.
The buyer public key is used to encrypt the buyer’s watermark and
thus the buyer can’t repudiate. It does not provide unlinkability as
the seller knows the pubic key of buyer. Thus, the seller can link
multiple transactions to a particular buyer.
Fan et al. (2010) protocol have achieved authentication through
a trusted certification authority. A trusted third party is being used
that is “semi-trusted,” in the sense of acting as a notary role to
provide assurance about the properties of the data (such as its
integrity), and then use digital signatures to cryptographically link
the buyer’s own secret watermark and one-time public key to the
purchase order against unbinding problems. Shao (2007) has used
a trusted third party, which is “semi-trusted,” in the sense of acting
as a notary role to provide assurance about the properties of the
data (such as its integrity), and then use digital signatures to
cryptographically link the buyer’s own secret watermark and one-
time public key to the purchase order against unbinding problems.
4.2. Discussion on scalability, efficiency and robustness of BSW
protocols
Most of the approaches presented in Section 3, focus on providing
forensic tracking, renewability, robustness; but scalability, quality of
service, and time, storage, communication, computational and op-
erational efficiency is largely unexplored. Efficiency represents the
practicality of the system. The lesser the number of resources re-
quired by the BSW protocol the more feasible it is. To maintain the
quality of the digital content and to stream the digital video in a
smooth continuous manner, security mechanisms having real-time
performance are required. The techniques used by the BSW protocols
to provide content protection, pirate tracking, or usage rights man-
agement should have trivial impact on the visual quality of the digital
content. The distortion caused should be barely visible. Among other
things the efficiency of the BSW protocol depends upon the water-
marking technique being used. Spatial domain methods (Cox et al.,
1997) are less complex, but are not robust against attacks, whereas,
transform domain watermarking techniques (Choi et al., 2003) do
support transformation and are most robust against attacks. Discrete
wavelet transform (DWT) based watermarking techniques (Ashwani
Kumar et al., 2011; Kumar et al., 2014) are gaining more popularity
because they support progressive and low bit-rate transmission,
quality of service, and scalability. To achieve storage efficiency, any
mechanism used by the BSW protocols should have a limited impact
on the compression ratio of the digital content.
4.2.1. Scalability (SC)
A scalability requirement determines the support provided by
the buyer and seller watermarking technique related to the in-
crease or decrease in the number of participants (i.e., buyers,
sellers, TTP) and number and type of devices. Thus the cost (in-
cluding installation, operation), communication time, processing
time, storage, security, quality and reliability should grow in near
linear fashion.
BSW protocols presented in Bianchi and Piva (2014), Choi et al.
(2003), Frattolillo (2007), Rial et al. (2011, 2010), Terelius (2013),
Xu et al. (2012), Ye et al. (2014) , Zhang et al. (2006) and Eslami
and Kazemnasabhaji (2014) are all based on an additive homo-
morphic public-key encryption scheme, which allows the inser-
tion of encrypted watermarks directly into the encrypted content
without prior decryption. All these schemes are very inefficient in
practice, as they encrypt each sample of the content (or at least
those samples to be watermarked) individually, as pointed in
Katzenbeisser et al. (2008). In addition to the significant compu-
tational overhead, the protocol expands the data due to the use of
public-key encryption and, thus, requires a high communication
bandwidth. Therefore, they are not scalable in large-scale settings.
In contrast to previously proposed protocols, which are based on
homomorphic public key encryption, Juang and Chen (2011) and
Fan et al. (2010) are more efficient compared to other public key
based scheme, due to use of pairing based elliptic curve crypto-
graphy. The BSW protocols presented by Ashwani Kumar et al.
(2011, 2014) are also based on public key cryptography so; both the
protocols incur high computational overhead.
 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
Chang et al. (2010) protocol is proposed for the large-scale
networks, however no implementation of the protocol is provided
in some practical scenario. Chen et al. (2014), Ju et al. (2003), Lei
et al. (2004), Memon and Wong (2001), Shao et al. are based on
multiplicative homomorphic encryption scheme. Just like the
schemes based on additive homomorphic encryption, these
schemes are not scalable. In addition to the significant computa-
tional overhead, the protocol expands the data due to the use of
public-key encryption and, thus, requires a high communication
bandwidth. Therefore, they are not scalable in large-scale dis-
tributed settings.
Ferrer and Megias (2013) presents a scalable solution for dis-
tributed multicast of fingerprinted content. In this technique, the
sender does not need to prepare and send a separate fingerprinted
copy to each receiver, so that its computational and bandwidth
burden is equivalent to the case of there being a single receiver. Yu
et al. (2012) presented a scalable technique that focused on time,
space efficiency and reducing resources requirement. The authors
provided software watermarking protocol implementation in
large-scale cloud computing settings.
4.2.2. Efficiency
Bianchi and Piva (2014), Zhang et al. (2006), and Eslami and
Kazemnasabhaji (2014) are all based on an additive homomorphic
public-key encryption scheme, which allows the insertion of en-
crypted watermarks directly into the encrypted content without
prior decryption. All these schemes are very inefficient in practice,
as they encrypt each sample of the content (or at least those
samples to be watermarked) individually, as pointed in Katzen-
beisser et al. (2008). In addition to the significant computational
overhead, the protocol expands the data due to the use of public-
key encryption and, thus, requires a high communication band-
width. Therefore, they are not scalable in large-scale settings.
Chang et al. (2010) proposed protocol, have transferred heavy
computational tasks from a buyer to the seller (which is assumed to
have no constraints on resources), the protocol is computationally
efficient. The scheme provided renewability using watermark certi-
fication authority in the protocol. Chen et al. (2014), Ju et al. (2003)
are based on multiplicative homomorphic encryption scheme. Just
like the schemes based on additive homomorphic encryption, these
schemes are not scalable. These schemes are very inefficient in
practice, as they encrypt each sample of the content (or at least those
samples to be watermarked) individually. In addition to the sig-
nificant computational overhead, the protocol expands the data due
to the use of public-key encryption and, thus, requires a high com-
munication bandwidth. Therefore, they are not scalable in large-scale
distributed settings. Choi et al. (2003) BSW protocol have highly
computational complexity and communication pass number in the
watermark generation process. The protocol has provided renew-
ability using watermark certification authority.
Ferrer and Megias (2013) has considered the overhead in-
troduced at the seller side by the anonymous multicast finger-
printing approach. Since, the goal is to let the merchant (seller)
enjoy the profit margin and flexibility of choosing the water-
marking technology freely among the best state of the art tech-
niques. Frattolillo (2007) proposed a web-oriented and interactive
anonymous buyer-seller watermarking protocol. The protocol as-
sumed that the burden of storing necessary information is dele-
gated to content providers, who can exploit watermarking services
supplied by Service Providers in a secure context without having
to directly implement them. Ashwani Kumar et al. (2011,, 2014) are
also based on public key cryptography so, both the protocols incur
high computational overhead. Both the protocols expand the data,
due to the use of public-key encryption and, thus required a high
communication bandwidth. Katzenbeisser et al. (2008) have uti-
lized the concepts of secure watermark embedding. This scheme
329
requires less computation and bandwidth overhead as compared
to other schemes using homomorphic public-key encryption.
However, Katzenbeisser et al. (2008) protocol has high computa-
tional cost for the buyers. This protocol is more efficient due to the
use of secure embedding algorithms.
In Lei et al. (2004) protocol the burden of storing all necessary
information has been put on seller. The protocol ensures that the
secretly stored watermark information cannot be easily obtained.
Memon and Wong (2001) watermark embedding algorithm is
based on public key cryptography and has little overhead in terms
of the total data communicated between the buyer and the seller.
The protocol is quite general and can be used with different wa-
termarking techniques and appropriate public key encryption
techniques. Michael Backes and Kate (2015) involves low compu-
tational overhead due to usage of a symmetric AES implementa-
tion. This protocol has implemented a novel data transfer protocol
but it involves higher communication overhead for bigger images.
Rial et al. (2011) protocol consists of an expensive initialization
phase, whose cost grows linearly with the amount of messages
and the message size, and very cheap purchase phases therefore;
the protocol is more convenient in resource-constrained settings.
The protocol involves authentication of buyer but the seller does
not learn which items are purchased. Since buyers are not anon-
ymous, customer management is eased and currently deployed
payment methods can be utilized. The technique is collision re-
sistant and also supports frame proofing.
Rial et al. (2010) protocol has proposed encrypted domain
watermark embedding. The proposed solution is based on the
efficient composite embedding strategy. The composite signal re-
presentation reduces both the computational overhead and the
large communication bandwidth, which are due to the use of
homomorphic public-key encryption schemes. Shao (2007) pro-
posed a protocol for transferring watermarked content between
buyers while ensuring that each copy uniquely identifies its re-
cipient. In this protocol, the seller's communication complexity is
proportional to the size of the watermarks rather than the size of
the content. Efforts have been made to improve quality of content.
Terelius (2013) proposed an efficient and secure protocol in which
the seller’s communication cost complexity is proportional to the
size of watermarks rather than the size of the content. Secret in-
formation about watermark embedding cannot be easily obtained.
Efforts have been made to improve quality of content. Juang and
Chen (2011) proposed a fair digital content exchange scheme. The
scheme is efficient and can ensure fair transaction between users
where as the computation cost is low. Efforts made to exchange
content securely and fairly. Jianquan and Qing (2012) is based on
RSA based encryption and just like previously public key encryp-
tion scheme based proposed approaches also suffers from the
performance issues. Ye et al. (2014) protocol required a much
lower communication bandwidth. Symmetric encryption is per-
formed on the multimedia content, which can reduce the com-
plexity and communication cost. Efforts made to improve security.
Ye et al. (2014) presented a technique that does not require a great
deal of computation time. Finger printing in compressed-en-
crypted content directly saves the computational complexity.
Yu et al. (2012) presented a scalable technique that focused on
time, space efficiency and reducing resources requirement. Fan
et al. (2010) proposed an efficient and fair digital content exchange
scheme in cloud computing. The scheme can provide an efficient
way for users to do mutual authentication, ownership transfer, and
fair transaction. It also provides mutual authentication, watermark
exchange, session key agreement, and low computation.
4.2.3. Robustness (RB)
Bianchi and Piva (2014), Chen et al. (2014), Choi et al. (2003), Ju
et al. (2003), Ferrer and Megias (2013), Rial et al. (2011, 2010),
330 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334

• Asymmetric RSA • Asymmetric • Asymmetric • Asymmetric • Partia • Elliptic • Asymmetric • Symmetric • Homomorphic • Asymmetric • Symmetric • Asymmetric
based Encryption with Paillier Homomorphic l Curve pairing based encryption encryption (Paillier encryption encryption encryption
homomorphic homomorphic cryptosystem encryption scheme encry Cryptography cryptography cryptosystem) and
encryption scheme and with online ption based scheme • Asymmetric • Trusted cloud proxy signatures • Asymmetric • Asymmetric • RSA based
commutativity • robust invisible watermark with less group signature based RSA based encryption Asymmetric
• Robust invisible watermarking authentication computational watermarking • Varient of homomorphic encryption
watermarking • Robust invisible scheme with zero authority overhead on Asymmetric encryption
client side • Asymmetric
scheme with zero watermarking knowledge • Asymmetric Paillier homomorphic • Robust
knowledge scheme with property • publicly verifiable requiring a cryptosystem
trusted Encryption • probabilistic encryption Watermarking
property zero knowledge encryption with no encryption scheme
property watemarking
• with no trusted combination trusted third • robust • Asymmetric
third party(TTP) authority party watermarking with • pairing based identity based • Zero
trusted registration asymmetric encryption knowledge
authority homomorphic proof
• ECC with
Weil pairing encryption • Robust
and partial • Zero knowledge Watermarking
encryption proof • blind
watermarking
Fragile • robust
watermarking watermarking
in cloud
computing

• blind
watermarking
• reversible
watermarking

Fig. 3. BSW protocols evolution timeline.

Frattolillo (2007), Katzenbeisser et al. (2008), Lei et al. (2004),
Memon and Wong (2001), Michael Backes and Kate (2015), Shao
(2007), Terelius (2013), Jianquan and Qing (2012), Ye et al. (2014),
Zhang et al. (2006), Yu et al. (2012), Eslami and Kazemnasabhaji
(2014) have all used robust watermarking algorithms. Juang and
Chen (2011) and Fan et al. (2010) have used fragile watermarking
scheme.
Rial et al. (2011) construct a protocol based on priced oblivious
transfer and on existing techniques for asymmetric watermark
embedding. The watermark is robust and can persist different
signal processing and data manipulation attacks. Lei et al. (2004),
have embedded the watermark secretly in content making the
technique robust. It prevents malicious buyers from illegal dis-
tribution of pirated contents. Choi et al. (2003) proposed protocol
that ensures reliability by embedding different watermark in dif-
ferent copies, by supporting frame proofing and by preventing
collision of the seller and the watermark certificate center. Rial
et al. (2010) protocol is secure against any probabilistic polynomial
time (PPT) adversary. The protocol provides robustness as water-
mark is secretly embedded in content and it can persist different
signal processing and data manipulation attacks. Also watermark
cannot be removed without causing significant damage to content.
Katzenbeisser et al. (2008) BSW protocol robust hence the ad-
versary cannot remove watermark without causing significant
damage to content. The technique also caters data integrity. The
BSW protocol has obtained high quality watermark content. It
ensures reliability by providing frame proofing.
Ashwani Kumar et al. (2011,, 2014) implemented the wavelet
based modified buyer-seller watermarking protocol which focuses
on managing the watermark and on improving content quality. To
provide reliability, the technique supports frame proofing. The
watermark is secretly embedded in the content. Moreover, wa-
termarks are imperceptible. The watermarking algorithm is robust
to most of the image processing and data manipulation attacks.
Moreover, the embedded watermark is imperceptible. The water-
marking algorithm protects the copyrights of digital content. Ku-
mar et al. (2015) relies on WCA to embed a watermark and hence
it does not provide protection against framing. Furthermore, the
buyer does not have any knowledge of the cryptosystem used and
the watermark embedded. This may lead to framing of innocent
buyers.
Jianquan and Qing (2012) presented an asymmetric fingerprint
scheme. It has achieved the credibility and authentication. The
scheme embeds a unique fingerprint in each copy sold, which can
not be removed. Zhang et al. (2006) proposed a technique in
which secret information about watermark embedding cannot be
easily obtained. Efforts are made to reduce impact of watermark
embedding on content quality. It provides frame proofing. Wa-
termark is secretly embedded in content.
Eslami and Kazemnasabhaji (2014) have provided im-
plementation of their BSW robust spread spectrum watermarking
scheme. The proposed scheme is robust to common signal and
geometric distortions such as digital–to–analog and analog–to–
digital conversion, resampling, and re-quantization, including di-
thering and recompression and rotation, translation, cropping and
scaling. In Chang et al. (2010) protocol watermark is secretly em-
bedded in the digital content. Further, the authors have provided
protection against replay attack. Ye et al. (2014) proposed scheme
used hybrid multicast-unicast distribution mode in social network.
It supports frame proofing and collusion resistant. Fingerprinting
along with encryption is used to protect the media content. The
fingerprints embedded in the fingerprinted copy are
imperceptible.
5. BSW protocols evolution timeline
This section discusses the evolution of the BSW protocols over
the years. Fig. 3 shows how the research on BSW protocols has
taken shape and where it can benefit from more work.
In 2001 Memon and Wong (2001) proposed the first BSW
protocol. It solved the customer’s right problem and piracy tracing.
However, the rest of the security properties were not fulfilled by
this protocol. In 2003, Ju et al. (2003) proposed asymmetric BSW
approach, which is also based on homomorphic encryption with
robust watermarking algorithm. However unlike Memon and
Wong (2001) their protocol used two trusted parties, which are
judge and a watermark combination authority. In the same year
Choi et al. (2003) also presented another asymmetric BSW tech-
nique, in which a watermark certification authority issues water-
marks. Lei et al. (2004) proposed a BSW protocol, which used
asymmetric homomorphic encryption and a robust watermarking
algorithm with zero knowledge proof property.
In 2006, Zhang et al. (2006) presented a BSW protocol, which is
based on asymmetric Paillier cryptosystem. However, unlike pre-
vious protocols this protocol only requires two parties a buyer and
a seller. In 2007, Frattolillo (2007) presented a robust BSW algo-
rithm in the web context. It has considered an online water-
marking authority. In the same year Min-Hua Shao (Shao, 2007)
proposed a publicly verifiable buyer seller-watermarking scheme.
 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
The scheme is based on asymmetric homomorphic encryption,
which used an online semi-trusted third party to provide buyer’s
privacy. In 2008, Katzenbeisser et al. (2008) proposed a partial
encryption based robust BSW protocol, which used a trusted wa-
termark generation authority (WGA). In 2010, Chang et al. (2010)
proposed a hybrid buyer-seller watermarking scheme. Their mo-
tivation was to transfer the computationally expensive public key
operation to a powerful server and use only symmetric key op-
erations at the buyer. In 2010, Fan et al. (2010) proposed an ECC
based BSW protocol, which is based on a reversible watermarking
algorithm. The protocol requires a trusted server but did not re-
quire a WCA. In 2010, Rial et al. (2010) proposed BSW protocol is
based on asymmetric group signature. The underlying encryption
used additively homomorphic. The authors have also provided a
formal proof of security under a PPT adversary model.
In 2011, Juang and Chen (2011) presented an asymmetric
pairing based BSW protocol using a robust watermarking algo-
rithm. The authors have also provided a formal proof of security
for their proposed BSW protocol. Rial et al. (2011) proposed a POT
based BSW protocol. The authors focused on achieving a fair ex-
change, which means at the end of the protocol either the seller
receives the payment and the buyer receives the purchased items
or both parties receive nothing. In 2012 Jianquan and Qing (2012),
used an asymmetric BSW protocol without the involvement of a
trusted third party. Just like previously proposed scheme, a robust
watermarking scheme is used. Yu et al. (2012) proposed the notion
of software protection in a cloud-computing environment, using
graph based watermarking approach. The authors provided the
details of watermark embedding and extraction algorithms. Ter-
elius (2013) proposed a BSW scheme, which used a variant of
Paillier encryption scheme. The watermarking algorithm used is
robust and the protocol has assumed a protection under a zero
knowledge proof. Pehlivanoglu (2013) proposed an asymmetric
homomorphic encryption scheme for images. The watermarking
algorithm used in the scheme is robust and there is no trusted
third party required in the protocol. Ferrer and Megias (2013)
proposed an asymmetric encryption based BSW protocol. Eslami
and Kazemnasabhaji (2014) proposed a BSW scheme, which is
based on Homomorphic encryption (Paillier Crypto-system) and
proxy signatures schemes.
Seong et al. (2014) proposed a pairing based asymmetric
homomorphic encryption scheme, which is only robust and blind.
In 2015 Kumar et al. (2015) proposed a BSW protocol, which has
used public key cryptography and a robust watermarking algo-
rithm to achieve its security properties. Cui et al. (2015) and Sun
et al. (2015) protocols have used also used an asymmetric cryp-
tography and robust watermarking technique to propose a BSW
protocol. However, Cui et al. (2015) protocol requires a TTP to
achieve its security properties unlike Sun et al. (2015) which does
not require one. Jeng et al. (2015), proposed a symmetric en-
cryption based BSW protocol, which is using robust watermarking.
The protocol has used a TTP to achieve its security properties.
In 2016, Frattolillo (2016) proposed a BSW protocol, which is
suitable for web context. The protocol is based on an asymmetric
homomorphic encryption scheme and is using a robust water-
marking algorithm. The protocol requires an online watermarking
authority to achieve its security properties. Huang et al. (2016)
protocol is based on RSA based asymmetric homomorphic en-
cryption scheme. The protocol has used a zero knowledge proof to
provide privacy to the buyers. Kumar et al. (2016) protocol is based
on identity based asymmetric encryption scheme and a robust
watermarking algorithm. The protocol has used a TTP to provide
its security properties.
331
6. Open issues and future research
Among the schemes, described in this paper, Ferrer and Megias
(2013), Shao (2007), Eslami and Kazemnasabhaji (2014) achieves
all security properties identified in Section 2. Interestingly, the
security claims made in Eslami and Kazemnasabhaji (2014) for
distributing multimedia content, are well studied formally and
detailed proofs have been provided in the form of security games.
One of the limitations of these protocols is that these protocols
have not been tested in real-world scenarios under specific legal
framework.
There are no industry-wide standards for DRM. Different types
of DRM are used to lock down digital content (video, audio, soft-
ware), leading to market fragmentation wherein different retailers
use non-interoperable DRM schemes (Digital Rights Management,
2016). For example, there are several DRM systems in use with
selling Electronic Books (e-books) such as: (i) Apple Fairplay DRM,
(ii) Amazon DRM, (iii) Adobe‘s DRM system, called Adobe Digital
Editions Protection Technology (ADEPT). Apple's FairPlay DRM is
applied to the industry standard EPUB format ebooks; Amazon
DRM is applied to Amazon’s azw4, KF8, Mobipocket format; and
Adobe's ADEPT DRM is applied to EPUBs and PDFs. The non-in-
teroperable DRM schemes in the domain of e-books can prevent
an e-book in the specific industry standard format from being
transferred to another e-reader, even if that e-reader supports that
industry standard format. For instance, an e-book bought through
Apple’s iBookstore can’t be read on an Adobe E-reader and can be
read only by Apple's iBooks app on iOS devices and Mac OS
computers even though both FairPlay and ADEPT supports the
EPUB format Umeh (2007). Therefore, designing industry-wide
standard for DRM that supports interoperability is an open re-
search topic.
There is a need for designing BSW framework supporting hy-
brid trust model, allowing incorporation of soft trust decisions into
hard trust decision-making process, to achieve enhanced security
performance (Head et al., 2001). To date, several private and public
ODR systems have been developed around the globe to handle
ecommerce disputes. Some ODR providers provide such services
as part of their core business. For example in US, Cybersettle
(Solovay and Reed, 2003) is among the largest ODR service pro-
viders; where as in UK, Mediation room is among the leading ODR
service providers (Solovay and Reed, 2003). Other ODR providers
provide limited services for handling the disputes arising in their
own businesses. For example, Internet Corporation for Assigned
Names and Numbers (ICANN) has resolved thousands of disputes
across borders between trademark holder and owner of domain
names (ICANN, 1999). The eBay and PayPal resolution centres re-
solved hundreds of millions of disputes through automation. Dis-
pute resolution processes offered by eBay and PayPal successfully
resolved 60 million disputes between buyers and sellers per year
around the globe (Faye Fangfei, 2009; Hanroit, 2015–16).
In Canada, ODR is making huge inroads. British Columbia’s Civil
Resolution Tribunal Act established a new dispute resolution body,
the Civil Resolution Tribunal (CRTA). It is anticipated that CRTA will
begin its working by early 2017 (Civil Resolution Tribunal Ac). In
2016, European Union launched EU’s Online Dispute Resolution
platform with legal basis for consumers, and traders to settle dis-
putes arising from online transactions (European Commission, 2016).
To avoid an increasing vulnerability to cyber-crime and fraud, large-
scale global e-commerce emphasizes the need for trust and co-
operation between a large numbers of different stakeholders residing
in different parts of the world (Rogers and Bloch, 2010). Due to
geographical distribution of service providers and service consumers,
to win trust it requires not only understanding of different national
legal frameworks, but also understanding of how differences in na-
tional legal frameworks can be acclimated.
332 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
One desirable property for the success of an e-commerce sys-
tem is transaction fairness. It refers to the capability of the system,
ensuring an unbiased exchange of items between the buyer and
seller, such that no advantage is taken over the correctly behaving
transacting party. When buyers use an e-commerce system, they
make payments or send their private information online. It is
therefore required that the system provides security to prevent
fraudsters from accessing them. Fairness occurs when the buyer
makes a full payment and the seller delivers the right commodity
in the right quantity. As an example of the usefulness of this kind
of capability in a DRM system, consider the following context fo-
cusing on the scenarios resulting in the dispute between the buyer
and sellers. Imagine, a buyer has received a product from the seller
that is different from the one expected or is faulty. Additionally,
the buyer may disappear or not provide the seller correct pin/
password to acquire the required payment. In an online purchase,
the buyer is not in a position to physically see and try the product
and mostly the buyer and seller do not trust each other (which is
considered as one of the most crucial factors in the success of
e-commerce). Online dispute resolution mechanisms are therefore
crucial in e-commerce systems, where the buyers and sellers may
be resident at geographical locations under different legal systems.
There exist work that focuses on efficient fair exchange protocols
(Rial et al., 2011), but the problem of designing fair-exchange
privacy-preserving buyer-seller watermarking protocols providing
anonymity to the buyers is not largely addressed by the research
community and needs attention.
Rapid advancements in pervasive computing promoted the use
of embedded devices (e.g., mobile phones, smart cards and RFID
tags), resulting in new opportunities in many sectors including
financial, entertainment, health care, information access, or auto-
motive. Credit cards, mobile phones, electronic ID cards and
passport card are examples of ideal targets for malicious users or
organizations. This emphasizes on the need of designing light-
weight secure privacy-preserving buyer-seller watermarking pro-
tocols suitable for these resource-constrained devices. Some work
has been done related to the designing of lightweight privacy-
preserving protocol (Shao, 2007), but there is still a lot of work to
be done to fulfil all the requirements for designing secure privacy-
preserving embedded device solution supporting heterogeneous
devices. For supporting integration of privacy-preserving buyer-
seller watermarking protocols with e- commerce and digital right
management applications, there exists related literature, but de-
signing such systems in view of the current legislation is an open
research topic.
Presently, there are no standardized secure interoperability
models that allow BSW protocols to support different types of
devices and different types of digital content. The BSW protocols
should not just be able to support heterogeneous devices, but
must be able to protect the usage rights for different kinds of di-
gital content, such as sound, video, image or text. There is a need
for development of standardization frameworks that support
interoperability.
Advancement in digital and high-speed communication tech-
nologies accelerated the number of television and radio channels
around the globe, which resulted in the exponential growth in the
amount of content production and distribution. The rapid increase
in the broadcast applications, while of great potential, has caused
privacy and security of the content to become a much more ser-
ious concern. The users (such as content owners, copyright hold-
ers, distributors) of the broadcast monitoring application are in-
terested in knowing several facts about their content including:
(i) whether their content will be broadcasted, (ii) is it used ac-
cording to the contract, (iii) is it edited without permission, (iv)
content is broadcasted multiple times without consent etc. Exist-
ing BSW protocols cannot be used to handle such applications
because of their high computation and bandwidth consumption
demands. There exists some work related to designing a secure
broadcast monitoring protocol using watermarking technique (Liu
et al., 2013), but designing secure and privacy-preserving buyer-
seller protocol supporting broadcast monitoring remains an open
research topic.
7. Conclusions
The paper provides insight into an important issue of sharing
digital content on the Internet. This is heavily connected to the
issues of the illegal content duplication and its distribution. This
insight is useful for many stakeholders in E-commerce. Digital
Right Management (DRM) systems emerged to prevent such
malicious actions. A Buyer-Seller Watermarking (BSW) protocol is
one of the protocols used to ensure copyrights protections. In this
paper, we presented a detailed categorization of BSW protocols.
We reviewed a large number of BSW protocols and created a
taxonomy to describe their important features. Our taxonomy is a
useful tool for examining BSW protocols. In addition, to the tax-
onomy we have proposed a reference model for measuring the
performance and security features of BSW protocols. We have
identified key challenges in the BSW protocols and discussed how
various protocols have addressed them over the years. We have
identified several areas of BSW protocols that are currently under-
represented in research and should be focused by the research
community.
References
Adegoke, Y., Reuters, Global Music Sales Keep Falling, Pretty Much Everywhere,
〈http://blogs.reuters.com/mediafile/2009/04/22/global-music-sales-keep-fall
ing-pretty-much-everywhere/〉, 2009, (online; accessed 16.01.15).
Ashwani Kumar, T., Vipin, Mohd, Dilshad, Kumar, Kapil, 2011. A practical buyer-
seller watermarking protocol based on discrete wavelet transform. Int. J.
Comput. Appl. 21 (8).
B2C E-commerce Sales Worldwide 2018, 〈http://www.statista.com/statistics/
261245/b2c-e-commerce-sales-worldwide/〉.
Bianchi, T., Piva, A., 2014. TTP-free asymmetric fingerprinting based on client side
embedding (Oct). Inf. Forensics Secur., IEEE Trans. 9 (10), 1557–1568.
Bok-Min, Goi, Phan, R., Yang, Y., Bao, F., Deng, R.H., Siddiqi, M.U., 2004. Cryptanalysis
of two anonymous buyer-seller watermarking protocols and an improvement
for true anonymity, in Proceedings of ACNS 04, LNCS 3089, pp. 369–382.
Boneh, Dan, Franklin, Matt, 2001. Identity-Based Encryption from the Weil Pairing.
Advances in Cryptology—CRYPTO 2001. Springer Berlin Heidelberg.
Canetti, R., 2001. Universally composable security: a new paradigm for cryptographic
protocols. In: Proceedings of the 42nd IEEE symposium on Foundations of Com-
puter Science, ser. FOCS ’01. Washington, DC, USA: IEEE Computer Society, pp.
136–. (Online). Available: 〈http://dl.acm.org/citation.cfm?id¼ 874063.875553〉.
Celik, M., Lemma, A., Katzenbeisser, S., van der Veen, M., 2007. Secure embedding of
spread spectrum watermarks using look-up-tables, in Proc. IEEE Int. Conf.
Acoustics, Speech Signal Processing, pp. 153–156.
Chang, C.-C., Tsai, H.-C., Hsieh, Y.-P., 2010. An efficient and fair buyer-seller finger-
printing scheme for large scale networks. Comput. Secur. 29 (2), 269–277.
Chen, C.-L., Chen, C.-C., Li, D.-K., Chen, P.-Y., 2014. A verifiable and secret buyer seller
watermarking protocol, IETE Technical Review, vol. 0, no. 0, pp. 1–10. (Online).
Available: 〈http://dx.doi.org/10.1080/02564602.2014.983565〉.
Cheng, Q., Huang, T., Blind digital watermarking for images and videos and per-
formance analysis, in Multimedia and Expo, 2000. ICME 2000. 2000 IEEE In-
ternational Conference on, vol. 1, 2000, pp. 389–392.
Chiang, E., Assane, D., 2002. Software copyright infringement among college stu-
dents. Appl. Econ. 34 (2), 157–166. http://dx.doi.org/10.1080/
000368400110034253.
Ching Lin, Vijay Varadharajan, Yan Wang, Yi Mu, 2004. On the Design of a New
Trust Model for Mobile Agent Security, Trust and Privacy in Digital Business:
First International Conference, TrustBus 2004, Zaragoza, Spain, August 30–
September 1.
Choi, J., Sakurai, k, Ji-Hwan, P., 2003. Does it need trusted third party? design of
buyer-seller watermarking protocol without trusted third party. Applied
Cryptography and Network Security 2846. LNCS Springer, Berlin/Heidelberg,
pp. 265–279.
Civil Resolution Tribunal Act, 〈http://www2.gov.bc.ca/gov/content/justice/about-
bcs-justice-system/legislation-policy/legislation-updates/civil-resolution-tribu
nal-act〉.
 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
Collberg, C.S., Thomborson, C., 2002. Watermarking, tamper-proofing, and obfus-
cation – tools for software protection (Aug). IEEE Trans. Softw. Eng. 28 (8),
735–746.
Conte, Rosaria, Paolucci, Mario, 2002. Reputation in Artificial Societies: Social Be-
liefs for Social Order. Kluwer Academic Publishers, Norwell, MA, USA.
Cox, I.J., Kilian, J., Leighton, F.T., Shamoon, T., 1997. Secure spread spectrum wa-
termarking for multimedia. IEEE Trans. Image Process. 6 (12), 1673–1687.
Cui, Xinchun, Sheng, Gang, Li, Fengyin, Liu, Xiaowu, 2015. An efficient and impartial
buyer-seller watermarking protocol. J. Commun. 10 (5).
Digital Rights Management, 〈http://ebookarchitects.com/learn-about-ebooks/drm/〉
(online accessed: 18.07.16).
Ding, Q., Wang, B., Sun, X., Wang, J., Shen, J., 2015. A Reversible Watermarking
Scheme Based on Difference Expansion for Wireless Sensor Networks 8 (2),
143–154.
Eslami, N.M. Ziba, Kazemnasabhaji, Mohammad, 2014. Proxy signatures and buyer
seller watermarking protocols for the protection of multimedia content. 72.
Multimedia Tools and Applications Springer, pp. 2723–2740.
European Commission. Online Dispute Resolution Platform. URL: 〈https://webgate.
ec.europa.eu/odr〉 (online accessed: 18.07.16).
Fan, C., Juang, W.S., Chen, M. Te, 2010. Efficient fair content exchange in cloud
computing. Comput. Symp. (ICS).
Faye Fangfei, Wang, 2009. Online Dispute Resolution; Technology, Management
and Legal Practice from an International Perspective. Chandos Publ., 67.
Ferrer, J.D., Megias, D., 2013. Distributed multicast of fingerprinted content based
on a rational peer-to- peer community. Comput. Commun. 36 (5), 542–550.
Frattolillo, F., 2007. Watermarking protocol for web context (Sept.). Inf. Forensics
Secur., IEEE Trans. 2 (3), 350–363.
Frattolillo, Franco, 2016. A buyer-friendly and mediated watermarking protocol for
web context. ACM Trans. Web (TWEB) 10.2, 9.
Furht, B., Escalante, A., 2010. Handbook of Cloud Computing. Springer.
Gary C., Kessler, An overview of Cryptography, 〈www.garykessler.net/library/crypto.
html〉 (online accessed: 20.07.16).
Halder, R., Pal, S., Cortesi, A., 2010. Watermarking techniques for relational data-
bases: survey, classification and comparison. J. UCS 16 (21), 3164–3190.
Hanroit, Maxime, 2015&;16. Online dispute resolution to cross border consumer
disputes: The enforcement of Outcome. MCGill J. Disput. Resolut. 2, 1.
Head, M.M., Yuan, Y., Archer, N. Building Trust in E-Commerce: A theoretical Fra-
mework. In: Proceedings of the Second World Congress on the Management of
Electronic Commerce, January 2001.
Huang, Jyun-Ci, Jeng, Fuh-Gwo, Chen, Tzung-Her, 2016. A new buyer-seller wa-
termarking protocol without multiple watermarks insertion. Multimed. Tools
Appl., 1–13.
Huang, S.Y., Li, C.R., Lin, C.J., 2007. A literature review of online trust in business to
consumer e-commerce transaction, 2001–2006. Issues Inf. Syst. 8 (2), 63–69.
Husted, B., 2000. The impact of national culture on software piracy. J. Bus. Ethics 26
(3), 197–211.
ICANN, Uniform Domain Name Dispute Resolution Policy, 1999. online: 〈https://
www.icann.org/resources/pages/policy-2012-02-25-en〉.
Jeng, Fuh-Gwo, Wu, Yan-Ting, Chen, Tzung-Her, 2015. A multi-watermarking pro-
tocol for health information management. Multimed. Tools Appl., 1–13.
Jianquan, Xie, Qing, Xie, 2012. A buyer-seller digital watermarking protocol without
third party authorization. Adv. Eng. Forum 6–7, 452–458.
Joe Karaganis, L.R., Copy Culture in US and Germany, 2013. (Online). Available: 〈http://
piracy.americanassembly.org/wp-content/uploads/2013/01/Copy-Culture.pdf〉.
Jonker, H.L., Mauw, S. Core security requirements of DRM systems. In: Symposium
on Information theory in the Benelux, 2004.
Josang, R., Ismail, C., Boyd, A survey of trust and reputation systems for online
service provision, Decision Support Systems, vol. 43, pp. 618–644.
Ju, H.S., Kim, H.J., Lee, D.H., Lim, J.I., 2003. An anonymous buyer-seller water-
marking protocol with anonymity control, in Proceedings of the 5th interna-
tional conference on Information security and cryptology, ser. ICISC’02.
Springer-Verlag, Berlin, Heidelberg, pp. 421–432.
Juang, C.I.F. Wen Shenq, Chen, M.T., 2011. Efficient fair content exchange with ro-
bust watermark ownership. Int. J. Innov. Comput., Inf. Control 7 (8), 4653–4667.
Katzenbeisser, S., Lemma, A., Celik, M., van der Veen, M., Maas, M., 2008. A buyer
seller watermarking protocol based on secure embedding, Information Foren-
sics and Security (Dec.). IEEE Trans. 3 (4), 783–786.
Kennedy, J., Ifpi, Digital Music Report, 〈http://www.ifpi.org/content/library/
dmr2009-real.pdf〉, 2009, (online; accessed 16.01.15).
Khan, J.I., Shaikh, S.D., 2009. A phenotype reputation estimation function and its
study of resilience to social attacks. J. Netw. Comput. Appl. 32 (4), 913–924.
Kumar, Ashwani, Ghrera, S.P., Tyagi, Vipin, 2014. Implementation of wavelet based
modified buyer-seller watermarking protocol (BSWP). WSEAS Trans. Signal
Process. 10, 212–220.
Kumar, Ashwani, Ghrera, S.P., Tyagi, Vipin, 2016. Modified Buyer Seller Water-
marking Protocol based on Discrete Wavelet Transform and Principal Compo-
nent Analysis. Indian J. Sci. Technol. 8 (35).
Kumar, Ashwani, Ghrera, S.P., Vipin Tyagi, 2015. A new and efficient buyer-seller
digital Watermarking protocol using identity based technique for copyright
protection, Third International Conference on Image Information Processing
(ICIIP), IEEE.
Kundur, D., Member, S., Karthik, K., Member, S., 2004. Video fingerprinting and
encryption principles for digital rights management. Proc. IEEE, 918–932.
Lei, C.-L., Yu, P.-L., Tsai, P.-L., Chan, M.-H., 2004. An efficient and anonymous buyer-
seller watermarking protocol (Dec.). Image Process., IEEE Trans. 13 (12),
1618–1626.
333
Lemma, A., Katzenbeisser, S., Celik, M., van der Veen, M., 2006. Secure watermark
embedding through partial encryption, in Proc. 5th Int. Workshop Digital
Watermarking, ser. Lect. Notes Comput. Sci.. 4283. Springer, Berlin, Germany,
pp. 433–445.
Lin Ching, Varadharajan Vijay, Wang Yan, Mu Yi, 2004. On the Design of a New Trust
Model for Mobile Agent Security, Trust and Privacy in Digital Business: First
International Conference, TrustBus 2004, Zaragoza, Spain, August 30–Septem-
ber 1. Proceedings", 10.1007/978-3-540-30079-3_7.
Lin, C., Varadharajan, V., 2007. A Hybrid Trust Model for Enhancing Security in
Distributed Systems, Availability, Reliability and Security, 2007. ARES 2007. The
Second International Conference on, Vienna, pp. 35–42.
Liu, L., Guan, T., Zhang, Z., 2013. Broadcast monitoring protocol based on secure
watermark embedding. Comput. Electr. Eng. 39 (7), 2299–2305 (Online. Avail-
able) http://www.sciencedirect.com/science/article/pii/S0045790613001249.
Liu, Z., Li, X., Motion Vector Encryption in Multimedia Streaming. In: Multimedia
Modelling Conference, 2004. Proceedings. 10th International, Jan 2004, pp. 64–
71.
Memon, N., Wong, P.W., 2001. A buyer-seller watermarking protocol, Image Pro-
cessing (April). IEEE Trans. 10 (4), 643–649.
Michael Backes, N.G., Kate, A., 2015. Data lineage in malicious environments, de-
pendable and secure computing. IEEE Trans. PP (99).
Naor, M., Shamir, A., Visual cryptography. In: Proceedings of EUROCRYPT’94, LNCS,
vol. 950, pp 1–12 .
Pehlivanoglu, Serdar, 2013. An asymmetric fingerprinting code for collusion-re-
sistant buyer-seller watermarking. In: Proceedings of the first ACM workshop
on Information hiding and multimedia security. ACM.
Qiao, L., Nahrstedt, K., 1998. Watermarking schemes and protocols for protecting
rightful ownership and customer’s rights. J. Vis. Commun. Image Represent. 9
(3), 194–210.
Rial, A., Balasch, J., Preneel, B., 2011. A privacy preserving buyer seller watermarking
protocol based on priced oblivious transfer (march). Inf. Forensics Secur., IEEE
Trans. 6 (1), 202–212.
Rial, A., Deng, M., Bianchi, T., Piva, A., Preneel, B., 2010. A provably secure anon-
ymous buyer seller watermarking protocol (Dec.). Inf. Forensics Secur., IEEE
Trans. 5 (4), 920–931.
Riedl, B., Grascher, V., Fenz, S., Neubauer, T., 2008. Pseudonymization for improving
the privacy in e-health applications, in Proceedings of the Proceedings of the
41st Annual Hawaii International Conference on System Sciences, ser. HICSS
’08. Washington, DC, USA: IEEE Computer Society, pp. 255–. (Online). Available:
〈http://dx.doi.org/10.1109/HICSS.2008.366〉.
Rule, Colin, 2002. Online Dispute Resolution for Business: B2B, Ecommerce, Con-
sumer, Employment, Insurance, and Other Commercial Conflicts. John Wiley &
Sons, Inc, New York, NY, USA.
Seong, Teak-Young, et al., 2014. DCT and Homomorphic Encryption based Water-
marking Scheme in Buyer-seller Watermarking Protocol. J. Korea Multimed.
Soc. 17.12, 1402–1411.
Shao, M.-H., 2007. A privacy-preserving buyer-seller watermarking protocol with
semi-trust third party. Trust, Privacy and Security in Digital Business, Ser.
Lecture Notes in Computer Science 4657. Springer Berlin Heidelberg, pp. 44–53.
Sheikh Mahbub Habib, Vijay Varadharajan, Max Mühlhäuser. 2013. A framework for
evaluating trust of service providers in cloud marketplaces. In: Proceedings of
the 28th Annual ACM Symposium on Applied Computing (SAC '13). ACM, New
York, NY, USA, 1963-1965. DOI ¼http://dx.doi.org/10.1145/2480362.2480727.
Simon, S. Msanjila, Hamideh Afsarmanesh, 2009. On Hard and Soft Models to
Analyze Trust Life Cycle for Mediating Collaboration, Leveraging Knowledge for
Innovation in Collaborative Networks: 10th IFIP WG 5.5 Working Conference on
Virtual Enterprises, PRO-VE 2009, Thessaloniki, Greece, October 7–9.
Solovay, Norman, Reed, Cynthia K., 2003. Internet and Dispute Resolution: Un-
tangling the Web. American Lawyer Media.
Sultana, S., Ghinita, G., Bertino, E., 2015. A Lightweight Secure Scheme for Detecting
Provenance Forgery and Packet Drop Attacks in Wireless Sensor Networks 12
(3), 256–269.
Sun, Jia-Hao, Lin, Yu-Hsun, Wu, Ja-Ling, 2015. Secure Client Side Watermarking
with Limited Key Size. MultiMedia Modeling. Springer International Publishing.
Swinyard, W., Rinne, H., Kau, A., 1990. The morality of software piracy: a cross-
cultural analysis. J. Bus. Ethics 9 (8), 655–664. http://dx.doi.org/10.1007/
BF00383392.
Taban, G., Cárdenas, A.A. and Gligor, V.D., 2006, October. Towards a secure and
interoperable DRM architecture. In: Proceedings of the ACM workshop on Di-
gital rights management. ACM, pp. 69–78.
Terelius, B., 2013. Towards transferable watermarks in buyer-seller watermarking
protocols. In: Information Forensics and Security (WIFS), 2013 IEEE Interna-
tional Workshop on, Nov, pp. 197–202.
Triandis, H.C., 1994. Culture and Social Behavior, Ser. McGraw-Hill Series in Social
Psychology. McGraw-Hill Higher Education.
Umeh, Jude C., 2007. The world beyond Digital Rights Management. British Com-
puter Society https://books.google.com.pk/books?isbn ¼1902505875.
Vikki Rogers, Christopher Bloch, Cross Border Commerce and Online Dispute Re-
solution: Emerging International Legislative and Systematic Developments
(Oct. 27, 2010), available at 〈http://www.ibls.com/internet_law_newsportal_
view.aspx?s ¼ sa&id ¼1993〉.
W. I. P. Organization, World Intellectual Property Indicators, 〈http://www.wipo.int/
portal/en/index.html〉, 2014, (online; accessed 16.10.15).
Wang, Xiang-Yang, Niu, Pan-Pan, Qi, Wei, 2008. A new adaptive digital audio wa-
termarking based on support vector machine. J. Netw. Comput. Appl. 31,
735–749.
334 A. Khan et al. / Journal of Network and Computer Applications 75 (2016) 317–334
Weiliang Zhao, Vijay Varadharajan, Yi Mu, 2003. A secure Mental Poker Protocol
Over the internet, Australasian Information Security Workshop 2003. Con-
ference in Research and Practice in Information Technology, Vol. 21, 2003.
Xu, Z., Li, L., Gao, H., 2012. Bandwidth efficient buyer-seller watermarking protocol
(Dec.). Int. J. Inf. Comput. Secur. 5 (1), 1–10.
Ye, C., Xiong, Z., Ding, Y., Li, J., Wang, G., Zhang, X., Zhang, K., 2014. Secure multi-
media big data sharing in social networks using fingerprinting and encryption
in the jpeg2000 compressed domain. In: Trust, Security and Privacy in Com-
puting and Communications (TrustCom), 2014 IEEE 13th International Con-
ference on, Sept, pp. 616–621.
Yu, Zhiwei, Wang, Chaokun, Thomborson, Clark, Wang, Jianmin, Lian, Shiguo, Va-
silakos, Athanasios V., 2012. A novel watermarking method for software pro-
tection in the cloud. Softw. Pract. Exp., 409–430.
Zeng, P., Cao, Z.-f, Lin, H., 2010. Analysis and enhancement of a watermarking
protocol suitable for web context. J. Shanghai Jiaotong Univ. (Sci.) 15, 392–396.
Zhang, X.P., Wang, S.Z., Chen, C., 2006. Asymmetric fingerprinting scheme without
third party authorization. J. Harbin Inst. Technol. 38 (7), 727–730.
Zhang, J., Kou, W., Fan, K., 2006. Secure buyer–seller watermarking protocol. IEE
Proceedings – Information Security, vol. 153, no. 1, pp. 15–18. (Online). Avail-
able: 〈http://link.aip.org/link/?IIS/153/15/1〉.