[7997] in cryptography@c2.net mail archive
[FYI] Statement Regarding the SDMI Challenge
daemon@ATHENA.MIT.EDU (PA Axel H Horns)
Tue Oct 24 10:46:55 2000
From: "PA Axel H Horns" <horns@pobox.com>
To: cryptography@c2.net
Date: Mon, 23 Oct 2000 19:45:19 +0200
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Reply-To: horns@pobox.com
Message-ID: <39F4954F.23083.47B4C9@localhost>
http://www.cs.princeton.edu/sip/sdmi/announcement.html
------------------------------- CUT ------------------------------
Statement Regarding the SDMI Challenge
The Secure Digital Music Initiative (SDMI) is developing a
comprehensive system to prevent music piracy. Central to this system
is watermarking, in which an inaudible message is hidden in music to
provide copyright information to devices like MP3 players and
recorders. Devices may then refuse to make copies of pieces of music,
depending on the meaning of the watermark contained therein.
In September 2000, SDMI issued a public challenge to help them choose
among four proposed watermarking technologies. During the three-week
challenge, researchers could download samples of watermarked music,
and were invited to attempt to remove the secret copyright
watermarks.
During the challenge period, our team of researchers, from Princeton
University, Rice University, and Xerox, successfully defeated all
four of the watermarking challenges, by rendering the watermarks
undetectable without significantly degrading the audio quality of the
samples. Our success on these challenges was confirmed by SDMI's
email server.
We are currently preparing a technical report describing our findings
regarding the four watermarking challenges, and the two other
miscellaneous challenges, in more detail. The technical report will
be available some time in November.
This statement, a Frequently Asked Questions document, the full
technical report (when it is ready), and other related information
can be found on the Web at http://www.cs.princeton.edu/sip/sdmi.
For more information, please contact Edward Felten at (609) 258-5906
or felten@cs.princeton.edu.
------------------------------- CUT ------------------------------
http://www.cs.princeton.edu/sip/sdmi/faq.html#E1
------------------------------- CUT ------------------------------
[...]
The future
Q. I heard people complain that the challenge period was too short
and the information on the site too meager for the challenge to be
taken seriously. Were they right?
For cryptographic challenges, it is expected for researchers to be
given a long time, often indefinitely, to crack a cipher. It is also
expected for the cipher algorithms to be provided (the security of a
cryptosystem must not rest on the obscurity of the algorithm). SDMI
only provided about 3 weeks, and did not provide any details on how
the watermarking technologies worked. They did not even provide
programs to detect or embed marks, handling detection themselves via
oracles.
The SDMI challenge seemed to be designed as much to hide the design
of the watermarking schemes as to test whether those schemes could be
broken in practice. In practice, once SDMI-enabled players were
deployed, the algorithms they used would eventually be reverse
engineered and analyzed. Even before the algorithms were reverse
engineered, any consumer with an SDMI-enabled player would have more
information than SDMI provided in the challenge. For example, a
consumer could use his player as an oracle; such an oracle would be
faster than SDMI's Web oracle, and it would provide more information.
Thus the SDMI challenge was unrealistically difficult.
Fortunately, analyzing watermarking technologies is easier than
analyzing ciphers, because the watermarking problem is much more
difficult than the problem of encryption. In cryptography, a
successful attack often requires deciphering an enciphered message.
In steganography (information hiding) merely destroying the hidden
message (e.g. the watermark), usually by slightly distorting the
medium containing it, is a successful attack, even if one cannot
decipher or detect any hidden message contained in the medium.
We do believe, however, that in any future challenges SDMI should
provide more information than they did this time around. Researchers
were provided with less information than ordinary people would obtain
by using SDMI devices! For instance, the oracles, when reporting that
an attack did not succeed, would not tell us if the failure was due
to the watermark surviving, or to quality being degraded beyond
SDMI's quality standards.
Q. Does this mean watermarking, as a technology, is infeasible?
No! Watermarking has a lot of different applications, and a lot of
potential. Any successful hack of SDMI's watermarking technologies is
due to the particular application of watermarking they had in mind,
and the way they intended to integrate it into a security system.
Q. What if SDMI uses your results, and those of others, to develop a
more secure or unbeatable system?
We believe their general security model is inherently vulnerable to a
number of attacks no matter how sophisticated their watermarking
technologies become. We can never say for certain, but we are
confident that we can continue to develop attacks like we have if
SDMI updates their technologies.
This is essentially the situation of the "trusted" client in a
hostile environment, a common problem in piracy prevention.
Basically, an anti-piracy measure is enforced by a device or computer
program belonging to an adversary who wishes to circumvent it, and
who can take apart and analyze it. Such measures are usually quickly
circumvented, and many attacks exist that involve the exploitation of
the device itself.
The watermarking technologies are similarly designed. They are what
we call public watermarking technologies, in which no secret key is
needed to detect the mark; all devices know where to look for it.
Because the secret embedding method is implemented in so many
devices, the odds of an adversary learning how to perform and reverse
it are very high. Also, these watermarks must be robust to all
modifications a listener considers slight, and the number of possible
slight modifications to an audio clip is constrained only by one's
creativity.
Q. What if SDMI completely overhauls their system so that these
inherent problems no longer exist?
The underlying problem that SDMI is trying to solve, that of
protecting content from a hostile platform while allowing the
platform to "play" the content, is inherent very difficult, both in
theory and in practice. To overhaul their system, SDMI may well have
to overhaul their business model.
We would be deeply impressed if SDMI or anyone else developed a
secure system for piracy prevention given the requirements of music
listeners. We would be happy to examine any system they have,
assuming they offer a fair challenge.
Q. What if SDMI has more watermarking schemes than what they put on
their website, and just uses one of these unbroken technologies for
their system?
Then they will be using a system that has not been subjected to any
open scrutiny, a sure recipe for disaster. We encourage SDMI to let
the scientific community review their systems before committing them
to actual devices.
Q. Will you participate in any future challenges?
Sure, as long as they are fair. In this challenge a bare minimum of
information was given to researchers, and we hope any future
challenges will be more open.
Q. Where can I get more information?
If the information you need is not in this FAQ, then try our Web site
at http://www.cs.princeton.edu/sip/sdmi. If you still can't find the
information you need, then contact Edward Felten at
felten@cs.princeton.edu or (609) 258-5906.
Copyright (C) 2000, Princeton University. All rights reserved.
------------------------------- CUT ------------------------------
