Slashdot Mirror

On Thursday, Oppenheim released a backpedaling statement: "The Secure Digital Music Initiative Foundation (SDMI) does not -- nor did it ever -- intend to bring any legal action against Professor Felten or his co-authors. We sent the letter because we felt an obligation to the watermark licensees who had voluntarily submitted their valuable inventions to SDMI for testing ... The Recording Industry Association of America, one of the founding members of SDMI, strongly believes in academic freedom and freedom of speech."

The what the heck is this...? The letter sent to Professor Felten (mirrored on http://cryptome.org/sdmi-attack.htm) states:

...and could subject you and your research team to actions under the Digital Millennium Copyright Act ("DCMA").

and...

Such disclosure is not authorized in the Agreement, would constitute a violation of the Agreement and would subject your research team to enforcement actions under the DMCA and possibly other federal laws.

and...

you could be subject to enforcement actions under federal law, including the DMCA

RIAA, did you say that you did not intend to bring legal action? Oh, this was just an intimidation letter? I see.

-S

Also at http://cryptome.org/sdmi-attack.zip. Unzip into your web directory, create another mirror, a la http://gondwanaland.com/ml/sdmi-attack/sdmi-attack .htm.

20 April 2001. Thanks to Anonymous
From cryptome.org

[Letter, 3 pp.]

MATTHEW J. OPPENHEIM, ESQ.
Address illegible
RIAA

April 9, 2001

Professor Edward Felton
Department of Computer Science
Princeton University
Princeton, NJ 08544

Dear Professor Felten,

We understand that in conjunction with the 4th International Information Hiding Workshop to be held April 25-29, 2001, you and your colleagues who participated in last year's Secure Digital Music Initiative ("SDMI") Public Challenge are planning to publicly release information concerning the technologies that were included in that challenge and certain methods you and your colleagues developed as part of your participation in the challenge. On behalf of the SDMI Foundation, I urge you to reconsider your intentions and to refrain from any public disclosure of confidential information derived from the Challenge and instead engage SDMI in a constructive dialogue on how the academic aspects of your research can be shared without jeopardizing the commercial interests of the owners of the various technologies.

As you are aware, at least one of the technologies that was the subject of the Public Challenge, the Verance Watermark, is already in commercial use and the disclosure of any information that might assist others to remove this watermark would seriously jeopardize the technology and the content it protects.1 Other technologies that were part of the Challenge are either likewise in commercial use or could be could be utilized in this capacity in the near future. Therefore, any disclosure of information that would allow the defeat of those technologies would violate both the spirit and the terms of the Click-Through Agreement (the "Agreement"). In addition, any disclosure of information gained from participating in the Public Challenge would be outside the scope of activities permitted by the Agreement and could subject you and your research team to actions under the Digital Millennium Copyright Act ("DCMA").

____________________

1 The Verance Watermark is currently used for DVD-Audio and SDMI Phase I products and certain portions of that technology are trade secrets.

We appreciate your position, as articulated in the Frequently Asked Questions document, that the purpose of releasing your research is not designed to "help anyone impose or steal anything." Further more, you participation in the Challenge and your contemplated disclosure appears to be motivated by a desire to engage in scientific research that will ensure that SDMI does not deploy a flawed system. Unfortunately, the disclosure that you are contemplating could result in significantly broader consequences and could directly lead to the illegal distribution of copyrighted material. Such disclosure is not authorized in the Agreement, would constitute a violation of the Agreement and would subject your research team to enforcement actions under the DMCA and possibly other federal laws.

As you are aware, the Agreement covering the Public challenge narrowly authorizes participants to attack the limited number of music samples and files that were provided by SDMI. The specific purpose of providing these encoded files and for setting up the Challenge was to assist SDMI in determining which of the proposed technologies are best suited to protect content in Phase II products. The limited waiver of rights (including possible DMCA claims) that was contained in the Agreement specifically prohibits participants from attacking content protected by SDMI technologies outside the Public Challenge. If your research is released to the public this is exactly what could occur. In short, you would be facilitating and encouraging the attack of copyrighted content outside the limited boundaries of the Public Challenge and thus places you and your researchers in direct violation of the Agreement.

In addition, because public disclosure of your research would be outside the limited authorization of the Agreement, you could be subject to enforcement actions under federal law, including the DMCA. The Agreement specifically reserves any rights that proponents of the technology being attacked may have "under any applicable law, including, without limitation, the U.S. Digital Millennium Copyright Act, for any acts not expressly authorized by their Agreement." The Agreement simply does not "expressly authorize" participants to disclose information and research developed through participating in the Public challenge and such disclosure could be the subject of a DMCA action.

We recognize and appreciate your position, made clear throughout this process, that it is not your intention to engage in any illegal behavior or to otherwise jeopardize the legitimate commercial interests of others. We are concerned that your actions are outside the peer review process established by the Public Challenge and setup by engineers and other experts to ensure the academic integrity of this project. With these facts in mind, we invite you to work with the SDMI Foundation to find a way for you to share the academic components of your research while remaining true to your intention to not violate the law or the Agreement. In the meantime, we urge you to withdraw the paper submitted for the upcoming Information Hiding Workshop, assure that it is removed from the Workshop distribution materials and destroyed, and avoid a public discussion of confidential information.

Sincerely,

[Signature]

Matthew Oppenheim, Secretary
The SDMI Foundation

cc: Mr. Ira S. Moskowitz, Program Chair, Information Hiding Workshop, Naval Research Laboratory
Cpt. Douglas S. Rau, USN, Commanding Officer, Naval Research Laboratory
Mr. Howard Ende, General Counsel of Princeton
Mr. Edward Dobkin, Computer Science Department Head of Princeton

[Paper, 15 pp.]

Reading Between the Lines:
Lessons from the SDMI Challenge
Scott A. Craver1, John R McGregor1, Min Wu1, Bede Liu1,
Adam Stubblefield2, Ben Swartzlander2, Dan S. Wallach2,
Drew Dean3, and Edward W. Felten4 1 Dept. of Electrical Engineering, Princeton University
2 Dept. of Computer Science, Rice University
3 Computer Science Laboratory, Xerox Palo Alto Research Center
4 Dept. of Computer Science, Princeton University

Abstract. The Secure Digital Music Initiative is a consortium of parties interested in preventing piracy of digital music, and to this end they are developing architectures for content protection on untrusted platforms. SDMI recently held a challenge to test the strength of 4 watermarking technologies, and 2 other security technologies. No documentation explained the implementations of the technologies, and neither watermark embedding nor detecting software was directly accessible to challenge participants. We nevertheless accepted the challenge, and learned a great deal about the inner workings of the technologies. We report on our results here.

The Secure Digital Music Initiative (SDMI), a consortium of music-industry companies, is working to develop and standardize technologies that give music publishers more control over what consumers can do with recorded music that they buy. SDMI has been a somewhat secretive organization, releasing little information to the public about its goals, deliberations, and technology.

In September 2000, SDMI announced a "public challenge" in which it invited members of the public to try to break certain data-encoding technologies that SDMI had developed [3]. The challenge offered a valuable window into SDMI, not only into its technologies but also into its plans and goals. We decided to use the challenge to learn as much as we could about SDMI. This paper is the result of our study.1 Section 2 presents an overview of the HackSDMI challenge. Section 3 analyzes the watermark challenges. Section 4 analyzes the non-watermark challenges. Finally, we present our conclusions in section 5.

____________________

1 The SDMI challenge offered a small cash payment to be shared among everyone who broke at least one of the technologies and was willing to sign a confidentiality agreement giving up all rights to discuss their findings. The cash prize amounted to the price of a few days of time from a skilled computer security consultant, and it was to be split among all successful entrants, a group that we suspected might be significant in size. We chose to forgo the payment and retain our right to publish this paper.

The SDMI challenge extended over roughly a three-week period, from September 15, 2000 until October 8, 2000. The challenge actually consisted of six sub-challenges, named with the letters A through F, each involving a different technology developed by SDMI. We believe these challenges correspond to submissions to the SDMI's Call for Proposals for Phase II Screening Technology [4]. According to this proposal, the watermark's purpose is to restrict an audio clip which is compressed or has previously been compressed. That is, if the watermark is present an audio clip may yet be admitted into an SDMI device, but only if it has not been degraded by compression. For each challenge, SDMI provided some information about how a technology worked, and then challenged the public to create an object with a certain property. The exact information provided varied among the challenges. We note, though, that in all six cases SDMI provided less information than a music pirate would have access to in practice.

2.1 Watermark Challenges

Four of the challenges (A, B, C, and F), involved watermarking technologies, in which subtle modifications are made to an audio file, to encode copyright control information without perceptible change in how the file sounds. Watermarks can be either robust or fragile. Robust watermarks are designed to survive common transformations like digital-to-audio conversion, compression and decompression, and the addition of small amounts of noise to the file. Fragile watermarks do not survive such transformations, and are used to indicate modification of the file. For each of the four watermark challenges, SDMI provided three files:

- File 1: an unwatermarked song;

- File 2: File 1, with a watermark added; and

- File 3: another watermarked song.

The challenge was to produce a file that sounded just like File 3 but did not have a watermark -- in other words, to remove the watermark from File 3.

SDMI provided an on-line "oracle" for each challenge. Entrants could email a file to the oracle, and the oracle would tell them whether their submission satisfied the challenge, that is, whether it contained no detectable watermark while still sounding like File 3. Entrants were given no information about how watermark information was stored in the file or how the oracle detected watermarks, beyond the information that could be deduced from inspection of the three provided files.

2.2 Challenges D and E

Challenge D concerned a technology designed to prevent a song from being separated from the album in which it was issued. Normally, every Compact Disc contains a table of contents, indicating the offsets and lengths of each audio track, followed by the audio data itself. Challenge D adds an "authenticator" track (approximately 50ms of very quiet audio,) a digital signature derived from the table of contents, which is supposed to be difficult to compute for an arbitrary CD. Challenge D is discussed in more detail in Section 4.1.

Challenge E involved a technology similar to D, but one which would be immune the obvious attack on technology D, in which one compiled an unauthorized CD with the same table of contents as an authorized one, for which the authenticator track is given. Unfortunately, this challenge was constructed in a way that made it impossible to even start analyzing the technology. SDMI provided an oracle for this challenge, but unfortunately provided no music samples of any kind, so there was no way to determine what the oracle might be testing for.

Given these facts, we decided not to analyze Challenge E. It is discussed briefly in Section 4.2.
3 The Watermarking Schemes

In this section, we describe our attack(s) on each of the four watermark challenges (A,B,C,F). Our success was confirmed by emails received from SDMI's oracles. Fig. 1. The SDMI watermark attack problem. For each of the four watermark challenges, Sample-1, sample-2, and sample-3 are provided by SDMI sample-4 is generated by participants in the challenge and submitted to SDMI oracle for testing.

Figure 1 provides an overview of the challenge goal. As mentioned earlier, there are three audio files per watermark challenge: an original and watermarked version of one clip, and then a watermarked version of a second clip, from which the mark is to be removed. All clips were 2 minutes long, sampled at 44.1kHz with 16-bit precision.

The reader should note one serious flaw with this challenge arrangement. The goal is to remove a robust mark, while these proposals appear to be Phase II watermark screening technologies [4]. As we mentioned earlier, a Phase II screen is intended to reject audio clips if they have been compressed, and presumably compression degrades a fragile component of the watermark. An attacker need not remove the robust watermark to foil the Phase II screen, but could instead repair the modified fragile component in compressed audio. This attack was not possible under the challenge setup.

3.1 Attack and Analysis of Technology A

A reasonable first step in analyzing watermarked content with original, unmarked samples is differencing the original and marked versions in some way. Initially, we used sample-by-sample differences in order to determine roughly what kinds of watermark- ing methods were taking place. Unfortunately, technology A involved a slowly varying phase distortion which masked any other cues in a sample-by-sample difference. We ultimately decided this distortion was a pre-processing separate from the watermark, in part because undoing the distortion alone did not foil the oracle.

The phase distortion nevertheless led us to attempt an attack in which both the phase and magnitude change between sample 1 and sample 2 is applied to sample 3. This attack was confirmed by SDMI's oracle as successful, and illustrates the general attack approach of imposing the difference in an original-watermark pair upon another media clip. Here, the "difference" is taken in the FFT domain rather than the time domain, based on our suspicions regarding the domain of embedding. Note that this attack did not require much information about the watermarking scheme itself, and conversely did not provide much extra insight into its workings.

A next step, then, is to compute the frequency response H(w) = W(w)/O(w) of the watermarking process for segments of audio, and observe both |H(w)| and the corresponding impulse response h(t). If the watermark is based on some kind of linear filter, whose properties change slowly enough relative to the size of a frame of samples, then this approach is ideal.

Figure 2 illustrates one frequency response and impulse response about 0.3 seconds into the music. These responses are based on FFTs of 882 samples, or one fiftieth second of music. As can be clearly seen, a pair of sinusoidal ripples are present within a certain frequency band, approximately 8-16Khz. Ripples in the frequency domain are indicative of echoes in the time domain, and a sum of sinusoids suggested the presence of multiple echoes. The corresponding impulse response h(t) confirms this. This pattern of ripples changes quite rapidly from frame to frame.

Thus, we had reason to suspect a complex echo hiding system, involving multiple time-varying echoes. It was at this point that we considered a patent search, knowing enough about the data hiding method that we could look for specific search terms, and we were pleased to discover that this particular scheme appears to be listed as an alternative embodiment in US patent number 05940135, awarded to Aris corporation, now part of Verance [5]. This provided us with little more detail than we had already discovered, but confirmed that we were on the right track, as well as providing the probable identity of the company which developed the scheme. It also spurred no small amount of discussion of the validity of Kerckhoffs's criterion, the driving principle in security that one must not rely upon the obscurity of an algorithm. This is, surely, doubly true when the algorithm is patented. Fig. 2. A short-term complex echo. Above, the frequency response between the watermarked and original music, taken over 1/50 second, showing a sinusoidal ripple between 8 and 16 KHz. Below, the corresponding impulse response. The sinusoidal pattern in the frequency domain corresponds to a pair of echoes in the time domain.
The most useful technical detail provided by the patent was that the "delay hopping" pattern was likely discrete rather than continuous, allowing us to search for appropriate frame sizes during which the echo parameters were constant. Data collection from the first second of audio showed a frame size of approximately 882 samples, or 1/50 second. We also observed that the mark did not begin until 10 frames after the start of the music, and that activity also existed in a band of lower frequency, approximately 4-8 Khz. This could be the same echo obscured by other operations, or could be a second band used for another component in the watermarking scheme. A very clear ripple in this band, indicating a single echo with a delay of about 34 samples, appears shortly before the main echo-hopping pattern begins.

The next step in our analysis was the determination of the delay hopping pattern used in the watermarking method, as this appeared to be the "secret key" of the data embedding scheme. It is reasonable to suspect that the pattern repeats itself in short order, since a watermark detector should be able to find a mark in a subclip of music, without any assistance initially aligning the mark with the detector's hopping pattern. Again, an analysis of the first second revealed a pattern of echo pairs that appeared to repeat every 16 frames, as outlined in figure 3. The delays appear to fall within six general categories, each delay approximately a multiple of 1/4 millisecond. The exact values of the delays vary slightly, but this could be the result of the phase distortion present in the music. Fig. 3. The hypothesized delay hopping pattern of technology A. Here two stretches of 16 frames are illustrated side-by-side, with observed echoes in each frame categorized by six distinct delays: 2, 3, 4, 5, 6 or 7 times 0.00025 sec. Aside from several missing echoes, a pattern appears to repeat every 16 frames. Note also that in each frame the echo gain is the same for both echoes.

The reader will also note that in apparently two frames there is only one echo. If this pattern were the union of two pseudorandom patterns chosen from six possible delay choices, two "collisions" would be within what is expected by chance.

Next, there is the issue of the actual encoded bits. Further work shows the sign of the echo gain does not repeat with the delay-hopping pattern, and so is likely at least part of an embedded message. Extracting such data without the help of an original can be problematic, although the patent, of course, outlines numerous detector structors which can be used to this end. We developed several tools for cepstral analysis to assist us in the process. See [2] for in introduction to cepstral analysis; Anderson and Petitcolas [1] illustrate its use in attacks on echo hiding watermark systems.

With a rapidly changing delay, normal cepstral analysis does not seem a good choice. However, if we know that the same echo is likely to occur at multiples of 16/50 of a second, we can improve detector capability by combining the information of multiple liftered2 log spectra.

____________________

2 in accordance with the flopped vocabulary used with cepstral analysis, "liftering" refers to the process of filtering data in the frequency domain rather than the time domain. Similarly, "quefrencies" are frequencies of ripples which occur in the frequency domain rather than the time domain.

Three detector structures are shown in figure 4. In all three, a collection of frames are selected for which the echo delays are believed to be the same. For each, the liftered log of an FFT or PSD of the frame is taken. In the first two structures, we compute a cepstrum, for each frame, then either average their squared magnitudes, or simply their squares, in hopes that a spike of the appropriate quefrency will be clear in the combination. The motivation for merely squaring the spectral coefficients comes from the observation that a spike due to an echo will either possess a phase of theta or theta + pi for some value theta. Squaring without taking magnitudes can cause the echo phases to reinforce, whilst still permitting other elements to combine destructively. Fig. 4. Three cepstral detector structures. In each case we have a collection of distinct frames, each believed to possess echoes of the same delay. The first two compute cepstral data for each frame, and sum their squares (or squared magnitudes) to constructively combine the echo signal in all frames. The third structure illustrates a method for testing a hypothesized pattern of positive and negative gains, possibly useful for brute-forcing or testing for the presence of a known "ciphertext."

In the final structure, one cepstrum. is taken using a guess of the gain sign for each suspect frame. With the correct guess, the ripple should be strongest, resulting in the largest spike from the cepstral detector. Figure 5 shows the output of this detector on several sets of suspect frames. While this requires an exponential amount of work for a given amount of frames, it has a different intended purpose: this is a brute-forcing tool, a utility for determining the most probable among a set of suspected short strings of gain signs as an aid to extracting possible ciphertext values. Fig. 5. Detection of an echo. A screenshot of our CepstroMatic utility shows a combination of 4 separate frames of music, each a fiftieth of a second long, in which the same echo delay was believed to exist. Their combination shows a very clear ripple on the right, corresponding to a clear cepstral spike on the left. This is a single echo at a delay of 33 samples, the delay suggested for these intervalus by the hypothesized delay-hopping pattern.

Finally, there is the issue of what this embedded watermark means. Again, we are uncertain about a possible signalling band below 8Khz. This could be a robust mark, signalling presence of a fragile mark of echoes between 8 and 16 KHz. The 8-16KHz band does seem like an unusual place to hide robust data, unless it does indeed extend further down, and so this could very easily be hidden information whose degredation is used to determine if music has already been compressed.

Of course, knowledge of either the robust or fragile component of the mark is enough for an attacker to circumvent the scheme, because one can either remove the robust mark, or repair or reinstate the fragile mark after compression has damaged it. As mentioned earlier, this possible attack of repairing the fragile component appears to have been ruled out by the nature of the SDMI challenge oracles. One must wait and see if real-world attackers will attempt such an approach, or resort to more brute methods or oracle attacks to remove the robust component.

3.2 Attack on Challenge B

We analyzed samp1b.wav and samp2b.wav using short-time FFT. Shown in Fig. 6 are the two FFT magnitudes for 1000 samples at 98.67 sec. Also shown is the difference of the two magnitudes. A spectrum notch around 2800Hz is observed for some segments of samp2b.wav and another notch around 3500Hz is observed for some other segments of samp2b.wav. Similar notches are observed in samp3b.wav. The attack fills in those notches of samp3b.wav with random but bounded coefficient values. We also submitted a variation of this attack involving different parameters for notch description. Both attacks were confirmed by SDMI oracle as successful. Fig. 6. Technology-B: FFT magnitudes of samp1b.wav and samp2b.wav and their difference for 1000 samples at 98.67 sec.

3.3 Attacks on Challenge C

By taking the difference of samp1c.wav and samp2c.wav, bursts of narrowband signal are observed, as shown in Fig. 7. These narrow band bursts appear to be centered around 1350 Hz. Two different attacks were applied to Challenge C. In the first at- tack, we shifted the pitch of the audio by about a quartertone. In the second attack, we passed the signal through a bandstop filter centered around 1350Hz. Our submissions were confirmed by SDMI oracle as successful. In addition, the perceptual quality of both attacks has passed the "golden ear" testing conducted by SDMI after the 3-week challenge. Fig. 7. Challenge-C: Waveform of the difference between samp1c.wav and samp2c.wav.

3.4 Attack on Challenge F

For Challenge F, we warped the time axis, by inserting a periodically varying delay. The delay function comes from our study on Technology-A, and was in fact initially intended to undo the phase distortion applied by technology A. Therefore the perceptual quality of our attacked audio is expected to be better than or comparable to that of the audio watermarked by Technology-A. We also submitted variations of this at- tack involving different warping parameters and different delay function. They were confirmed by SDMI oracle as successful.
4 The Non-Watermark Technologies

The HackSDMI challenge contained two "non-watermark" technologies. Together, they appear to be intended to prevent the creation of "mix" CDs, where a consumer might compile audio files from various locations to a writable CD. This would be enforced by universally embedding SMDI logic into consumer audio CD players.

4.1 Technology D

According to SDMI, Technology D was designed to require "the presence of a CD in order to 'rip' or extract a song for SDMI purposes." The technology aimed to accomplish this by adding a 53.3 ms audio track (four blocks of CD audio), which we will refer to as the authenticator, to each CD. The authenticator, combined with the CD's table of contents (TOC), would allow a SDMI device to recognize SDMI compliant CDs. For the challenge, SDMI provided 100 different "correct" TOC-authenticator pairs as well as 20 "rogue tracks". A rogue track is a track length that does not match any of the track lengths in the 100 provided TOCs. The goal of the challenge was to submit to the SDMI oracle a correct authenticator for a TOC that contained at least one of the rogue tracks.

The oracle for Technology D allowed several different query types. In the first type, an SDMI provided TOC-authenticator combination is submitted so a that user can "understand and verify the Oracle." According to SDMI, the result of this query should either be "admit" for a correct pair or "reject" for an incorrect pair. When we attempted this test a SDMI-provided pair, the oracle responded that the submission was "invalid." After verifying that we had indeed submitted a correct pair, we attempted several other submissions using different TOC-authenticator pairs as well as different browsers and operating systems3. We also submitted some pairs that the oracle should have rejected; these submissions were also declared "invalid." Though we alerted SDMI to this problem during the challenge, the oracle was never repaired. For this reason, our analysis of Technology D is incomplete and we lack definitive proof that it is correct. That having been said, we think that what we learned about this technology, even without the benefit of a correctly functioning oracle, is interesting.

____________________

3 Specifically, Netscape Navigator and Mozilla under Linux, Netscape Navigator under Windows NT, and Internet Explorer under Windows 98 and 2000.

Analyzing the Signal Upon examination of the authenticator audio files, we discovered several patterns. First, the left and right channels contain the same information. The two channels differ by a "noise vector" u, which is a vector of small integer values that range from -8 and 8. Since the magnitude of the noise is so small, the noise vector does not significantly affect the frequency characteristics of the signal. The noise values appear to be random, but the noise vector is the same for each of the 100 provided authenticator files. In other other words, in any authenticator file, the difference between the left and right channels of the ith sample is a constant fixed value u[i]. This implies that the noise vector u does not encode any TOC-specific information.

Second, the signal repeats with a period of 1024 samples. Because the full signal is 2352 samples long, the block repeats approximately 1.3 times. Similarly to the left and right channels of the signal, the first two iterations of the repeating signal differ by a constant noise vector v. The difference between the ith sample of the first iteration and the ith sample of the second iteration differ by a small (and apparently random) integer value v[i] ranging from -15 to 15. In addition, v is the same for each of the provided authenticator files, so v does not encode any TOC-specific information.

Third, the first 100 samples and last 100 samples of the full signal are faded in and faded out, respectively. This is illustrated in Figure 8. The fade-in and fade-out are meaningless, however, because they simply destroy data that is repeated in the middle of the file. We conjecture that this fade-in and fade-out are included so that the audio signal does not sound offensive to a human ear. Fig. 8. In a Technology D Authenticator, the signal fades in, repeats, and fades out.

Extracting the Data Frequency analysis on the 1024 sample block shows that almost all of the signal energy is concentrated in the 16-20kHz range, as shown in Figure 9. We believe this range was chosen because these frequencies are less audible to the human ear. Closer examination shows that this l6-20kHz range is divided up into 80 discrete bins, each of which appears to carry one bit of information. As shown in Figure 10, these bits can be manually counted by a human using a graph of the magnitude of signal in the frequency domain. Fig. 9. Magnitude vs. Frequency of Technology D Authenticator

Fig. 10. Individual Bits From a Technology D Authenticator

Close inspection and pattern matching on these 80 bits of information reveals that there are only 16 bits of information repeated 5 times using different permutations. using the letters A-P to symbolize the 16 bits, these 5 permutations are described in Figure 11. ABCDEFGHIJKLMNOP
OMILANHGPBDCKJFE
PKINHODFMJBCAGLE
FCKLGMEPNOADJBHI
PMGHLECAKDONIFJB Fig. 11. The encoding of the 16 bits of data in Technology D

Because of the malfunctioning oracle, we were unable to determine the function used to map TOCs to authenticators, but given an actual SDMI device, it would be trivial to brute force all 216 possibilities. Likewise, without the oracle, we could not determine if there was any other signal present in the authenticator (e.g., in the phase of the frequency components with nonzero magnitude).

For the moment, let us assume that the hash function used in Technology D has only 16 bits of output. Given the number of distinct CDs available, an attacker should be able to acquire almost, if not all, of the authenticators. We note that at 9 kilobytes each, a collection of 65,536 files would fit nicely on a single CD. Many people have CD collections of 300+ discs, which by the birthday paradox makes it more likely than not that there is a hash collision among their own collection.

Our results indicated that the hash function used in Technology D could be weak or may have less than 16 bits of output. In the 100 authenticator samples provided in the Technology D challenge, there were 2 pairs of 16-bit hash collisions. We will not step through the derivation here, but the probability of two or more collisions occurring in n samples of X equally likely possibilities is:

If the 16-bit hash function output has 16 bits of entropy, the probability of 2 collisions occurring in n = 100 samples of X = 216 possibilities is 0.00254 (by the above 1.5 equation). If X ~ 211.5, the chances of two collisions occurring is about even. This suggests that either 4 bits of the 16-bit hash output may be outputs of functions of the other 12 bits or the hash function used to generate the 16-bit signature is weak. It is also possible that the challenge designers purposefully selected TOCs that yield collisions. The designers could gauge the progress of the contestants by observing whether anyone submits authenticator A with TOC B to the oracle, where authenticator A is equal to authenticator B. Besides the relatively large number of collisions in the provided authenticators, it appears that there are no strong biases in the authenticator bits such as significantly more or less 1's than 0's.

4.2 Technology E

Technology E is designed to fix a specific bug in Technology D: the TOC only mentions the length of each song but says nothing about the contents of that song. As such, an attacker wishing to produce a mix CD would only need to find a TOC approximately the same as the desired mix CD, then copy the TOC and authenticator from that CD onto the mix CD. If the TOC does not perfectly match the CD, the track skipping functionality will still work but will only get "close" to track boundaries rather than reaching them precisely. Likewise, if a TOC specified a track length longer than the track we wished to put there, we could pad the track with digital silence (or properly SDMI-watermarked silence, copied from another valid track). Regardless, a mix CD played from start to end would work perfectly. Technology E is designed to counter this attack, using the audio data itself as part of the authentication process.

The Technology E challenge presented insufficient information to be properly studied. Rather than giving us the original audio tracks (from which we might study the unspecified watermarking scheme), we were instead given the tables of contents for 1000 CDs and a simple scripting language to specify a concatenation of music clips from any of these CDs. 'Me oracle would process one of these scripts and then state whether the resulting CD would be rejected.

While we could have mounted a detailed statistical analysis, submitting hundreds or thousands of queries to the oracle, we believe the challenge was fundamentally flawed. In practice, given a functioning SDMI device and actual SDMI-protected content, we could study the audio tracks in detail and determine the structure of the watermarking scheme.
5 Conclusion

In this paper, we have presented an analysis of the technology challenges issued by the Secure Digital Music Initiative. Each technology challenge described a specific goal (e.g., remove a watermark from an audio track) and offered a Web-based oracle that would confirm whether the challenge was successfully defeated.

We have reverse-engineered and defeated all four of their audio watermarking technologies. We have studied and analyzed both of their "non-watermarking" technologies to the best of our abilities given the lack of information available to us and given a broken oracle in one case.

Some debate remains on whether our attacks damaged the audio beyond standards measured by "golden ear" human listeners. Given a sufficient body of SDMI-protected content using the watermark schemes presented here, we are confident we could refine our attacks to introduce distortion no worse than the watermarks themselves introduce to the the audio. Likewise, debate remains on whether we have truly defeated technologies D and E. Given a functioning implementation of these technologies, we are confident we can defeat them.

Do we believe we can defeat any audio protection scheme? Certainly, the technical details of any scheme will become known publicly through reverse engineering. Using the techniques we have presented here, we believe no public watermark-based scheme intended to thwart copying will succeed. Other techniques may or may not be strong against attacks. For example, the encryption used to protect consumer DVDs was easily defeated. Ultimately, if it is possible for a consumer to hear or see protected content, then it will be technically possible for the consumer to copy that content.

References

1. R. J. ANDERSON, AND F. A. P. PETITCOLAs. On the limits of steganography. IEEE Journal of Selected Areas in Communications 16,4 (May 1998),474-481.

2. R. P. BOGERT, M., AND J. W. TUKEY. The quefrency alanysis of time series for echoes: Cepstrum, pseudo-autocovariance, cross-ceptsrum and saphe-cracking. In Proceedings of the Symposium on Time Series Analysis (Brown University, June 1962), pp. 209-243.

3. R. PETROVIC, J. M. WINOGRAD, K., AND E. METOIS. Apparatus and method for encoding and decoding information in analog signals, Aug. 1999. US Patent No 05940135 http://www.delphion.com/details?pn=US05940135__.

4. SECURE DIGITAL MUSIC INITIATIVE. Call for Proposals for Phase II Screening Technology, Version 1.0, Feb. 2000. http://www.sdmi.org/download/FRWG00022401-Ph2_CFPv 1.0.PDF.

5. SECURE DIGITAL MUSIC INITIATIVE. SDMI public challenge, Sept. 2000. http://www.hacksdmi.org.

Reading Between the Lines: Lessons from the SDMI Challenge In HTML or mirror-able ZIP file.
---

Well, there's really no point in doing that, as the paper is available online. Translating it into Spanish and publishing it in Cuba would hardly be much of an improvement.

Which makes it even more galling! The RIAA knows that the paper is not a secret, and has already been released to the whole word. Therefore, by going after Felten they're not really trying to prevent someone from using the techniques described, they're simply trying to intimidate academics. There's no other explanation than that, and I'm really really sorry that Professor Felten let them get away with it. I understand that he has other people to consider, but it will be miserable if these actions are allowed to stand.

You can read the paper on line or you can download all the files a a zip file and read it off-line.

Will we now have a new mirror-this-free-speech frenzy ?

--
Don't use nuclear weapons to troubleshoot faults.

You can read the paper on line or you can download all the files a a zip file and read it off-line.

Will we now have a new mirror-this-free-speech frenzy ?

--
Don't use nuclear weapons to troubleshoot faults.

You can read the paper on line or you can download all the files a a zip file and read it off-line.

Will we now have a new mirror-this-free-speech frenzy ?

--
Don't use nuclear weapons to troubleshoot faults.

mirror early, mirror often.

From the article:

If the problem persists, NASA could extend the mission by a day or two.

Now, could Microsoft please recalculate the "Total Cost of Ownership for NASA ?

--
Don't use nuclear weapons to troubleshoot faults.

Can you imagine what MS marketing will make out of this if this turns out to be a Linux box ? (they have been aboard shuttles, so why not on the station).

My point here is that mentioning MS now, should absolutely not be considered MS bashing, but rather just mentioning the obvious. That MS server *do* crash for no apparent reason, a fact that you can't find mentioned anywhere on this site.

--
Don't use nuclear weapons to troubleshoot faults.

http://cryptome.org/sdmi-attack.htm is the link I see up there right now, and although I haven't perused the page, it's not a 404 or anything like that....
----
"Here to discuss how the AOL merger will affect consumers is the CEO of AOL."

Was done by someone and submitted to Cryptome. So here's the link

The uber-paranoid may want to revoke their old private keys and issue new ones anyhow... According to this report on cryptome.org, a serious flaw was found in OpenPGP and its derivatives which leaves your private key vulnerable to attack.

The uber-paranoid may want to revoke their old private keys and issue new ones anyhow... According to this report on cryptome.org, a serious flaw was found in OpenPGP and its derivatives which leaves your private key vulnerable to attack.

this article was posted on slashdot before; that where I learned 'bout it. It's well written and covers the theory and a bit of the mechanics. Worth a read (and a re-read) if you're interested.

Its not a bad move by Bush to protect his personal information from being subjected to ridicule via way of the FOIA. Its the same people who passed this law that has used it against many people often abusing it and hiding under the curtain of the FOIA.

Lets be realistic here if possible about the situation, and shoot from the hip should you think its conspiracy based. We all theoretically have the right to Freedom of Speech and privacy, and many go about daily having these rights violated without even knowing. Cookies, spam resellers, telemarketers, etc., etc..

Sure we have crypto here, but let us not forget these same people who believe in a persons right to privacy tried to secretly shaft us with HR46 late last quarter.

But wait before someone rebutts with a "That was a bill for criminals who use crypto", lets take a hi tech case to a courtroom trial shall we. Jury based, in theory a jury of ones own peers. Does anyone honestly believe they will get a jury of their own peers, or rather a jury of retired computer-phobic e-misfits who sit home watching Oprah and Judge Judy? This is the sad reality is that privacy is very limited in the United States although many would love to dispute this.

Anyways I don't feel like rambling on more than I already do.

The Big Breach

...the US secret service has a documented history of using its snooping on its allies, mostly for the benefit of US businesses.

A former CIA director explained that this is done for moral reasons, but his article sounds awfully bigot to me...

It should be expected that Echelon and similar technology that the NSA has access to will be used in a similar manner.

------------------

Ask Sarah Flannery, who was 16 when she wrote a paper showing her "Cayley-Purser" algorythm to be faster and as secure as RSA. This latter claim proved false, as Sarah herself found out through more research with Michael Purser and William Whyte.
The young man in the article seems to be just as lucky as he was brilliant. Ms. Flannery focused her interest and intellect with incredible results.
Math: it's not just for Cowboys.

"All the ladies who crack RSA keys Throw your hands up at me..."

Ask Sarah Flannery, who was 16 when she wrote a paper showing her "Cayley-Purser" algorythm to be faster and as secure as RSA. This latter claim proved false, as Sarah herself found out through more research with Michael Purser and William Whyte.
The young man in the article seems to be just as lucky as he was brilliant. Ms. Flannery focused her interest and intellect with incredible results.
Math: it's not just for Cowboys.

"All the ladies who crack RSA keys Throw your hands up at me..."

Although explicit permission was given in this case, John Young of Cryptome has a habit of publishing things that other people don't want published. He's gotten in semi-serious trouble for publishing classified documents before (and they're still on-line). Ironically enough, however, he took down the DeCSS code because 'enough other people were mirroring it' (paraphrase, can't find the link right now).

There is a lot of irony in Disney, part of the MPAA/DVD-CCA that claimed the open source movement was "dedicated to the proposition that material, copyrighted or not, should be made available over the Internet for free." using Python.
Now they are using software developed by the open source community. Perhaps we should add a new clause to the GPL.
"companies that sue us cannot use GPL software"

Get involved

Securing copyright to the author? It won't. The author is SOL if he loses the original. (For an example, read John Gilmore's rant where he mentions that Sony's MiniDisc recorder's assumption that all analog music is copyrighted means he can't copy his own recording of his brother's wedding.) An external authority won't unlock it for you? If you have the time and money to pursue it legally, you can do so--but that's only an option for the most successful authors.

Limited terms? We won't have that either. We don't have it now...do CSS and Macrovision stop working on DVDs when the copyright expires? Of course not. And considering that copyright protection now lasts for generations, it's unlikely the DVDs will even be playable by the time copyright expires--assuming that Congress doesn't keep extending it.

Fair use? It won't happen. The FCC is requiring digital TVs to support copy protection, meaning they're taking away your right to time-shift even though the Supreme Court has affirmed that right. (How come nobody's suing the government for this?)

Lawrence Lessig is right--code is law. In passing the DMCA, Congress has essentially relinquished its constitutional mandate to oversee copyright law, and given up that authority to content producers themselves. The entertainment industry is free to determine whatever copyright policies they want, to create software to support them, and to usurp your rights. The DMCA's ban on circumvention gives them that power.

... when he says: ''Open source is an intellectual-property destroyer,'' Allchin said. ''I can't imagine something that could be worse than this for the software business and the intellectual-property business.'' but i think he confuses the American Way with the Microsoft way.
I can't put it better than Jon Gilmore when he says that content protection systems are a way of earning by creating an artifical scarcity. The same holds true for software too, Free Software, by means of providing not only free applications, but also free implementation of key routines (string handling, searching, sorting, indexing ... you name it) paving the way for other applications. Now Microsoft would rather have it their way: patent efficient string handling algorithms and thus virtually stop all competition for word processing in it's tracks by forbidding them to use those algorithms.
But this is impossible for MS as long as much of the development they do is on grounds already covered by GPLd Software. There it's easy to see who did what first, many protocols are already established and, worst of all, there is no possibility to buy it all to lock it away.
Also, despite MS tries to ridicule it all, the synergy effects working for big corporations against small business (for example reusability of key routines, and a broad pool of talents/wisdom to draw from) works for free software too.
But i think the biggest danger for MS is something else at work: Free Software brings with it a new mindset: people appreciate the fact, that there is no need for artificial scarcity, and that it is easier to achieve something by sharing than by greedily keeping every innovation to oneself. It now becomes apparent, that you even can make a living from this. Well, open source surely limits corporate control over innovation! But that is not a problem of open source, it's a problem of Microsoft.
There is even an easy way for them to take part in it all, they simply can set some programmers to work on an open source project. Only they would have to release the results as open source again, and giving away control is surely not the Microsoft Way.

Privacy concerns, and governments addresses over these concerns, are like water and oil. Current events should point out the true factors when thinking about these two, although many never take the time to delve deeper into the situation, often overlooking many important factors that would normally be an outrage after the occurance, but seldom questioned until it is too late.

Politicians are often older people who will never utilize computers in the same fashions as us, and often do not understand what is going on. Law enforcement often uses scare tactics by injecting some outrageous scenarios into the minds of these politicians using cryptic terms themselves in hoping these politicians will pass these laws without incident, which will benefit law enforcement, and cripple the people.

Breakdown of questionable issues:

HR46 was an attempt to sneak a fast one.

Carnivore was used dozens of times and the FBI claims it was mostly on hackers. Note: Its been found that the Carnivore snoops everything on a segment what about your traffic? Were you on that network, was your traffic snooped?

makes me wonder...

FBI claims Castro is a hacker. In a country where they have close to nothing, do you really believe Cuba is a threat to the US, or is this just an attempt to step on Cuba when their down?

Bin Laden using technology to hide activities. Note: this isn't new news and judging from experiences in history, we've always needed an enemy for the sake of remaining a super power by enforcing authority. So if Osama is such a huge threat why isn't he stopped cold? Because the government can't or because they don't want to for the purpose of having an enemy?

Take a quick look at some of the stuff posted by Louis Tenet this week and do some rational thinking about how situations arise which can be handled by government, but are often purposely misconstrued for the sake of promoting other hidden agendas. Government will try to take as much privacy away as they can, any government so don't be fooled.

And it goes on and on with no end in site.

shhh... the world is out to get me

Privacy concerns, and governments addresses over these concerns, are like water and oil. Current events should point out the true factors when thinking about these two, although many never take the time to delve deeper into the situation, often overlooking many important factors that would normally be an outrage after the occurance, but seldom questioned until it is too late.

Politicians are often older people who will never utilize computers in the same fashions as us, and often do not understand what is going on. Law enforcement often uses scare tactics by injecting some outrageous scenarios into the minds of these politicians using cryptic terms themselves in hoping these politicians will pass these laws without incident, which will benefit law enforcement, and cripple the people.

Breakdown of questionable issues:

HR46 was an attempt to sneak a fast one.

Carnivore was used dozens of times and the FBI claims it was mostly on hackers. Note: Its been found that the Carnivore snoops everything on a segment what about your traffic? Were you on that network, was your traffic snooped?

makes me wonder...

FBI claims Castro is a hacker. In a country where they have close to nothing, do you really believe Cuba is a threat to the US, or is this just an attempt to step on Cuba when their down?

Bin Laden using technology to hide activities. Note: this isn't new news and judging from experiences in history, we've always needed an enemy for the sake of remaining a super power by enforcing authority. So if Osama is such a huge threat why isn't he stopped cold? Because the government can't or because they don't want to for the purpose of having an enemy?

Take a quick look at some of the stuff posted by Louis Tenet this week and do some rational thinking about how situations arise which can be handled by government, but are often purposely misconstrued for the sake of promoting other hidden agendas. Government will try to take as much privacy away as they can, any government so don't be fooled.

And it goes on and on with no end in site.

shhh... the world is out to get me

Here you go.

cryptome.org/flannery-cp.htm

Shaun

I'm not saying that Apple's actions are on a par *scale-wise* with slavery, but just that a theory of moral responsibility has to assign blame properly, and if you let Apple of the hook in this case, you let slaveowners off the hook in others. Perhaps an argument could be made about the ways in which severity of moral wrong lower the bar for culpability, but in my universe it goes the other way- if you commit a tiny wrong with only minimal culpability you are still wrong, it just doesn't matter much.

Furthermore, you assert in high dudgeon that when people can't / won't make things for themselves, they should pay. But this is the core of the IP struggle we are facing: If we can create artificial scarcity to preserve rent for market-players by applying IP restrictions, then eventually we will be slaves. Slaves of a different sort, but slaves nonetheless.

No, we're not there yet.

Thank goodness.

bryguy

=====

What is wrong is that we have invented the technology to eliminate scarcity, but we are deliberately throwing it away to benefit those who profit from scarcity.

-John Gilmore http://cryptome.org/jg-wwwcp.htm

The recent essay by John Gilmore is another "required reading". I realized something that isn't entirely obvious from listening to industry execs and so on. The DMCA essentially allows corporations to create new laws on their own.

Under the DMCA, it is illegal to bypass content control systems. That means that if a corporation can come up with a way to remove our rights -- even if those rights are legally protected -- it's illegal for a consumer to do anything about it. For example, we all know that CSS eliminates some of our fair use rights. The DMCA makes it illegal to bypass CSS. Therefore, we have lost our rights by default. SDMI is another example. We have the right to freely copy music for personal use. The RIAA didn't like this, so they created SDMI, and boom! it's illegal to make a copy of my own music.

Big corporations are now in control of the legal system.

A recent Slashdot article pointed to a long essay by John Gilmore, originally found on cryptome.org where, among other things, he basically claims that MP3 players don't record because their manufacturers are afraid that they'll get the pants sued off them.

It seems plausible, but does anybody have facts to back it up?

Look at this excellent rant for why mp3 recorders will never exist. Minidisc is your best bet. You can get up to 149 minutes of monaural on a single minidisc, and the results will be very high quality. I personally used a minidisc for ornithology research back at Uni, with great success.

• To test C compilers. The IOCCC has uncovered a number of compiler bugs.
• To gain practice debugging ugly code. I founded the IOCCC back in 1984 as reaction to having just fixed a bug in the Bourne Shell.
• To learn subtle aspects of the C language.
• To illustrate through the irony of functional but poorly written code the importance of good writing style.
• To put it on your resume. Reasonable places consider a good thing to be part of the IOCCC.
• To have fun! [[Judging may be a lot of work, but it is also a fun^3]]

... and if that does not satisfy you:

• To help with the DeCSS case by proving that Source Code is entitled to the 1st Amendment Protection under the US Constitution:

  
  Universal City Studios Inc. et al. vs. Eric Corley, a/k/a Emmanuel Goldstein and 2600 Enterprises, Inc. Amici Curias

This link should work better than the one at the top of the page.

It's a good brief, and it's especially worth reading if you think no lawyer can write anything except impenetrable jargon.

One of its great strengths is the way in which it tries to connect the subject of the case, First Amendment protection for source code, with things judges know about. Judges (and lawyers) for that matter tend to resist learning about technology. Even if they're willing, they have little opportunity. So you have to talk about it in the way they understand.

Early in the brief, we get a couple of lines of Visual Basic. They wouldn't do much in real life, but they illustrate the point. My favorite part of the brief is footnote 4, which compares source code to legal citation: each is impenetrable to outsiders, but each is a clean, compact, and efficient representation, which is transparent to people who speak the language.

The only thing that makes me sad is that I doubt the court will recognize the weight attached to the names on the brief. We all recognize names like Kernighan, Minsky, and Stallman but there's really no way to communicate that weight to an outsider. It's like those newspaper ads demanding that Mumia be released from jail and appointed dictator-for-life--there's lots of names signed at the bottom, and some of them are connected to impressive institutions, but I suspect that they're adjuncts, or junior assistant professors, or leaders of impressively-named organizations that don't do anything because these people invented them.

on this site is at:

http://cryptome.org/jg-wwwcp.htm

Great info on how the industry is working to stop digital reproduction rights.

The link you are looking for would be cryptome.org

That's not the issue. A full HDTV stream is being transmitted to your DirectTV box. The box processes the full HDTV stream. And then for no legitimate reason, the box suddenly downgrades the output. It actually cost them (and thus you the consumer) more money to force this downgrade (additional circuitry) and yields DirectTV no additional income or profit at all. So why do they do something which makes their service less valuable to their customer (and without telling the customer explicitly) which costs them more money to do? Collusion with the media industry and illegal government regulation (DMCA).

This is a very important example of a very important issue. What you have said about the market is mostly correct and should mean people won't use their service, except it seems every company is doing the same thing and any company which doesn't gets sued (under the DMCA, etc) or else, it is apparent, there is widespread industry collusion. This is very troubling. I wish it were a free market as you envision, but it really is not. Disparate things are being forcefully tied together by powers that seem to be way outside the reach of the normal consumer and demand.

What's Wrong With Content Protection

This one is especially interesting. Finally, I have plans for protective headgear that the spooks can't penetrate.

This has Echelon written all over it. I'd sure like to find out what the NSA did with the, "two 85-foot satellites dishes on the site - some of the largest in the country." It sure makes me wonder about the power the NSA holds over government agencies and the average Joe. Check out for more info on Echelon.

I don't think corporations mean to strip anyone of anything, but common sense would point out most of the things they are being restrictive to are possibly done in an effort to avoid lawsuits, and this can be seen with earlier actions such as companies blocking certain types of emails floating around.

We still have groups like the A.C.L.U., EPIC, and others who continuously fight to retain what can be seen as questionable issues. These people are often unsung heroes who operate mainly out of the hopes of not becoming somewhat of communist country.

As to whether we're becoming too restrictive if you'd take a quick minute to view this article on strict regulations that were just passed on to the chinese, you would see that no matter how hard you think things are over here, things are much more difficult to live abroad.

It is a strange thing to see politicians playing games especially when we can't fully determine a rightful president without falling into some sort of 'agenda' from some right wing like sector who may have been afraid to fully count votes. Its also annoying to have politicians try to sneak in some shady bills in hopes no one would notice.

Thats life no matter where you go I guess...

Recently I went to Sweden in which I found things more relaxing although their taxes were higher I heard little complaints their and things were much more relaxed and I plan on heading out there within the next 2 years.

For those of you that care, here is the real link:
http://cryptome.org/nacsim-5000.htm

also, here is a really neat site with an analysis on what this stuff really means:
http://eskimo.com/~joelm/tempest.html

and yet more great reading:
http://www.austinlinks.com/Crypto/tempest.html
http://www.thecodex.com/c_tempest.html
http://www.spyking.com/datascan.html

Well the illustrations, although technical, were fairly clear except for one: try to figure out who's responsible for what from the organizational chart.

Note, a look for "decss source code" brings back as the FIRST LINK the previous link. Good job RIAA, keep up the good work.

So now when will /. post some encryption news like H.R.46 that congress is trying to sneak in or something other than most of this commercialistic stuff swelling my eyeballs to oblivion

H.R. 46

Home Sweet Home

I don't believe that because I think government organizations have better things to do than worry about what some joe schmoe is reading about.

Ok what about the Uk governments RIP Act and other assorted snooping laws? Try here and here and here and here for the latest insanity brought to you by our esteemed leaders.

Everybody is innocent until proved guilty.

But apparently the Bureau can legally trick you into comitting crimes.

FISA, the secret court.
--
Why pay for drugs when you can get Linux for free ?

Argh. It's just not my linking day today. The full text of the report is HERE
--

You can find the full text of the leaked report on Cryptome

I am not taking sides on the Microsoft NSA-key issue. For more information on the issue, please check out Cryptome

However, your comment:

"Show me any proof that MS has installed any backdoors "

For obvious reasons, of course.

Hee.

--Perianwyr Stormcrow

"Complicating the Justice Department's effort at damage control was the fact that it failed to hide the identities of review-team members when it posted the research institute's proposal on the Justice Department Web site Tuesday."