On Tue, Oct 16, 2001 at 11:30:05AM -0700, Greg Broiles wrote: > Adam Back wrote: > >Stego isn't a horseman, and the press drumming up scare stories around > >stego is ludicrous. We don't need any more stupid cryptography or > >internet related laws. More stupid laws will not make anyone safer. > > I agree, but if Congress isn't careful (and they don't seem to be in a > careful mood these days), they'll end up outlawing watermarking in > digital "content", which would do to the DRM (digital rights management) > industry what they tried to do to security researchers with the DMCA. > > Perhaps the RIAA and SDMI folks will now come out in favor of > steganography in order to save their businesses. > > Or maybe they be forced to rewrite their complicated protection schemes > to enable "stego escrow", so that federal agents can monitor the secrets > hidden inside published content, to make sure there aren't any hidden > messages in Anthrax albums.
So I presume your discussion on the applicability of stego techniques to the detection of unauthorised copying refers to the framework where content is personalised by having something identifying the purchaser encoded in it at time of delivery to the purchaser. Steganography means hiding the existance of a message -- making it hard to distinguish content without a stegotext from content with a stegotext embedded in it. Copymarks are about making it hard for the user to remove the message without massively degrading the quality (*). This means you want some or all of the purchaser identifying information to be hard to locate -- because once it is located it can be removed. But watermarks don't have to be invisible -- just hard to remove without degrading the image quality. This tends to mean spread spectrum techniques, and unpublished parameters of where the signal will be stored so that there is no publicly constructable discriminator, and no black-box discriminators queryable either. However this framework inherently violates Kerchoff's principle. Another framework is to have players which will only play content with certified copy marks (no need for them to be visible -- they could be encoded in a logo in the corner of the screen). The copymark is a signed hash of the content and the identity of the purchaser. This could be relatively robust, except that usually there is also a provision for non-certified content -- home movies etc -- and then the copy mark can be removed while still playing by converting the content into the home movie format, which won't and can't be certified. Just to say that copymarks and steganography are related but different. In my opinion copymarks are evil and doomed to fail technically. There always need to be playble non-certified content, and current generation watermarks seem easy to remove; and even if some really good job of spread spectrum encoding were done, someone would reverse engineer the players to extract the location parameters and then they too would be removable -- and in the end even if someone did manage to design a robust watermarking scheme respecting Kerchoff's principle, the identity information is weakly authenticated, and subject to identity theft or the content itself could be stolen or plausibly deniably claimed to have been stolen and this only has to happen once for each work. All with no comments on the US Congress being careful of course -- they are ham-fisted at the best of times, and they have degraded far beyond their normal state. Adam (*) This in itself is pretty hard -- reportedly stirmark [1] (a small random shearing image transform) gets rid of all evaluated watermarks. [1] Fabien A.P. Petitcolas, Ross J. Anderson, Markus G. Kuhn: "Attacks on copyright marking systems Information Hiding", Second International Workshop, IH'98 http://www.cl.cam.ac.uk/~mgk25/stirmark.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]