http://www.cs.princeton.edu/sip/sdmi/announcement.html ------------------------------- CUT ------------------------------ Statement Regarding the SDMI Challenge The Secure Digital Music Initiative (SDMI) is developing a comprehensive system to prevent music piracy. Central to this system is watermarking, in which an inaudible message is hidden in music to provide copyright information to devices like MP3 players and recorders. Devices may then refuse to make copies of pieces of music, depending on the meaning of the watermark contained therein. In September 2000, SDMI issued a public challenge to help them choose among four proposed watermarking technologies. During the three-week challenge, researchers could download samples of watermarked music, and were invited to attempt to remove the secret copyright watermarks. During the challenge period, our team of researchers, from Princeton University, Rice University, and Xerox, successfully defeated all four of the watermarking challenges, by rendering the watermarks undetectable without significantly degrading the audio quality of the samples. Our success on these challenges was confirmed by SDMI's email server. We are currently preparing a technical report describing our findings regarding the four watermarking challenges, and the two other miscellaneous challenges, in more detail. The technical report will be available some time in November. This statement, a Frequently Asked Questions document, the full technical report (when it is ready), and other related information can be found on the Web at http://www.cs.princeton.edu/sip/sdmi. For more information, please contact Edward Felten at (609) 258-5906 or [EMAIL PROTECTED] ------------------------------- CUT ------------------------------ http://www.cs.princeton.edu/sip/sdmi/faq.html#E1 ------------------------------- CUT ------------------------------ [...] The future Q. I heard people complain that the challenge period was too short and the information on the site too meager for the challenge to be taken seriously. Were they right? For cryptographic challenges, it is expected for researchers to be given a long time, often indefinitely, to crack a cipher. It is also expected for the cipher algorithms to be provided (the security of a cryptosystem must not rest on the obscurity of the algorithm). SDMI only provided about 3 weeks, and did not provide any details on how the watermarking technologies worked. They did not even provide programs to detect or embed marks, handling detection themselves via oracles. The SDMI challenge seemed to be designed as much to hide the design of the watermarking schemes as to test whether those schemes could be broken in practice. In practice, once SDMI-enabled players were deployed, the algorithms they used would eventually be reverse engineered and analyzed. Even before the algorithms were reverse engineered, any consumer with an SDMI-enabled player would have more information than SDMI provided in the challenge. For example, a consumer could use his player as an oracle; such an oracle would be faster than SDMI's Web oracle, and it would provide more information. Thus the SDMI challenge was unrealistically difficult. Fortunately, analyzing watermarking technologies is easier than analyzing ciphers, because the watermarking problem is much more difficult than the problem of encryption. In cryptography, a successful attack often requires deciphering an enciphered message. In steganography (information hiding) merely destroying the hidden message (e.g. the watermark), usually by slightly distorting the medium containing it, is a successful attack, even if one cannot decipher or detect any hidden message contained in the medium. We do believe, however, that in any future challenges SDMI should provide more information than they did this time around. Researchers were provided with less information than ordinary people would obtain by using SDMI devices! For instance, the oracles, when reporting that an attack did not succeed, would not tell us if the failure was due to the watermark surviving, or to quality being degraded beyond SDMI's quality standards. Q. Does this mean watermarking, as a technology, is infeasible? No! Watermarking has a lot of different applications, and a lot of potential. Any successful hack of SDMI's watermarking technologies is due to the particular application of watermarking they had in mind, and the way they intended to integrate it into a security system. Q. What if SDMI uses your results, and those of others, to develop a more secure or unbeatable system? We believe their general security model is inherently vulnerable to a number of attacks no matter how sophisticated their watermarking technologies become. We can never say for certain, but we are confident that we can continue to develop attacks like we have if SDMI updates their technologies. This is essentially the situation of the "trusted" client in a hostile environment, a common problem in piracy prevention. Basically, an anti-piracy measure is enforced by a device or computer program belonging to an adversary who wishes to circumvent it, and who can take apart and analyze it. Such measures are usually quickly circumvented, and many attacks exist that involve the exploitation of the device itself. The watermarking technologies are similarly designed. They are what we call public watermarking technologies, in which no secret key is needed to detect the mark; all devices know where to look for it. Because the secret embedding method is implemented in so many devices, the odds of an adversary learning how to perform and reverse it are very high. Also, these watermarks must be robust to all modifications a listener considers slight, and the number of possible slight modifications to an audio clip is constrained only by one's creativity. Q. What if SDMI completely overhauls their system so that these inherent problems no longer exist? The underlying problem that SDMI is trying to solve, that of protecting content from a hostile platform while allowing the platform to "play" the content, is inherent very difficult, both in theory and in practice. To overhaul their system, SDMI may well have to overhaul their business model. We would be deeply impressed if SDMI or anyone else developed a secure system for piracy prevention given the requirements of music listeners. We would be happy to examine any system they have, assuming they offer a fair challenge. Q. What if SDMI has more watermarking schemes than what they put on their website, and just uses one of these unbroken technologies for their system? Then they will be using a system that has not been subjected to any open scrutiny, a sure recipe for disaster. We encourage SDMI to let the scientific community review their systems before committing them to actual devices. Q. Will you participate in any future challenges? Sure, as long as they are fair. In this challenge a bare minimum of information was given to researchers, and we hope any future challenges will be more open. Q. Where can I get more information? If the information you need is not in this FAQ, then try our Web site at http://www.cs.princeton.edu/sip/sdmi. If you still can't find the information you need, then contact Edward Felten at [EMAIL PROTECTED] or (609) 258-5906. Copyright (C) 2000, Princeton University. All rights reserved. ------------------------------- CUT ------------------------------
