POST:

 

SDMI: Technical Viewpoint

Watermark challenge A scheme is discussed in Section 3.1. The
discussion is lengthy and often technical, but if you read
judiciously you can skim/skip material that's too technical
for the purposes of this course (e.g., the FFT discussion).

Discuss briefly the role of the following concepts in breaking
watermark scheme A.
In your discussion, summarize the roles as you understand them from
the paper and elaborate on them so that the roles are understandable to
someone who hasn't taken 182s, but who is interested in this material.

o Patents  and verance.com

o The 8-16Hz band is an unusual place to hide robust data

o Kerckhoff's criterion: one must not rely upon the obscurity of  
an algorithm [in security analysis]

 

∙ Breaking the Watermark scheme By: cmz

In breaking the watermarck scheme A, the team of challengers discovered three important concepts concerning security and copyright protection technology.

Patents and Verance.com:    
The challengers noticed a sinusoidal ripple in the watermarked file that when compounded on eachother, suggested a "complex echo hiding system."  The challengers proposed that this algorithm is most likely patented because they assumed that all of the watermarked schemes in the challenge were submissions to SDMI's Call for Proposals.  Indeed, the algorithm was patented by Verance.  Knowledge of the patent itself, however, did not significantly aid the challengers in discovering the intricacies of the watermarking scheme, but it did offer a very encouraging sign that the team was on the right track.  It is interesting to note, though, that a security algorithm which is meant to be as private as possible, is openly public in the form of a patent.

8-16Hz band is unusual place to hide robust data:      
The 8-16Hz band is an unusual place to hide robust data because it seems not to be robust.  Most audio compression schemes, including mp3 compression, are "lossy" compressions.  They "cut out" data from the audio file that is not pertinent to the file.  Typically this "cut out" data resides on audio frequencies that are out of range for most songs and/or are not readily distinguishable to the human ear.  Since the idea that "robust" data is meant to "survive common transformations", it seems odd that the watermarking scheme would inhabit the 8-16Hz band.

Kerckhoff's Criterion:      
Simply having an obscure algorithm does not offer a sizeable guarantee that the protection-schematic will be secure.  An obscure algorithm may prolong the hacking of the schema, but it will not necessarily render the system more secure than a simpler algorithm.  The driving force should be "thinking outside the box"--developing totally new security systems.  Merely applying obscure algorithms to already-hackable systems does not make the system any more secure; developing new techniques/theories for security does.

 

 

 

SDMI: Technical Viewpoint

Watermark challenge A scheme is discussed in Section 3.1. The
discussion is lengthy and often technical, but if you read
judiciously you can skim/skip material that's too technical
for the purposes of this course (e.g., the FFT discussion).

Discuss briefly the role of the following concepts in breaking
watermark scheme A.
In your discussion, summarize the roles as you understand them from
the paper and elaborate on them so that the roles are understandable to
someone who hasn't taken 182s, but who is interested in this material.

o Patents  and verance.com

o The 8-16Hz band is an unusual place to hide robust data

o Kerckhoff's criterion: one must not rely upon the obscurity of  
an algorithm [in security analysis]

 

∙ Breaking the Watermark scheme By: cmz

In breaking the watermarck scheme A, the team of challengers discovered three important concepts concerning security and copyright protection technology.

Patents and Verance.com:    
The challengers noticed a sinusoidal ripple in the watermarked file that when compounded on eachother, suggested a "complex echo hiding system."  The challengers proposed that this algorithm is most likely patented because they assumed that all of the watermarked schemes in the challenge were submissions to SDMI's Call for Proposals.  Indeed, the algorithm was patented by Verance.  Knowledge of the patent itself, however, did not significantly aid the challengers in discovering the intricacies of the watermarking scheme, but it did offer a very encouraging sign that the team was on the right track.  It is interesting to note, though, that a security algorithm which is meant to be as private as possible, is openly public in the form of a patent.

8-16Hz band is unusual place to hide robust data:      
The 8-16Hz band is an unusual place to hide robust data because it seems not to be robust.  Most audio compression schemes, including mp3 compression, are "lossy" compressions.  They "cut out" data from the audio file that is not pertinent to the file.  Typically this "cut out" data resides on audio frequencies that are out of range for most songs and/or are not readily distinguishable to the human ear.  Since the idea that "robust" data is meant to "survive common transformations", it seems odd that the watermarking scheme would inhabit the 8-16Hz band.

Kerckhoff's Criterion:      
Simply having an obscure algorithm does not offer a sizeable guarantee that the protection-schematic will be secure.  An obscure algorithm may prolong the hacking of the schema, but it will not necessarily render the system more secure than a simpler algorithm.  The driving force should be "thinking outside the box"--developing totally new security systems.  Merely applying obscure algorithms to already-hackable systems does not make the system any more secure; developing new techniques/theories for security does.

 

RESPONSE

SDMI: Technical Viewpoint

Watermark challenge A scheme is discussed in Section 3.1. The
discussion is lengthy and often technical, but if you read
judiciously you can skim/skip material that's too technical
for the purposes of this course (e.g., the FFT discussion).

Discuss briefly the role of the following concepts in breaking
watermark scheme A.
In your discussion, summarize the roles as you understand them from
the paper and elaborate on them so that the roles are understandable to
someone who hasn't taken 182s, but who is interested in this material.

o Patents  and verance.com

o The 8-16Hz band is an unusual place to hide robust data

o Kerckhoff's criterion: one must not rely upon the obscurity of  
an algorithm [in security analysis]

 

∙ Easy hacks By: mjm12

Patenting watermarks is potentially the most foolish thing to do, ever. When a watermark is patented, its application to a file is already clearly spelled out. This means it is relatively easy to find a way around the watermarking scheme. It defeats the principle of a watermark because its presence is no longer hidden.

Hiding data in the 8-16kHz band is intriguing because it is compressed easily; thus, a robust watermark, or one that should withstand compression, would have a very difficult time living there. Thus, the file must have a fragile watermark in that band. This only works in a successful scheme against attackers when a robust watermark is also present. However, all this adds up to a vulnerable implementation of watermarking.

Kerckoff's criterion, that security should be based on real protection rather than just hoping people will not find a known security hole, is clearly not implemented in the SDMI's watermarking schemes.  Felten and his co-workers clearly found a way around every scheme tossed at them (in three weeks, no less) and had reproducible ways to continue defeating the watermarks.  Why the SDMI decided to sue them (unless they want to hide their own stupidity) is beyond me.
∙ Re: Easy hacks By: cmz

This paper accurately and sufficiently summarizes the role that pantents play in developing a watermark scheme.  If the sole purpose of a watermark is to protect data, then publishing the basic idea behind the watermark scheme in the form of a patent makes the watermark do a belly flop.  And that hurts.

This paper also sufficiently summarzies why hiding robust data in the 8-16kHz is unusual because data in that range is typically removed during compression.

I would have liked to see a better explanation of how Kerckoff's criterion relates to Watermarck A.  If I were someone outside of CS 182s and read this section of Kerckhoff's criterion, I would still be unsure on how security should be obtained.  The paper says that "security should be based on real protection rather than an [obscure algorithm]."  The following sentences in that thrid paragrpah than state that Felton figured out how to beat the algorithm and then got sued.  There is no explanation concerning the need for "real protection"?  How can one impose security other than obscure algorithms?  What does this "real protection" entail?