Uni team claims SDMI cracked, and ‘inherently vulnerable’
Hackers say they'll tell us how they did it RSN...
SDMI now looks comprehensively hacked, with the release of a report by a group of security and digital watermarking researchers claiming that they successfully beat the Hack SDMI challenge.
Amusingly, the team members are heavily Princeton University, one being none other than Edward Felten, whose previous greatest hit was ripping Internet Explorer out of Win98 for the prosecution in the Microsoft trial.
There's also a guy from PARC - one last go at stopping other people inventing technology and then selling it before they call us off? An unworthy thought...
The researchers haven't - yet - explained how they did it. That's promised for a technical paper to be released next month. But what they've published so far seems fairly convincing, and fairly damning of the future of the application of watermarking technology in the music business.
They participated in the SDMI challenge, "analysed the clips watermarked with the four technologies, and successfully modified them so that the watermarks could no longer be detected, while maintaining a level of audio quality satisfactory to SDMI."
They've no absolute proof that they managed the latter, but there's a nasty little barb that illustrates their confidence, and suggests SDMI is on a hiding to nothing: "As for our standard of audio quality, we have reason to believe that some modifications we performed were no more damaging than the watermarking methods themselves. If consumers consider those modifications too damaging to music, then they might feel the same way about the watermarks."
As we pointed out earlier today, the SDMI has people engaged in trying to detect imperfections in sound caused by watermarks, in addition to the ones involved in checking degradation associated with watermark removal. Sure, Felten & Co probably aren't golden ears, but they should surely have a fair idea.
One possible weakness in their case is that they claim that the SDMI automated systems ("oracles," apparently) told them so. "The oracle would email the submitter if the attack appeared to have rendered the mark undetectable, without significantly damaging the audio quality in the process. SDMI's oracles told us that our attacks have succeeded on all four watermarking technologies."
Previous evidence we've seen suggested that audio quality wouldn't be measured in detail until after that stage of the test. SDMI certainly appears to be relying on the expert "golden ears" to make the final call.
But it does seem clear they passed the first stage, because they know about the shadier stage two of the challenge. In stage two entrants were given additional tracks to defeat, but there was no oracle, so the results were entirely in SDMI's hands. "The SDMI requested that participants send the results of their watermark removal tools along with technical details of how the watermarks were removed. Following this, the SDMI would then offer participants the chance to sign a non-disclosure agreement in return for receiving a fraction of the prize money."
That sounds like a not entirely equitable distribution of round two. But the boffins dismiss it as pointless and invalid: "As academic researchers, we felt the second round of the challenge was unscientific and offered us no further information. Our goal is to understand, document, and study the technologies being used by SDMI. Since the second round provided no oracle access and no further unwatermarked content, there was nothing we could learn from it. In addition, we feel that the second round as designed by SDMI is not a valid test of whether a first-round success is repeatable, since it gives the participant much less information than was available in the first round."
And then it's in with the bayonet. They describe the SDMI challenge as being as much intended to hide the design of the watermarking schemes as to test whether they can be broken. Once the players are out, they can be reverse-engineered, and/or they can be used to check cracks quickly - if it won't play, you didn't crack it. Yet.
SDMI's security model "is inherently vulnerable... no matter how sophisticated their watermarking technologies become... we are confident that we can continue to develop attacks like we have if SDMI updates their technologies." Oh well - back to the old mixing desk? ®