RE: Blue Spike and Digital Watermarking with Giovanni
Correct Working for Xerox I can assure you that all of our colour machines together with all our competitors colour machines leave a "trace". I have seen this in action with respect to our Australian Federal Police tracking down money printed on one of our machines. Regards AM -Original Message- From: bram [mailto:[EMAIL PROTECTED]] Sent: Monday, January 17, 2000 8:20 AM To: Eugene Leitl Cc: [EMAIL PROTECTED] Subject: Re: Blue Spike and Digital Watermarking with Giovanni On Sat, 15 Jan 2000, Eugene Leitl wrote: > Joe Sixpack also doesn't believe that color laser copiers leave an > unique signature on each copy, allowing you to trace the copy to an > individual device. Nevertheless these are there, and can be evaluated > if need arises. (Just try distributing a few xeroxed $100 bills, and > time how long it takes until the feds knock on your door). Do you have a reference for that? [There have been SO many articles on this recently, including a long thread on RISKS: the summary being that it is absolutely true. --Perry] -Bram
Re: Blue Spike and Digital Watermarking with Giovanni
Well, the deformations must be smooth, so this just describes an attack against a certain type of watermarks. As I said, it is difficult to resiliently watermark a single image. Paul Crowley writes: > As far as I know, all fielded watermarking schemes can be defeated > with simple, invisible distortions of the image - see > > http://www.cl.cam.ac.uk/~fapp2/steganography/ > > for work done by Fabien Petitcolas and Ross Anderson. You don't even > have to have more than one copy of the picture or know very much about > the scheme in use.
Re: Blue Spike and Digital Watermarking with Giovanni
On Sat, 15 Jan 2000, Eugene Leitl wrote: > Joe Sixpack also doesn't believe that color laser copiers leave an > unique signature on each copy, allowing you to trace the copy to an > individual device. Nevertheless these are there, and can be evaluated > if need arises. (Just try distributing a few xeroxed $100 bills, and > time how long it takes until the feds knock on your door). Do you have a reference for that? [There have been SO many articles on this recently, including a long thread on RISKS: the summary being that it is absolutely true. --Perry] -Bram
Re: Blue Spike and Digital Watermarking with Giovanni
Once comment regarding Napster. After downloading Napster and installing it to determine what it does, I discovered that it ignores the user's desires and will export all the music files on their machine even when they request that no music be exported. This is behind the back the end user, and as such I would consider it to be piracy by the distributors of Napster as well as theft from the end user. Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
Re: Blue Spike and Digital Watermarking with Giovanni
As far as I know, all fielded watermarking schemes can be defeated with simple, invisible distortions of the image - see http://www.cl.cam.ac.uk/~fapp2/steganography/ for work done by Fabien Petitcolas and Ross Anderson. You don't even have to have more than one copy of the picture or know very much about the scheme in use. -- __ \/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ / /\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
Re: Blue Spike and Digital Watermarking with Giovanni
Hi Eugene, There are many parts of your recent comments which I disagree with, as much as I understand them. Some of what you write isn't really clear to me, and I don't feel like debating each point in detail. However, here are a two points of clarification, regarding "Napster" and my definition of "linear media". Prosecuting consumers who are engaged in low-order piracy, for their own benefit or perhaps to raise enough money for a six-pack of beer by flogging a few copies of music to friends is not the same as prosecuting a company, organisation or person who systematically makes a product or service which is arguably intended primarily to facilitate unlicensed replication of copyright material. I don't support the knee-jerk reaction to the big record companies - the furious copying of commercially available music as an alternative to paying for it. From what little I know about this, if Napster are primarily facilitating this, and especially if they are profiting from it, then I hope the RIAA win the case. In my paper at http://www.firstpr.com.au/musicmar/ I define five types of copying: 1 - Purchaser copying 2 - Listener sharing 3 - Listener theft 4 - Listener piracy 5 - Commercial piracy 1 is necessary for the purchaser to derive full value from their recorded music. 2 does not reduce sales, since the recipient was not planning on purchasing the music. Very often it is the best form of marketing - giving a free sample with a personal recommendation from a friend from which the recipient can become enthused and so later purchase from the artist. 3 is the listener avoiding their own purchases by copying. 4 is one listener doing this on a small scale for others, perhaps for a small profit. Someone who directly or indirectly facilitated 3 or 4 as a primary purpose of their actions (rather than it being just one thing a CD-R burner can do) is arguably guilty of 5. But this and quite a bit of this whole discussion is beyond the scope of a crypto list. By "linear media" I meant to include text, video, sound and potentially some other things. For instance, while this may not exist yet, it would be linear media by my definition: recorded, rather than interactive, cyberdildonics (electronic control of vibrators and the like). The criteria for "linear media" is that the listener/user/consumer experiences the "product" as a linear set of sensations, which can be recorded. (Anything which can be recorded can be recorded digitally, but this is not an essential part of my understanding of what "linear media" means.) In contrast, a video game is not "linear media". Although it involves sound and vision, it also must involve feedback from the player. Therefore the video game is not recordable, and can only be provided by some mechanism, such as a computer running a program. That opens up many more opportunities for copy (or rather *run*) protection. 1 - Program won't run unless it can talk to dongle. 2 - Program won't run unless it can talk to server via the Net. In both cases, it would be possible, although not necessarily cost-effective, to reverse-engineer the code and patch it so the real dongle or Net connection was not required. To overcome this difficulty, some essential functional element of the program could be implemented by the dongle or remote server. For the dongle, this could be quite costly to implement - but potentially very hard to work around. For instance, a central algorithm of the game is executed by a CPU running in a tamper-proof card or module (lets assume this is possible, which it probably is to a high degree with sufficient expense and careful design). Communications to and from this buried CPU are encrypted and the card erases the necessary keys for communicating with it if the device is tampered with, or if it does not get regular signed messages that the user has paid their subscription. (There would be many other ways of achieving the same thing, such as the algorithm's code being in RAM and being erased if the module is tampered with etc.) Locating a functional part of the program on a remote server really does make the player dependent on friendly relations with whoever runs that server. Unless someone else can write a local CPU program to replicate the functionality of the remote algorithm, then this approach is bulletproof. (Or run a replica of the algorithm on *their* server and charge people to access it!) As far as I know, watermarking (AKA digital fingerprinting) does not refer to serial numbers or doing anything to computer programs. It concerns using steganographic techniques (or similar) to encode secret data so it is hidden (from human senses and from simple reverse-engineering efforts) in the noise component of "linear media" such as analogue or digital recordings of sound or still or moving images. - Robin === Robin Whittle[EMAIL PROTECTED] http://www.first
Re: Blue Spike and Digital Watermarking with Giovanni
Robin Whittle writes: > Digital watermarks again! > > Joe Sixpack won't believe his file contains a digital watermark with > his name in it unless there is a freely distributed Windows/Mac > program which reads the watermark and so spits out his name and other > personal details. Joe Sixpack also doesn't believe that color laser copiers leave an unique signature on each copy, allowing you to trace the copy to an individual device. Nevertheless these are there, and can be evaluated if need arises. (Just try distributing a few xeroxed $100 bills, and time how long it takes until the feds knock on your door). > That being the case, it is only a matter of time before the code and > the watermark algorithm is reverse-engineered. Then a program can be > written to remove the watermark. The algorithm will be kept secret, of course. Watermarking is not content, and hence need not to be presented to the end consumer. Thus Achilles' heel of content encryption which must be decoded into the (almost always interceptible) plain by some enduser-gadget-resident algorithm is avoided. > What use is the watermark anyway? It is only applicable to files > generated for a specific, legally identifiable customer. Therefore it > does not apply to pre-pressed CD/DVD etc. discs or to broadcasts via > the Net, TV, radio etc. There is clearly a trend for point-to-point, individual content distribution. With the proper infrastructure it should be possible to insert watermarks even in realtime "broadcast" content (which is mostly news and hence grows stale real quick). > Who is going to prosecute Joe Sixpack or Jo Lipstick? Not a big > company which is interested in its public image. Not a small company, Well, it's a tree, starting with Joe Sixpack as a root. While "six degrees of separation" is a cliche, the amplification at each step can be considerable. Construed (=purely arithmetical) damage can be considerable. > because of the the costs. Maybe a big company which doesn't care > about its reputation - to set and example. But that would only > encourage all the other Joes and Jos to copy some more! The problem _does_ exist. See http://napster.com/ and http://www.mp3.com/news/471.html It may not be properly addressed today, but it's there. > What's the use when Joe or Joe's watermarked, or proprietary-encoded > audio file must be reproduced via a PC soundcard, and there are > programs to write the raw 16 bit data to disk as .WAV or perhaps as > .MP3? I guess the same principle applies to video. Broadband encoded watermarks should survive multiple digital-analog-digital conversions. Remember, all we have is to hide a few 10 bits in a multi-MBytes/GByte stream. You don't know what are bits and what is noise. > (Linear media such as text, audio and video cannot be copy-protected. ASCII? You can encode information in formatting, interpunction, alternative spelling. A diff between two text versions will readily reveal sneakiness, but automatically stripping such information without losing content is nontrivial. Audio and video can most assuredly be watermarked, the questions is how resistant to stripping/mangling these watermarks will turn out to be. > Material constituting computer software - something interactive which > must run on a CPU and do things with a user - can be protected > reasonably well via hardware keys or better still, live links to a Cracking dumb dongles is semitrivial. Crypto dongles are harder, of course. But the code must still be executed in plain (until crypto is handled within the CPU), and is thus vulnerable. > server via the Net. The security of such transactions would be a > worry for network administrators . . . and anyway, watermarking is > only for linear media.) Define linear media. Everything is reducible to a bitstream. > If the watermark is inaudible, then why should we believe it will > survive compression schemes which cut to the bone of human perception? Because storage is cheap and compression algorithms are imperfect. > If it is audible, then why would anyone want to buy the watermarked > material? Considering the bizarre beliefs in so-called "high-end" I wouldn't buy it whether audible or not. Provided I know that medium is watermarked, which might not be exactly widely advertised. See color xerox machines. > hi-fi (which resemble religiously inspired fear and fervor - such as > so-called clock jitter in SP/DIF electrical/optical cables, > oxygen-free copper power cords . . . ) then why would this segment of > the market accept deliberately altered goods, especially when they > can't hear it but *know* it's there? Digital media people high-end audiophiliacs are not. I'm not playing my mp3's via an external digital input amplifier either (but I wish I could). > Both the Internet and CD-Rs put mass digital copying in the hands of > consumers. Content creators need to make the most of this, not fool Burning CDR
