Introduction

The tremendous growth of the Internet nowadays makes the copy and distribution of any kind of digital data easy. This raises the problem of intellectual property protection on these data, which are sometimes illegally copied material. The problem is especially present for digital music, due to its attractiveness and to the availability of efficient compression algorithms, such as MP3. This phenomenon is aggravated by the development of peer-to-peer sharing systems, where anyone can access files stored on the computers of any other participating user.

In order to fight against piracy, a number of companies have gathered to form the Secure Digital Music Initiative (SDMI), whose goal is to develop technologies to protect the playing, storing and distribution of digital music.

Recently, the SDMI has selected a number of candidate technologies that could be part of the final deployed system, and has launched a public challenge [otSg] in order to test the robustness of these candidates.

In this paper, we present the analysis of one of these candidate technologies and explain how to defeat it. As we will see, this technology is based on the spread-spectrum technique, often used in watermarking. We also envision a more general setting than the one used in the challenge, which allows us to pinpoint an intrinsic weakness to spread-spectrum based scheme: collusion attacks. This weakness forces a large number of spread-spectrum based scheme, to rely, not only on the secrecy of their private informations but also on the secrecy of their design to be secure.

We present the general security framework of the SDMI in section 3, and detail the kind of attacks than can be attempted against a watermarking scheme in section 4. In section 5, we explain how we analyzed the proposed scheme and we present the attack in section 6.