|
|
|
Introduction
|
 |
Let us briefly explain how the SDMI works (as far as we've understood,
at least).
The goal of the SDMI is very specific and has often been misunderstood.
The scenario is the following: there will be SDMI compliant devices. These may
be of different kinds (HiFi, portable players,
car players, etc). In order to play a song on such a device, it needs to
pass the gate of the secure world.
The two main requirements are the following:
- All legacy LPs must pass this gate.
- All new LPs that have been legally bought must also pass this gate.
The goal of the SDMI is to prevent the following: Bob buys an LP,
rips the tracks to his computer, compress them, sends them to Alice.
Alice burns them on an LP and imports them in the secure world.
What the SDMI algorithm does not prevent (although it's
illegal) is the following: Bob buys an LP, burns a copy,
gives the copy to Alice. Alice imports the songs in the secure world.
Consequently, if Bob transmit an ISO image of the LP over the net to Alice,
she should be able to burn it and import it in the secure world.
However, an ISO is VERY big, and this procedure is time consuming and
may be costly.
To put it another way, it should be impossible to import an LP into the
secure world if it has been modified in any way (notably if it
has been compressed).
Checking for the integrity of a document can be done using standard cryptographic
techniques, such as MAC, or even signatures. Therefore, one can wonder at first why
watermarking is needed? The problem is that legacy LPs do not include any kind
of verification information but should not be rejected. Consequently, it is
necessary to be able to distinguish legacy and new LPs. This
is where watermarking technologies will be used.
|
|
The gatekeeper
|
|
|
Now, how is the gate checked?
There are in fact two algorithms:
- A watermarking technology
- An identification technology
When an LP is created, the songs on the LP are watermarked using
the watermarking technology. Then, the LP is "signed" using
the identification technology.
The watermarking technology is simply here to enable the gatekeeper
to make the difference between legacy content and new content.
If a mark can be found, the content is deemed new.
The identification technology is here to prevent modifications of the LP,
notably compression.
When an LP is trying to enter the secure world, the following checks are made:
- Is it marked?
- Is there a signature and is it valid?
So, we have several cases:
| | Marked | Non Marked |
| Signed and unvalid | Reject | Reject??? |
| Unsigned | Reject | Accept |
| Signed and valid | Accept | Accept??? |
The results of the first column are very clear. If the mark is found, the LP
is new, therefore it should be correctly signed. If is it not, it should
be rejected.
The second column is not as clear. If it is unmarked and unsigned, this is
supposed to be a legacy LP so accept it. If it is unmarked BUT signed, it
means something strange happened. We are not too sure how the test behaves
in these cases.
|
|
Now, how to attack?
|
|
|
There are two ways to attack the system.
The first one is to break the identification technology,
so as to be able to recreate valid signatures from any marked content.
This is very unlikely to succeed, because digital signatures are safe
unless a design error is made.
The second attempt is to remove the marks so that the detector believes
that the LP is a legacy one. (Destroying the signature, which is very
different from recreating one, is trivial).
|
|
|
