Though a team of researchers based at Princeton and Rice Universities, as well as Xerox's Palo Alto Research Center (PARC), announced this week that they had successfully cracked the encryption system designed to prevent piracy in the Secure Digital Music Initiative (SDMI), an SDMI member involved in the testing process says that a full crack has not yet been achieved.
The team, lead by Edward Felten, a computer science professor at Princeton, succeeded in breaking the antipiracy systems on all four of the watermarking technologies that SDMI made available in its "Hack SDMI Challenge" in September. The team was unable to verify it had cracked the two non-watermark-related encryption technologies, it said, due to a malfunction in SDMI's validation server.
Under the terms of the hacking challenge, registered participants submitted their cracks to SDMI by uploading them to the SDMI Web site. Once there, SDMI's online listening system, called an "oracle," analyzed the submissions to verify that the watermark had not only been removed but also that sound quality had not been unacceptably degraded. According to the FAQ posted by Edward Felten, SDMI's oracles said that the "attacks have succeeded on all four watermarking technologies."
However, "it appears there's been some misunderstanding" as to whether the technology has been completed cracked, according to the Recording Industry Association of America Inc.'s (RIAA) senior vice president of business and legal affairs, Matt Oppenheim, who has been involved with testing SDMI. An oracle accepting a submission is not the same thing as validating a crack, he said. Rather, an acceptance simply verifies that the watermark has been removed but makes no statement as to whether the audibility test has been passed. Oppenheim said that not only were the samples submitted by Felten's group still being tested, but that Felten himself had admitted that they were not high quality.
Felten disputes this account.
"For each of the four challenges, we submitted more than one entry that defeated the watermark detector, passed whatever audio quality testing SDMI did, and had high enough audio quality in our opinion," he said in an e-mail interview.
"I know that RIAA says that they have not done full audio quality tests yet," he continued. "I know that they have done some quality testing, since they rejected some of our early attempts due to insufficient audio quality.
"Bear in mind that the purpose of the challenge was to see what pirates could do if the watermarking technologies were deployed. Any level of audio quality that is good enough for a pirate to distribute should be good enough to defeat the challenge. If RIAA wants to set a bar higher than that, they're free to do so, but I don't think that would affect the point we are trying to make."
All participants in the "Hack SDMI Challenge" were required to sign confidentiality agreements in order to claim the $10,000 prize for cracking the encryption technologies. However, according to Felten's Web site, the agreement allowed entrants to forgo the prize money if they wished to publish their results. Felten says he plans to "publish (the) results, to the extent possible." The Web site states the report will be posted in November.
SDMI is the name of both the technology and the consortium created by recording industry, consumer electronics and computer companies to attempt to meet the challenges of digital music and prevent piracy. The standard has had a long and twisted history and the challenge was seen as a sign that the technology was nearing public release.
This is not the first time SDMI has reportedly been cracked. Earlier in October, the online magazine Salon.com reported that the technology had been broken, though the story was disputed by SDMI.
The organization hopes to be able to announce the results of the challenge at its next meeting, Oppenheim said, which will be held from Nov. 8-10 in Washington, D.C.
The research team's findings are available online at http://www.cs.princeton.edu/sip/sdmi. SDMI, in San Diego, Calif., is at www.sdmi.org.
RELATED LINKS
Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.
Request a reprint or permission to use this article.
