Introduction
The Graduate School in Electronics and Communications (GSEC) at the Université catholique de Louvain (UCL) is co-organized by three UCL laboratories from the Electrical Engineering Department (ELEC). The courses of the GSEC are provided both to gain background knowledge of different areas, and to gain an understanding of the latest research. The course "Digital Rights Management – from theory to implementations" had the technological aspects of DRM systems in its focus (AS13). The majority of attendees were from UCL and other Belgian universities, but as the course was open to the public, and the list of invited speakers offered a promising overview of the latest results in the area, a great number of people had registered to the course from all around Europe.

The three-day course started with a brief introduction to the cryptological basis of the technologies widely used in DRM systems, which was held by Jean-Jacques Quisquater and François Koeune, the hosts of the course. Their lectures included topics like symmetric and asymmetric cryptography, RSA encryption and digital signatures, key exchange protocols, data hashing and the set-up of public key infrastructures.

Introduction to watermarking
After the quick mathematical warm-up, we were thrown into the deep water of watermarking by Ingemar Cox from UCL (this time this abbreviation means the University College London). First of all, the definition of watermarking and several related terms were given (Cox).

Watermarking is the practice of unobtrusively modifying a work of art (image, song, software program, geometric model, etc.) to embed a message about that work. This is considered a general definition, and may differ from other definitions, which may include also imperceptibility, or can refer to any means of data hiding. Following this train of thought, we defined data hiding as a general technology for preventing adversaries from perceiving or finding some kind of data, and steganography as keeping the existence of messages secret by hiding them within objects, media, or other messages. So, to simplify, hiding data in (digital) content is the goal, and if the embedded information is about the carrier content itself, then it is watermarking, but if it is an arbitrary secret message then we call it steganography.

To detect the embedded watermark, we can either use some information about the original, unmodified content (informed detection), or not (blind or uninformed detection). The error rates in watermark detection can be expressed using the false positive rate, as a frequency with which we can expect to find watermarks in content that is not watermarked; and the false negative rate, the frequency with which we can expect not to detect watermarks in watermarked works. The acceptable level of these error rates depends of the particular application.

The most important properties of watermarking systems are:
  • Fidelity – the perceptual similarity between marked and unmarked works.
  • Payload – the amount of information that a watermark can embed in a single work.
  • Robustness – the watermark’s ability to survive normal processing (e.g. compression).
  • Security – the scheme’s ability to resist hostile attacks, specifically designed to defeat the purpose of the watermark.

In DRM systems the most common goal of watermarking is to imperceptibly and irremovably include information about the content in the content itself for the purpose of broadcast monitoring, owner identification, proof of ownership, transaction tracking, content authentication or copy control.

Applications
The first speaker of the second day was Adi Shamir, who is presumably often introduced as "the S from RSA", just as happened this time. He presented a key management scheme in broadcasting systems, where we have to address a privileged subset of end-users by broadcasting encrypted content to them using multiple pre-distributed keys. The schemes introduced in the talk were based on a binary-tree with the end-users on the leaves; we can define inclusions and exclusion of sub-trees on the branching nodes, to choose the right keys to have the desired subset of end-users being able to access the content. The latest improvement in this technique is the LSD broadcast encryption scheme (Halevy and Shamir 2002).

After the panel discussion (see below) Yvo Desmedt gave a lecture, speaking about traitor tracing in broadcasting environments. The goal is to find the subscriber or maybe some conspiring subscribers, who extract their keys from their devices (e.g. a set-top-box) to sell them on the black market. Several schemes were introduced, discussing their strengths and weaknesses. The speaker concluded, that traitor tracing is a useful tool for DRM, especially in broadband broadcasting, and is becoming better and better, but there are some limitations: for example there is a proven theorem, that a perfect traitor tracing scheme (where an innocent party is never accused) is impossible (cf. Desmedt et a.l. 2002).

As nowadays more and more digital applications, like first-person-shooting games, medical images, different simulations and computer aided design (CAD) systems rely on inner 3D object representation, it has became essential for product or service providers to protect their intellectual property inherent in these models. In the first lecture of the closing day a watermarking scheme was introduced, using which a secret message can be embedded in a 3D model. With the future appearance of 3D-televisions, this issue can be essential for content providers, and furthermore, a brave vision of a 3D-Google was sketched.

In the rest of the closing day a basic model for access control to content was introduced, after which the last lecture of the course introduced the digital cinema and its most important technical issues, focusing on the requirements and challenges of choosing hardware components based on which a robust and secure digital cinema hardware can be built.

The panel discussion
The panel discussion started with a "warm-up" question directed at Adi Shamir, questioning what’s new in cryptography and cryptoanalysis. Mr. Shamir’s feeling was that the cryptoanalysis of hash functions is an area, in which not much has happened since 1990’s, and that research has received a boost lately.

As the majority of lectures focused on watermarking, the discussion concentrated on this issue. The greatest challenge in this area today is to develop public-key watermarking (PKWM), similarly to public-key cryptography, which would presumably mean that one can put watermarks on a piece of content using a private key, so that everybody would be able to check the existence of the watermark using a public key. As the word presumably in the last sentence indicates, the biggest problem is that we don’t even have a precise definition or even a clear goal yet concerning the PKWM.

After a short debate it turned out, that our expectations in the area of classic watermarking are not clear as well. We are trying to trace the content by technical means, to find where it is leaking, but in the end in most cases it turns out that the leaking point is some old lady living in a small village, so the technical solution is barely handy. The speakers agreed that DRM is more about psychology, as a leak is not the cause of the problem, only the syndrome.

The problem in today’s business models originates from the fact, that those who are putting protection on contents are not those who profit from really strong protection. A strong watermarking scheme, which is still a wish, could completely restructure currently failing business models, as in the future content providers will be able to put the needed protection in the content themselves. Still, the only thing that can be done by device manufacturers today is not to chose a standard now, but to build upgradeable devices, and to be prepared for constant improvement of the schemes, like it was in the case of smart cards used for phone-cards.

Before the end of the panel discussion, consumer privacy in broadcasting techniques was discussed. As broadcasting becomes more and more interactive, providers will be able to monitor consumers’ activity. This backward information should also be covered in forthcoming DRM solutions, thus a strong demand for two-way DRM systems is arising, where not only the content providers’ rights are ensured, but also the consumers’ privacy is protected by technical means.

Conclusions
As a conclusion we can state that the main challenges to technical solutions of DRM are moving towards a risk management-based approach, admitting that piracy cannot be completely eliminated, but at least it must be controlled. Watermarking could be a useful tool in implementing these new protection schemes, which would need a change in the current business models. However watermarking is not strong enough yet to sustain possible attacks, and it is still questionable, whether it will ever reach the desired security and robustness level.

By the spreading of broadband access and digital broadcasting, the need for technical solutions to control both the broadcasted content and the backward information flow is growing. The panel discussion proved that in some areas research is demand-driven, but several areas are developing without clear definitions and a clear view of the possible usages, which is admittedly not necessarily a problem in the early phases of research.

Bottom line
As for the current state of DRM protection schemes, the summary of the panel discussion, addressing the attendees, can serve as the overall summary of the course: "Everything is broken, so we are waiting for your research". Not so promising, but at least optimistic.

Sources

About the author: Ernő Jeges is a researcher at Budapest University of Technology and Economics in the SEARCH Laboratory. His research areas are mainly focused on biometric security solutions, but he was involved in a number of research activities dealing with IT security and the technology aspects of digital rights. He received an MSc in computer science from BUTE in 1995. Contact: jeges@mit.bme.hu.

Status: first posted 23/06/05; included in INDICARE Monitor Vol. 2, No. 4, 24 June 2005; licensed under Creative Commons
URL: http://www.indicare.org/tiki-read_article.php?articleId=114