seems to be tension between marks that are difficult to remove and ones that are hard to forge. Enforcing
both requirements creates two ways to fool the detector--by rendering the mark invisible and by making
it appear forged. If, as in CD DRM systems, either situation leads to the same result (no protection), the
attacker's power is magnified.
In contrast, a mark strongly robust to forgery is simple to create based on digital signatures if we aren't
concerned with its being easy to remove. A very simple scheme works as follows:
1. To sign an audio track, the licensed publisher reads a fixed portion L
1
of the audio data (say, the
first ten seconds), then computes a cryptographic hash of L
1
and signs it using a public key signature
algorithm to derive the signature S
L
1
:= Sign
K
S
(Hash(L
1
)). S
L
1
is then stored at a second location
in the track by setting the LSB of each sample in the region to the corresponding bit in the signature.
A 320-bit DSA signature could be embedded in this way using approximately the same space as one
mark cluster of the MediaMax watermark.
2. The publisher keeps the signing key K
S
secret, and builds the corresponding verification key K
V
into
the client software. When presented with a CD, the software checks for a valid signature. First it
reads the audio from the signed area of the track and hashes it, and it locates and extracts the signature
stored in the LSBs in the second mark location. Next, it verifies the signature on the hash using K
V
.
If the signature is correct, the watermark is valid and genuine; otherwise, forgery or data corruption is
indicated.
The scheme could be strengthened against natural errors by applying the mark to several regions of the
disc, as is the MediaMax watermark.
Forging such a mark would require defeating the digital signature scheme or splicing both L
1
and S
L
1
from a legitimately marked album. We set L
1
to be several seconds of audio to make such splicing less
appealing.
Clearly this watermark is highly vulnerable to removal. If even a single bit of the hashed region is
changed, the mark will not be recognized as valid. Yet the watermark MediaMax actually uses is also vul-
nerable to corruption by a single bit (in each mark cluster) while being far less resistant to forgery. Though
robustness to removal could be improved by using error correction methods, we believe that robustness,
while desirable in principle, is of limited value in real CD DRM applications, and should not be traded off
against forgeability. Removal of the watermark is unlikely to be the weakest link protecting the audio, and
while the gains from creating a more indelible watermark are slight, the loss to free riders from an easily
forgeable mark is potentially much greater.
6
CD DRM Players
Increasingly, personal computers--and portable playback devices that attach to them--are users' primary
means of organizing, transporting, and enjoying their music collections. Sony-BMG and its DRM vendors
recognized this trend when they designed their copy protection technologies. Rather than inhibit all use
with PCs, as some earlier anti-copying schemes did [12], XCP and MediaMax provide their own proprietary
media players, shipped on each protected CD, that allow certain limited uses subject to restrictions imposed
by DRM software.
8
The XCP and MediaMax players launch automatically using autorun when a protected disc is inserted
into a PC. Both players have similar feature sets. They provide a rudimentary playback interface, allowing
8
The restrictions imposed by the DRM players only loosely track the contours of copyright law. Some uses that could be
prohibited under copyright--such as burning three copies to give to friends--are allowed by the software, while some perfectly
legal uses--like transferring the music to one's iPod--are prevented.
13