[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Digital Fingerprinting




A couple of threads have recently touched on aspects
of "digital fingerprinting", a term that covers a variety
of methods for making changes to digital documents in
order to trace the origin of illicit copies. This subject
has been on my mind after several discussions on this topic
at Crypto, as well as the one formal presentation on the
subject.

Here are some of my thoughts on this subject:

  o If the domain of changes is well understood, and can be
    altered without significant loss of quality, then it is
    trivially easy to remove the fingerprinting. In other words,
    if you know the algorithm used to create the fundamental
    codewords in the fingerprint, and you can overwrite
    arbitrary codeword bits with other codeword bits, then the scheme
    can be avoided without collaboration of any kind.

    Example: A software company fingerprints its software by
    mapping two equivalent machine instructions onto binary "0"
    and "1", respectively. Someone who knows about this could
    randomly replace one instruction with the equivalent one,
    which would reduce the fingerprint to noise.

    Example: A publishing company uses an even number of points
    between paragraphs to indicate "0" and an odd number of
    points to indicate "1". Someone who understands this can
    overwrite the fingerprint as above.

  o If a fingerprinting scheme depends on the secrecy of an algorithm,
    then this is really "security by obscurity", which may
    be effective for a period of time, but is likely to meet
    the fate of most copy protection schemes that have rested
    on raw obscurity.

  o Certain domains of information lend themselves to the
    secure formation of fingerprint "bits" that are very difficult
    to scrub in this way. One such scheme was used as the basis
    for the presentation at Crypto: imagine that a film was shot
    with two (or N) cameras. For each frame of the film, the
    distributor can chose to take a frame from a different
    camera. Frames from camera 0 would be mapped onto binary "0",
    frames from camera 1 would be mapped onto binary "1". Using
    this approach it is possible to construct schemes that are
    resistant to collaboration up to "N" people.

    The security of such schemes rests on the assumption
    that given one frame, it is very hard (and possibly intractable)
    to fuzz up the frame such that the parallax information doesn't
    give away which camera shot the frame. Rather than hiding the
    fingerprint information in the "low bits", this technique hides
    the information throughout the picture.

    In one sense, a 2D picture of a 3D object is similar to a one-
    way hash function. It is a form of lossy compression on the 3D
    object that is impractical to work backwards.

  o Note that overwriting a fingerprint with random noise (or
    whatever) does not generate a valid replacement fingerprint.
    Therefore it would still be possible to tell that a document
    had been tampered with (and was not a valid copy), even if
    its provenance could not be determined.

  o A number of people are working on "black box" viewer technology,
    which would allow people to purchase documents that could only
    be read on devices with tamper-resistant hardware in them that
    would be required to decrypt media. Certainly much piracy could
    be done by capturing the output of such a box (unless it was
    embedded in a tamper-resistant chasis); there are some proposed
    schemes for reducing the payoff of output capture, but they
    depend on a similar approach to the movie fingerprinting idea
    above -- the base data format is somehow richer, possibly capable
    of generating different output under different circumstances or
    on different hardware platforms, while the output of the black
    box represents only one view of the base data.

    Example: a base format for a 3D object is encrypted with a
    public key resident in the "black box". Said black box also
    includes a hardware 3D rendering engine. The output of the
    black box consists of a series of 2D frames, which may make
    it impractial to reproduce the base 3D object.

    It is my considered opinion that this sort of technology will
    meet with tremendous customer resistance, and will not prove
    practical or cost-effective; many analysts are predicting a
    trend toward more general purpose computers for media viewing
    rather than towards specialized hardware that is needed for
    this kind of approach.

  o There are also some profound practical and legal problems with
    the use of digital fingerprinting. For one thing, it involves
    generating a unique copy of every document for each consumer.
    After the digitial fingerprinting session at Crypto, a guy from
    Microsoft was pointing out the incredible difficulties posed
    by trying to fingerprint, say, every copy of Windows 95.

    On the legal front, it's not clear what you can do to someone
    even if you _can_ prove that the 100,000 pirate copies of Windows
    95 circulating in Amsterdam stemmed from his copy. Machines get
    hacked, co-workers and family members often have free access to
    machines running software -- it's not clear that media companies
    _want_ to invoke the paranoia associated with potential responsibility
    for millions of dollars in damages if someone makes an illegal copy
    of one's software and the loaves and fishes ensue. [Imagine what
    great revenge this would make for jealous co-workers, ex-wives, etc.]