In the era of communication revolution, though everyone is just a click away, the aura that gets developed by personal interaction cannot be replaced by electronic media. CRYPTOcrats recently had its first CRYPTOmeet. The idea behind CRYPTOmeet was to bring together all the present and wannabe CRYPTOcrats from Pune and areas around for the first face to face interaction. For this, CRYPTOcrats in the city and some of the Pune’s who’s who in security field gathered together for a lively session touching various aspects of security and cryptography on the eve of 19^th Dec 2008.

The evening featured a panel discussion on the “Security, Cryptography and Future Trends” and an overview of the journey while implementing company wide security systems. This note summarizes the discussion from the event and musings on the issues put forth during the panel discussion and presentations.

Amit Chitale (founder CRYPTOcrats) started the evening by briefing the audience about the history, journey and future plans for CRYPTOcrats. Interestingly the CRYPTOmeet coincided with CRYPTOcrats reaching the milestone of having more than 200 members wordwide. For the occasion of CRYPTOmeet blessings from the famous personalities in the security field all over the world were. These were also shared with the audience. Few well wishers for CRYPTOcrats who sent in thier blessings and good wishes for the meeting were, Pr. Jean-Jacques Quisquater, Dr Adam Elbirt, Dr. Matthew Henricksen, Dr. William Whyte, Carmi Gressel. May Cryptographers all over the world also  expressed their enthusiasm about the activities and discussions that CRYPTOcrats has been bringing forth and extended their best wishes for the future CRYPTOcrats endeavors.

The panel for the evening comprised of individuals from varied backgrounds like hardcore cryptographers, security engineers, CTOs, authors-columnists and professors in the security circle. The panel discussion was anchored by Ravi Gogte (a network security industry expert) and Rohit (our own Core CRYPTOcrat). The anchors introduced the team and made the discussion more interesting by asking various tricky questions. The panelists then took over and spoke in two rounds in which they covered the scenarios for present and speculated niche security fields respectively. Dr. Virendra Sule (Head of Information Security Group at Computational Research Labs Pune) elaborated the ongoing work on PKI, one way hash functions in cryptography and also opined on his speculations for the impending trends in the coming decade. Prof. Ingle (Head of CSE Dept at PICT) enlightened the audience on Secure Group Communication protocols and the direction of ongoing developments. Aniruddha Shrotri (CTO, founder E-Lock) elaborated the Digital Signature and its pivotal role in the modern day electronic transactions. Atul Shah (Director at MOCANA), being from a network architecture background spoke on the link between security layer and the network layer and the various aspects that influence the choice of network layers specifications according top the expected level of security. Atul Kahate (Head of Technology at Oracle, Author of Cryptography and Network Security, and a columnist from Indian national dailies) presented the concept, need and implementation of Single Sign-on for running applications requiring multiple authentications. Mandar Marulkar (KPIT Cummins) took the audience through the journey of implementing a network security infrastructure for an organization having segregated computer network.

The evening was followed by an interesting question and answer session which touched upon an array of issues like simultaneous encryption and compression for multimedia broadcasts, multi-party secure group communication protocols and perfect secrecy of a system. A small code deciphering competition was also run during the event. Participants were given the CRYPTOcrats card while they entered the event venue. Here is the picture of the card.

As can be seen the card has a string of characters on the top left corner in fine print. This is a hidden message behind this string and the participants were asked to decipher it. The hint behind cracking the message was privously given during the presentation that Amit made about CRYPTOcrats. It was great to see that quite a few members from audience were able to decipher the message. The one who could do this fasted was given a suprise gift. The CRYPTOcrats “special mug” signedby the special guest for the meeting.

The paricipants also enjoyed the quick byte (sandwiches) and steaming hot coffee at the end of the meeting. All in all, the CRYPTOmeet brought together the flavors from multi-hued domains and gave a taste of the frontier works in security areas as well as of where the experts anticipate the areas to converge during the coming decades. 

While everyone picked up their CRYPTOmeet tokens “the special mug” on their way out did not forget to inquire about the next CRYPTOmeet.

Well.. the answer to them is.. stay tuned and watch this space for more information about our next CRYPTOmeet.

So before we sign off for this report we would like to sincerely thank all the sponsor’s of CRYPTOmeet, Panelist, Presenters & Anchors, Audience and SICSR - ATUR Center (for hosting the meeting).

Thank you!

Team CRYPTOcrats (Amit Chitale, Mayuresh Bakshi, Abhishek Anurag, Rohit Pandharkar)

Author:

This blog is authored by Aniruddha Shrotri a fellow CRYPTOcrat.  Aniruddha is the CTO and Co-founder of E-Lock. E-Lock specializes in Digital Signature & Electronic Signature Software Solutions. Aniruddha has been active in the PKI domain for a long time and in a great position to write a note about what this recent NEWS about MD5 means.

You can find more information about Aniruddha on his LI Profile.

Abstract

Here is wishing all the CRYPTOcratians a very Happy and Secure New Year! But I am afraid the New Year has brought with it a disturbing piece of news – the hash algorithm MD5 is broken – not just in theory but in practice too.

Here is a very recent and good article http://news.cnet.com/8301-1009_3-10129693-83.html that describes how the weakness in MD5 was successfully exploited to create a fake website with HTTPS that would pass the browser test. Since 2004 it has been known that a weakness existed in MD5 but this is the first time this weakness has been exploited to create a practical live demonstration.

Issues that are raised by this demo

Clearly MD5 is broken and the consequences of this can be quite grave. Here are a few points to ponder over this development:

• The weakness was demonstrated by faking a certificate so that an SSL enabled fake website can successfully spoof a genuine website. This will mean that when people browse and they see the URL to contain HTTPS and/or a lock icon in the browser status bar, they will no longer be 100% assured that they are looking at a genuine website. If this assurance is gone, then how else is one supposed to verify whether one is dealing with a genuine or a fake website?
• The resources required to create this exploit were not enormously large – 200 Playstations 3 for 2 weeks. This is certainly not beyond the means of a determined hacker. As the article mentions, this much computing power could probably be acquired for $1500 from Amazon! Consider this effort against the pay-off that a rogue hacker might have in terms of harvesting identity information of hundreds of thousand unsuspecting customers of important financial institutions like banks.
• In faking a website, another issue that the hacker has to tackle is how to get victims to connect to the rogue website as opposed to the genuine website. There are a number of phishing attacks possible, starting from sending genuine looking fake emails with links that apparently go to the genuine website but the actually URL they have is of the rogue website. More advanced techniques include poisoning the DNS Cache of some common public DNS servers. This is very insidious as there is no genuine way in the hell the victim can make out that he or she is going to the fake website – even the correct URL will take him to the wrong website! Thirdly, the hackers can setup public Wi-fi access points and provide “open” and “free” network access to users. Users of such free Internet won’t even know that some of the links they are visiting are actually spoofs. In all, it is not very difficult to make unsuspecting victims go to a fake website (phishing attacks) and now it turns out it is not difficult either to give a false sense of comfort to victims by enabling the phished web sites with SSL/HTTPS.
• Currently this attack utilizes weakness in MD5. Remember sometime back it was shown that SHA-1 too is weak (though nowhere near as weak as MD5). It is only a matter of time that similar attack becomes possible on SHA-1 also. This is a grave scenario as the only two hash algorithms in use in practice are MD5 and SHA-1. The new replacement for SHA-1, i.e., SHA-2 and SHA-3 is still a long way out. SHA-3 candidates challenge has only recently been thrown open. And practical implementations of them will take even longer to come.
• This attack is not only about faking websites – it applies equally to Digital Signature applications as well. Basically, breaking of MD5 means being able to create another set of data whose MD5 hash is identical to the MD5 hash of some given data. This would mean that if I get a digitally signed document, I can create another document whose MD5 has matches with the MD5 hash of the original document and then I can simply transplant the digital signature from the original document to the new document. I can now take this new document with the proper digital signature of the original signer and the signer would never be able to repudiate having signed this new fake document. Imagine changing someone’s will, or changing the terms of a contract this way!
• One might argue that it may not be worthwhile for an attacker to spend great resources to fake a single document (remember, MD5 hash for different documents would be almost unique, so in order to fake another document, the whole exercise of faking would have to be done again). This may not be true depending on the value of the document, but this is not even required. As demonstrated in this attack referred to in the above link, it is sufficient to create a fake certificate. The fake certificate can then be used to sign any number of documents without having to spend large resources – the resources would be required only to create fake certificate.
• If a hacker fakes the certificate of an end user, he / she will have to spend again a similar amount of resources to fake each end user’s certificate he / she wants. However, if a CA’s certificate is faked, it can be used to issue fake certificates for any number of users without spending big resources for each end user certificate.

How was the fake certificate created?

A link is given in the article referred to above to a fake SSL enabled site, which the interested parties can see by clicking here: https://i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org/. If you observe the SSL certificate chain, it seems the middle certificate in the chain is the fake one. That is, the root CA ”Equifax Secure Global eBusiness CA-1” has actually never issued a certificate to “MD5 Collisions Inc. (http://phreedom.org/md5)”, but if you look at the certificate chain, you would be lead to believe that it has. This is the fake certificate.

Question is how it was created. Obviously, they constructed the certificate to contain whatever they want and then transplanted the Equifax root CA’s signature from some other legitimate certificate to this fake one. This of course assumes that the MD5 hash of the to-be-signed part of the both the certificates was identical. But getting the MD5 hash of some exact data you want (the new fake certificate content) to be identical to some pre-determined value (the MD5 hash of the original certificate from which the signature was transplanted) is nearly impossible. So, it would be required to keep adding some extra data to the data you want and keep trying to match the hash. In the case of a certificate, such extra data can easily be put in a field called “certificate extension” which is pretty much allowed to contain anything including your cat’s picture. As long as the extension is not marked “critical”, the receivers are supposed to ignore any extension they do not understand.

So, I had expected to see some unknown extension in the fake certificate with potentially large random looking data, so that when this data was taken together with the rest of the certificate content, the hash would match some pre-decided hash. To my surprise, I found no such extension – all the information in the certificate is standard and well recognized by all browsers.

There is a good and detailed explanation of how the fake certificate was created if you follow the links given on the website. It is worth reading if you are interested in the details and it is explained in terms not far from what laymen would understand. Still it is very intricate in details. To summarize: they did not transplant signature from any old certificate that the root CA had signed – they specially constructed a real certificate, which they got the root CA to sign. They required the root CA to issue certificates with predictable validity period and serial number. They used the chosen prefix collision attack in which some prefix of the both the colliding data can be chosen by the attacker – this alone would probably rule out transplanting the signature from any old certificate onto the fake certificate. The major portion of collision block was absorbed in the RSA Public key modulus. Some “tumor” (as they call it) is visible in the fake certificate in the form of strange content of the “Netscape Comment” extension in the certificate.

What can be done

Having scared you enough with different things the hackers can do to make your life miserable, lets look into what can be done to alleviate the pain a bit:

• All the CAs and all digital signature softwares should stop using MD5 as algorithm.
• All CAs should revoke any certificates that used MD5 and re-issue certificates wih SHA1 or better algorithms.Note that this and the previous step actually may not help much. The reason is that the hackers wont be using the CA-issued certificate directly anyway – they will create a new fake certificate that LOOKS like being issued by the said CA and transplant the signature from a previously issued certificate that used MD5. Even though this particular attack required the team to create a new valid certificate that “looked like” the fake certificate they were going to create, it is conceivable that with some improvements, for transplanting, the hacker would just need a certificate issued by the CA that uses MD5 – does not matter whether it is expired, revoked or live.
• The browsers should start issuing at least a warning when they find any certificate that uses MD5 in a trust chain during an SSL transaction.Given both the points above, it is a wonder that companies like Verisign and Microsoft have chosen to downplay this attack.
• The digital signature softwares should all start doing the same during any signature verification – flag a warning at least if it detects use of MD5 in the signature or in any certificate up the trust chain.
• Even though in this instance there was no “unknown” extension in the certificate, it would be prudent for the browsers and digital signature verification software to flag a warning if they find any certificate in the chain to contain an unknown extension (even though marked “not critical”) which contain suspect looking data (i.e., contains ASN Octet String or Bit String data types).

Please feel free to send in your inputs using the comments section below. Additionally you could also use our group’s discussion forum link to send in your comments for Aniruddha.

In continuation from Part 1 of this article here.

Linear Block Codes: Generator Matrix and Systematic Codes

LBC use the concept of adding redundancy in the form of Parity bits so as to give information about error correction.

A vector matrix equation is:

U = mG …(1)

…(2)

To form a systematic code the generator matrix G can be modified in terms of sub matrices P and Ik as follows:

U = mG = m[P|Ik ]…(3)

…(4)

Error Detection and the Parity-Check Matrix

H_T is an n × (n - k) matrix (whose rows are the columns of H). To fulfill the orthogonality requirements of a systematic code, the H matrix can be written as H = [In-k | P_T ], where In-k represents an (n - k) × (n - k) identity sub matrix and P represents the parity sub matrix defined. Since by this definition of H, we see that GH_T = 0, and since each U is a linear combination of the rows of G, then any vector r is a code word generated by the matrix G, if and only if

rH_T = 0…. (5)

Equation (5) is the basis for verifying whether a received vector r is a valid code word.

Towards Error Correction: Syndrome Testing

Following (5), we define a syndrome vector S of r as

S = rH_T. …(6)

Error Correction:

The Syndrome actually relates us to the actual Error as follows:

S = rH_T = (Ui + ej ) H_T = UiH_T + ejH_T…(7).

From this, the error pattern can be decided.

The Scheme for Simultaneous Channel Coding and Encryption:

Key Matrix:

We use a Key Matrix: L of dimensions (n by n)

The Key Matrix is a special a Square Matrix for which Inverse exists.

Hence, find L^-1 such that [L][ L^-1]= [I]…. (8 )

We call the matrix L^-1 as the Multiplicative Inverse for the *[L] operation.

Encrypted Code-Word Matrix U”:

The Code-word matrix U is converted into the encrypted matrix U” by

[U]*[L]= [U'']…(9)

The received vetor will have added error as given below:

The source codes used for communication will all be from the [U''] matrix which cannot be decoded until the n*n matrx [L] is known.

Z= U” + e … (10)

For decoding the code-word to the right vector, we use the multiplicative inverse at the receiving end.

Hence,

S = rH_T = (Ui*L+ ej)([L ^-1H_T ) ...(11)

=  (Ui* L* L^-1 *H_T )+( ejH_T L^-1)

= (Ui*H_T )+( ejH_T L^-1)

S = ( ejH_T L^-1) ...(12)

Hence we modify the syndrome table from ejH_T to ( ejH_T L^-1).

With this minor change the whole code word is retrieved along with error pattern.

<!– /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:”"; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:”Times New Roman”; mso-fareast-font-family:”Times New Roman”;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} –>

Example: (6, 3) Linear Block Code

Table 2 describes a code word-to-message assignment for a (6, 3) code, (Sklar [3])

The Generator Matrix for (6,3) code:

[G]=

…(13)

The Message Matrix [M] for (6,3) code:

[M]=

…(14)

The Key Matrix for this (6,3)code:

[L]=

…(15)

Calculating : [U]=[M][G]:

[U]=

…(16)

Calculating the New Encrypted Code Word Matrix U”

[U''] = [U]*[L] =

…(17)

Note that [U''] is quite different from [U], and cannot be traced back unless one has key matrix [L].

Retrieval of [U] from [U'']

Getting [U]= [U'']*[L ^-1] =

…(18)

The rest of decoding can now be done by using the standard decoder and the Syndromes may as well be interpreted for error patterns with minor changes as explained in the expression (12).

Conclusions:

Use of Channel Coding for Simultaneous Encryption purpose is a better choice as compared to the use of Source coding because of the Resdundancy increase found in Channel Coding and the possibilities for having higher key lengths for encryption.

We here present a novel way to simultaneously encrypt the message while channel coding is performed.The method proposed does not alter the noprmal performance of the Channel coding by linear block codes, and infuses encryption as an added advantage. The method also does not impose any extra overheads as the matrix G” can be pre-calculated using the multiplication [G]*[L]. Similarly at the receiving end, the matrix H_T ” can be calculated beforehand by [H_T]*[ L ^-1].

It shall be noted that the method does not make use of the standard approach of exploiting the freedom in coding method. It makes use of the concept of multiplicative inverse for removing encryption layer which is imposed by a prior multiplication.

References

[1] Chung-E Wang, “Cryptography in Data Compression“, CodeBreakers

Journal Vol. 2, No. 3 (2005).

[2] Chung-E Wang, “Simultaneous Data Compression and Encryption“,

Security and Management 2003: 558-563.

[3] Bernard Sklar, “The ABCs of Linear Block Codes”, IEEE Signal

Processing Magazien, July 2004.

[4] John G. Proakis, “Digital Communication“, Mc-Graw Hill Companies,

(2007)

[5] B. Sklar, Digital Communications: Fundamentals and Applications, 2nd

ed.Englewood Cliffs, NJ: Prentice-Hall Inc., 2001.

[6] T. Kasami, Klove, and S. Lin, “Linear block codes for error

detection,”IEEE Trans. Inform. Theory, vol. IT-29, pp. 131-136, Jan.

1983.

[7] W.W. Peterson and E.J. Weldon, Error Correcting Codes. Cambridge,

MA:MIT Press, 1972.

[8] Online Matrix Multiplier: http://wims.unice.fr/wims/wims.cgi

This article is authored by Rohit Pandharkar a fellow CRYPTOcrat.  Rohit is currently pursuing his under graduate studies at College of Engineering Pune. He has great interests in Cryptography, Mathematics and at this early stage has already published couple of research papers related to Cryptography.

You can find more information about Rohit on his LI Profile.

Introduction

Channel coding is an error-control method used for providing robust data transmission through imperfect channels by adding redundancy to the data. Two vital classes of such coding techniques are: block and convolutional. In this article, we will be focusing on the Linear Block Coding and its use for encryption in this work.

The attempts at simultaneous source coding and encryption mainly involved exploitation of the freedom involved in the compression algorithms. Chung-E Wang [1], [2] has worked extensively in the area of Cryptography in data Compression, and has delved into the possibilities of exploiting the freedom in the source coding algorithmic for the sake of encryption.

Need to use Channel Coding for Encryption:

We opt for channel coding as a better point of infusing encryption as compared to the source coding because of the following reasons:

Limitations of infusing secrecy when simultaneously compressing.

A) Limitations due to reduction in Redundancy

The Source Coding Algorithms by default decrease the redundancy in the original dta, whereas channel coding techniques increase the redundancy. The more the redundancy, the more the secrecy can be infused according to Shannon.Hence, Channel Coding is a better choice for simultaneous encryption.

B) Limitation on the length of the key

Length of the key is an important factor in determining the strength of encryption. Longer lengths of keys help preventing the brute force and chosen plain text attacks.

In Huffman coding:,the limit on using joint compression and encryption approach is that, the key length cannot be more than the number of parent nodes present in the tree. And hence maximum key length is dependent on Message characteristics and prefix coding scenario. This restraint is related to

1. Number of symbols

2. Probability distribution of the symbols

However, as shown in the further work, the encryption using channel coding can have a key matrix of n*n dimensions, and hence has better key length strength.

Combining ‘Channel’ Coding and Encryption without using freedom:

Considering the relations established by Shannon between source coding and encryption, and looking at the possibility of exploiting the freedom in the source coding algorithms, we look for alternative possibilities for simultaneous channel coding and encryption without using the freedom within the algorithms.

In this article, we present a Matrix-based method for simultaneous Encryption and channel coding using Linear Block Codes. The method presented is different from the previous attempts by others so far for simultaneous coding and encryption in that it does not use the freedom or choice involved in the coding algorithms. It essentially uses a key matrix to add an encryption layer on the code-word matrix. The original code-word matrix is recovered by nullifying the encryption layer at the receiving end. This needs special Key Matrix design. The design considerations for this key matrix are elaborated and the encryption procedure is explained with the help of an example for the (6,3) Linear Block Code.

To be continued in the next part.

I recently read an article about “NFC to emerge as the next big change for the mobile market”. The article refers the analyst report from Juniper research titled “Mobile Payment Markets: Contactless NFC 2008-2013″. Highlights from the report are

• Global mobile subscribers with NFC phones will reach 700 million by 2013.
• The market is currently dominated by FeliCa-enabled phones on Japanese mobile networks, where about 50 million FeliCa-enabled phones have been shipped to date.
• North America, Western Europe and Far East & China will be the leading regions by 2013, with each region having annual shipments in excess of 25% of total NFC phone shipments.

The analyst doesn’t miss out on quoting that the issues gating the commercial success of NFC are only the un-availability of NFC phones with users & NFC readers with merchants.

One of the most popular operators in Europe carried out NFC trails recently and expressed satisfaction and has decided to roll our NFC based services.

Sometime back I posted an article about attacking the NFC phones; this report brings me to another issue I would like to focus. Weather or not NFC technology becomes successful only time will tell. In the meanwhile, now that the standard is already frozen, my question is shouldn’t such standards go through an exhaustive Cryptanalysis phase to explore the weaknesses before wider deployment? If they do can someone provide more insight into how that is done. With a number of private players entering in the High Performance Computing domain; such systems could also be used to explore strengths and weaknesses of soon to be deployed or already deployed security protocols/ mechanisms.

I believe we have members on this forum who are experts in the security side of NFC and on the other hand also the members who are experts in using HPC Clusters for such Cryptanalysis. It would be nice to hear back from both sides about requirement and usefulness of Cryptanalysis in such application and information on how that can be achieved.

A lot of members have wrote back to me asking if we are planning for any f-2-f meetings for CRYPTOcrats. I am calling this as CRYPTOmeet, this will be something on the lines of MobileMondays or BarCamps which is typically an informal gathering. We could extend the scope and make it more formal if there is demand of that nature. As I am based out of Pune (India) I am currently putting together a CRYTPOmeet for members in and around that area. Please provide your comments on your expectations from this meet.  The tentative time for this meeting will be last week of October or 1st week of November for providing sufficient time to members for blocking their calendars.
Apart from this we would also like to hear from the esteemed members in other geographies to share if they could organize similar events at their locations.

A discussion thread on this topic is started in the designated area of CRYPTOcrats LinkedIn group page. Here is the link for quick access.

Thanks you. Looking forward to hearing from you all.

In continuation to Part 1…

DRM systems are designed in such a way that it establishes and maintains security associations between two network elements and ensures that traffic passing through the interface is cryptographically secure. DRM system might use a combination of authentication, encryption, digital watermarks, digital fingerprints, digital certificates, digital signatures, conditional access systems and product activation codes to provide security assurances to media content and their delivery systems.

Authentication – It’s a process of exchanging information between a communications device such as computer or mobile phone and a communications network that allows the carrier or network operator to confirm the true identity of the user and the device. Below diagram shows authentication process used in a DRM system:

In the above diagram DRM server wants to validate the identity of a user. The DRM system first sends a secret key to the user. The authentication process now begins with the DRM server sending an authentication request and a random number. This random number is used by the receiving device and is processed with the secret key with an authentication algorithm a typical data processing algorithm to produce a calculated result. This result is sent to the authenticator or originator. The authenticator uses the random number it sent along with its secret key to calculate the result. If the results received from the remote device matches with its own result, the authentication passes.

Encryption – It’s a process of protecting content being used or interpreted by unauthorized recipients. Encryption involves the use of a data processing algorithm that uses one or more secret keys that both the sender and receiver of the information use to encrypt and decrypt the information. Without the encryption algorithm and keys unauthorized listeners cannot decode the content. Below diagram tells about the encryption operation:

Encryption systems may use the same key for encryption and decryption (symmetric encryption) or different keys (asymmetric keys). Generally asymmetric encryption requires more data processing than symmetric encryption. Pictorially it can be represented as below:

In DRM system many encryption processes are used. It includes Pretty Good Privacy (PGP), Rivest, Shamir and Aldeman (RSA), data Encryption Standard (DES), Advanced Encryption Standard (AES), Rivest Cipher (RC5) and International Streaming Media Association (ISMA Crypt).

Digital watermark – It’s a signal or code that is hidden in a digital signal such as digital audio or a digital image portion, that contains identifying information. Digital watermark would not be destroyed as if signal altered the hidden information could no longer be determined by any imperceptible processing of the overall signal. A digital watermark should not be distorted or lost when the signal is passed through a conversion and compression process. Watermarks can be encrypted to increase the resistance of the DRM system to hackers. It is possible to identify watermark in the media file but a decryption code is needed to decipher the watermark messages. Digital watermarks can be added to any type of media files such as digital video and audio. Video watermarking is performed by adding slightly modifying the colors and/or light intensities in the video in such a way that viewer does not notice the watermarking information. Audio watermarking is performed by adding audio tones above the normal frequency or by modifying the frequencies and volume level of the audio in such a way that the listener doesn’t notice the watermarking information. This process can be understood pictorially as below:

Digital Fingerprint – This is a unique set of characteristics and data that is associated with a particular data file, transmission system or storage medium. In this technique a unique ID is embedded into each user’s copy, which can be extracted to help identify the culprits when an unauthorized leak is found. This technique is being used in DRM to protect multimedia from unauthorized distribution.

Problems with DRM - DRM purpose is to provide technical means to assure that the copyright holders can maintain control of their content by restricting use of digital copies but this becomes controversial as DRM imposed limitations on the content might not match the fair use of contents as per rights granted by the owner or copyright holders. DRM schemes are also very complicated and prevent effective archive management and historical research. Once content is compromised viz. copied from a medium without DRM it can be widely available on internet. The use of DRM on computer software might lead to uninstall and install operating system or buying a new computer which might lead to lose the license acquired for the content. Few shortcomings of DRM can be listed as below:

1. There are many methods to bypass DRM control on audio and video content. A very simple method to bypass DRM on audio files is to burn the content to a CD and then extract it into DRM free files. It is possible only when DRM allows CD burning.

2. Audio or video content can be recorded by another audio and video recorder into another device or computer into a non DRM protected file format.

3. Many DRM systems are designed to work on general purpose computing hardware such as PC. This scheme is never secured as the software includes all the information such as decryption keys. One can always extract this information and decrypt and copy the content, bypassing DRM systems.

4. Many DRM schemes use encrypted media which requires special purpose built hardware to listen or view the content. It is extremely difficult to build the hardware to protect the secret key.

5. Digital watermarks can easily be removed with some degradation of video or audio quality.

6. When standards format change it is difficult to transfer DRM restricted content to new media. Also, any system which requires an authentication from a server might be problematic if server becomes unavailable.

In continuation of this article we will next discuss one popular DRM technique. Stay tuned.

Thanks,

Abhishek Anurag.