Category Archives: Technology

ACM DRM 2010

Posted on by
Reply

Thursday, October 28, 2010

The 9th ACM Workshop on Digital Rights Management was held in Chicago on October 4, 2010. The conference was sponsored by Microsoft and Technicolor.

Following is a short highlights of my preferred papers:

  • The privacy of tracing traitors , Moni NaorHe presented mainly issues about privacy in the case of statistical analysis of largely populated databases. He presented his recent works (2008) on how to sanitize such databases while maintaining differential privacy. The idea is to present a fake database that should have the same answers than the real one but without the actual data. This is extremely computing hungry.

    The link with traitor tracing was dim. The conclusion was that traitor tracing is possible if and only if sanitizing is hard. The not surprising conclusion is that traitor tracing and privacy are contradictory.

  • A General Model for Hiding Control Flow, Jan Cappaert (UKL)This presentation was about software tamper resistance, more specifically obfuscation. The idea is to enhance the flattening Control Flow Graph with relative values rather than local values plus the use hash. They propose a switch function as template.
    Worthwhile to read. It was most probably one of the best paper of this workshop (at least according to me).
  • Is the Internet a Foe or a Friend to Theatrical Releases and the Motion Picture Industry?, Warren LieberfarbHe presented the history of the video distribution highlighting that each threat ended up as an opportunity. Then, he pleaded for a standard endorsed by all studios that would encompass a removable tiny storage media (NAND flash based) and a robust DRM with forensics capabilities. In other words, vertical interoperability.
    The audience was captivated. Warren is a pionneer of video and knows perfectly the history of video distribution being one of its early actors. I am sure that many people in the audience discovered several interesting stories.
  • An Interoperable Usage Management Framework, Pramod JamkhedkarA framework that attempts to unify the different RELs independently from the execution platform. It should unify both declarative RELs and logical RELs. The approach is object oriented and focus on the REL and not the enforcement.
    Highly theoretical work.

I presented a paper, co-authored with ROBERT Arnaud (Disney) about Interoperable Digital Rights Locker.

The full program is available here.

But(t) Authentication

Posted on by
Reply

No, I’m not turning my blog into a porn site. I just refer to a recent paper from FERRO M., PIOGGIA G., TOGNETTI A., CARBONARO N., and DE ROSSI D. These extremely serious Italian researchers have published “A Sensing Seat for Human Authentication“.

We know many biometrics authentications using voice, finger, palm, or iris. We had recognition through the way you walk, or the way you type. This one is recognition through the way you seat.

The seat is equipped with a set of strain sensors. These sensors show piezoresistive properties that can be turned into a digital fingerprint of the seating person. the paper describes the system, explains the measuring methods. They tested their system on 20 people over a period of 20 days in a truck simulator. The True Acceptance Rate is about 90-95%. The False Acceptance Rate was about 5%.

The researchers acknowledge that there are may parameters in the real world that may impact these rates such as movements and vibrations and changes of the human profile. A wallet in the pocket may derail the system. Too many hamburgers during a long period most probably also  :Wink:

The target is automotive industry. They foresee to couple it with face and voice recognition.

Thanks to BC for the pointer.

Torrent Tweet

Posted on by
Reply

BitTorrent has just launched a new add-on to the P2P client µTorrent (or utorrent): Torrent tweet . The name of the apps is self explanatory. It is a new way to share or chat about a given torrent. The central server, using the hash tage of the torrent, adds a unique tinyurl in the tweet. Thus, it is extremely easy to point to a torrent.

We may be skeptical about its wide usage. File sharing is often done under cover. And anonymity is probably not the salient characteristic about Twitter. Nevertheless, the use is starting and spreading. Some doubts? Choose the last movie you’ve seen at theater. Search for its torrent on Twitter, for instance “Salt + Torrent”. You’ll be surprised by the result.

BitTorrent has created a new convenient way to share torrents  :Happy:  When will we see cease and desist notice through twitter?

UltraViolet

Posted on by
Reply

End of July, DECE made a new move: the creation of a trademark name that should identify the interoperable products defined by DECE. The trademark is UltraViolet.

Since several years, a large consortium of companies known as DECE defines the specifications of an interoperable solution for content delivery based using the concept of digital rights locker. With UltraViolet, DECE starts to educate consumers.

Is UltraViolet already in the shop? No. Will it be soon? I don’t know, but I will let you make your guess with this quote from the official site about the roadmap.

Ambitious undertakings like UltraViolet take time to be fully deployed in the global market. Keep an eye out as key components are introduced on the ”Road to UltraViolet”

The previous site http://www.decellc.com/ points now directly to the new address of UltraViolet

If you want to learn more about Digital Rights Locker, meet me and Arnaud Robert (Disney) at ACM DRM workshop where we will present a paper describing the basics of rights locker.

BOSS

Posted on by
Reply

The GIPSA lab of INPG Grenoble organizes BOSS (Break Our Stegano System) challenge. Attackers will have access to a database of 1,000 pictures. Half of them are steganoed using a system called HUGO. The payload will be the same for every steganoed picture. Attackers have the source code of HUGO. The objective is to discriminate through steganalysis the stega pictures from the cover pictures.

The challenge is interesting. Regularly, the newspapers disclose story of unlawful people using steganography to hide message on the web. In these stories, the attackers/governmental agencies have not the advantages of knowing the used algorithms.

BOSS should remind you BOWS2. The GIPSA lab organized the same type of challenge but for watermark.

From Pirate Bay to Flattr

Posted on by
Reply

Flattr is a new Swedish “social network”. The goal of Flattr is to remunerate the creators of content you like on the Net. Our does it work?
You have to register and define a monthly sum that you will distribute. Once registered, you can add a flattr button on any of your content (blog, videos, pictures, songs…). When a flattr member likes your content, he pushes the corresponding button. Of course, you do the same. At the end of the month, your monthly sum will be equally shared between the contents you liked. The corresponding value will be credited on the account of each content owner you liked. Let’s suppose that your monthly sum is 2€. If you clicked on 10 buttons, each creator will receive 0.2€. If you clicked only once, the happy creator will be granted 2€. If you did not click, the 2€ will be given to a charity.

It is a nice business model. Flattr takes a fee of 10%. It uses a kind of micropayment.

Some potential issues:

  • It will only work if there is a network effect. For that, they need to have attractive content in other words get the buy-in of creators
  • Attractive content? One of the potential issues is the ownership of a piece of content. How to prove the ownership? How to avoid appropriating copyrighted contents?

Why such cryptic title? Does Sweden not give you a hint? One of the founders is Petter Sunde. Petter Sunde is also one of the founders of The Pirate Bay.

In any case, an interesting initiative to follow up.

Identifying providers and downloader in BitTorrent

Posted on by
1

A team of five INRIA researchers presented an interesting paper at 3rd Usenix workshop on large Scale Exploits and Emergent Threats: Spying the World from your Laptop – Identifying and Profiling Content Providers and Big Downloaders in BitTorrent. The title says everything.

Using a single machine and some “flaws” in BitTorrent protocol, they collected and analyzed 148 million IP addresses involved in more than 2 billion instances of downloads. Then, they tried to identify the content providers and the big downloaders.

For instance, for the content providers (i.e. the person who generated the first torrent of a content), they spied the tracker sites to identify new torrents. If a torrent appeared with only one source address, then it was the address of initial content provider!

With no surprise, they discovered that most of the illegal contents are provided by a limited number of content providers. The distribution shape is very long tail oriented. The top 100 contributors provide about 30% of the contents on BitTorrent! The hosting centers of the initial seeds are mostly in France and Germany but the content providers themselves were from other countries.

Interestingly, they discovered that big downloaders where often hidden behind proxies, Tor or VPN. They also identified some monitoring “sites”.

A nice view of the P2P activity.