Ch 7 Multimedia Security Arini, ST, MT arinizul@gmail. Com [email protected].

Ch 7Multimedia Security

Arini, ST, MTarinizul@gmail. [email protected]

Contents

MotivationGoalsWays

Authentication : Data Hiding (watermarking & Steganography), Digital Fingerprint /signature

Confidentiality : Encryption

Integrity : hash (Digital Fingerprint /signature)

Access Control :

Non repudiation : third partyDigital Rights Management (DRM).

I. MotivationThe recent growth of networked multimedia

systems has increased the need for the protection of digital media

Digital media • Audio

• Video

• Documents (including HTML documents) : email

• Images

• Graphic or Scene Models

• Programs (executable code)

I. MotivationElectronic/digital media Record conditions :

1. Very easy to make copies : ???

2. Very fast distribution

3. Easy archiving and retrieval

4. Copies are as good as original : ???

5. Easily modifiable : ???

6. Environmental Friendly

I. MotivationWithout such methods, placing images, audio

or video sequences on a public network puts them at risk of theft and alteration.

Techniques are needed to prevent the copying, forgery and unauthorized distribution of multimedia elementsThis is particularly important for the protection

and enforcement of intellectual property rights. • Copyright protection involves the authentication

of media ownership, and the identification of illegal copies of the (possibly media.

II. Goals Goals of Multimedia streams (Multimedia Security)

Secure communications

Secure delivery : • Copyright protection (originality)• Prevent forgery, illegal copying, illegal distribution

(Integrity)• Tamper proofing, • Access control • visual encryption

Secure Internet/Network :

III. Ways (Approaches)Cryptography Techniques :

Multimedia Authentication• Multimedia Signature & Watermark

Multimedia Confidentiality (Encryption)

Multimedia Identifications and Access Control

Multimedia Integrity

Multimedia Non-repudiationsImplemented into : Digital Right Management

Watermarking, steganography, digital signature, fingerprint

3.1. Cryptography Techniques 1. Authentication: providing assurance of the identity of the

multimedia data sender (assure the credibility of multimedia content) Primary tool: Digital signatures (data hiding : watermarking, steganography)

2. Confidentiality: protecting multimedia data from unauthorized disclosure (Secure content transmission privacy) Primary tool: Encryption (DES, AES, RSA, Diffie Hellman, ….., )

3. Integrity: providing assurance that multimedia data has not been altered in an unauthorized way (Assurance that data received is as sent) Primary tool: Hashing

4. Access Control Prevention of unauthorized use of a resource (Protect multimedia data from

illegal distribution and theft)

5. Non-repudiation: preventing a party from denying a previous action. (Protection against denial by the parties in a communication) Primary tool: Trusted third party service

3.1.1. Authentication

Authentication techniques : Passive Authentication

• Three Image tampering (Enhancing, Compositing, Copy/Move)

Active Authentication• Data Hiding :

– Watermarking (Embedding techniques, Application, Types (Visible&Invisible), Alliance Member

– Steganography

• Digital Signature/Digital Fingerprint

3.1.1.1. Passive AuthenticationNo requirement of knowledge of

original image.Does not rely of presence of watermark

or fingerprint.Identify media tampering methods.

Example : Three image tampering (enhancing, compositing & copy/move)

a. Three Image TamperingThere are three main categories of image

tampering:Enhancing

Compositing

Copy/Move

1. Enhancing

Changing the color of objects

Changing the weather conditions

Blurring out objects

2. Compositing

Combining two or Combining two or more images to create more images to create

a new imagea new image

Compositing / Re-sampling Detection

Original Image Tampered Image

Periodic pattern in FourierTransform of altered region

Fourier Transform of unaltered region

3. Copy-Move

Copying regions of the original image and pasting into other areas.

The yellow area has been copied and moved to conceal the truck.

Copy-Move Detection

Original Image Tampered Image

Original Image Tampered Image PCA Detection

3.1.1.2. Active AuthenticationAssess methods available for protecting media.Require knowledge original imageRely on :

Data Hiding : • Watermarking/Digital watermarking • Steganography

Digital Fingerprint/signature

Algorithm/key used to embed the watermark or fingerprint.

3.1.1.2. Active Authentication

3.1.1.2.1. Data Hiding Watermarking

Steganography

3.1.1.2.2. Digital Signature/Fingerprint

Extractionfunction

M(L)

Channel

Retrieved information

M(L)

Key

Original data

Information to embed

Embeddingfunction

^

3.1.1.2.1. Data Hiding

A. Watermarking/Digital Watermarking

Watermarking is a concept of embedding a special pattern into the Audio, video, image and text a given piece of information, such as the owner’s or

authorized consumer’s identity, is indissolubly tied to the data.

This information can later : • prove ownership,

• Identify a misappropriating person,

• Trace the marked document’s dissemination through the network,

• Or simply inform users about the rights-holder or the permitted use of the data

Allows users to embed some data into digital contents

When data is embedded, It is not written at header part but

embedded directly into digital media itself by changing media contents data

A. Watermarking/Digital Watermarking

OriginalInformation

WatermarkedInformation

a. Embedding TechniquesSpatial domain

Watermark embedded by directly modifying the pixel values.

Usually use spread spectrum approach. Original needed (Non Blind) Original not needed (Blind)

Frequency domain Original needed (Non Blind) Original not needed (Blind) Usually use Transform domain watermarking-

Watermark embedded in the transform domain e.g., DCT, DFT, wavelet by modifying the coefficients of global or block transform.

Spatial Domain

Spatial watermarking example

Original image Watermarked image

Spread Spectrum

Spread Spectrum

Frequency Domain

Watermarking signal to embed

Host signal

Frequency components

Embedding

Extraction

NvvvV ,...,, 10

NxxxX ,...,, 10

NfffF ,...,, 10

iii xff

iii ffx

Frequency Domain

DCT phase modulation (embed m bits)

Embedding algorithmRandomly select a group of low frequency

DCT coefficients using a key.

Generate a binary message as a watermark.

Set the phase of the selected coefficients in accordance with the embedded watermark.

Decoding algorithmUse the same key to select the coefficient.

Extract the sign of the selected coefficients and decode according to the embedding rule.

b. Application of WatermarkingRights management : copyright

Owner Identification

Proof of Ownership

Transaction Tracking and serialization productLinking, E-Commerce

Contents management Copy Control Access/copy control

Authentication&Integrity Content Authentication

MonitoringFiltering & Classification

b1. Copyright

Audio/Video MasterEmbed Copyright

and Content ID DWM

Content Owner

Provider Index Database Location

(Centralized or Distributed)

User’s PC

Rip SoftwareCompressed Audio/Video

File (e.g. MP3 file)

User SoftwareDetect Copyright and Content ID DWM for Secure and Enhanced

content

Rights & Info Database

Content ID linked to rights,

information and related

content

b2. Serialization & Tracking Identifies content owners and rights while communicating copyright

information Awareness of watermarked content by consumer creates deterrent against

unauthorized copying and distribution Provides accurate identification of source of unauthorized content

discovered on the Internet and/or physical media

Protected for privacy

(1) At Point of Distribution

(2) At point of copying/re-distribution

Recordable Media

EmbedSerial # (2)

EmbedSerial # (1)

Content ID

Retail Content

Content Provider

Track and take proper action

DetectSerial

Number

b2. Connected Content/Linking

Captured CD e-logo links to web and music downloads

DOWNLOAD Ring tones Buy tickets Reviews

Tour dates Samples

Band info

Promoting & Facilitating M-Commerce

Location based services

Multimedia access

Streaming audio Music Multimedia Bookmarking

b3. Filtering & Classification

Filtering can occur at the whole content level and/or at a more granular level identifying copyrighted, sensitive and/or questionable material for the given audience

May be key element of identifying copyrighted content to support legitimate P2P distribution

Copyrighted

Non-CopyrightedContent Filter

Access Legitimate

Copy or License

c. Types of WatermarkVisible

A visible information which is overlaid on the primary media

Invisible The information which cannot be seen, but

which can be detected algorithmically

c1. Visible Watermark

Logo or seal of the organization which holds the rights to the primary media It allows the primary information to be

viewed,

But still marks it clearly as the property of the owning organization.

Overlay the watermark in a way which makes it difficult to remove, if the goal of indicating property rights is to be achieved.

Visible Watermark

c2. Invisible WatermarkEmbedding level is too small to noticeCan be retrieved by extraction softwareApplications: Authentication, Copyrighting

c2.1. Fragile WatermarksDesigned to detect every possible change in

pixel values .Variety of Techniques

Most cases, the watermark is embedded in the least significant bit (LSB) of the image.

Advantages: Pick up all image manipulations – malicious and

non-maliciousDisadvantages: Too sensitive

Break very easily under any modification of the host signal

Used for tamper detection or as a digital signature.

c2.2. Semi-Fragile WatermarksThey are robust, to a certain extent, and

are less sensitive to pixel modifications. Techniques:

Divide image into blocks and utilize bits from each block to calculate a spread spectrum noise like signal which is combined with DCT coefficients and inserted as a watermark.

• Review slide number : 27-28 Advantage: less sensitive than fragile

watermarks Used for data authentication. Disadvantage : brake very easily to other

attacks.

Example : Video

Raw video watermarkingDFT

DCTDWT : DWT-based Video Watermarking

Scheme with Scramble Watermark

Watermarking I-frame (Mpeg-1,2)Video object watermarking (Mpeg-4)

Example : Digital Cameras

Watermarking based on secret key, block ID and content. The image is divided into blocks and each

block watermarked using a frequency based spread spectrum technique incorporating the secret key, block ID and block content.

Image of photographers iris is combined with the camera ID, the hash of the original image and other details specific to the camera.

The previous techniques will only detect and localize areas of interest when authentication is carried out.

The watermark should be permanently intact to the host signal

Used for copyright protection. Advantage: Potential for original data to be

retrieved.Disadvantage: Removing the watermark result in destroying the

perceptual quality of the signal (lost information

c2.3. Robust /Self Embedding

d. Digital Watermarking Alliance

e. Limitations of digital watermarking

Digital watermarking does not prevent copying or distribution.

Digital watermarking alone is not a complete solution for access/copy control or copyright protection.

Digital watermarks cannot survive every possible attack.

f. Watermark attacksRobustness attacks:

Intended to remove the watermark. JPEG compression, filtering, cropping, histogram equalization additive noise etc.

Presentation Attacks: Rotation, scaling, translation, change aspect ratio,

line/frame dropping, affine transformation etc. Counterfeiting attacks:

Render the original image useless, generate fake original, dead lock problem.

Court of law attacks: Take advantage of legal issues.

Steganography is the science of hiding information in such a way that no one suspects the information exists both perceptually and statistically (the only the recipient knows of its existence)

Steganography is usually combined with cryptography. With cryptography the information is known to exist,

but it is encoded in such a way that only the intended recipient can read it.

The word Steganography is of Greek origin and means “covered, or hidden writing.”

Steganographic messages will generally appear as something else such as a picture or a text file.

Provide security

B. Steganography

What to hideTexts

Images

SoundHow to hide

embed text in text/images/sound files

embed image in text/image/sound files

embed sound in text/image/sound files

a. History of SteganographyDates back to 440 BC

Heredotus and wax tablets

Histiaeus and his tattooed slave

Later in the 1500’s Johannes Trithemius Steganographia

World War II Micro Dots

Doll Woman

Pueblo Incident in 1968 Sign Language Photos

b.How does it work now?

DataEncrypt

Encrypted Data

CarrierMedia

Steganogram

Application

Hiding in text, images, audio, videoHiding data in unused/reserved disk spaceHiding data in software and circuitryHiding in network packets in TCP headers

for example by utilizing the reserved bits

C. Example : LSBHidden messages can also be implemented

into audio files using the LSB method.Sounds and noises at the LSB level can not

typically be heard by the human ear.

Therefore when playing the original file it sounds just like a normal .wav or .mp3 file

However it can be decrypted to reveal another sound file or any file for that matter.

The File must be big enough to hold hidden message (avoid the information existence)

1. Image LSB

Least significant bit (LSB) encoding Replace the LSB of each pixel with the secret

message

Pixels may be chosen randomly according to a key

Comments: The simplest and most common

steganographic tech.

Premise = change to the least significant bit will be masked by noise commonly present in images.

The one’s bit of a byte is used to encode the hidden information.

Suppose we want to encode the letter A (ASCII 65 or binary 01000001) in the following 8 bytes of a carrier file.01011101 11010000 00011100 1010110011100111 10000111 01101011 11100011becomes01011100 11010001 00011100 1010110011100110 10000110 01101010 11100011

Typical .wav file uses 16 bit sampling.

2. Text LSB

Variations of LSBUse password as a seed for pseudo

random number generator.

Use only those bytes separated by the value of the next random number to hide data.

Advantages - More difficult to detect and decode.

Disadvantage – Limits the number of bytes that are available for holding the payload.

Cryptography usually used in conjunction with steganography Provides an extra layer of security.

Makes the existence of a hidden message more difficult to detect.

The LSB of a digital audio or video file tends to resemble noise.

The most significant bits tend to be grouped in blocks. For example, the ocean background has a large block of bits where r = 0110xxxx g = 1010xxxx b = 1110xxxx

Thus when encoding this data in the LSB there will be a repeating pattern: 0110xxxx1010xxxx1110xxxx.

Encryption randomizes this data so it looks like noise again.

c. Example : Popular Programs

S-Tools Image

Steghide .bmp .wav .au

MP3Stego .mp3

SnowText filesE-Mail

1. S-Tools One of the most reliable tools for steganography is

S-tools This program was created in 1994 by Andy Brown

There has been no updates since then because of its encryption algorithm, Nearly impossible to break

Includes programs that process GIF and BMP images, process audio files and will even hide information in the unused areas of the floppy diskettes

Why S-tools is so good for this!

4 different types of encryptions to choose from IDEA, DES, Triple DES, MDC

The password is entered and confirmed by the user and then is encrypted using the desired algorithm

To reveal any image one must know the password along with the encryption algorithm

This makes it extremely difficult to break even using a brute force attack.

3.1.1.2.2. Digital Fingerprint/signatures

Basic functionalityProcessesAsymmetric encryptionCertificationUser’s realisation

A. Basic Functionality

Digital Fingerprinting is an emerging technology to protect multimedia from unauthorized redistribution. It embeds a unique ID into each user's copy,

which can be extracted to help identify culprits when an unauthorized leak is found, that identifies the originator of a document.

It utilizes asymmetric encryption, where one key (private key) is used to create the signature code and a different but related key (public key) is used to verify it.

A. Basic Functionality

A powerful, cost-effective attack is the collusion attack from a group of users,

where the users combine their copies of the same content but with different fingerprints to generate a new version.

If designed improperly, the fingerprints can be attenuated or even removed by the collusion attack.

B. Processes

Message+

Signature

Message+

Signature

HashHash

DecryptSignature

With Sender’s Public Key

DecryptSignature

With Sender’s Public Key

SIGN hashWith Sender’s

Private key

SIGN hashWith Sender’s

Private key

Message+

signature

Message+

signature

COMPARECOMPARE

Calculated Hash

Calculated HashMessageMessage

Sender Receiver

HashHash

Signed Message

Sent thru’ Internet

if

OKSignatures

verified

Hash function : algorithm which creates a digital representation in the form of a hash result of a standard length which is usually much smaller than the message but substantially unique to it

Generally : Each individual generates his own key pair

• a pair of keys, namely a private key and a public key

[Public key known to everyone & Private key only to the owner]

Private Key – Used for making digital signature (ie. has to be saved, e.g. using a chip card with a PIN )

Public Key – Used to verify the digital signature Public key can be accessible for everyone,

• but its owner’s identity has to be identifiable without problems to guarantee authentication (certificate)

Not possible to generate the Private key by knowing someone’s Public key

B. Processes

RSA Key pair (including Algorithm identifier)

[2048 bit]

Private Key3082 010a 0282 0101 00b1 d311 e079 5543 0708 4ccb 0542 00e2 0d83 463d e493 bab6 06d3 0d59 bd3e c1ce 4367 018a 21a8 efbc ccd0 a2cc b055 9653 8466 0500 da44 4980 d854 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1 463d 1ef0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824 1a25 193a eb95 9c39 0a8a cf42 b2f0 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16 6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d1 6559 b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff 9634 04e3 459e a146 2840 8102 0301 0001

Public Key3082 01e4 f267 0142 0f61 dd12 e089 5547 0f08 4ccb 0542 00e2 0d83 463d e493 bab6 0673 0d59 bf3e c1ce 4367 012a 11a8 efbc ccd0 a2cc b055 9653 8466 0500 da44 4980 d8b4 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1 463d 1df0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824 1a25 193a eb95 9c39 0a8a cf42 b250 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16 6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d1 6559 b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff 9634 04de 45de af46 2240 8410 02f1 0001

B. ProcessesDigital signature creation (Sender Side) :

Generating message’s digest (hash result) and a given private key

• Result of the encryption: digital signature Sender send :

• Message with digital signature and certificate to receiver

Message HashFunction

HashResult

SigningFunction

PrivateKey

DigitalSignature

Message

To Verifier

Only Private KeyHolder Can Sign

create.vsd

B. ProcessesDigital signature verification (Receiver Side) :

Receiver wants to check• Integrity

– Generating hash result, compare it to the sender’s hash result and decrypting the message with the sender’s public key

• Authenticity– Can be checked by means of the certificate

HashFunction

HashResult

VerifyFunction

PublicKey

Anyone Can Verify

From Signer

DigitalSignature

Message

Valid Y/N?

sigver.vsd

C. Digital Signature Features

Signer Authentication : A signature should indicate who signed a document,

message or record, and should be difficult for another person to produce without authorization.

Message Authentication: The digital signature also identifies the signed

message, typically with far greater certainty and precision than paper signatures. Verifi ca tion reveals any tampering, since the comparison of the hash results

Affirmation Act : Signatures are legally binding

Efficiency : Allows for automation of modern Electronic Data

Interchange (EDI).

D. Advantages of Digital Signatures Data integrity

Digital signatures provide proof that the document or message has not been altered or tampered with.

Authentication of Identities Digital signatures make it easier to verify

the identity of senders and recipient. Concept of non-repudiation

This means that neither the sender nor the recipient can deny having sent or received the document.

Includes an automatic date and time stamp, which is critical in business transactions.

Increase the speed and accuracy of transactions

E. Disadvantages of Digital SignaturesTechnological Compatibility

Refers to standards and the ability of one digital signature system to "talk" to another. It is difficult to develop standards across a wide user base.

Security Concerns These efforts are perpetually hampered by

lost or borrowed passwords, theft and tampering, and vulnerable storage and backup facilities.

Legal Issues There is clear consensus that digital

signatures should be legally acceptable. However, many questions remain unanswered in the legal arena

F. Challenges

Institutional overhead The cost of establishing and utilizing

certification authorities, repositories, and other important services, as well as assuring quality in the performance of their functions.

Subscriber and relying Party CostsA digital signature will require

software, and will probably have to pay a certification authority some price to issue a certificate. Hardware to secure the subscriber’s private key also be advisable.

G. Digital Signatures Example : Text<Signed SigID=1>

Promissory Note

I, Mary Smith, promise to pay to the order of First Western Bank five thousand dollars and no cents ($5,000) on or before June 10, 1998, with

interest at the rate of fifteen per cent (15%) per annum.

Mary Smith, Maker

</Signed><Signature SigID=1 snID=smith082> 2AB3764578CC18946A29870F40198B240CD2302B2349802DE002342

B212990BA5330249C1D20774C1622D39</Signature>

Based on the concept of public key encryption.

Hashed version of image is encrypted using a private key.

Encrypted file provides a unique signature/fingerprint of the image which can be used to authenticate by decryption with public key.

Mainly used in transmission of images.

H. Example : For Image

I. Example : Digital Cameras

Epson Image Authentication System (IAS)The IAS software in the camera instantly

seals the captured images with an invisible digital fingerprint.

Verification of image is achieved by any PC with Image Authentication System software installed

3.1.2. ConfidentialityEncryption is a powerful tool for access

control and confidentiality protection

A. Encryption Algorithym

Data Encryption Standard (DES) The most widely used encryption scheme

DES is a block cipher – the plaintext is processed in 64-bit blocks

The key is 56-bits in length

Based on Feistel Cipher Structure Triple DES

Effective key length of 112/168 bits Advanced Encryption Standard (AES)

128-bit data, 128/192/256-bit keys

Stronger & faster than Triple-DES

Others

RSARC4RC6IDEAPGPPEMKerberos

B.Multimedia Encryption Approach Signal scrambling

Historical approach Not compatible with modern multimedia

compression Fast speed but low security

Total encryption with cryptographic ciphers Trivial solution High security but slow speed

Selective encryption Most popular approach today Limited in its range of application

Integrating encryption into entropy coding Complementary to selective encryption Very fast computation speed

Selective Encryption Select the most important coefficients and then

encrypt them with traditional ciphers such as DES

Advantages Lower complexity High security level provided by traditional cryptology Less error correction coding redundancy Compatible with existing software and hardware

modules

MediaCompression

System

Coefficient

Selection

CryptographicCipher

ErrorCorrection

Coding

DigitizedAudiovisual

data

Coefficients SelectedCoefficients

Non-selectedCoefficients

Transmission channel or storage media

3.1.3. IntegrityHashing process have discussed a little

bit at the confidentiality materials Hash algorithm :

3.1.4. Access Control See Encryption

3.1.5. Non repudiationThird party : search by yourself

3.2. Digital Rights Management A broad term used to describe a number of techniques

for restricting the free use and transfer of digital content. DRM is used in a number of media, but is most

commonly found in video and music files. They therefore reinterpret DRM to stand for Digital

Restrictions Management.

The identification and description of intellectual property, rights pertaining to works and to parties involved in their creation or administration (digital rights management)

The (technical) enforcement of usage restriction (digital management of rights).

3.2.1. A functional definition of DRM

Requirements Identification (unique identifier of the work)

Clear description (Metadata)

Usage rules

DRM tools Identify the work, the right holder

Describe the content

Allow use according to the rules

3.2.2. Requirement & Tools

3.2.3. DRM Technical Solution CONDITIONAL ACCESS (CA) SYSTEMS FOR SATELLITE, CABLE AND TERRESTRIAL TELEVISION NETWORKS DIGITAL RIGHTS MANAGEMENT (DRM) SYSTEMS FOR THE INTERNET COPY PROTECTION (CP) SYSTEMS FOR DIGITAL HOME NETWORKS

DVD PROTECTION

DIGITAL TAPE PROTECTION

DIGITAL INTERFACE PROTECTION IP MULTICAST SECURITY

SECURE MULTICAST APPLICATIONS

CORE PROBLEM AREA IN MULTICAST SECURITY

EVALUATION CRITERIA

CLASSIFICATION OF KEY MANAGEMENT SCHEMES

PERIODIC BATCH REKEYING WIRELESS NETWORKS AND MOBILE MEMBERS

TWO-TIER SERVER ARCHITECTURE

DESIGN CRITERIA

MOBILE MEMBER JOIN AND LEAVE

MOBILE MEMBER TRANSFER SECURITY OF WIRELESS LANS

WIRED EQUIVALENT PRIVACY (WEP)

WHAT’S WRONG WITH WEP?

IMPROVEMENTS ON WEP LEGAL SOLUTIONS

WORLD INTELLECTUAL PROPERTY ORGANIZATION (WIPO)

DIGITAL MILLENIUM COPYRIGHT ACT (DMCA) OF 1998

CONSUMER BROADBAND AND DIGITAL TELEVISION PROMOTION ACT (CBDTPA) OF 2002

CONSUMERS, SCHOOLS, AND LIBRARIES DIGITAL RIGHTS MANAGEMENT AWARENESS ACT OF 2003

3.2.3.1. Content Scrambling System (CSS)

One of the first and most widely contested DRM, used to encode DVD movie files. This system was developed by the DVD Consortium as

a tool to influence hardware manufacturers to produce only systems which didn't include certain features.

By releasing the encryption key for CSS only to hardware manufacturers who agreed not to include features such as digital-out, which would allow a movie to be copied easily, the DVD Consortium was essentially able to dictate hardware policy for the DVD industry.

Very quickly after the CSS DRM was implemented, its algorithm was broken.

3.2.3.2. DeCSS

Tools for making copies of CSS-encrypted movies and playing them on systems that otherwise would not be able to, such as some alternative operating systems.

The Digital Millennium Copyright Act in the United States makes it illegal to use systems such as DeCSS to bypass DRM limitations.

Similar acts have since been passed in many countries.

Many advocates in the computer science world see the DMCA as a major blow against creative freedom because of its overly harsh restrictions.

Game consoles (Nintendo, Sony Playstation, …)

Microsoft software (Genuine certificate verification)

Trial use of a software for a limited period of time

Online registration to activate the software

3.2.3.3. Software Example