sign in sign up
<<
Home , Consumer electronics, Multimedia

Signal Processing: Image 16 (2001) 681}699

An overview of content protection in consumer devices Ahmet M. Eskicioglu *, Edward J. Delp 

Thomson , Corporate , 101 W. 103rd Street, Indianapolis, IN 46290-1102, USA  and Image Processing Laboratory (VIPER), School of Electrical and , Purdue University, West Lafayette, IN 47907-1285, USA Received 15 March 2000; accepted 10 August 2000

Abstract

A digital is a cluster of digital audio/visual (A/V) devices including set-top boxes, TVs, VCRs, DVD players, and general-purpose computing devices such as personal . The network may receive copyrighted digital multimedia content from a number of sources. This content maybe broadcast via satellite or terrestrial systems, transmitted bycable operators, or made available as prepackaged (e.g., a digital tape or a digital video disc). Before releasing their content for distribution, the content owners mayrequire protection byspecifyingaccess conditions. Once the content is delivered to the consumer, it moves across the home network until it reaches its destination where it is stored or displayed. A copy protection system is needed to prevent unauthorized access to bit streams in transmission from one A/V device to another or while it is in storage on magnetic or optical media. Recently, two fundamental groups of , encryption and watermarking, have been identi"ed for protecting copyrighted digital multimedia content. This paper is an overview of the work done for protecting content owners' investment in intellectual property.  2001 Elsevier Science B.V. All rights reserved.

Keywords: Multimedia; Copy protection; Cryptography; Watermarking; Consumer electronics; Digital ; Digital video disc; Digital video cassette; Home networks

1. Introduction deliveryof content to millions of households every day. Although legal institutions exist for protecting In the world, original multimedia intellectual property(trademarks and patents) content (e.g., text, audio, video and still images) is owned bycontent creators, complimentarytech- made available for consumers through a varietyof nical measures are needed to sustain "nancial re- channels. Modern distribution systems allow the turns and to ensure incentives for new creations. In order to see the increasing importance of protecting copyrighted content, one should under- * Corresponding author. stand an essential di!erence between old and new E-mail addresses: [email protected] (A.M. Eskicioglu), technologies for distribution and storage. Prior to [email protected] (E.J. Delp).  Portions of this work done byEJD were supported bythe the development of digital technologies, content sponsors of the Center for and Research in Informa- was created, distributed, stored and displayed by tion Assurance and Securityat Purdue University. analog means. The popular video cassette recorders

0923-5965/01/$ - see front matter  2001 Elsevier Science B.V. All rights reserved. PII: S 0 9 2 3 - 5 9 6 5 ( 0 0 ) 0 0 0 5 0 - 3 682 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699

(VCRs) of the 1980s introduced a revolutionary devices, such as personal computers, which can also wayof viewing A/V content, but ironicallyallowed be used to displayand store content. unauthorized copying, risking the investments Research conducted bythe CE and IT industries made in intellectual property. An inherent charac- has revealed two promising groups of technologies. teristics of , however, prevented Encryption-based technologies transform content piracye !orts to reach alarming proportions. If into unintelligible or unviewable form. This trans- a taped content is copied on a VCR, the visual formation, being reversible in nature, allows perfect qualityof the new, i.e., the "rst-generation, copyis recoveryof content. Both symmetricand public key reduced. Further generational copies result in no- ciphers are commonlyused for content securityand ticeablyless quality,decreasing the commercial authentication (see Section 4). Technologies based value of the content. Today, reasonably e$cient on watermarking serve several purposes: identi"ca- analog copyprotection methods exist, and have tion of the content origin, tracing illegal copies and recentlybeen made mandatory,in consumer elec- disabling unauthorized access to content. tronics devices to further discourage illegal analog This paper highlights recent developments in copying. An example of such a system was de- protecting copyrighted multimedia content. The veloped byMacrovision  wherebyfeatures of the exact details of the copyprotection systemswill analog composite video signal are modi"ed to pre- be omitted throughout the presentation due to vent copying. securityissues and for the protection of intellectual With the advent of digital technologies, new property. tools have emerged for making perfect copies of the original content. A quick review of digital repres- entation of data will reveal whygenerational copies do not lose their quality. A text, an image or a video 2. What is the copy protection problem? is represented as a stream of bits (0s and 1s). This representation can be convenientlystored on mag- 2.1. Problem dexnition and possible approaches netic or optical media. Since is a process wherebyeach bit in stream is The home network depicted in Fig. 1 mayreceive read and copied to the new medium, an exact content from a varietyof sources, including cable replica of the content is obtained. Such a capability operators, satellite or terrestrial broadcasters, and becomes even more threatening with the ever in- telephonycenters. Pre-recorded media is also con- creasing availabilityof , an immense and sidered to be a content source. A commonalityof boundless digital distribution mechanism. Protec- all these sources is that theyprotect the content in tion of digital multimedia content therefore ap- some private waybefore delivery.Examples are the pears to be a new and crucial problem for which protection provided bythe DirecTV Digital Satel- immediate solutions are needed. lite System (DSS) system and the Content Scramble Three major industries have a great interest in System (CSS) for . When the scrambled con- this problem: tent reaches the `boundariesa of the network, an 1. motion picture , authorized `access devicea (a DSS set-top box or 2. consumer electronics (CE) industry, a DVD player) descrambles the stream, and makes 3. information (IT) industry. it available for displayor storage. The content then The content owners are the motion picture has to be sent to a displayor storage device. studios. Their content (movies) is displayed or re- A global copyprotection framework needs to corded on devices manufactured byconsumer elec- address two problems: protection of content in tronics companies. The transmission and protection of content in storage. industrymanufactures general purpose computing Copyprotection technologies o !er methods and tools to prevent unauthorized access. The ap- proaches used in deploying these technologies can  http://www.macrovision.com/ "t into two broad categories: A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 683

Fig. 1. Sources of content for home networks.

With feedback provided bythe content owners, attack are discussed: the CE and IT industries have been developing E Commercial piracy: a commercial entity steals solutions in speci"c areas. The CSS, for example, content, makes a master, and begins making and provides protection for content recorded on DVD- selling illegitimate copies. None of the copypro- ROM discs (see Section 7). Other systems are pro- tection systems discussed in this paper help with posed for securing the IEEE 1394 interface, and this problem. Commercial entities that can cre- preventing unauthorized copies on recordable ate a facilitywill alwaysbe able DVDs (DVD-R/RW/RAM). to get to a clear bitstream, or simplyto duplicate An alternative approach is to develop global a pre-recorded content. The keyto "ghting this architectures based on removable securitydevices. type of piracy is tracing the source of the illegit- Such architectures are considered extensions of imate content and taking legal action. Water- conditional access systems, restricting viewing marking maybe of best use here. when the consumer does not have the correct en- E `Garagea piracy: an individual with smaller re- titlements (see Section 10). The National Renew- sources makes a few dozen or hundred illegit- able SecurityStandard (NRSS) provides a means imate copies and sells or barters them. It is also for separating the securityfunctionalityfrom navi- probablytrue that none of the copyprotection gational devices (see Section 9). systems can defeat this pirate. A `garagea pirate, The recording industryis another major player skilled in engineering, will be able to take apart in the copyprotection arena who has chosen a sep- his TV/VCR/STB, and probe a PC board for arate path to develop a solution for musical a clear bitstream (which is present in all current content. The recent launch of the Secure Digital products, and will be for several years). However, Music Initiative (SDMI) is an indication of the a useful deterrent is to void instrument the war- strong need for secure distribution of music (see rantyif it is so modi "ed. This will discourage Section 11). most of the population. Once again, legal means are probablythe onlywayto "ght this type of 2.2. Various types of attacks piracy, and watermarks may turn out to be help- ful as a tracing tool. It is important to keep in mind what attacks are E `Anta piracy: an individual wants to make a few supposed to be prevented in a copyprotection copies of something for his friends, relatives, or system. Generally, the following categories of even for his own use. In general, this person will 684 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699

have verylimited resources, and will not be zerland. It is responsible for the promotion of skilled in engineering. Ant piracyis prevented by the protection of intellectual propertythroughout the copyprotection systemsshown here. the world through cooperation among States, and the administration of various multilateral treaties 2.3. Design factors dealing with the legal and administrative aspects of intellectual property. All security systems based on encryption and Intellectual propertycomprises two main branches: watermarking are bound to be broken in time given E Industrial property: chie#yin inventions, trade- su$cient resources. Hence, a number of important marks, industrial designs, and appellations of factors need to be taken into consideration in de- origin. signing systems for protecting content in CE E Copyright: chie#yin literary,musical, artistic, devices. These include robustness, renewabilityand photographic and audiovisual works. cost. The number of member States as of 15 April 1999 Robustness: Refers to how strong the system is was 171. Members include Switzerland, member against conceivable attacks. Everysuccessful design states of the European Union, USA, China and should produce a securitysystemthat is su $ciently others. robust for the application it is used for. WIPO Copyright Treaty and WIPO Perfor- Renewability: When a protection system is mances and Phonograms Treatywere adopted by hacked, there must be a wayto replace it with a WIPO conference in Geneva on 20 December a new, more robust system. This general concept 1996 based on existing international treaties (the can be implemented in two fundamental ways. (1) Berne Convention for the Protection of Literary Replacement of renewable securitydevice: all the and Artistic Works as revised in Paris on 24 July securityfunctionalityis assigned to a renewable 1971, and the Rome Convention for the Protection device such a smartcard. When its secrets are dis- of Performers, Producers of Phonograms and closed, it is simplyreplaced bya new card. (2) Broadcasting Organizations of 26 October 1961). Revocation of CE device: the secrets are embedded Before becoming binding law in the member states, in the CE device, and cannot be removed. If the the provisions of the treaties have to be rati"ed by device is understood to be a pirate device, it is not the member States and national legislation has to allowed to receive copy-protected content. be amended. It is not mandatoryfor WIPO Mem- Cost: The CE industryis in a constant e !ort to ber States to ratifythe treaties; however, the most minimize the cost of manufacturing so that the end important Contracting Parties, among them the product is a!ordable for the consumer. Anyaddi- USA, were expected to do so. tional cost needs to be justi"ed from the consumer's The Digital Millennium Copyright Act (DMCA) viewpoint. [11] was prepared to amend title 17, United States There is a critical balance between the robustness Code, to implement the WIPO Copyright Treaty and cost of copy protection systems. A system and WIPO Performances and Phonograms Treaty, should neither be too expensive nor easilyhack- and for other purposes. It includes "ve titles: able. Ideally, every security system needs to be E WIPO Treaties Implementation, renewable to minimize the damage caused bya sys- E Online Copyright Infringement Liability Limita- tem hack. However, the transition to the new tion, system should be transparent to the customer. E Computer Maintenance or Repair Copyright Exemption, E Miscellaneous Provisions, 3. WIPO and digital millennium copyright act E Protection of Certain Original Designs. How the DMCA will be used to enforce copy The World Intellectual PropertyOrganization protection is an open question. The movie industry (WIPO) is an intergovernmental United Nations used the DMCA to sue individuals who attacked organization with headquarters in Geneva, Swit- the Content Scramble System (CSS) system. With A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 685 regard to watermarking, the applicabilityof the A stream cipher breaks the message M into suc- DMCA maynot be obvious. It is widelybelieved cessive characters or bits m, m, m,2, and en- that if one attempts to deliberatelyremove or at- ciphers each mG with the ith element kG of a key " tack a watermark then this a violation of the stream K kkk,2 A block cipher breaks the DMCA. However, does the DMCA require that message M into successive blocks M, M, M,2, a watermark has to be detected if one is present in and enciphers each MG with the same key K. the content? An example of symmetric and asymmetric key ciphers is shown is Fig. 2. When the two parties A and B want to communicate securely, each ap- proach introduces keymanagement problems. In 4. Basic concepts and de5nitions in cryptography case (a), both parties need to have a copyof the and watermarking symmetric key, the distribution of which is a non- trivial problem. The problem with case (b) is the To have a better understanding of the impact of authentication of the public keythat is used for protection methods on consumer electronics devi- encryption; A needs assurance that it has the public ces, we will start with a summaryof basic concepts keythat actuallybelongs to B. and de"nitions in cryptography and watermarking. Using public keycryptographictechniques, one can provide assurance about the integrityor relia- 4.1. Cryptography bilityof a public keyor other typesof data. This is usuallyreferred to as authentication [29]. There Cryptography [7,8,23,25,29] deals with the con- are two types of authentication protocols. In mess- cealment and protection of digital information. The age authentication, a partyis corroborated as the studyof cryptographictechniques is more than original source of speci"ed data created at some 400 years old. Shannon's 1949 paper [30] that con- time in the past. In entityauthentication, one nected cryptographic techniques with digital com- partyis assured of the identityof a second party munication theoryis thought bymanyto be the involved in a protocol, and that the second party beginning of `moderna cryptography [20]. has actuallyparticipated. A cryptographic system consists of "ve elements: a plaintext message space, a ciphertext message space, a keyspace, a familyof enciphering trans- formations, and a familyof deciphering trans- formations. In modern cryptosystems, the enciphering and deciphering transformations are public, only the keys need to be kept secret. Cryp- tanalysis is the science and study of `breakinga or attacking ciphers. Ciphers can be classi"ed according to two im- portant criteria: (1) symmetric versus asymmetric and (2) stream versus block. In a symmetric key cipher, enciphering and de- ciphering keys are the same or can easily be deter- mined from each other. Asymmetric key systems (public keysystems)di !er in such a waythat at least one keyis computationallyinfeasible to deter- mine from the other. The keyused for encryptionis publiclyavailable, while the corresponding decryp- tion keyshould be kept con "dential all the time [9,10]. Fig. 2. Encryption: (a) symmetric key, (b) asymmetric key. 686 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699

A digital signature [29], which associates a mess- the watermark under normal viewing or listening age with some originating entity, can be construc- conditions. There has been a tremendous amount of ted with public keysystems.Each digital signature work done in watermarking in the past 6 years [24]. scheme includes a signature generation algorithm Typical uses of watermarks include identi"cation and a signature veri"cation algorithm. A public key of the origin of content, tracing illegallydistributed certi"cate [23] is a digitallysigned message consist- copies, and disabling unauthorized access to con- ing of two parts which can be used to authenticate tent. A mature robust watermarking technology a public key. The `data parta includes the public should be resistant to manytypesof attacks and keythat is being authenticated, as well as other normal A/V processes such as noise, "ltering, re- information such as the issuer, the owner, and the sampling, cropping, , and A-to-D validityperiod of the public key.The `signature and D-to-A conversions. parta is the signature on the data part generated by There is an important di!erence between encryp- the issuer of the certi"cate. tion and watermarking in enforcing protection. With an encryption-based technology, it is possible 4.2. Watermarking to protect content (video or audio) because licensing allows the implementer to have access to the keys. If Watermarking [24,31] is the process of embed- keys are not available, content cannot be accessed. ding data (or controlled distortion) into a multi- Watermarks do not preclude access to the water- media element such as image, audio and video. This marked content. The receiving device needs to have embedded information, known as the watermark, the detection capability. Thus, a legal mechanism is can later be extracted from the multimedia and needed to enforce the manufacturers to implement used for securitypurposes [19]. In multimedia ap- detectors in devices. In the US, no such legislation is plications, the watermark should be invisible or expected in the future. Nevertheless, hybrid tech- inaudible to the human observer (visible water- nologies with encryption and watermarking may marking techniques do exist) [33]. A watermarking address this limitation through licensing. algorithm consists of the watermark structure, an embedding algorithm and an extraction or detec- 4.3. Multilayer protection by encryption and tion algorithm. Watermarks can be embedded into watermarking multimedia directly(e.g., the time domain) or after the multimedia element has been transformed (e.g., Encryption or watermark based technologies the discrete cosine transform) [6]. Performance can be independentlyused for protecting multi- issues include robustness to attack (attempts to media content. However, it is possible to implement remove the watermark), capacity(how bits can be both in the same application, providing a two-layer hidden in the multimedia) and how transparent is protection. As shown in Fig. 3, the content may

Fig. 3. Two-layer protection. A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 687 have been watermarked immediatelyafter creation. the keypolicyconsiderations to be weighed in The sending partyencryptsthe watermarked con- making decisions about speci"c technical and legis- tent to provide the second layer of protection. At lative proposals. Focusing on technical issues, the the receiving end, the stream is decrypted before other group identi"ed and evaluated the technical watermark detection takes place. approaches to protect content in analog or digital form, delivered bydirect electronic transmission or prerecorded media. After these presentations, the 5. The beginnings technical group, now known as the CopyProtec- tion Technical Working Group [2] (CPTWG), The work on copyprotection started almost four continued discussing copyprotection problems. It years ago. At the beginning of 1996, a bill was is still active today, having monthly meetings to drafted as a result of collaboration between con- discuss the current issues. sumer electronics companies and content owners. In the past three years, CPTWG formed working The `Video Home Recording Act of 1996a was groups to focus on speci"c problems [3]. Two of intended to amend title 17, United States Code, to the most active groups were the Digital Transmis- `govern the importation, manufacture and distribu- sion Discussion Group (DTDG) and the Data Hid- tion of digital motion picture recording and related ing Subgroup (DHSG). services, to prohibit certain copyrighted infringement The DTDG was created on 3 October 1996. Its actions, and for other purposesa. One section of the scope was to de"ne a data protection system (DPS) Act was a technical reference document for estab- that can be used to protect digital audio/video lishing the standards and speci"cations for imple- transmitted on the IEEE 1394 high performance menting technological management of consumer serial bus [32]. The architecture developed for DPS copying of linear motion pictures. Before the bill had three layers: was actuallysubmitted to the US Congress, the 1. CopyControl Information (CCI) Layer three industries (CE, IT and motion picture) } a means of carrying information along with wanted to resolve all outstanding issues, and agreed the copyrighted content that expresses the in- to create a forum for discussion. tentions of the copyright holder with regard to The forum gave birth to a plenarygroup which the conditions under which an end consumer is was comprised of both technical and policyrepre- authorized to make a copy. sentatives of the member companies of the 2. Device Authentication and KeyExchange Layer MPAA, CEMA, BSA, ITIC and RIAA. Each } a means of a compliant device to establish the expertise group (technical and policy) was assigned authenticityof another device prior to exchang- a speci"c task that was completed in late June of ing copyrighted content, and also to generate the 1996. The "ndings were presented in two reports on keys for data encryption. 21 June 1996. The report of the policygroup sum- 3. Data Encryption Layer } a means of encrypting marized the exploratorydiscussions regarding the the copyrighted content when it is transmitted concepts of anti-circumvention in conjunction with from one compliant device to another compliant the introduction of digital video technologies, and device in digital form. The DTDG issued a Call for Proposals on 11 March 1997, and published its `Review and Find-  Motion Picture Association of America (http:// a www.mpaa.org). ings report [27] summarizing the technical fea-  Consumer Electronics Manufacturing Association (now tures of the submitted proposals. After completing known as the Consumer Electronics Association, http:// its task, the DTDG closed in February1998. Five www.ce.org). of the proposals included in the DTDG report later  Alliance (http://www.bsa.org). merged to form the 5C group [4].  Information TechnologyIndustryCouncil (http:// www.itic.org). The DHSG was created on 6 May1997. Its scope  Recording IndustryAssociation of America (http:// was to de"ne a data hiding system that can be www.riaa.org/). used to mark video content for the purposes 688 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 of identifying marked material and preventing 9. Is extendable to general-purpose computing unauthorized recording/playback. The Call for architectures, allowing interoperabilityof CE Proposals issued on 1 July1997 identi "ed a set of and general-purpose computing devices. essential and desirable requirements for the system. 10. Has components available competitivelyfrom The Interim Report [21] published byDHSG in- as large a number of sources as possible. cluded the performance of seven proposals during visibilityand survivabilitytests. Consumer Because of prolonged discussions, the `Video 11. Allows time shifting of transmitted content Home Recording Act of 1996a could not be submit- (i.e., recording) for fair use. ted to the US Congress. 12. Allows place shifting of content (e.g., the ability to playa lawfullymade recording at a friend 's 6. Desirable attributes for a copy protection system house on compliant equipment). 13. Allows free copying of content, including over- The "rst step in developing a system in any "eld of the-air and non-premium services, accommod- engineering is to determine the system requirements. ates generational control of premium services, Although work on copyprotection had been conti- and permits the copyright owner to prevent nuing for some time, a list of desirable attributes copying of pay-per-view and video-on-demand applicable to a copyprotection system was not services as well as prerecorded content. available until recently. Recognizing the need, 14. Can accommodate changes without impairing CEMA put together a list, and presented it to the the abilityof the existing equipment to operate MPAA. Instead of providing feedback to CEMA's with new content or new equipment to operate work, the MPAA chose to publish its own list. with old content. Ironically, both lists were created long after the 15. Can include features or accommodate changes development of some of the copyprotection systems. without rendering recorded material unview- able to the extent that user has expectation of 6.1. CEMA list viewability.

The attributes are presented in three groups: Legal 16. Does not introduce import or export problems General for the United States and other major markets. 1. O!ers a su$cient level of securityto `keep 17. Includes a technological measure which per- honest people honesta. mits legal enforcement against circumvention. 2. Is likelyto achieve broad multi-industrycon- 18. Is licensed in accordance with the CEMA Intel- sensus and receive support of industries parti- lectual PropertyRights (IPR) policy. cipating in the CPTWG. 19. Preserves consumer's legal rights of use, includ- Technical ing the "rst sale doctrine. 3. Is renewable. When the list was completed, it was presented to 4. Is applicable to one or more of the following the CPTWG in March 1999, and later discussed four interfaces: IEEE 1394, RF Remodulator with the MPAA in April 1999. (Section 9), NRSS A&B (Section 9), and Com- ponent Video. 5. Has low complexityin implementation, opera- 6.2. MPAA list tion, maintenance and administration. 6. Provides transmission and storage protection. After reviewing the CEMA list, the MPAA pub- 7. Does not result in perceptible degradation of lished its own list of `attributes of a securityenvi- content. ronment for distribution of protected high value 8. Does not inhibit desirable and currentlyavail- contenta. In this list, distributed in May1999, able features on CE products such as trick play. `Approveda means acceptable to owners of legally A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 689 protected high value content exercising their indi- 9. Licensed devices with recorder function must vidual discretion, for the purpose of protecting law- respond to copyprotection #ags (CGMS-A, ful rights. It is assumed that all content referenced Macrovision, and watermarks). in the list is legallyprotected, high value content. 10. When onlyone copy( `copyonce a) is allowed, The list re#ects the views of the individual member such copymust be recorded using an Approved companies of the MPAA. All decisions as to copyprotection technologyin a manner that whether particular technologies are acceptable, does not allow access to the content bynon- whether to invoke anyparticular level or form of participating devices and that does not allow copyprotection, and other matters are for unilat- further copying. eral, independent determination byindividual 11. Content providers should be granted express member companies. third-partybene "ciaryrights to enforce li- MPAA attributes of a securityenvironment for censes. distribution of protected high value content: 12. Speci"c devices should accommodate Ap- 1. The following is applicable to all linked trans- proved revocation and renewabilitymecha- port, displayand recording devices. nisms. Content providers shall have the right 2. The same principles applyto CE and IT devi- to invoke revocation/renewal. ces. 3. Digital bit streams are never `in the cleara (i.e., are always encrypted). 7. DVD protection 4. Bidirectional digital output is allowed only with Approved digital technologyprotection 7.1. DVD video (e.g., 5C, if Approved). 5. Unidirectional digital output is allowed only The "rst problem addressed byCPTWG was the with approved digital technologyprotection protection of content on DVD Video discs de- (e.g., XCA (see Section 10), if Approved). veloped bythe DVD Consortium (now known as 6. Standard de"nition analog video output the DVD Forum). The DVD Consortium was (NTSC and PAL: 480I, 480P and 576I lines) started as an ad hoc group in December 1995 to must be protected byan Approved Analog promote a single format for a large capacitydisc, Protection System (APS) (e.g., Macrovision) now known as DVD. The founding members were and marked byCGMS-A.  Hitachi, MEI, Mitsubishi, , Pioneer, , 7. All high de"nition analog video output (greater Thomson, Time Warner, and Victor. With than 480P, e.g., 720 or 1080 lines) must be over 100 member companies today, the DVD Fo- protected byan Approved analog protection rum de"nes the speci"cations for DVDs. Currently, technique. (For example, a video scrambling it has eight working groups: WG1: DVD Video, technique, yet to be determined and approved. WG2: DVD-ROM Physical Format, WG3: DVD A future system based on watermarking and File System, WG4: DVD Audio, WG5: DVD-RAM requiring response under legislation mayalso Physical Format, WG6: DVD-R/RW Physical be suitable.) Format, WG9: DVD CopyProtection, WG10: 8. All video inputs (digital and analog) must look DVD Professional Use. for and respond to an Approved watermark Several proposals were studied bythe DVD Fo- standard. rum and CPTWG. After much discussion and criti- cal review, the DVD Forum recommended the proposal developed byMEI and Toshiba to the relevant industries. Known as the CSS, the system  Comunication is allowed in either direction across the inter- consists of a private scrambling system with multi- face.  CopyGeneration Management System } Analog: A system layer key management. Scrambling takes place at for encoding copycontrol information in transmissions and the disc manufacturing location before the discs prerecorded copies of content in analog format. are pressed. As shown in Fig. 4, the CSS-protected 690 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699

Fig. 4. CSS on a DVD player.

Fig. 5. CSS on a PC system. content is descrambled during playback on a DVD 7.2. DVD audio player. The CSS has been very much in the news latelybecause a group of computer hackers has The experience gained in DVD Video protection successfullyattacked CSS [26]. Note that the "rst has helped considerablyin determining an architec- generation players are allowed to have NTSC (ana- ture for protecting prerecorded DVD Audio discs. log) output only. An analog protection system An important factor taken into consideration for (APS) developed byMacrovision results in degra- this architecture was the existence of the compact dation in unauthorized copies made on VHS re- disc (CD), the "rst generation of digital audio for- corders. mat. It was argued that since a large population of Fig. 5 shows the additional element needed in CD players were still in the "eld, the consumers CSS for implementation on a PC system. The DVD would most likelydesire to have copies on record- drive and the PC participate in mutual authentica- able CD media during the transition period. tion before the scrambled content is sent to the With input from the major recording studios, descrambler. This allows each partyto check if the four companies (IBM, Intel, MEI and Toshiba) other participant is authorized to handle CSS proposed a framework where watermarking and scrambled content. encryption are the primary technologies for preven- The DVD CopyControl Association (CCA) is ting unauthorized playback or recording. The the entitycreated to license the CSS technology. DVD Audio copyprotection framework, which The CSS Speci"cations are provided for each licen- allows personal copies when authorized bycontent see to have access to the appropriate information owners, is de"ned bythe following rules: for implementation. It includes two sections: pro- E Devices need to have a license to descramble and cedural and technical. The procedural section pro- to detect watermarks. vides the terms and conditions of the use of CSS E Copying is limited to one per recorder unless speci"cations, while the technical section, desig- more copies are authorized. nated speci"callyfor particular membership cat- E Authorized copies must be scrambled to pre- egories, describes the system components. vent further copies (Unprotected copies are A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 691

Table 1 Permissible CCI parameter settings

C Speci"es the number of, or other conditions for, copies authorized per recorder N: Number of copies N"1 (default value) One generation No more copies No copycontrol Q Speci"es the maximum sound qualityof the permitted recording CD-Audio quality(default value) 2-channel full quality Multi-channel full quality R Indicates the authorization status for copies of each element of related content Authorized Unauthorized ¹ Provides optional access control parameters Values downloaded to the DVD Audio player from the Internet may override the CCI on the Audio disc

allowed on legacymedia with restricted sound 3. A system for creating secure authorized copies. quality). Work is in progress to develop these component E Copying for personal use is allowed at CD- technologies. Speci"cations of CopyProtection for Audio sound quality(Additional copies with dif- Pre-recorded Media (CPPM), an audio water- ferent characteristics maybe authorized byse- marking system, and CPRM (for authorized copies, lecting di!erent values of CCI parameters). see Section 7.3) are being "nalized. E The CCI parameter values must be sent securely to a licensed recording device together with 7.3. Recordable DVDs (RAM/R/RW) scrambled content. E Content in unscrambled digital or analog form The DVD Forum WG9, the working group ad- can be sent to a licensed recorder with speci"c dressing copyprotection, is in the process of deter- values of C and Q parameters (see below) embed- the components of the securityarchitecture ded in the audio watermark. for recordables DVDs. A summaryof the work is E All outputs of DVD-Audio content except IEC- given in Table 2. 958 and analog from licensed DVD devices must Developed byIBM, Intel, MEI and Toshiba, the be scrambled byan approved system. proposal known as Content Protection for Record- E The robustness of implementation must be sim- able Media (CPRM) provides some of the compo- ilar to that of CSS. nents given in Table 2. Although the CPRM The CCI parameters, namely C, Q, R and ¹, allow technologypresentlyaddresses onlyone DVD the content owners to specifyon a track bytrack physical format (DVD-RAM 4.7 GB) and one ap- basis the conditions for copying. Their de"nition plication format (video recording), other physical and a set of permissible values that have to be and application formats will be considered in future supported byplaybackand recording devices are revisions. The principal elements of CPRM include given in Table 1. a private key management system and disc type The copyprotection framework needs the sup- recognition. port of three systems: As noted earlier, the "rst generation DVD 1. A scrambling system for prerecorded DVD players were limited to have analog output only. Audio discs, There was not an immediate need to protect 2. A watermarking system for embedding CCI in a digital stream leaving a DVD player. In home the content, networks, however, there will be several devices 692 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699

(including newer generation of DVD players) with MPEG decoding. If the DVD player has an IEEE digital interfaces that need to be protected. 1394 interface, the output should be protected by a second system (labeled X in Fig. 6, e.g. 5C) that performs re-encryption. Being a compliant device, 7.4. Historical look at DVD protection the receiving unit (e.g. a digital television) has the descrambling engine and the keys for recovering Fig. 6 depicts three systems needed to protect the video signal. The third system (labeled Y in DVD content in home networks. The CSS Fig. 6, e.g. CPRM) is needed for protecting the scrambles the content before it is recorded on DVD content that was initiallyencryptedbyCSS, a DVD ROM. The "rst generation DVD player and re-encrypted by X for transmission across the outputs an NTSC signal after decryption and 1394 interface.

Table 2 Components of the copyprotection architecture for recordable DVDs

Component Decision

Disc type recognition Will be implemented CCI Will be implemented Watermark Will be implemented Secure transmission Will be implemented Encryption Will be implemented Compliance mark Under discussion Ticket Under discussion } used bya particular watermarking technology Authentication Being studied for the PC environment Unique disc ID Under discussion

Fig. 6. Three copyprotection systemsfor DVD protection. A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 693

7.5. Watermarking as a requirement way, latency, bandwidth, out-of-band control) in the CSS license which can render link protection designs infeasible for one or manyinterconnect technologies. The CSS license includes the future use of a video watermarking technologyfor playbackand record- 8.1. IEEE 1394 interface protection ing control. The DVD CCA therefore needs to choose a watermarking technologyas part of the The Digital Transmission Content Protection license. The Watermark Review Panel (WaRP) was (DTCP) speci"cation was jointlydeveloped by formed in December 1998 to assist CCA in evaluat- Hitachi, Intel, MEI, Sonyand Toshiba [4]. It ing the proposals. It had ten members representing de"nes a cryptographic protocol for protecting the CE, IT and motion picture industries. audio/video entertainment content from un- The seven video watermarking proposals sub- authorized copying, intercepting, and tampering as mitted to DHSG were merged to form two groups: it traverses digital transmission mechanisms such Galaxy(Hitachi, IBM, NEC, Pioneer and Sony) as a serial bus that conforms to the IEEE 1394 and Millennium (Digimarc, Macrovision and Phi- standard. The use of this speci"cation, and the lips) [2]. The keycriteria used in testing these two intellectual propertyand cryptographicinforma- candidates in the summer of 1999 were visibility, tion required to implement it, are subject of a li- survivability, false positive rate, piracy, cost genera- cense. The Digital Transmission Licensing tional control for one copy, and licensing terms and Administrator (DTLA) is responsible for establish- conditions. According to the reports presented at ing and administering the system described in the the CPTWG meetings, Galaxyand Millennium speci"cation. The DTCP system addresses the performed similarlyin the tests. A major architec- three DTDG layers in the following way. tural di!erence between the two is the scheme used for generational control [3]. Galaxyinserts a new 8.1.1. CCI layer watermark in the authorized copy, whereas Millen- The CCI can be carried in two ways: Encryption nium processes a `ticketa (auxiliarydata) attached Mode Indicator (EMI) and embedded CCI. The to the content. In a recent announcement, Millen- most signi"cant bits of the synch "eld of the iso- nium stated that theywould also provide a remark- chronous packet header are used for encoding the ing scheme for copies. The DVD CCA has not (EMI) bits as follows: made a decision yet. 11: copy-never, 10: copy-one-generation, 8. Link protection 01: no-more-copies, 00: copy-free. Another piece of the copyprotection problem CCI can also be embedded in the content stream (to that must be solved is the protection of links be- be recognized byformat-cognizant devices). tween devices. It is important to note that home networks and their links are veryheterogeneous. 8.1.2. Authentication and key exchange layer Manydi !erent systems for interconnection exist, Two authentication levels are provided: full and and more are being added everyyear.Some exam- restricted. Full authentication can be used with all ples are: 10baseT, 100baseT, HPNA, IEEE 1394, types of content protected by the system. Restricted baseband analog, digital visual interface (DVI), authentication is applicable for the protection of various RF LAN standards, USB, IDE, AGP, `copy-one-generationa and `no-more-copiesa con- NRSS and VSB-remodulation. These protocols tent only. have di!erent characteristics (one-wayversus two- 8.1.3. Content encryption layer The M6 [29] cipher is de"ned as the baseline  http://www.homepna.com/ cipher, i.e., the cipher that must be supported  http://www.ddwg.org/ byall compliant devices for interoperability.It is 694 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 a symmetric-key block cipher based on permutation of the ISO-7816 standard [22]. Part B de"nes a re- and substitution. Other ciphers such as the Data movable and renewable securityelement based on Encryption Standard (DES) [29] and Modi"ed the PCMCIA (`PC Carda) . The com- Blow"sh [29] can also be supported. mon attributes allow either an NRSS-A or NRSS-B As a result of a request from the content device to provide securityfor applications involv- providers, a fourth layer has been added to allow ing payand subscription cable or satellite television system renewability. services, telephony, and all forms of electronic commerce. The main di!erences between NRSS-A and 8.1.4. System renewability layer NRSS-B devices are the range of capabilities and Since the securityof the DTCP systemrelies on the capacityfor extension. The NRSS-A interface is the secrets embedded in devices, it is not possible to limited to 8 electrical contacts using serial com- renew the system by replacing the secrets. Renewa- munication, whereas the NRSS-B interface uses 68 bilityis therefore implemented using the concept of electrical contacts and parallel communication. In revocation. A Certi"cate Revocation List (CRL) is general, the NRSS-A device could be smaller and a list of device IDs identifying the devices with less costly, while the NRSS-B device could be more compromised security[4]. The DTLA generates robust and extensible. and distributes such lists in System Renewability Messages (SRMs). Devices that support full auth- 9.2. Interface protection entication receive and store SRMs for device revo- cation. SRMs are updated via new content or new CEMA has standardized four interfaces for de- services in a number of ways. Some alternatives are vice interconnection: IEEE 1394 interface, RF other compliant devices with newer lists, prere- Remodulator interface, NRSS interface, and analog corded content media, and compliant devices with component video interface. external communication capability(e.g. Internet, 1. EIA-775: This standard [15] de"nes a speci"ca- cable or satellite connections). tion for a baseband digital interface to a digital television. It is based on the IEEE 1394 Stan- dard for High Performance Serial Bus [32]. 9. CEMA and copy protection 2. EIA-762 and EIA-761: These standards [16,17] de"ne minimum speci"cations for a one-way 9.1. National Renewable Security Standard (NRSS) data path utilizing an 8 vestigial sideband (VSB) or a 16 VSB remodulator in compliance with The NRSS architecture was developed by ATSC Standard A/53 Annex D [1]. CEMA partlyin response to the Telecommunica- 3. EIA-679: This standard [12] de"nes a speci"ca- tions Act of 1996. It provides a means for renewable tion for a national renewable securitystandard. securityto be employedwith digital consumer elec- It provides an architecture to allow the condi- tronics devices such as digital television receivers tional access functionalityto be detached from and digital VCRs. Renewable securityencompasses consumer electronics devices. upgradeable, extensible, removable and replaceable 4. EIA-770.2 and EIA-770.3: These standards security, allowing the security functionality to be [13,14] de"ne the speci"cations for standard separated from navigational devices. Simplystated, de"nition and high de"nition analog compon- NRSS allows for the securitysystemto be replaced ent video interfaces, respectively. if it has been hacked. This will be accomplished by Several CEMA working groups have worked on `smart carda devices connected to consumer elec- the protection of these interfaces. A summaryof tronic devices. The NRSS provides two physical designs, known as Part A and Part B. Part A de"nes a removable  EIA Standards are available at http://www.eia.org for and renewable securityelement that is an extension a nominal fee. A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 695

Table 3 Working groups for interface protection

Working Group Interface Work done

R4.8 WG2 IEEE 1394 and RF Remod Issued a CFI on 4 November 1998. Gathered information on 5 proposals: 5C, MRJ Technology Solutions, NDS, Philips and Thomson/Zenith. Published a report [28] summarizing the proposals R4.8 WG5 Analog component video Issued a CFI on 2 March 1999. Gathered information on 5 proposals: C-Cube, Galaxy, Macrovision, Philips and Echostar. Published a report [5] summarizing the proposals CEMA/NCTA JEC, NRSS NRSS De"ned a framework [12] for protecting the Subcommittee WG2 content across the NRSS interface. Five copy protection systems, all numbered for identi"cation, support the common framework: No.1 Thomson, No.2 OpenCable, No.3 NDS, No.4 5C and No.5 Philips

this work is given in Table 3. R4 is the Video or electronic distribution. The content, audio or Systems Committee within CEMA. R4.8, a sub- video, is protected bya group of component tech- committee reporting to R4, is responsible for all nologies including CSS (for video), CPPM (for digital interfaces including their protection. The audio), CPRM, DTCP, and audio and video water- Joint Engineering Committee (JEC) was formed by marking. CEMA and NCTA to work on technical issues of common interest. 10.2. XCA

A representative example of the second category is the global architecture proposed byThomson 10. Global architectures for copy protection and Zenith. The XCA CopyProtection System Speci"cation de"nes a system for providing local As mentioned in Section 2, two distinct ap- securityof audio and video content during trans- proaches have been proposed for copyprotection: mission and storage in digital home networks. This (a) integration of speci"c solutions, task is accomplished bymapping the three basic (b) a global solution. controls, namely, `playback controla, `record con- trola and `one-generational controla into `viewing 10.1. CPSA controla. Under the XCA system, content of eco- nomic value is always scrambled } either under the The CopyProtection SystemArchitecture control and responsibilityof the distributor or (CPSA) presented byIBM, Intel, MEI and Toshiba within the con"nes of the consumer's home net- is an example of the "rst category. In CPSA, the work. XCA allows recording of XCA protected original secure source is either pre-recorded DVD content in all conditions. Authorized copies are processed for descrambling and viewing onlyin licensed devices.  National Cable Television Association (http://www.ncta. XCA has been developed for use with one- com/.) wayand two-waydigital interfaces. It is primarily 696 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699

Fig. 7. XCA system model.

a replaceable copyprotection systemto be used 4. Terminal card: a renewable securitydevice that with renewable securitydevices such as smart cards. can descramble XCA protected content. Its out- There are three areas of technical compliance in put is compatible with the XCA NRSS interface the XCA speci"cation: protection system. E functional compliance of device elements, A digital recording device is a device that is able to E compliance of bit streams at the NRSS interface, store or playback XCA protected bit streams, but is E compliance of bit streams at the level of XCA unable to create or descramble XCA protected bit Presentation Device interconnection. streams. Devices that perform digital recording or The XCA Licensing Authorityis the entityrespon- playback in combination with XCA creation or sible for administering the copyprotection system. XCA descrambling shall be classi"ed as an XCA An XCA consumer electronics (CE) Device is a de- CE Device. vice that mayperform either or both of the follow- The block diagram in Fig. 7 shows the basic ing, optionallyin conjunction with a renewable XCA system architecture. In principle, XCA securitydevice: concerns itself with the protection of `aftera E Creation of XCA protected bit streams from purchase content in the home. The local access and non-XCA protected programs, presentation devices are the two essential elements E Descramble portions of XCA protected bit to access, convert and displaycopyrightedcontent. streams. The local digital recording device can be used in Two XCA CE devices and two removable security both CA and XCA domains for storing CA or XCA devices have been de"ned with speci"c functional- content. ities. These normative device types are: 1. Access device: creates XCA protected content, either alone or in conjunction with a renewable 10.3. Canal#and NDS securitydevice, 2. Presentation device: descrambles XCA protected Canal#and NDS are two of the leading CA content, either alone or in conjunction with a re- providers promoting a copyprotection architecture newable securitydevice, similar to XCA. In this architecture, a security 3. Converter card: a renewable securitydevice that module coordinates all the control communica- can create XCA protected content from private tions between connected compliant CE devices, Conditional Access (CA) protected content, and manages the viewing rights as well as recording A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 697 rights associated with protected data. The security 12. The US cable industry module is either a stand-alone device or a removable card embedded in a CE device in the home net- The act of 1996 mandates work. The main features of the proposed system that the US cable industrymake &navigation devi- include: ces' commerciallyavailable to consumers. The Fed- 1. secure authenticated channel between the secur- eral Commission (FCC) issued itymodule and the connected devices, a report and order in 1998 to implement this re- 2. transformation of global entitlement control quirement. This has led to the OpenCable e!ort in messages (ECMs) to personal ECMs, the US. From the viewpoint of CE manufacturers, 3. renewable security, the OpenCable system has two focal points: the 4. revocation of hacked devices. interface from a CE `hosta to an OpenCable POD (point-of-deployment) module, and an interface from a CE device to an OpenCable settop box 11. Secure digital music initiative (which itself is probablya POD host). OpenCable standards are created byCableLabs, The Secure Digital Music Initiative (SDMI) is which is funded bymember cable-operators. Cable- a forum that brings together the worldwide record- Labs privatelyworks with vendors of its choosing ing, consumer electronics and information techno- to create OpenCable standards, gain approval from logyindustries to develop speci "cations for secure their member cable operators, and then submit distribution of music in digital form [18]. The these standards to the Societyof Cable Telecom- mission of SDMI is to enable consumers to conve- munications (SCTE) for approval as an nientlyaccess music, and recording com- ANSI standard. OpenCable has de"ned copypro- panies to protect their intellectual property, and tection systems for both the POD-Host interface technologyand music companies to build success- and IEEE 1394. ful in their chosen areas. SDMI's "rst achievement is a speci"cation for portable devices. The longer-term project is to 13. Conclusions complete an overall architecture for deliveryof digital music in all forms. The following conclusions can be drawn from The SDMI Portable Device Speci"cation Part 1 our overview of copyprotection in consumer elec- (version 1.0) [18] contains implementation require- tronics devices: ments and reference models for three functional 1. Device interoperability is essential: The standard components: interfaces developed for analog and digital sig- 1. Applications: Perform tasks such as content im- nals will guarantee device interconnectivityin port, librarymanagement, playbackand rights home networks. Nevertheless, some of the sys- management. tems developed for copyprotection are not com- 2. Portable devices and portable media: Store pro- patible, and do not provide interoperability. tected content and playit back. This maypresent a potential problem for the 3. Licensed compliant modules: Act as interfaces consumer who mayhave to know what services and translators for communications between are protected bywhich copyprotection systems, applications and portable devices/portable and identifythe consumer devices supporting media. those systems. Compliance with the speci"cation is voluntary. It is 2. Encryption-based technologies provide **condi- envisioned that the "nal speci"cation will use tional++ security: The di$cultyin attacking a combination of encryption and watermarking. cryptographic tools (ciphers, authentication and The subsequent parts will describe higher genera- digital signature methods) is based on today's tion portable devices, and a generalized framework computational resources. With the ever increas- for SDMI components. ing power of computing devices, today's secure 698 A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699

systems will undoubtedly no longer be robust in References the future unless theyare upgraded. 3. Watermark-based technologies may require legis- [1] Advanced Television Standards Committee (ATSC) Stan- lation: Watermarking mayrequire legislation dard A/53, available at http://www.atsc.org. with respect to whether the watermark must be [2] A. Bell, The dynamic digital disk, IEEE Spectrum 36 (10) (October 1999) 28}35. detected. In the absence of a law, non-compliant [3] J.A. Bloom, I.J. Cox, T. Kalker, J-P.M.G. Linnartz, M.L. devices in the market place can be used for Miller, C.B.S. Traw, Copyprotection for DVD video, circumvention. Watermarks mayprove useful if Proc. IEEE 87 (7) (July1999) 1267 }1276. implemented as a second line of defense compli- [4] 5C Digital Transmission Content Protection, available at mentaryto encryption. http://www.dtcp.com/. [5] Compilation of Responses to Further CFI on DTV Ana- 4. The 3 major industries (CE, IT&MP) tend to have log Component Video Interface, available at http://www. conyicting requirements: This is an ironical situ- cemacity.org/works/pubs. ation. The MPAA expects robust solutions [6] I. Cox, J. Kilian, F.T. Leighton, T. Shamoon, Secure spread (which are expensive and complex), the CE com- spectrum watermarking for multimedia, IEEE Trans. on panies need the least expensive solutions, and Image Process. 6 (12) (December 1997) 1673}1687. [7] D.W. Davies, W.L. Price, Securityfor Computer Net- the IT industrydesires to implement everything works, Wiley, , 1989. in software. [8] D.E.R. Denning, Cryptography and Data Security, 5. Consensus is needed: To reach a common set of Addison-Wesley, Reading, MA, 1983. goals, the participating industries need to agree [9] W. Di$e, M.E. Hellman, New directions in cryptography, on certain legal and technical issues, opening the IEEE Trans. on Inform. Theory22 (6) (November 1976) 644}654. avenues for progress and closure. [10] W. Di$e, M.E. Hellman, Privacyand authentication: an After more than four years of work on copyrighted introduction to cryptography, Proc. IEEE 67 (3) (March digital content protection, there are still some issues 1979) 397}427. that have not been addressed. Some of the prob- [11] Digital Millennium Copyright Act, available at lems that require e!ective and e$cient solutions in http://lcweb.loc.gov/copyright. [12] EIA-679B National Renewable SecurityStandard, Sep- the near future are the following: tember 1998. E High De"nition DVD: More robust methods [13] EIA 770.2 Standard De"nition TV Analog Component maybe needed for this typeof content. Video Interface, September 1998. E DVB content: Conditional access and copypro- [14] EIA 770.3 High De"nition TV Analog Component Video tection systems are being developed in Europe. Interface, September 1998. E [15] EIA-775 DTV 1394 Interface Speci"cation, December ATSC terrestrial TV broadcasting: A framework 1998. has been speci"ed. Private conditional access [16] EIA-761 DTV Re-modulator Speci"cation with Enhanced systems will co-exist. OSD Capability, November 1998. E Digital audio: SDMI will provide a framework [17] EIA-762 DTV Re-modulator Speci"cation, August 1998. for the secure distribution of digital music. [18] Guide to SDMI Portable Device Speci"cation, available E at http://www.sdmi.org. Content distributed over the Internet: No pub- [19] F. Hartung and M. Kutter, Multimedia watermarking lished standard for streaming or downloaded techniques, Proc. IEEE, 87 (7) (July1999) 1079 }1107. video or other type of content. [20] M.E. Hellman, An extension of the Shannon theoryap- We would like to hope that copyprotection will proach to cryptography, IEEE Trans. Inform. Theory 23 not be a roadblock for successful deployment of (5) (May1977) 289 }294. ` a [21] Interim Report, Results of Phases I and II, Data Hiding digital television. The digital world brings many Subgroup, Version 0.15, 16 April 1998 (available at advantages, but also manyinteresting problems. http://www.dvcc.com/dhsg). [22] ISO 7816}1 } Identi"cation cards } integrated circuits Acknowledgements cards with contacts, ISO 1987. [23] J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, We would like to thank Dave Du$eld of Thom- 1997. son Consumer Electronics for his contributions to [24] F.A.P. Petitcolas, R.J. Anderson, M.G. Kuhn, Information several sections of this work. hiding } a survey, Proc. IEEE 87 (7) (July 1999) 1062}1078. A.M. Eskicioglu, E.J. Delp / Signal Processing: Image Communication 16(2001) 681 }699 699

[25] C. P. P#eeger, Securityin Computing, Prentice-Hall, [30] C.E. Shannon, Communication theoryof secrecysystems, Englewood Cli!s, NJ, 1989. Bell Systems Tech. J. 28 (October 1949) 656}715. [26] A. Pressman, Hollywood sues sites over DVD software, [31] M.D. Swanson, M. Kobayashi, A.H. Tew"k, Multimedia Reuters, 14 January2000. data-embedding and watermarking technologies, Proc. [27] Review and Findings of Submitted Proposals, Digital IEEE 86 (6) (June 1998) 1064}1088. Transmission Discussion Group, Version 1.0, 11 Novem- [32] I.J. Wickelgren, Facts about "rewire, IEEE Spectrum 34 ber 1997. (4) (April 1997) 19}25. [28] Review of Information Submitted in Response to the CFI, [33] R.B. Wolfgang, C.I. Podilchuk, E.J. Delp, Perceptual R4.8 Working Group 2, 30 July1999. watermarks for digital images and video, Proc. IEEE 87 (7) [29] B. Schneier, Applied Cryptography, Wiley, New York, 1996. (July1999) 1108 }1126.