Princeton Team Cracks SDMI

A team led by Princeton University’s Secure Internet Programming
group says it has defeated the copyright protection scheme developed by the
Secure Digital Music Initiative.

SDMI is the music industry forum trying to build a system for protecting
digital music against being illegal copying. The outfit launched the Hack SDMI challenge last month to invite the
public to attack its digital
technology and possibly win a $10,000 prize.

Computer scientists and electrical engineers at Princeton, along with
outside teams led by graduates of Princeton’s computer science program, claim that
they were able to remove the watermarks placed in music files by SDMI,
without significantly degrading the audio quality.

Ed Felten, one of the leaders of the Princeton team, said Monday that
watermarks can help to mark ownership and track where files go on the Web.
But as a technology for preventing duplication, Felten said watermarks falls

“SDMI’s approach requires that every player have watermark detection
software or hardware in it, and that makes the pirate’s job much easier.
Watermarking technology can work in some applications, but not in this kind
of public scheme,” said Felten.

SDMI has received over 400 entrants to its SDMI challenge and is currently
evaluating them. Last week the organization refuted claims by an anonymous
group that said it had defeated all six of the challenges posed by SDMI.

Felten said his group hasn’t received official confirmation from SDMI on its
successful crack of the watermark. But the researchers did get an automated
confirmation from an SDMI e-mail system.

Previously, SIP has publicized a serious security flaw in Microsoft’s Java
Virtual Machine, and an attack called Web Spoofing. Next month, the
Princeton group plans to make publicly available on the Web its full
research on SDMI’s watermarks. In doing so, it could be breaking a
non-disclosure agreement all participants consented to in entering the
contest. But Felten said he’s not worried about getting into legal trouble
with SDMI.

“We’ve looked at the terms and conditions very carefully in deciding what we
were going to do,” he said.

Several groups previously announced a boycott of the SDMI challenge, saying
that they didn’t want to be tools in the music industry’s anti-piracy

But in a list of
frequently asked questions at its site, the Princeton team said, “We believe
that public discussion of the drawbacks of SDMI’s technologies will be
beneficial in the long run.”

News Around the Web