Content protection techniques play critical roles in protecting intellectual property of content producers. Security issues of content protection systems have been receiving great attention. However, despite the huge efforts that have been devoted to developing content protection techniques and products which are advertised to counteract piracy, most existing techniques still fail catastrophically once an implementation is compromised. This poses serious threats and great economical loss to content producers. For example, the official Content Scrambling System (CSS), which is used for DVD videos and is confidential and licensed by the DVD Copy Control Association (http://www.dvdcca.org), has been considered to be trivial to break by some (F. A. Stevenson, “Cryptanalysis of Contents Scrambling System,” white paper, DVD-copy.com, November 1999).
The security risk that CSS faces is believed to stem from the fact that the security of CSS is defined in the DVD player with a simple, fixed security policy for all content. A compromised player can decrypt all media valid in its region and CSS cannot be repaired without making the entire installed base of DVD players obsolete.
Another example is the public watermark scheme, which is used to encode copy-control information but is found insecure to detect and control piracy. The reason is the detection scheme of the conventional watermark scheme is publicly available, which enables the attacker to remove the watermark by sensitivity analysis (I. Cox, M. Miller, and J. Bloom, “Digital Watermarking,” pp. 307-317, Morgan Kaufmann, 2002).
Among the recent efforts in providing a more effective long-term deterrent to the piracy of digital video content, the concept of “Self-Protecting Digital Content (SPDC)” (in P. Kocher, J. Jaffe, B. Jun, C. Laren, and N. Lawson, “Self-Protecting Digital Content,” white paper, Cryptography Research Inc., 2003) proposed by Cryptography Research Inc. has received much attention. Based on SPDC technology, a security layer called BD+ has been adopted in the Blu-ray Disc Format. The idea of SPDC is to build the security of content protection system not only in the player, but also in the content itself. Each digital title is designed to carry its own security code along with the content itself. During playback, this security code will be executed by the player to determine whether and how to decrypt and decode the content. For example, if a player has been compromised or if the user is making a copy, the security code might decide to refuse playback or play at a lower quality, while high-definition playback is reserved for players with superior security. This programmable security not only offers flexibility, but also allows security problems to be corrected without changes to the media format or the installed base of players. Furthermore, SPDC offers a future-proof solution to content piracy by allowing unexpected problems to be addressed through a simple update of the security code on all contents to be distributed.
Along with SPDC, the idea of “Forensic Marking” is also proposed by Cryptography Research Inc. to replace the conventional public watermark scheme. The goal of forensic marking is to embed identifying and diagnostic information into the content. The information can be later retrieved from digital or analog domain to identify piracy. In contrast to public watermark scheme, forensic marking uses a content-dependent detector, which greatly improves the security of the system. During embedding each bit of forensic mark, one of two or more versions for a portion of the content will be selected and decoded by the player. During detection, the embedded information can be retrieved by identifying the difference in the decoded content. Applying forensic marking on digital video in the state-of-the-art H.264 format (“Draft ITU-T Recommendation H.264 and Draft ISO/IEC 14496-10 AVC,” in Joint Video Team of ISO/IEC JTC1/SC29/WG11 & ITU-T SG16/Q.6 Doc. JVT-G050, T. Wiegand, Ed., Pattaya, Thailand, March 2003) has been explored (by D. Zou, J. Bloom, “H.264/AVC stream replacement technique for video watermarking,” in Proc. of IEEE Intl. Conf. on Acoustics, Speech and Signal Processing, 2008; and D. Zou, N. Prigent, J. Bloom, “Compressed video stream watermarking for peer-to-peer based content distribution network,” in Proc. of IEEE Intl. Conf. on Multimedia & Expo., 2009). The marking information was embedded directly into the H.264 bitstream which has been entropy encoded using CAVLC or CABAC (D. Marpe, H. Schwarz, and T. Wiegand, “Context-based adaptive binary arithmetic coding in the H.264/AVC video compression standard,” in IEEE Trans. on Circuits and Systems for Video Technology, Vol. 13, No. 7, July 2003). The decoded video is perceptually indistinguishable to the user but contains detectable information for the content producer to identify and track piracy.
Although forensic marking on an H.264 video stream has been shown to be a valid watermarking scheme which can achieve efficient embedding and reliable detection, its security attributed to content-dependent embedding and detection has not been carefully examined. In a practical content protection system, the encrypted content will contain random or no marking information, so that the content can be safely delivered to different users and through content distribution networks such as peer to peer (P2P) networks. The content can be decrypted and decoded only if the user has paid for the content and obtained its marking information from the content producer. This valid marking information will be embedded into the decoded content by the player to enable piracy tracing. Without valid marking information, the content either cannot be decoded or will have extremely low quality. It has been determined that without the valid marking information an adaptive brute-force attack can indeed improve the visual quality of the decoded output, even it is somewhat impossible to decode a randomly marked stream completely correct. As such, this adaptive brute-force attach undermines the security of the forensic marking scheme.
In light of the success of the adaptive brute-force to decrypt and decode content, a need exists to develop a methodology that substantially or completely reduces the potency of the adaptive brute-force scheme.