|
What follows is a very poorly thought out post.
So piracy makes content providers sad. And when film makers, game makers, etc... become sad, oftentimes the consumers of said content become sad as well. I'm sure you've all experienced annoying anti-piracy hardware/software in DVD players, or lack of LAN-support on SC2. I'm also sure you've heard of horror stories of some granny getting slammed for billions of dollars in court for accidentally re-seeding a bunch of music. ...recent legislation allowing stricter regulation of filesharing protocols, etc... Do a simple Google search on the topic and you'll probably agree that:
1.) Piracy is a problem for content providers.
2.) To combat this problem, they have implemented various security measures to impede ripping (special DVDs and drives and software, proprietary audio formats, etc...) and sharing (monitoring of BItTorrent/recent closure of limewire/new legislation/etc...).
3.) These security measures are costly for content providers and fucking annoying for paying customers.
While these may be obvious logical deductions, based on these notions, I will be making the assumptions that
1.) Making content uniquely identifiable will make the cost of piracy increase <- questionable now, but maybe not in 5-10 years. I'll discuss this shortcoming at the end. For the time being, this assumption might invalidate the industrial applicability of my proposal, but at the very least, I hope you read this blog just to be introduced to some cool technology!
2.) The incidence of piracy will reduce as the cost of piracy increases.
3.) As the incidence of piracy decreases, the economic feasibility of annoying anti-piracy security measures will decrease.
4.) People will be happier with fewer annoying security measures!
So in this blog I will provide a somewhat technical, though hopefully easy to follow, proposed method to make piracy much more costly (as measured per game/movie/song/etc... pirated) for the pirates, that will not noticeably affect consumer experience. Maybe this is a stupid idea or something similar is already in place. Please feel free to tell me this in this blog, but include your sources so we can all learn from the discussion! Anyway....
The core strategy of this method is to make any file available on the internet traceable to the initial serial # of the item sold. Content providers can, then, very easily browse a file sharing network, find a file and attempt to play whack-a-mole against hundreds or thousands of seeders, simply determine who it was that initially uploaded the content.
Identification Is Key
What is currently in place:
You bootleggers out there might have noticed that pre-release pirated copies of movies often have regions of the film blurred out. This is because pre-release copies of movies (for critical and internal use) have serial numbers overlaid onto the film. The intent, obviously, is that if the content is leaked, the content providers can trace the leak down to the employee/critic that violated the contract, and knowing this, the employee/critic will be less likely to leak the content.
Why this does not work:
Black bars/blurred boxes, etc... Simple overlays are not costly enough to circumvent, as measured per item pirated. A simple initial investment in video-editing software makes simple overlays totally obsolete. Additionally, these serial numbers are ugly, intrusive and make the viewing experience less than optimal (even for critical/internal use).
My idea:
The idea of my method is to non-intrusively encode a "serial number" into the content. I put quotes around "serial number" because what is encoded is not visibly numerical but rather a unique identifier. It is, in fact, a super-unique identifier in the sense that certain "digits" of the serial number can be missing and original ID of the content can still be
recovered.
Let me run through a concrete example of how CRaP would be implemented, potential attacks against CRaP, and mitigations built into CRaP to make the per-item cost of piracy prohibitive.
Non-intrusive Content Encoding
Imagine we have a 5 frame slideshow. How do we encode a 5-digit "serial number" within that slideshow? One simple and intuitive way is just to print a number in each frame. EZPZ right?
Now what if we make it even easier, and instead of our serial number being 5 random digits, lets force the digits to be 0 or 1. We then only need to print 0 or 1 in each frame. Pretty cool right?
But what if we don't want 0 or 1 visible in the frames and we don't want somebody who is looking at the slideshow to even know we have a code hidden in the slideshow?
We can be clever and use advanced layering/digital encoding within the picture to hide a 0 or a 1. Any CS major might just say "take a 1-bit checksum of the picture's binary." This works great. But is extremely sensitive to any changes in the image's file format/size/etc... What if we just have something in the background of one picture and something else in the background of the other picture? A white seagull will be 0. A pelican will be 1.
We then repeat the process for each of the frames and now we have 32 (2^5 for you non-math nerds) different "serial numbers" we can non-intrusively encode within the slideshow! To make this more obvious, each frame has two possibilities. Each of the five frame's randomly inserted background animal are independent so we have 2 * 2 * 2 * 2 * 2 different possible combinations, so 2^5=32 
Yay so we're done right? Well not quite. Well imagine you're the hacker now and you know this scheme. How do you easily circumvent this identification process?
For our purposes here, let's say we were actually encoding a short video clip of 10000 frames (about 7ish minutes of standard quality video). So we have 2^10000 different possible unique numbers encoded within the slideshow.
Here's an easy way to make yourself pretty darn hard to identify: Delete a few of the frames. Sure your pirated copy is not quite as good anymore, but what's a frame here and there to watchability? By deleting just 10 arbitrary frames out of the 10000 (that's 0.1%), you have just made yourself from "uniquely identifiable" to "1 out of 1024 possible people." Delete a few more and tracking you down becomes entirely hopeless.
So to summarize our problems with this: First, we don't want to have to encode some garbage into every frame of a movie (I'm using movies for this example, but you could easily consider the cinematics or unit portraits for a video game). Secondly, we still want to be able to identify the pirate even if some frames are deleted.
Picking frames unpredictably
Let's say we're back at the 10,000 frame, 7 minute video clip. We arbitrarily (read: uniformly at random) choose 50 of those 10,000 frames to mark for our encoding. A 50-digit serial number, as it turns out, is waaay more than enough to uniquely identify every person on the planet. But suddenly, it becomes much harder for the pirate to figure out which frames to delete. In fact, if the pirate does not know which of the frames we chose to encode upon, and he's forced to guess, the odds don't favor him hitting one of those 50. Just to work out the math of this concrete example. Presume our 50 frames were chosen at random and our pirate is choosing frames to delete at random. And lets us presume further, just for the sake of argument, that the pirate getting 1 frame is enough to make it impossible for us to track him down. (of course, he would probably need to get 10 or more as we demonstrated above, but we'll get to that in the next section).
His first deletion has a 50/10,000 (or 0.5% chance of deleting one of our encoded frames). His second, assuming his first fails, is 50/9999. His 3rd, 50/9998. I don't want to turn this into a probability crunch, but this is just a geometric distribution, so on average it will take him 200 tries to get one of our frames. For those of you who don't like "expected value" or "mean" of a probability distribution, it'll take roughly 139 tries for him to have 50% odds of success (which is the median). Obviously, for a 100% chance of getting at least one frame, Pirate Steve would need to gut 99.51% of the entire movie. Frankly, this sucks for Steve.
But besides my presumptions, there's something unrealistic about this scenario: randomness. Sure Pirate Steve can flip a coin a bunch of times to pick his frames, but the content provider actually needs to have a key somewhere that says which frames were chosen for encoding as well as how that encoded "serial number" corresponds to the unique DVD or video game sold.
But so long as we pick our frames in a way that is sufficiently unpredictable, our analysis holds up. I'm hijacking the term hashing for a hashing algorithm's property of being an irreversible mapping of some inputs into some outputs. For people who have studied math or CS to any degree, this step of picking frames "randomly" is pretty trivial, and while in fact it is actually quite fascinating, we will be satisfied with a simple sufficiently-obfuscated pseudorandom number generator.
But there is another attack here we haven't considered. If Steve really only needs to delete one encoded frame, this is damn easy: he can just buy 2 copies of the DVD. Then he can just run them side by side and then just delete any frames on the DVD that are different. Since every DVD is different, at least one of the encoded frames must be different. Actually, in the average case he will get half the frames!
Parity
Luckily we have a mitigation: we will use parity, particularly SEC (single error correction) Hamming Codes. I won't go into too much detail here, but the idea is we can make it so that even if the pirate does get a few of the digits in our "serial number" we'll still know exactly who he is! The basic idea is that some of the encoded frames will be used for identifications and some of the frames will serve as "redundancy" for other frames in case the other frames get removed.
We can really take this to the extreme and make sure that every frame has 2 versions. But only, say 20, with additional parity from a Hamming Code, will be used to identify the item. If every frame has 2 versions, then the cheesy tactic from before will have to remove the entire movie! He can still be super smart, however, and create a new movie that picks a random frame from each of the two movies. He'll pin that shit on some poor random dude somewhere!
Shh... don't tell this to the pirates.
Practical Considerations
The seagull/pelican example I had in mind was find for illustrative purposes, but in reality, simple changes like a person in the background holding a pepsi or a sprite would be enough for an identification algorithm. In this way, you could shoot 2 virtually identical versions of every scene (or just add differences at editing).
We probably wouldn't want to identify encoded frames purely on their number, since random insertions of frames or a reordering of the movie could significantly hamper any automated detection process. An alternative could be to encode on entire shots for movies, and have the encoded "shots" be searchable based on some obvious visual pattern. (or in a worst case scenario identified by a low-paid intern)
Identification of the pirated item, at this point in time, does not equate with identification of the pirate in question. The simplest attack Pirate Steve can use is to just drive a few counties over and buy a DVD in cash. In fact this makes my whole "identification makes it more costly per item to pirate" argument a lot less valid. But it is not entirely invalid either. The content provider can still at least narrow down the DVD to which store it was sold at, and if they are willing to spend the additional resources (way cheaper in my opinion than many existing security measures) just pull the video camera feed and that'll narrow it down considerably.
Furthermore, it is not unreasonable, however, to imagine a world not so far in the future where intellectual property is consumed only with a link to identity: DVDs or video games bought in cash would require photo ID, etc... This is a "mathematically elegant" way to discourage piracy, but it is one that is probably more annoying/invasive of privacy than existing measures. Oh well :p
 
|
The better solution is, of course, to have the license plate on the random car passed in the epic chase scene at 54:38.03 be replaced by the DVD's serial number.
This is a particularly awesome solution since everybody loves chase scenes.
|
BRB i'm going to patent your solution and sue you for it.
|
United States17042 Posts
why don't i just re encode it with an open source encoder? should break anything that's not actually in the video, and will destroy pretty much anything that's displayed visually, unless it's really big and obvious. (like halving the bitrate and changing the codec kills...a ton of stuff)
|
There are several holes in this so i am not sure if you are trolling or not ... Oo
Also it's just another obfuscation ... it's only as tight as the security of the master track.
|
A better idea is to provide value for money...
You buy a CD in the the west you get 10 songs.. easily downloadable.. nothing lost by pirating it. No box..? whoop.
You buy a CD in the East (Japan Korea) you get 10 songs,+ stuff you can't get by downloading ie posters, chances to enter lotteries for events such as gigs, meet and greets, some copies come with t-shirts, special edition stuff.
Now I'm not saying this is the way to stop all piracy, some people won't give a shit for the little things. But it goes someway to explain why singles of popular groups (AKB, Arashi) sell like crazy in Japan, but singles in the west barely matter at all. (For the record a single costs about 3x as much in Japan.. and still sells in the millions for those aforementioned groups)
Why? Value for money for the fans that want the product. Your not going to dissuade Johhny stealsalot from pirating, but you'll stop other people who may have also done so because they get a lot more for their money, that they couldn't get if they didn't buy legally.
To this end I can see why pre-order bonus's are a good way to combat piracy in games as a start, but I don't think they should be exclusive to one store, that's just arsing your buying customers about. Put all that pre-order content into one bundle, and offer it to new buyers. That way the customers who buy will be gaining a much superior product than those who pirate.
Rather than Store A give you one costume and store B and C giving you different ones. Have any new buyer get costume A B and C just for buying. etc. (Screw this store exclusive shit, that really pisses me off that I pay legally for a product but am not giving all the content. )
The only thing is the second hand market would suffer, and i'm a big believer that the 2nd hand market helps grow the market, not diminish it. So that'd need worked out imo.
|
On July 24 2011 15:33 GHOSTCLAW wrote:
why don't i just re encode it with an open source encoder? should break anything that's not actually in the video, and will destroy pretty much anything that's displayed visually, unless it's really big and obvious. (like halving the bitrate and changing the codec kills...a ton of stuff)
The whole point of the content-encoded ID is that your open source re-encoding wouldn't kill it. It would in fact be something big and obvious like a coke or a sprite being different.
On July 24 2011 15:40 jacen wrote:
There are several holes in this so i am not sure if you are trolling or not ... Oo
Also it's just another obfuscation ... it's only as tight as the security of the master track.
I would never troll. Just pretend I have solutions to all the holes and that I am super genius. kekeke.
Also, there really is no "master track." That's kind of the point. It also makes it fundamentally vulnerable to the mix-and-match attack if you are willing to buy multiple copies of the DVD.
|
But assuming you are applying this to circumvent post-release piracy, meaning you EACH DVD you produced would be different and if you are using visual patterns as a way of tracking you run into so pretty high CGI costs.
A simpler approach would be to encode binary digits it ultra high or low bursts out of the hearing range of humans that could be encoded easily using a simple machine that will be able to encode this data harmlessly anywhere on the disc post production. This however could be easily circumvented aswell by editing the audio out of the whole video above X hertz and below Y hertz.
Alternatively you could use audio offsets in the milliseconds scene to scene while unnoticeable to the human eye/ear you could use to encode said serial numbers which could be accomplished by the same machine encoding the audio onto the video track using preset offsets. The same redundancy checks could also happen and could easily be back checked through a computer ie: Check audio track for bits 1-40 and then using their times and an algorithm to dis-encode the serial number.
In either of these methods though Steve the pirate could buy 3 different DVDs and mix them together using a simple computer program. EDIT: And essentially render your security method useless
Such security measures don't help much in simple A-->B outcome media but similar principles could be applied to checksums in game to help prevent piracy.
|
On July 24 2011 15:47 red_hq wrote:
But assuming you are applying this to circumvent post-release piracy, meaning you EACH DVD you produced would be different and if you are using visual patterns as a way of tracking you run into so pretty high CGI costs.
A simpler approach would be to encode binary digits it ultra high or low bursts out of the hearing range of humans that could be encoded easily using a simple machine that will be able to encode this data harmlessly anywhere on the disc post production. This however could be easily circumvented aswell by editing the audio out of the whole video above X hertz and below Y hertz.
Alternatively you could use audio offsets in the milliseconds scene to scene while unnoticeable to the human eye/ear you could use to encode said serial numbers which could be accomplished by the same machine encoding the audio onto the video track using preset offsets. The same redundancy checks could also happen and could easily be back checked through a computer ie: Check audio track for bits 1-40 and then using their times and an algorithm to dis-encode the serial number.
In either of these methods though Steve the pirate could buy 3 different DVDs and mix them together using a simple computer program.
Such security measures don't help much in simple A-->B outcome media but similar principles could be applied to checksums in game to help prevent piracy.
Yeah. These are good assuming people don't re-encode the movie. If they do, then all that extra stuff is gone 
|
On July 24 2011 15:50 Gummy wrote:Show nested quote +On July 24 2011 15:47 red_hq wrote:
But assuming you are applying this to circumvent post-release piracy, meaning you EACH DVD you produced would be different and if you are using visual patterns as a way of tracking you run into so pretty high CGI costs.
A simpler approach would be to encode binary digits it ultra high or low bursts out of the hearing range of humans that could be encoded easily using a simple machine that will be able to encode this data harmlessly anywhere on the disc post production. This however could be easily circumvented aswell by editing the audio out of the whole video above X hertz and below Y hertz.
Alternatively you could use audio offsets in the milliseconds scene to scene while unnoticeable to the human eye/ear you could use to encode said serial numbers which could be accomplished by the same machine encoding the audio onto the video track using preset offsets. The same redundancy checks could also happen and could easily be back checked through a computer ie: Check audio track for bits 1-40 and then using their times and an algorithm to dis-encode the serial number.
In either of these methods though Steve the pirate could buy 3 different DVDs and mix them together using a simple computer program.
Such security measures don't help much in simple A-->B outcome media but similar principles could be applied to checksums in game to help prevent piracy. Yeah. These are good assuming people don't re-encode the movie. If they do, then all that extra stuff is gone
Security measures against piracy are hard aren't they  , it is easier to make high security games than movies by a long shot, (even discounting DRM).
|
On July 24 2011 15:53 red_hq wrote:Show nested quote +On July 24 2011 15:50 Gummy wrote:On July 24 2011 15:47 red_hq wrote:
But assuming you are applying this to circumvent post-release piracy, meaning you EACH DVD you produced would be different and if you are using visual patterns as a way of tracking you run into so pretty high CGI costs.
A simpler approach would be to encode binary digits it ultra high or low bursts out of the hearing range of humans that could be encoded easily using a simple machine that will be able to encode this data harmlessly anywhere on the disc post production. This however could be easily circumvented aswell by editing the audio out of the whole video above X hertz and below Y hertz.
Alternatively you could use audio offsets in the milliseconds scene to scene while unnoticeable to the human eye/ear you could use to encode said serial numbers which could be accomplished by the same machine encoding the audio onto the video track using preset offsets. The same redundancy checks could also happen and could easily be back checked through a computer ie: Check audio track for bits 1-40 and then using their times and an algorithm to dis-encode the serial number.
In either of these methods though Steve the pirate could buy 3 different DVDs and mix them together using a simple computer program.
Such security measures don't help much in simple A-->B outcome media but similar principles could be applied to checksums in game to help prevent piracy. Yeah. These are good assuming people don't re-encode the movie. If they do, then all that extra stuff is gone Security measures against piracy are hard aren't they , it is easier to make high security games than movies by a long shot, (even discounting DRM).
The trick here is that you want identification that is "content-encoded" because it is heuristically resistant to re-encoding... If you can still see the movie with your naked eye and you know what you're looking for, you should be able to find the "code." Like a Pepsi can vs. a Dr. Pepper can held by an extra in the background. A slightly different position in the sky of the sun. A different license plate number on a car in a chase scene *cough see earlier post cough*.
BTW, if you're doing it post-processing, the cost would not be particularly high. One mathematically obvious, but practically useless defense against the mix-and-match attack we've been talking about is to have 2 versions for every scene/frame but then nearly unique post-processing versions of just a few "encoded" frames/scenes and their parity frames/scenes.
Ex:
(0,0,0,0,0) (100,100,100,100)
If 0 and 100 are already unique identifiers, then
(0,100, 100, 0, 0) or any mix and match will tell us at least one of the two sources.
This is obviously pretty hard to do in practice since you need something on the order of 40 bits to represent a unique unit sold for any DVD/Video game, and 40 bits is a lot to represent in a format that is resistant to re-encoding or frame-melding (like bar codes and their fancy modern counterparts).
|
I can't find the source unfortunately but if you look at DVD piracy there is one market which is almost entirely untouched by piracy..
Kids DVD's. Stuff like The Wiggles and Blues Clues.
The kids love the experience of buying the DVD and the DVD's aren't often just a DVD they have additional activities and media in the form of posters and colouring books. Now I'm not saying that Hollywood should start making colouring books but right now just producing a disc isn't working. Why not take your resources out of DRM and put them into maybe including some posters, a unique pass to access a fansite, a T-shirt or a book showing the making of.
|
Extra security measures will never solve piracy as people will always be constantly working against them as companies are constantly working towards better security measures. Have to find some way to change the culture of it all by other means to make people not want to do it.
|
On July 24 2011 16:46 wonderwall wrote:
I can't find the source unfortunately but if you look at DVD piracy there is one market which is almost entirely untouched by piracy..
Kids DVD's. Stuff like The Wiggles and Blues Clues.
The kids love the experience of buying the DVD and the DVD's aren't often just a DVD they have additional activities and media in the form of posters and colouring books. Now I'm not saying that Hollywood should start making colouring books but right now just producing a disc isn't working. Why not take your resources out of DRM and put them into maybe including some posters, a unique pass to access a fansite, a T-shirt or a book showing the making of.
Similar to what I Said.. value for money bolstered by things you'd completely miss out on without a legit copy, not giving a complete experience if you did pirate.
|
Germany2896 Posts
So you re-invented watermarks. http://en.wikipedia.org/wiki/Digital_watermark
And there are so many holes in your scheme...
1) Stolen hardware
2) Millions of computers are infected with trojans
3) You can buy multiple copies and combine them(the exact way to do that depends on the watermarking scheme) to weed out the watermark.
|
On July 24 2011 15:47 Gummy wrote:Show nested quote +On July 24 2011 15:40 jacen wrote:
There are several holes in this so i am not sure if you are trolling or not ... Oo
Also it's just another obfuscation ... it's only as tight as the security of the master track. ... there really is no "master track." That's kind of the point. It also makes it fundamentally vulnerable to the mix-and-match attack if you are willing to buy multiple copies of the DVD.
You do know how movies are shot, right? What do you propose? Shoot every scene with as much takes as there are review copies? If you don't than there WILL be a master track.
I don't get it.
/ninja edit:
This of course applies to CGI movies too. Think render time.
|
I recommend you take a look at "Surreptitious Software" by Christian Collberg. He has a number of chapters about digital watermarking, obfuscation... exactly what you're talking about (although he doesn't propose turning coke into sprite bottles)
The problem is still that a hacker can buy a couple of movies and compare the differences. You'll need to have possibilities to make many changes for the hamming distance between 2 users to be so big that a hacker would need to buy too many movies to make the changes. (is it even possible? My information coding/theory classes are too long ago. I'll try to do the math if I have time)
|
On July 24 2011 17:46 MasterOfChaos wrote:So you re-invented watermarks. http://en.wikipedia.org/wiki/Digital_watermarkAnd there are so many holes in your scheme... 1) Stolen hardware 2) Millions of computers are infected with trojans 3) You can buy multiple copies and combine them(the exact way to do that depends on the watermarking scheme) to weed out the watermark.
It is watermarking, but I don't think you understand what I'm trying to do. I'm trying to make the watermark part of the actual content. There is no "original" stored publicly anywhere. Each distribution is equal and unique. But other than that yeah. Still the obvious vulnerabilities.
|
On July 24 2011 17:02 Slaughter wrote:
Extra security measures will never solve piracy as people will always be constantly working against them as companies are constantly working towards better security measures. Have to find some way to change the culture of it all by other means to make people not want to do it.
Pretty much. Government intervention would be needed. Some countries are already working towards this, but easier said than done.
|
Piracy has influenced our consumer behaviour. We don't get one movie anymore and watch it several times. I don't even watch the whole of most movies I download because they are not worth the time. Hate at me as much as you want, but for me a DVD or even a BluRay is not worth the money except for some movies (which I then sometimes end up buying as a present for my family). 15+ € for a movie like Thor? No thanks, that is not in my student budget. I'm sure if I was working and had a solid income I would buy more DVD/BluRays, but as it is now, I don't.
To me the only solution is giving the consumer something special, like a poster with every DVD. Something you can't download essentially
EDIT: Typo
|
|
|
|
|
|
EPT
