About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

02 November 2007

Reflections on ACM DRM 2007

This is my fourth successive attendance of the ACM DRM Workshop, although, this would be the first time that I would not stay on for the rest of the ACM Computer and Communications Security Conference. The workshop has always had a great mix of papers (authors were from at least 8 different countries in 5 continents), and a relatively low acceptance rate (33%) ensures high quality of papers. For the first time the workshop had some sponsorship from Microsoft, which meant that I get some money to defray the costs of travel to the workshop!

The conference also gives a great opportunity to meet and talk to other researchers in the field. Being effectively a "regular" it was more of an opportunity to re-establish old contacts, and since I was only spending the day at the conference, there was unfortunately not enough time to talk to most of the new people!

The first two papers focussed on implementation experiences. The first paper, by researchers from Phillips Labs, looked at mostly key management in pay per view broadcast systems. The system was quite cool, and although their system meets their performance targets, I think those targets are not really user friendly - for example around 40 seconds before a pay per view live show starts from cold boot. The second paper was by Nicholas Sheppard from the University of Wollongong (who I also met at Virtual Goods), on partial implementation of the MPEG-21 DRM standards. I finally understood what IPMP (Intellectual Property Management and Protection) tools are about, and while they provide a useful abstraction for the interpretation and enforcement of DRM policies, they are not specific enough to actually provide interoperability between implementations. The paper did not actually look at the actual enforcement of policies, just the interpretation, and I have a feeling that there will be too much overhead in the process.

The third paper was very strange. It was interesting because the first part was a good tutorial on side channel attacks, which are used against encryption algorithms such as AES. However, I am not sure of its relevance to the workshop, and should have probably been in CCS than the workshop itself.

Last year, I took part in a Digital Media Project (DMP) meeting over Skype, where I also presented a paper via Skype. The fourth paper was about Chinese copyright laws and fair use effects on DRM (in China). The author could not get a visa to travel to the USA, and he presented the paper via Skype. The connection was choppy, but it went well enough. The paper was not very different to other existing papers in the area - but it is the first time these issues have been explored in a Chinese legal environment.

The invited talk, by Andrew Odlyzko, was an exploration of technology and economics. He looked at how economics affect the actual adoption of new technology, and while DRM could redefine pricing patterns, there is also a strong resistance from users on certain pricing patterns. For example, many consumers would object to differential pricing which charge services and products according to what the consumer would be willing to pay for it - and would much rather prefer flat rate pricing. In his opinion, while there will be always limited areas for DRM application, the main advantages offered by fine level controls offered by DRM will be largely ignored.

The session after lunch started with two papers on DRM models - my paper on the formalising of DRM as an access control model, followed by Greg Heileman exploring the distribution of music through game theory model. The game is still in its early form, and is currently quite simple - but it clearly explains why certain business models in online music distribution are working, and others aren't. My own presentation was also well received.

The next three papers were on the complicated area of software protection methods - how do you protect software in its binary form, while being executed in a processor and stored in memory. The first two papers presented some work in obfuscation, while the last paper (another paper from Phillips Labs) was on a complete white box cryptography system - and the presenter gave a very useful and interesting overview on the subject.

The last paper from Microsoft Research, looked at a new approach to fingerprint hashing: where the hash is computed from the metrics of the fingerprint lines (but not through wavelets). The system is quite neat, and provides quite good accuracy - as long as fingerprints are accurately collected.

Overall, the workshop was great, and there was a great collection of papers on a good variety of topics in the area. It was agreed to hold an eighth workshop next year, and it was also agreed that we should try to co-ordinate better with Virtual Goods, so that they are not too close together, and maybe have better participation in both workshops.

No comments: