About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

02 November 2007

Reflections on ACM DRM 2007

This is my fourth successive attendance of the ACM DRM Workshop, although, this would be the first time that I would not stay on for the rest of the ACM Computer and Communications Security Conference. The workshop has always had a great mix of papers (authors were from at least 8 different countries in 5 continents), and a relatively low acceptance rate (33%) ensures high quality of papers. For the first time the workshop had some sponsorship from Microsoft, which meant that I get some money to defray the costs of travel to the workshop!

The conference also gives a great opportunity to meet and talk to other researchers in the field. Being effectively a "regular" it was more of an opportunity to re-establish old contacts, and since I was only spending the day at the conference, there was unfortunately not enough time to talk to most of the new people!

The first two papers focussed on implementation experiences. The first paper, by researchers from Phillips Labs, looked at mostly key management in pay per view broadcast systems. The system was quite cool, and although their system meets their performance targets, I think those targets are not really user friendly - for example around 40 seconds before a pay per view live show starts from cold boot. The second paper was by Nicholas Sheppard from the University of Wollongong (who I also met at Virtual Goods), on partial implementation of the MPEG-21 DRM standards. I finally understood what IPMP (Intellectual Property Management and Protection) tools are about, and while they provide a useful abstraction for the interpretation and enforcement of DRM policies, they are not specific enough to actually provide interoperability between implementations. The paper did not actually look at the actual enforcement of policies, just the interpretation, and I have a feeling that there will be too much overhead in the process.

The third paper was very strange. It was interesting because the first part was a good tutorial on side channel attacks, which are used against encryption algorithms such as AES. However, I am not sure of its relevance to the workshop, and should have probably been in CCS than the workshop itself.

Last year, I took part in a Digital Media Project (DMP) meeting over Skype, where I also presented a paper via Skype. The fourth paper was about Chinese copyright laws and fair use effects on DRM (in China). The author could not get a visa to travel to the USA, and he presented the paper via Skype. The connection was choppy, but it went well enough. The paper was not very different to other existing papers in the area - but it is the first time these issues have been explored in a Chinese legal environment.

The invited talk, by Andrew Odlyzko, was an exploration of technology and economics. He looked at how economics affect the actual adoption of new technology, and while DRM could redefine pricing patterns, there is also a strong resistance from users on certain pricing patterns. For example, many consumers would object to differential pricing which charge services and products according to what the consumer would be willing to pay for it - and would much rather prefer flat rate pricing. In his opinion, while there will be always limited areas for DRM application, the main advantages offered by fine level controls offered by DRM will be largely ignored.

The session after lunch started with two papers on DRM models - my paper on the formalising of DRM as an access control model, followed by Greg Heileman exploring the distribution of music through game theory model. The game is still in its early form, and is currently quite simple - but it clearly explains why certain business models in online music distribution are working, and others aren't. My own presentation was also well received.

The next three papers were on the complicated area of software protection methods - how do you protect software in its binary form, while being executed in a processor and stored in memory. The first two papers presented some work in obfuscation, while the last paper (another paper from Phillips Labs) was on a complete white box cryptography system - and the presenter gave a very useful and interesting overview on the subject.

The last paper from Microsoft Research, looked at a new approach to fingerprint hashing: where the hash is computed from the metrics of the fingerprint lines (but not through wavelets). The system is quite neat, and provides quite good accuracy - as long as fingerprints are accurately collected.

Overall, the workshop was great, and there was a great collection of papers on a good variety of topics in the area. It was agreed to hold an eighth workshop next year, and it was also agreed that we should try to co-ordinate better with Virtual Goods, so that they are not too close together, and maybe have better participation in both workshops.

31 October 2007

More Travel Notes

I had flown United before, on a short return trip between JFK and Washington DC in 2003. On my return flight from Washington DC, the glory of code shares meant that I was returning on an United flight instead of a Lufthansa flight. The airport was quite empty, which was rather surprising, but I am not going to complain about the lack of queues, and even security clearance was interesting.

United has a really horrible seat configuration in Economy class: 2-5-2 on a Boeing 777, rather than the more rational 3-3-3 seating plan. And, I had the middle seat in the middle row! But there were two things in my favour - firstly, I was somehow upgraded to Economy Plus ... I did not ask questions, nor did I seek to find an aisle seat after that bit of news. Secondly, it seems my row only had four seats in the middle, so I did not have to leap across two people to get to my seat! Economy plus was basically an economy seat with extra leg room - nothing too special, except I have to confess it is the first time I have been in an aeroplane economy seat that had more legroom than a train seat (and for that matter some back seats in cars). United also had seatback TV screens (something still missing from Lufthansa planes) and XM satelite radio, which was cool. The food wasn't great, but then only a few airlines have great airline food.

My return to Nuremberg created its own logistical puzzle. I had a tele-interview at 3pm. However due to a slight delay in baggage arrival, I missed the first connection of my optimal route back home, and had to settle for the less optimal route (bus) which then got stuck in traffic. However, I still managed to get the connecting bus, and managed to get home less than 5 minutes before the phone rang ... good enough to take off all the layers required to walk outside!

Oh, and the interview went well, and was invited to a full interview :)

Airport Security

Ever since my first visit, I am always "randomly" selected for extra security screening at US airports. Once you are on the list it seems that you will never get off!

For the first time this year, I had experience with the new, improved version of the extra security check, featuring some very interesting explosive testing (new machines that check for explosives on the person) and then extra screening for explosives for bags and hand luggage. This extra screening takes a lot longer but does not require being patted down etc.

I must compliment the TSA officials actually - for the first time I have been through the airport security checks, I got the idea that the officials actually knew what they were checking for, and were not just going through the motions. They were also all friendly, despite being short staffed. It seems that the TSA vacancies are just not being filled, despite the demand. One of the officials confessed that the job is basically unattractive, and gave me the feeling that she would take a different job herself if she could.

Airport security is important, of that there is no doubt. But looking at all the expensive gadgetry, I wonder - is the cost of security working out to be more than the actual cost of the risks? After all, TSA can claim to have prevented a repeat of another 9/11 attack - but that is a hollow claim, because there is no evidence that there was any attempt at such an attack.

Furthermore, short staffing the security apparatus not only creates extra delays for passengers in being processed, but means that the security checks are rushed, and possibly not as thorough. In this scenario, not only are the security checks expensive, but ultimately ineffective: i.e. useless.


Georgetown, now effectively a suburb of Washington DC, is one of the oldest towns in the USA, and has a rich history of association with the political elites. Many presidents once lived here as did most of the "important people". Many comment that the USA is a relatively young country - does not have the historical culture of Europe for example. What is evident, especially in places like Georgetown is, Americans love to celebrate whatever much they do have - and they have had a rich history of preservation of their heritage.

In my previous visits to Washington DC, I had never got round to visiting the area; particularly because it is one of the few suburbs without any direct Metro connections. Having exhausted most other tourist options, I decided to have a walk around Georgetown on Sunday evening. It is reputed as one of the trendy and vibrant parts of the city, and it does hold up this end. It is full of cafes, bookshops, restaurants, bars and in many respects resembles a part of an European city, rather than a typical US city.

I did not actually eat in Georgetown, but I did spend a respectable amount of time in the Barnes and Noble bookshop, where I picked up U2's coffee-table book for 10 US $ ... a real bargain price, although it was really an impulse purchase.

28 October 2007

Shiny New Toy

After some months of talking about it, I finally went out and bought myself a Macbook. I know Hans will be disappointed that I didn't buy the black one, but the black one is $100 more than the white one with the same specs! I had already confirmed that the Alexandria store had stock before I came to the US, so it wasn't too difficult: 2.16Ghz Core 2 Duo, 2GB of RAM, 120 GB hard disk, and Leopard (although I had to upgrade it myself).

Apple store was interesting - a lot busier than 2 years ago, when I bought my iPod. The staff carry wireless paypoints, so they can conduct the transaction without going to the till point. But since I paid for it with cash, that option was not utilised.

Installing Leopard took some time - about 70 odd minutes, and at 5GB, Microsoft is not the only one making bloated operating systems. So far though OS X has been a lot more friendlier, although there are quite a few quirks that I need to learn.

Travel Notes

So, I have been awake for about 21 hours and I feel fine ... makes adjusting to the US time zone a lot easier. Travelling was rather uneventful (well the flights anyway), except, for once German efficiency failed, and the flight to Washington DC was about 30 minutes late.

That was not the problem - the problem was the 1 and half hour queue at the immigration desk. Talking to a few fellow passengers, we were all in agreement that the Germans have really got this area covered well. It is very rare to get this kind of a delay at the immigration counter. Off course, they have less paperwork (actually no paperwork), no fingerprints and no photos. But where they really score is in the distributed nature of the immigration desks - they are not centralised in one area, as is the case in Dulles International Airport.

That said, Frankfurt airport is not the most pleasant connection. Actually, the problem is more Terminal B, the main non EU hub for Star Alliance planes. There are few amusements, but there is a Hagen Dazs shop to keep one satisfied, for a short while at least. Terminal A, which seems to be the EU hub is a lot nicer, and resembles a lot more like a shopping mall than an airport to be honest.

My hotel, from the outside resembles somewhat like a typical motel portrayed by Hollywood. It is not bad at all inside though - free WiFi, way too many TV channels to count, a balcony and a really comfortable room. And knowing the area (after staying for 2 weeks close by) is a bonus. Not a bad find at all!