music2share – copyright- compliant music sharing in p2p systems t. kalker, d.h.j. epema, p.h....
Post on 19-Dec-2015
216 views
TRANSCRIPT
Music2Share – Copyright-Compliant Music Sharing in P2P SystemsT. Kalker, D.H.J. Epema, P.H. Hartel, R.L.Lagendijk and M.V. Steen, Proceedings of IEEE, vol. 92, no. 6, Jun. 2004 Presented by Peter
Introduction
An architecture called Music2Share (M2S) is proposed in which secure content sharing and P2P networking coexist
Explanations for the success of (illegal) music sharing over the Internet
1. Free access (underlying reason is the price of legal music is too high)
2. The choice of music on the major P2P networks is almost unlimited
3. Consumers are no longer interested in complete CD albums, but only in particular tracks
4. Fast connections to the Internet, which makes downloading (and uploading) music more convenient
Introduction Evidence for copy-right-compliant online music selling:
iTunes – US$0.99 per track, the popularity of iTunes shows that users are willing to pay for content if the online music services is sufficiently compelling
Central-server based systems have the distinct disadvantage of a bandwidth bottleneck at central server(s)
Online music service is better put in practice by Altnet (www.altnet.com), which operates as a sub-P2P network under KaZaa (www.kazaa.com)
The authors believe that it is worthwhile and challenging from both a technical and an economical perspective to develop technologies that enable and legal music sharing over the Internet
Points of Departure - fingerprinting Used for audio identification In the case of Napster, text-based methods was used – easily be
modified by ordinary users, not very successful in establishing secure identification
Often based on psychoperceptual properties by representing the perceptually most relevant aspects of music
In M2S, fingerprinting is used to identify and subsequently replace low-quality files with high-quality ones.
Audio fingerprinting technologies are currently being offered by several companies such as Audible Magic, Relatable, Shazam and Philips
Points of Departure - decentralization The authors seek fully decentralized solutions –
both for storing and accessing fingerprints The nodes in P2P network maintain their
independence while providing the facilities for efficiently routing search requests to the appropriate nodes
The P2P approach has already been successfully applied to building large-scale distributed storage systems such as CFS [10], Past [11], and OceanStore [12]
Points of Departure - problems 2 major problems
1. Current P2P systems do not support efficient content-based searching
Gnutella [13] do offer facilities for unstructured content-based searching but at the price of a (much) lower performance
2. Current P2P systems lack security Do not offer payment, protection against unauthorized
access, guaranteed quality, etc Only recently research has started on building secure P2P
networks Initial attempts at commercial deployment of secure
anonymous P2P systems such as Earth Station Five (www.es5.com)
M2S Architecture – Content Management Three types of content:
Public content encrypted audio files Distributed and replicated across the machines of the M2S
P2P network Private content
Unencrypted audio files Cannot be shared with other users
Nonauthorized content Files that cannot be reliably authenticated M2S strives to identify and authenticate these files by
External labeling (certificates) Internal labeling (watermarking) Recognition (fingerprinting)
M2S Architecture – Royalty Payment Altnet (www.altnet.com)
Encourage users to download copyrighted files More efficient content distribution Audio files need to be encrypted Difficult for a user to use the content on any other device
M2S The users are able to use the audio content for private use Reduce the chance of unauthorized spreading of the
content by identifying, tracking, and filtering as it flows over the M2S network
M2S Architecture – Content Authentication M2S network consists of a classical P2P network
enhanced with a central trusted party (TP) Public database:
containing encrypted audio files Assists the TP with establishing the identity and the quality
of audio files in the private databases TP
Authenticates audio files base upon their identification Attaches digital certificate for payment of royalties
The M2S needs to establish the identity of audio files, and link this identity to a license system with an appropriate payment infrastructure
M2S Architecture – Content Authentication Three methods for the identification of audio
files By authorized upload By watermark By fingerprint
M2S Architecture – Audio File Upgrading M2S will automatically transfer the quality-
assured file from the public database to the user’s private database, when A user is in legal possession of the music file This file is not of the best quality An equivalent quality-assured version exists at an
authorized server How to prevent a user (illegally) obtaining a
bad-quality version of a song and using the upgrade mechanism of M2S?
M2S Architecture – Audio File Upgrading The authors claim that illegal trading on the
M2S network itself is extremely difficult on a large scale
Small scale trading (e.g. email) cannot be prevented
Large-scale illegal trading on other type of network (KaZaa, Gnutella) cannot be prevented unless by legal action
Discussion and Analysis – P2P analysis KaZaa claims their software has been downloaded upwards of
230 million times The fraction of traffic on U.S. Internet backbone due to Gnutella
in 2001 was about 1.2% M2S aims to give its users guarantees that if a music file exists it
is found M2S will need to consider the second-generation deterministic,
structured overlay networks that are based on distributed hash table (DHTs)
Compare with existing P2P music-sharing protocol, M2S deviates in two ways: An additional step for security (retrieving a decryption key) A distributed implementation of a fuzzy fingerprint search engine
Discussion and Analysis – Coding analysis Watermark design emphasis on inaudibility and
security Due to the use of quality-checking tools in M2S,
content-dependent watermarks are used Challenge for M2S is reliable, lightweight, and
automated quality control of audio files Degradation of the embedded watermark may be taken as
a rough quality tool Error rate in fingerprint matching may serve as an indicator
of quality Still an active topic of research for M2S
Discussion and Analysis – Protocol analysis M2S assumes:
The music producers and the server(s) form a secure domain
The client is a secure application Payment devices on the users’ machines are
secure Communication between the clients and the
server(s) is secure No security assumptions about the peers or the
users
Scenario 1: Upload
1. A music producer chooses some music, negotiates a watermark ID with the server, and upload it onto the server
2. The server calculates a certificate that will identify this authorized music uniquely
3. An audio fingerprint is calculated4. The server chooses an encryption key and encrypts the music5. Appropriate peers store the encrypted music and certificates
for future reference6. Other peers store (parts of) the fingerprints and pointers to the
associated certificate on the central server
Scenario 2a: Explicit Download1. A user requests some music from a client by
metadata, by a watermark ID, or by a fingerprint
2. Assume the client receives a valid token from a smart card or some other secure payment device
3. Client receives key from server and decrypts the files
4. If forensic tracking is enable, the music is watermarked with the identity of the client and the embedding information is sent back to the user
Scenario 2b: Watermark Request Download1. The user places some music without a certificate
on his disk that is derived from private content
2. Watermark is retrieved and send to the server
3. Retrieval of quality-checking data by the watermark ID
4. Payment token is exchanged with the server
5. The file is replaced by a certified music file from M2S network
Scenario 2c: Fingerprint Request Download1. The user places some music without a certificate
on his disk that is derived from private content
2. Fail to retrieve watermark ID
3. The client computes the fingerprints
4. Send a request for identification to the network
5. Retrieval of quality-checking data by the fingerprint
6. Rest of this scenario proceeds as Scenario 2b
Conclusion
A novel approach to music sharing on P2P network has been sketched
From the viewpoint of the user: M2S will offer a music-sharing network with no technical
restriction on content that has been bought M2S will assist the user in managing and upgrading of his own
private content From the point of viewpoint of the content owner:
M2S offers an efficient music-distribution mechanism All music sharing on the network is controlled and payment are
guaranteed for all music trading The basic technologies for the proposed architecture are
currently available However, the application of these technologies in the proposed
music-sharing architecture still has to be worked out and refined