An ever increasing variety of entertainment content is being distributed under control of DRM technology. DRM imposes limitations on the storage and rendering (playback) of the content, consistent with the agreement between the content provider and the consumer. Such agreements typically constrain the consumer's ability to make copies or redistribute the content, but DRM technology alone cannot enforce this aspect of the agreement. Once the DRM decrypts (unscrambles) the content to plain-text, it leaves the logical protection domain of the DRM.
Common exposures are shown in Figure 1. Technologies devised to protect content subsequent to decryption, such as link encryption and local storage encryption, have been routinely circumvented. The chief difficulty is that the content must eventually pass through an "analog hole", to be rendered in a form that the consumer can enjoy. Additionally, many playback devices expose digital plain-text content internally, where it is available to anyone able to probe or eavesdrop inside the device. An internal physical security perimeter can be implemented to deter probing, but adds significant cost. These protection mechanisms are categorized as preventative security controls in that they inhibit consumer behaviors associated with content misuse or piracy. Such controls, if rigidly implemented, can frustrate even legitimate consumer activities, while ultimately failing to deter a determined adversary. Consequently, interest has arisen in an alternative "investigative" control called forensic watermarking, as a complement to DRM technology. Investigative controls tend to be more palatable, since they do not interfere with consumer activity, but rather expose violations of the consumer's agreement with the content provider.
Forensic watermarking embeds information into the content to facilitate the tracing of unauthorized copies back to the last legitimate handling of the content - where the forensic watermark was applied. Forensic watermarks may carry such information as a content purchase transaction identifier, the account under which the content was delivered, the identity of the equipment enforcing the DRM, and the date and time of rendering. Broadly, its purpose is to aid investigators in locating leaks in the content distribution chain, and to provide evidence to support the appropriate corrective action.
Forensic watermarking has also been referred to as fingerprinting - reasonable in that the rendering device leaves its mark on the content that it touches. The term fingerprinting has become ambiguous, however: it is also used to identify the abstraction of an identifying signature from content for the purpose of identifying the content. While watermarks can also be used to identify content, fingerprinting in this context is a fundamentally different technology.
This paper introduces watermarking concepts and describes how forensic watermarking is positioned in that framework. It then develops a system model and identifies architectural alternatives for forensic watermark implementation.
