Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption Security

More On The SDMI Crack & Why Digital Sigs Are Not 114

The latest issue of Crypto-Gram has some good coverage of the new digital signatures law as well as more on the SDMI crack. The signatures law is interesting - essentially claiming that a digital signature law is /not/ the same as signatures.
This discussion has been archived. No new comments can be posted.

More On The SDMI Crack & Why Digital Sigs Are Not

Comments Filter:
  • by LHOOQtius_ov_Borg ( 73817 ) on Friday November 17, 2000 @09:41AM (#616886)
    Things like this go to show that you need humans to mediate human interactions. The semantics of signing that Bruce talks about are a human issue, and only a true AI might become acceptable as a suitable substitute for a human in many subjective (and legality, value, trust - all are subjective) issues.

    The reason we trust the notary public to countersign a document is that we are willing to believe what a human has seen and done because we can relate to it. The way you can lie as a notary public is pretty well known to humans - but forgery of digital signatures or hijacking a legitimate one is pretty new area for humans.

    Tamper-proof computers would be needed for any digital system to be truly trustworthy, but that is probably raising the bar too high - higher than we keep it for our usual activities. What is required are procedures and oversight that humans can feel comfortable allows such a statistically low chance of error - through malice or accident - as to be worth trusting.

    It is only partially attacks by other humans, thus, which we fear in digital signatures and similar mechanisms (like electronic voting). It is also machine error. We wants humans to recount votes and attest to signatures. Until more people are comfortable with the machines this will continue.

    Finally, I will tip my hat to the open source community: by opening up the black boxes, people will start to feel more comfortable with machines - even if they remain ignorant. Few people actually fix their own cars, but over time they became confident that the standards and knowledge were such that they could trust those who do, and that the information was available for them to at least perform some rudimentary oversight if needed (indeed, as more car parts become black boxes, people are LOSING their trust in cars...)

    So, what we need is comfort levels for humans, through open systems, and acceptable standards and procedures which maintain the highest feasible levels of security, privacy, reliability, and trustworthiness in the subjective view of people... There are NO tamper-proof systems, electronic or physical, but we still have a society functions without total paralysis from fear of a total trust breakdown.

    Digital signatures will come into their own with improved security and oversight (monitoring and reporting) on PCs...

  • Really, now - if used responsibly, digital sigs are a great idea, and perfectly legitimate ways of determining the origin. If you're not using a passphrase, and someone steals your private key and begins using it, whose fault is that?
  • by Anonymous Coward
    He dosent really provide a good insight into dig. signitures

    As one of the world's leading civilian cryptographers, the author of the foremost text book of cryptography, the author of the blowfish algorithm used for OpenBSD passwords, and the author of one of the AES finalists, Bruce has EXCELLENT insight into digital signatures

  • One-time pads are mathematically provable to be unbreakable.... as long as you keep the pad secure, and can distribute it.
  • "The signatures law is interesting - essentially claiming that a digital signature law is /not/ the same as signatures."
    Okay, this contains many of the words from the crypto gram article but not in the right order or context:

    Bruce does not argue that the digital signature law != "signatures" but that digital signatures themselves are not the same as conventional signatures. If you read the article the basic reason is because nothing about a digital "signature" binds a person to the act--so a digital signature does not show intent.

    Also, the digital signature law does not claim this (as the slashdot article text would lead you to believe). Bruce argues this.

    -core

  • There are, but the libraries required to run it are a bit on the large side. Also, it is a little bit difficult to get a big public key, like mine [slashdot.org] into the Palm. My key happens to be longer than is permitted by the memopad. If you have an 8 MB version it might be workable, with my IIIe it's just not that practical.

    Here's [compapp.dcu.ie] ; a link.
    _____________

  • PGP is a program, not an algorithm.

    Also, translation isn't encryption.
    The messages were first encrypted and then translated to Navajo. Anyone who could speak Navajo could translate the message, but not many people could at the time.

    --
  • no, <i>not</i> would not work better. <em>not</em> would, though. You don't necesarily want italics (they don't work well in speach synthesis), but you do want emphasis.

    Bill - aka taniwha
    --

  • I don't know if anyone out there has heard of a company called Identix, but they make the most secure figerprint scanners today. They can be used in place of a password, or in place of a digital sig. Using these devices, one can prove that Alice was there and that she put her thumb on the little black thingie when she was told to. This is the most that it is possible to prove with a "real" signature. You can prove that Alice was there, and that she had the means to read whatever she signed, but, you cannot prove that she understands it short of her writing an essay on the implications of it.
    Anyway, assuming that you are trusting the cryptography after the computer, this type of fingerprint scanning ensures the link in between the signer and the computer.

    And no, if you cut someone's hand off it will not work (with identix devices), and if you put saran wrap on it right after alice pushed it, that won't work either.

    I just want these things for my door. I hate keys.
  • The point of this is that digital "signatures" are semantically nothing like what written siganures are and what they represent. A written signature is a verification that the person signing it has touched, and probably read, that paper. All a digital signature says is that someone's computer had touched the file or chunk of data in question. The distinction lies in the fact that while a person has to physically and intentfully sign something, there is no way to prove that some program, possibly malicious, digitally signed something for him or her, without their intent.

    Because of this distinction, digital signatures lack the property that gives written signatures their validity. Aside from forgery, there is no possible way that a signature can be made without the person's will. It is that expression of will that matters, and cannot be assured in the context of an automated, albeit user controlled, process.
  • by WolfWithoutAClause ( 162946 ) on Friday November 17, 2000 @11:25AM (#616896) Homepage
    First. What legally speaking is a signature?

    It's not as easy as it seems. Is it a cross on a piece of paper? It can be, particularly if the signer is unable to write.

    Is it a thumb print. Yup could be.

    Is it a digital signature. Yup often is.

    The point is that the law is actually more flexible and subtle than its often assumed to be.

    Ok. Can written signatures be forged? Of course. Happens every day and twice on sundays.

    Can digital signatures be forged? Yes, either by cracking the cryptographic system (usually very hard) or by hacking into the system that has the cryptographic system running on it (usually pretty easy, although not always).

    Also with digital signatures (and with written signatures) there is a question of identity - is the John Smith that's signing the SAME John Smith that's paying? And if so, who says so? ;-)

    Either way a fraud can been commited. And either way the court is the place to duke it out.

    Is a digital signature less secure than a written one? Right now I doubt it, although in future it may be less or more so depending on the systems used.

    I personally think that Bruce Schneier is trying to drum up more business for his security company ;-) (He writes great books though)
  • Of course how breaking into a car points out anything about digital (c) management is left as an excercise for the reader.
  • Sorry, I have to side with Bruce Schneier here.
    On the assumtion that digital signitures are supposed to be inaudible, each sufficiently high quality analogue conversion of the digital signal will approximate the digital version with a zero-meaned error function.
    The strong law of big numbers (Grimmet, G.,R., and Stirzaker, D., R.: Probability and Random Processes was our course book) proves that a large enough sample of these analogue versions will provide an approximation to the original with an arbitrarily small error.
    Remember though, as I said already, _one_ analogue version is supposed to be indestinguishable from the original. The method Bruce Schneier recommends is overkill.

    Phil
  • The point is, like the keys you probably have in your pocket; the smaller computer probably isn't networked, and probably doesn't leave her physical possession. Therefore it is difficult to attack.

    If it's networked, or gets stolen, all bets are off.
  • The question is not the forgeability, but rather the fact that you actually do not create a digital signature. You do not perform the mod computation, you do not calculate the hash, you don't sign your software does it.

    You have no way of knowing if "your" signature concerns X document and uses "your" key. You trust the software to open the correct document, (the os, the file system, and the encryption tool), you then trust it to find the correct key, you trust it to perform all calculations correctly, and then you trust it to copy the sig to the correct file etc. The point is you are not in control of this process, you have no way of ensuring the correct document and key is used, unless you have hooks in the OS and even that is questionable.

    With pen signatures, any idiot can ensure he signed the correct document - with no assumptions. With digital sigs software that is too complex to fully comprehend is utilised.

  • You missed it. Bruce's point was that there is no way to independently verify a digital signature. A notary can see you stamp your thumb, drool or what ever else. A disinterested, registered, third party has no way to know if you or some one else sent them a document with your digital signature. The process itself can not be withnessed.
  • One thing not mentioned is, if different copies of a given piece of music have different watermarks, you can "blend" their digitizations together to make an effectively unwatermarked copy.
  • Bruce says:

    In law, a signature serves to indicate agreement to, or at least acknowledgment of, the document signed. When a judge sees a paper document signed by Alice, he knows that Alice held the document in her hands, and has reason to believe that Alice read and agreed to the words on the document. The signature provides evidence of Alice's intentions. (This is a simplification. With a few exceptions, you can't take a signed document into court and argue that Alice signed it. You have to get Alice to testify that she signed it, or bring handwriting experts in and then it's your word against hers. That's why notarized signatures are used in many circumstances.)

    When the same judge sees a digital signature, he doesn't know anything about Alice's intentions. He doesn't know if Alice agreed to the document, or even if she ever saw it.

    The problem is that while a digital signature authenticates the document up to the point of the signing computer, it doesn't authenticate the link between that computer and Alice. This is a subtle point. For years, I would explain the mathematics of digital signatures with sentences like: "The signer computes a digital signature of message m by computing m^e mod n." This is complete nonsense. I have digitally signed thousands of electronic documents, and I have never computed m^e mod n in my entire life. My computer makes that calculation. I am not signing anything; my computer is.

    and he's right.

    It's about shortcomings in technology and infrarsturcture. Regular signatures can be witnessed by disinterested, registered third parties as well as the parties to an agreement and stored for life. Digital information has yet to be stored longer than 60 years and no computer connected to the world at large can be trusted, yet.

  • "
    Here's a brute-force attack: play the music and re-record it. Do it multiple times and use DSP technology to combine the recordings and eliminate noise.
    "

    I don't read that to be an iterative process. I understand that to mean he plays the watermarked original multiple times. He treats the recordings as peers, not as different generations.
    It ought to be clarified though.

    FatPhil
  • One time pads can be decrypted, but they can't be cracked because the number of possible decryptions so large as to make it impossible to determine which one is correct.
  • Legally, a contract is not binding unless both sides understand the terms to which they are agreeing. The contract must come from a "meeting of the minds," not from deception or coercion. Merely signing the document is not enough to create a contract. The courts have often denied contracts where, eg, a strong party threatened or otherwise frightened a weaker party into accepting a contract.

    Note that IANAL, but my father is a law prof, so I've had a few discussions on this topic with an expert. But don't use this as legal advice.

    • Digital signatures trust that the computer is reliable, and that no one else has access to the signature. Digital signatures can be copied.

    What does this mean? They can be "copied"? A digital signature, by definition, is attached to a single document. So "copying" it is meaningless/impossible. In contrast a physical signature can be copied and placed on a different document.

    Well, I think the question is not: can a signature be copied? (Of course it can, otherwise you can't send it in email, silly.) It's: can a private key be stolen, thus enabling forged signatures? (Yes, it can, and probably more easily as the kiddies figure out that the value of a forged digital signature has gone up.)

    [I]t's not clear if a digital sig would ever stand up in court, because you could always claim that your computer was compromised, which is not the kind of thing the court can rule on.

    I don't think this is true. After the first few cases like this, our oh-so-techsavvy legislators will probably pass a Uniform Commercial Transactions in the Digital Millennium Signatures Act, which will say that all other laws notwithstanding digisigs are to be treated as binding, whether or not they are provably valid, at least on Joe User if not on corporations. (Let's hope not!)



  • To simply put it,


    You cannot logically prove something isn't possible.

  • Sure it can. I stand next to the notary with my tamperproof palmtop. I hand him the document for perusal. He hands it back to me. I sign the document. The notary signs my signature and hands it back to me.

  • "Common sense isn't." In headlines or in similar contexts, there is a rhetorical device (I forget what it's called) of leaving off the predicate noun of a "to be" verb. In general, the missing predicate noun can be replaced with "what {it is|they are} commonly thought to be." In this case, "digital signatures aren't" signatures.
  • Somebody here on Slashdot a while ago suggested reading the book Handbook of Applied Cryptography [uwaterloo.ca]. (Its a free download in postscript or pdf.) I'm working my way through it now, but I would especially recommend the first chapter to everybody. It is a good of crypto in general and makes some great points.

    Here is a point about digital signatures that I got from the first chapter that I found interesting:
    What is to keep an somebody from signing something then later claiming that their key was compromised at that point and it wasn't actually them that signed the document?

  • "Friendly fire isn't"

    I can't tell you who said it....but there you go.

    Averye0
  • by TMB ( 70166 ) on Friday November 17, 2000 @09:51AM (#616913)
    He mentions that a digisig is less secure than a normal sig because the person does not have to read what he/she is signing. Well, isnt this also the case with normal sigs? How many of you read the contract when you joined your local video club?

    That's not the point. The point is, whether you read it or not, we know you intended to sign the video club contract. You had it in your hands and chose to sign it. We can't prove that you intended to sign a digitally-signed message.

    The computer is not a trusted environment. Well, if you dont trust your machine, then thats your own problem. I trust mine, because I take care of it remaining trusted.

    But do you trust the program that computes your digital signature? I think this is one of the applications where having access to the source is vital. Maybe it would be even better if the algorithm were very easy to implement, so everyone could roll their own signing program and be absolutely certain that it was kosher?

    [TMB]

  • As I understand contract law, whether you see the document is relatively unimportant. Someone could take pictures of you, get you to sign a release form that you think is just signing for a delivery or some other such ruse, and then sell the pics. The release form would still be legally binding, as you should have at least looked at the form you signed.

    So it is here. If you haven't taken measures to ensure that the program you use to digitally sign documents is doing so everytime and only when you intend to sign a document, then hard cheese. Use of a DS program, in conjunction with the law, is tantamount to declaring "I agree to be held accountable to any document bearing my digital signature."

    So, the authour is quite correct in saying that a DS does not always mean that you saw the document, but given what I've detailed here, does it matter?

    -TBHiX

  • Digital sigs are not...WHAT!! What is it that digital sigs aren't! Please! Stupid article title length restrictions!

    Steven
  • The kicker of the rock was Samuel Johnson IIRC.

    Elgon
  • by Anonymous Coward
    We very rarely attempt to validate the written signature on a document by examining the signature. The physical signature functions more as an assertion of intent, with the identity of the person making the signature defined and validated elsewhere. (Typically defined somewhere else in the document and validated by the use of semi-public info such as SSN, or by accepting the implicit assertion that the person handing in John Doe's form is in fact John Doe.) Digital signatures, conversely, are intended mainly as a mechanism for identity validation. The assertion of intent is usually elsewhere (typically, a confirmation screen). They are different tools used for different purposes.
  • ...that there may well have been a virus on the computer which stole the private key, passphrase, etc. This is like signing a document without realizing the evil banker has carbon paper and another document beneath the one you are signing.

    He's not talking about how reliable PGP is, or the mathematics of public key crypto.

    --
  • by evanbd ( 210358 ) on Friday November 17, 2000 @11:04AM (#616920)
    I've heard this so many times, and it's just an assertion. Before public key crypto was out, they said the same. I believe you can't secure digital data against an insecure recipient who can decode it; nothing says the data itself can't contain stuff the user can't notice -- you can't do a mathematical proof about content / the human ear, people! What's to say they can't do inaudible phase shifts, volume changes you can't hear, and other such? I don't think they can, but it takes a lot of chutzpah to just say you CAN'T outright with no backing. They did a good (not good enough, it seems) job; what's to say they can't do sufficiently better? I'll wager it takes more than just more money, but I don't see why they can't. Any thoughts?
  • by Anonymous Coward
    I can't wait until the capitalist pigs legalise digital signatures for commercial reasons. As soon as legal precedents are set for the validity of digital signatures in commercial transactions I am going use them to reinvigorate democracy. If a digital signature is good enough for commercial transaction it MUST be good enough for legaly binding petitions! Can you imagine the type of political legislation the internet community can invoke once the digital petition process is refined? Social Hacktivism Lives.
  • In my opinion this is precisely the problem with current digital signature laws -- although they claim to make digital signatures equal to handwritten signatures, they actually make digital signatures stronger, because they specify that the digitals signature is legally valid all by itself, without requiring supporting testimony.
  • But physical signatures can be forged as well. So those aren't foolproof, either. Both kinds of signatures merely raise the bar. The article in question adds no real useful knowledge to topic under discussion since the only question is whether the bar is raised high enough and whether our society is comfortable with the level of trust digital signatures provide.
  • by dschuetz ( 10924 ) <davidNO@SPAMdasnet.org> on Friday November 17, 2000 @12:05PM (#616924)
    One problem that I've always wondered about is how to reliably "sign" a credit card over the phone. The best I've been able to come up with is to have a small "computer," basically a credit card-sized calculator, like a SecurID token. Then, when processing a transaction, you enter pertinent unique information about that transaction into the computer, punch in your pin (which, of course, is not your birthday), and then write the result down on your document (or give it over the phone).

    For large documents, obviously, you're not performing a signature operation on all the text. But, maybe at the bottom of the page, you put your unique public key ID (which is then used to find your public key in a big database), then another line with, say, date, cost, and PO #, then the calculated result. If you lose your little card, you simply go down to the post office (or somesuch), get a new one, and they invalidate the old one for any new use after date X.

    Obviously, the big problem here is the public key database, but that's been the bugaboo all along. But the advantages of something like this are:

    • it's fairly easy to use
    • you don't have to worry about format mangling (spaces, mis-coded characters) changing the message digest
    • it works, with no "playback" issues (for non-duplicated input data), on paper or over the phone

    Disadvantages:

    • big database
    • cost of giving people this card
    • fear of the "national ID" card (which is rapidly becoming moot as all non-national IDs are linked together, anyway, by data-mining techniques)

    You could (and, I'd argue, should, with proper back-end privacy features) put proximity technology into this and use it as your gas speedpass, grocery-store bonus card, office key, and gym pass. I like the ideas of the prox-cards (with authentication) for checkouts (like the Mobil Speedpass) but am loathe to put a dozen dongles on my already too-heavy keychain.

    Anyway, does anyone like this idea? Can anyone point me to a better way to do secure authentication/validation on paper or over the phone? (yes, I'm ignoring for the moment the possiblity of loss/theft of the card and/or PIN).

    david.

  • by danmil ( 11416 ) <danmil&aya,yale,edu> on Friday November 17, 2000 @11:09AM (#616925) Journal
    Peoople shouldn't moderate stuff up just because it's long:

    my opinion on written signatures vs digital signatures is that, in the end, they both rely on a bsic concept: trust in the sytem.

    Yeah, and Shneier is talking about how the "system" works: with a physical signature, you're trusting that someone hasn't forged/copied it, which is something you can at least try to verify in a courtroom (and having it notarized is even more useful in that way). With a digital sig, you're trusting that no one has compromised the signing computer, which is going to be totally impossible to verify in the courtroom. This is a key difference in the two "systems", as Shneier explains.

    Digital signatures trust that the computer is reliable, and that no one else has access to the signature. Digital signatures can be copied.

    What does this mean? They can be "copied"? A digital signature, by definition, is attached to a single document. So "copying" it is meaningless/impossible. In contrast a physical signature can be copied and placed on a different document.

    But, so can written signatures. The articles states that a written signature guarantees contact between the signer and the document. What about forgery?

    The article also mentions that public notaries are often used for important documents. Public notaries are people too; they can be bribed.

    As Shneier talks about in Secrets & Lies, it's not about making a system which can't be tricked/hacked/broken/etc. It's about minimizing the risks of that, so that you can conduct communication and business meaningfully. Despite your claim that it's all a matter of trust in the "system", Shneier makes a very clear distinction between physical signatures, which, though they can be forged and copied, have a reasonable chance of standing up in court, especially if they've been notarized. Of course, you could trick this system, but it is difficult enough to do that that the system works most of the time. In contrast, it's not clear if a digital sig would ever stand up in court, because you could always claim that your computer was compromised, which is not the kind of thing the court can rule on.

    And then there is a meaningless rant about how everything can be broken, making incorrect assumptions about Quantum Computing (which would only render Public Key algorithms unusable -- it would just require longer keys for Symmetric algorithms).

    And then...

    As of yet, only one encryption method has been proven to work flawlessly, and it's not even encryption: it was the translation of English into Navajo during World War II.

    One-time pads are provably unbreakable. They're just not very useful, because of the difficulty of distributing pads.

    Jeesh...

    -Dan

  • If it is in the file, and it can be detected by the SDMI device, then an algorithm can find it and remove it. Remember the watermark must be detectable by some means to be a watermark -- and if you can read a pattern of bits in a file, you can change those bits.

    That's the problem with "watermarking" digital files -- that it only works if, at one and the same time, the black box can detect it and my tools can't.
  • Someone could take pictures of you, get you to sign a release form that you think is just signing for a delivery or some other such ruse, and then sell the pics. The release form would still be legally binding, as you should have at least looked at the form you signed.

    Wrong.

    The document would not be legally binding because it was retrieved through illegal means. You may want to read up on the laws about fraud at some point.

    (On the other hand, that *is* your signature on the document, so you *must* have signed it five months ago - still illegal, just hard to prove.)

  • Let's focus on what he's talking about, folks.

    Your passphrase is irrelevant. The issue is that you're running your digital signature program on a machine that is susceptible to various forms of attack (Word viruses, the latest hole in whateverd, keystroke sniffers both hardware and software, hostile systems administrators, trojans in your OS, torjans in your digital signature program, etc.) that can be used to sign something without your consent.
  • Using these devices, one can prove that Alice was there and that she put her thumb on the little black thingie when she was told to

    Not really. The problem with biometrics is that they are subject to replay attacks. I only have to get Alice's fingerprint once, then I can make my own scan and replicate it whenever necessary. It may be possible to create authenticated digital fingerprints with a secure fingerprint device that signs the fingerprint data and a signed timestamp from a public time server. Even then it would only work if the fingerprint readers couldn't be hacked (yeah, right).

    Biometrics are a useful security technology, but cannot stand alone. They're actually a great technology for preventing innocent abuses (I can loan my credit card to my sister, but I can't loan my finger) but provide very little protection against a determined attacker.

    One more thing: About the "hacksaw attack", which you claim won't work with Identix devices -- Bull. Many biomentric devices attempt to determine if the tissue they're measuring is living, looking for heat, a pulse, etc., but any set of criteria a device can test for another device can fake. One possible exception is retinal scans, because eyes degrade so rapidly when detached.

  • Watermarks aren't great tools, but they are better and more sophisticated than Schneier understands. He's just behind the loop on them. He constantly brags that he's never gotten a digital image in email. He must be reading mail with PINE on an old VAX.

    Seriously, we can do better than he claims. There is at least one good system from NEC (Ingemar Cox, I believe, and others) that hides separate bits in separate places. If someone tries to attack a watermark by averaging together multiple copies, all of the signals come through. The rightful owner can track down the signals and figure out who was the legitimate owner of the copies thrown into the so-called average. Naturally, this is not perfect, but it can withstand some simple attacks.

    Schneier also doesn't understand why record companies want to include watermarks. Sure, folks can still copy the music, but the watermark can help the record company track down the guy who purchased the first copy. The point is that every copy comes with a different watermark that points to the legitimate owner. Of course, that guy could always claim that someone stole his computer or something like that.

    There are a host of reasons why watermarking won't work. Some of them are political. Some of them are technical. The algorithms are far from perfect. But then, Schneier constantly worries about technology being anything less than perfect.

  • >2. The computer is not a trusted environment.
    >Well, if you dont trust your machine, then thats
    >your own problem. I trust mine, because I take
    >care of it remaining trusted.

    Wrong. Wrong. WRONG!

    Your win 98 machine is on a network. Then your machine isn't trustable. Full stop. If you think otherwise post your ip address and I'm sure someone will show you the error of your ways... ;-)

    Even if that wasn't the case, there's nothing to stop someone breaking into you apartment/house and circumventing any security you might have. Physical access to a machine pretty much breaks all and any computer security. Unless you live in Fort Knox and even then you have to worry about someone bribing the guards.
  • They're more like the old fashioned seal, made with sealing wax and a metal seal or signet ring.

    The seal could have been stolen or borrowed. If somebody got something that you had sealed, they could use that as a mold to make a copy of your seal. Assuming, of course, that they had good skills with a carving knife and/or metalworking skills. But that's similar to the case where you need some crypto or cracking skills to make a copy of a digital signature.

    Except that it's easier to sneak into somebody's computer and steal their private key than it is to unobtrusively remove a ring from their finger.

  • Having said that, let's play-pretend that Microsoft and SUN will some day learn to play fair with everyone else, and that someone is willing to go to the effort to develop a proven, tamper-proof PDA to the former A1 standard, with sufficient screening to block any remote scanning, such as TEMPEST, sufficient memory to hold entire documents in RAM, sufficient ease-of-use to be practical, and biometrics to validate the operator.


    THEN, we can talk about digital signatures which can be sensibly matched to the signer.

    Ah, but if it's tamper-proof, then how can anyone verify that it really works as intended and hasn't been compromised? Sounds like a leap of faith to me.


    ---
  • On the assumtion that digital signitures are supposed to be inaudible,

    I have a funny feeling that the industry's Final Solution might be to violate that assumption.


    ---
  • The issue is truth, not fault.

    Let's say that you unwittingly make a mistake, and your passphrase is compromised. (Example mistake: you assume that I haven't plugged keystroke logging hardware into the back of your computer, and you foolishly type in your passphrase without doing a full inspection of all the hardware and software. Another example mistake: you assumed that that there wasn't a camera behind that pin-sized hole in the ceiling above your keyboard.)

    Maybe it's your fault that I managed to steal your key, and maybe it's mine. It doesn't matter. What matters is that when you get the bill for all the pr0n I downloaded and charged to you, you're not going to want to pay it. And you're not going to want to mov out of your house merely because I happened to have sold it to someone else.

    When someone tells you,

    But it's your fault, you should have known that Finix doesn't encrypt it's swap space, and that your passphrase might get written to disk in plaintext where Evil Sloppy's goons can break into your house and steal it. It's your fault, you naive fool! even if you agree that it's your fault, it is irrelevant whose fault it is. What is relevant is that you didn't buy that pr0n or sell your house. You did not read the contracts and agree to them. Anyone who says that your digital signature on that contract is proof that you actually did read and agree, is using the word "proof" in a new way that has something to do with blame and fault, instead of the conventional definition that talks about truth, rigor, or even common sense./p>

    ---
  • From the form used to submit these things:
    (Use the Preview Button! Check those URLs! Don't forget the http://!)

    I suppose it's obvious by now, but this topic is about Bruce Schneier's CRYPTO-GRAM.

  • Yeah... this is the November issue of the monthly Crypto-Gram, from Counterplane and by Bruce Shneier.
  • The issue is truth, not fault.

    Let's say that you unwittingly make a mistake, and your passphrase is compromised. (Example mistake: you assume that I haven't plugged keystroke logging hardware into the back of your computer, and you foolishly type in your passphrase without doing a full inspection of all the hardware and software. Another example mistake: you assumed that that there wasn't a camera behind that pin-sized hole in the ceiling above your keyboard.)

    Maybe it's your fault that I managed to steal your key, and maybe it's mine. It doesn't matter. What matters is that when you get the bill for all the pr0n I downloaded and charged to you, you're not going to want to pay it. And you're not going to want to mov out of your house merely because I happened to have sold it to someone else.

    When someone tells you,

    But it's your fault, you should have known that Finix doesn't encrypt it's swap space, and that your passphrase might get written to disk in plaintext where Evil Sloppy's goons can break into your house and steal it. It's your fault, you naive fool!
    you're not going to care, because even if you agree that it's your fault, it is irrelevant whose fault it is. What is relevant is that you didn't buy that pr0n or sell your house. You did not read the contracts and agree to them. Anyone who says that your digital signature on that contract is proof that you actually did read and agree, is using the word "proof" in a new way that has something to do with blame and fault, instead of the conventional definition that talks about truth, rigor, or even common sense./p>
    ---
  • The details of the law may be unclear, but its intent is very clear. Given that almost every state has additional support for digital signatures, there should be no doubt as to their validity.
  • SDMI is smoking crack?
  • All that crap remind me of this radio shop where I used to live. They would do this promo to see if anyone in the community could crack the 'newest' best car alarm/shutdown device on their lamborghini. On the first day of the contest, someone always did it, usually spending less than $50 on parts. All of this just points to the fact that digital copyright protection is simply a deterrent.
  • Nope, you get the original digital signal passed through a mid-pass filter.
  • If you copy/paste a PGP sig onto another message/document the verification fails. See my PGP Intro [pobox.com] for a beginner's explanation of the process.

    Since verification only takes a few seconds, the motivation to attempt forgery via copy/paste is very low. The risk Mr. Schneier refers to is forgery via gaining control of the signers key and passphrase.
  • How about in cases where parcel couriers take a "digital" signature. Or credit card authentifications like in stores such as Best Buy.
  • The sad thing is that he had to stare at that picture for several hours, I mean really scrutinize it, in order to put it in ASCII.
  • by Anonymous Coward
    "2. Even if the contest was meaningful and the technology survived it, watermarking does not work. It is impossible to design a music watermarking technology that cannot be removed. Here's a brute-force attack: play the music and re-record it. Do it multiple times and use DSP technology to combine the recordings and eliminate noise. Almost always there is a shortcut technique to neutralize the watermark, but the brute-force attack always works."

    Bullshit, each pass around information gets lost and no amount of DSP techniques will get it back. But unlike the actual music the signature information is redundant up the ying yang... before you eradicated it you would have killed the music stone dead.
  • If I agree to have a digital signature, I realise there are risks. The fact that someone could fake my signature becomes MY problem. It is my responsibility to secure my computer. If I don't check for trojans, then yes, this is insecure.

    But the same applies to the real world. It is my responsibility to look after my credit card. It is my responsibility to make sure that a document I sign is not going to be modified.

    Of course if my signature is faked, and it goes to court, I'll have to provve that it was faked. But the same applies if someone uses my digital signature. Its quite easy. Show that there was a trojan, or a dodgy version of PGP. Show that therpeople have access to the machine. It depends on me as to whether my machine is more secure than my handwriting. It also depends on me to decide which is the most secure.
  • Digital sigs are not what ?

    --

  • the SDMI contest has no real meaning

    Actually the contest has a lot of meaning. Having the contest means that they can claim the SMDI technologies are "un-hackable." It means they can claim that the "S" in SDMI stands for "secure" rather than "stupid" or (insert your favorite swear word that starts with an S here).

    It means that we will see SDMI devices in the stores sometime soon. It means "fair use" will no longer apply.
  • by honkycat ( 249849 ) on Friday November 17, 2000 @09:56AM (#616950) Homepage Journal
    When you sign a physical document, you definitely came in contact with it and left physical artifacts of your contact with the document. If you go around signing papers you haven't read, you should be more careful, but that's another issue. I think the concern he raises is a very valid one -- it is easier to steal a (and harder to detect a stolen) private key than it is to steal a "real" signature. Physical forgeries happen all the time, but because of the local nature of the physical world, it is very hard not to leave a trail of evidence.

    Be careful who you trust. No matter how careful I am about installing software, scanning for viruses, etc, I wouldn't trust any PC fully. Can you be _sure_ that Win98 has no backdoors? Can you be _sure_ that Linux has no backdoors?

    The real danger in digi signatures is considering them to have the potential to be any different from regular signatures. If you require a notary to witness a physical signature, then you damn well better require a notary to _physically_ witness the real person issuing a digital signature. Maybe there's a digital means for authenticating a person better than a human notary, so that may be an option. But authenticating the person in a truly secure way is necessary. This is not only an issue for the signer, but also for the party with whom he is contracting -- if there is any doubt that the signature was inauthentic, they are open to litigation... so really, everyone wants authentication from human->document.

    Of course, I am of the opinion that physical artifacts should not be done away with. For many tasks, they may be the best solution available -- if security is really at stake, you may be better off _not_ moving at full internet speed.

  • I don't think that digital signatures will prove to be much more of a problem than standard signatures. If anything the difficulty in copying a digital signature should make them more secure generally than paper signatures. Besides almost no one checks paper signatures these days (the banks I am told will only physically check a signature on a checque if its for over $50,000 under most circumstances), digital signatures are checked as a matter of course during processing. As well trusted third parties such as Verisign can add to the perceived validity of a digital signature. The only problems involved are if an individual gives out their pass phrase for their digital signature (which is not much different that making a scan of your signature to be included on documents freely available to others in the office - a practice I have seen used elsewhere).

    It will still boil down to stating in court that either you did or you did not sign a given document if the matter comes up in a legal challenge.


    (Disclaimer: I work for PureEdge Solutions [pureedge.com] - a company that offers secure electronic forms technology that employs digital signatures and uses XML Forms - so I am biased in my opinions. In fact, we are helping to define the standard [pureedge.com]).

    NOTE: My opinions are mine alone and not those of my employer.

  • by wwest4 ( 183559 )
    "Real" sigs aren't much better. The analysis used by experts is an art as much as a science, and notaries still can be untrustworthy. And the media used could allow easy transfer or duplication (this is the main reason digital signatures are not real signatures... "digital" is a synonym for "precisely defined" and by its very nature easy to duplicate).

    This is pure semantics. Of course signatures aren't unequivocal, absolute proof of anything, especially most digital signatures. There is no such thing as 100% proof. It's just a matter of how difficult it is to copy. A written signature is digital in a sense - an arrangement of particles that could be duplicated with the right technology. Can anyone say "replicator?" Any signature is merely evidence, not proof.

  • its called ellipsis, when the verb is left out (commonly the vert is to be) thats what you get for not taking AP Latin (I hate that class)
  • What is to keep an somebody from signing something then later claiming that their key was compromised at that point and it wasn't actually them that signed the document?

    Its the same with crimes. If you commit a crime, the evidence isn't going to be absolute. I could use this as a defence - "Yes, I did happen to be in the same room as the murder victim while holding a knife, but thats because I was I was chopping veg at the time. Yes, I always chop veg in the bedroom. Oh, the blood stain on it was when the victim cut him/herself the previous week......". Now, I could be telling the truth, but regardless of the concept of guilty until proven innocent, in this situation I would probably have to prove my innocence. Only a fool would believe my story.

    Security being compromised would be a more believable plea, but this would probably be in a civil suit, where they would use a balance of probabilities. You would have to show how your computer could have been compromised. They would have to show that you did mean to sign it.
  • You missed the point. Each recording will contain the original music signal plus the watermark signal. But for each pass the watermark signal will vary with time (if i understand how it works). By laying these recording back over each other, the music portion will appear reasonably constant, and the various watermark signals will appear as noise, which can then be filtered.

    It's been awhile since my last signal processing class, but that seems to be what they're talking about...

    Zach
  • What I find interesting is that in comparision, aren't REAL signatures actually less realiable? They are forged all the time.

    And sure, some people have long complex signatures, but I have seen *very* simple signatures, and also a *lot* of people have similar handwriting. And of course there are those professionals who can write like anyone.

    So I wonder which is more secure.

  • by danmil ( 11416 ) <danmil&aya,yale,edu> on Friday November 17, 2000 @11:20AM (#616957) Journal
    Surprise, surprise, lots of people on Slashdot seem to be missing the key to Shneier's argument about digital signatures: it's all about whether or not they would stand up in court.

    A bunch of programmers read about digital signatures and they think "Great, here's a way to verify that a specific person signed a specific document. How cool." (And it is very cool, don't get me wrong). Then Shneier comes along and points out the problems with using these digital signatures to replace the role of physical signatures in our current legal system (they won't stand up to court challenge, because it's so easy to claim that the computer was compromised or the key stolen).

    He's right. His point is about the legal system, not about the philosophical issue about how to verify that someone actually signed something. Sure physical signatures don't do that, but that doesn't matter. They work well in our legal system. He argues that digital sigs won't.

    So everyone should stop making such a todo about how he's being solipsistic, or techophobic or whatever. He's talking about legal issues.

    -Dan

  • Since your only interaction with the world is through your senses, how can you verify that it is as it seems, or even exists at all; /without/ using your senses?

    I have an alternate answer. A three dimensional world such as one you think you percieve percieve is an excellent model for explaining the things we smell, taste, feel, hear, and see. Whether it is True to so-called Reality or not, as a model it allows us to with tremendous accuracy predict results of a lot of neurological activity. Certain impulses consistantly cause an image of a fast-moving hand to appear in front of my face shortly followed by sudden pain. I don't care if light IS a wave or a particle, just that I can make it do what I want. So, while solipsism may provide one model for our stimulus interactions, it is not nearly as useful as the more obvious model.
  • The alarm systems were digital signal encrypted supposedly keyed to only one transmitter--That is haow, or maybe you think that a car alarm is like a walkie talkie keyed for any handshake from a cb signal?
  • He might, but I really dident see it in this article.
  • They have the original, you do not. They measure some property of the final signal. They make inaudible changes to the original signal such that the measurment of the property of the final signal is the watermark. If you don't have the original, there is no guarantee you can find the watermark. Making this watermark so that is survives lossy compression and such is more difficult.
  • Right, and Schneier's understanding of the legal issues isn't a whole lot better than the average lawyer's understanding of the cryptographic issues .. which is to say it's not good.

    In particular, he seems to be completely unfamiliar with the rules of evidence or the role of fact-finders within the legal system.

    That information isn't unavailable - it's in libraries. Evidentiary Foundations [amazon.com] by Ed Imwinkelreid or any of the Evidence [amazon.com] treatises by Laird Kirkpatrick and Christopher Mueller might be educational on this topic.

    It's silly for people to make up their own ideas about crypto without first learning about prior work in the field .. and equally (or more) silly for people to make up their own ideas about law without first learning about prior work in that field.
  • What is to keep an somebody from signing something then later claiming that their key was compromised at that point and it wasn't actually them that signed the document?

    The same thing that keeps people from using your private key in the first place..... the passphrase. Without the passphrase, you can poke around with the private key all you want. It will not help you. (Unless you have a really bad passphrase)

  • Without the passphrase, you can poke around with the private key all you want. It will not help you.

    That's what keystroke loggers are for.

  • I can't comment on the digital signature laws of the various states, as I have not read them. However, the federal one does not make digital signatures any more valid than written ones. All it says is that no document may be invalidated because its signature is electronic rather than written.

    To give an example: Under the Statute of Frauds, a contract for the sale of goods valued at over $500 must be in a signed writing to be enforceable (Uniform Commercial Code, sec. 2-201). Now, with the federal e-signature law, the writing can be signed electronically, and the contract will not be invalidated just because of the fact that it has an electronic signature.

    This does not change any of the rules of proof in court. The electronic contract in the above example would still need to be authenticated in the same way as a paper contract.

  • Nothing is tamperproof except a stand alone machine, but then you can't verify keys. Did you really sign, or did your "tamper proof" thingy do it? Did anyone, or have you fooled the notary?

    Where is the record of the event? Is your private key unique like a real signature, or do you have many?

    Why would you want to replace a standard document that can be seen, handled and read without the aid of an expensive machine? Standard contracts are unambiguous, routine and far less prone to deletion.

  • Fraud, in this case, is a highly subjective thing. Picture signing several forms, most of which are legitimate and one of which is the release form. If the person actually delivers something to you, asks you to "sign these forms", and you do, where is the fraud? He's not claiming that (all) the forms are for the delivery.

    Such tactics are, so I am told, routinely used by paparazzi and other photographers to get "permission" to sell otherwise personal pics. I'm not saying they can't be taken to court, just that establishing fraud becomes a much more difficult task.

    As a wise man once said, no amount of legislation can protect someone from their own stupidity. Nor should it.

    -TBHiX-

  • How about some pointless speculation?

    You're right that you can't make a mathematical proof, but you can make some reasonable/logical guesses...

    Take bunch of digital data that represents a audio file. call it <A>.

    Add a watermark to it, inaudible, but still detectable (we don't care how it's encoded, but in essence the data should be visible in the digital range. It'd be nice if speakers could not play it, but it's irrelevent.)

    So now we have file <A+B>.

    Let's now do something clever. We apply the latest, best, and tightest audio compression. Choose whatever you want, mp3, ogg, wma, etc.

    We know that these algorithms work by throwing away data that cannot be heard. Frequency masking, volumetric masking, time phased masking, etc.

    So we have that <B> is inaudible, already. Regardless of whether the <B> component is output by the speakers... MP3(<A+B>) => MP3(A)

    So now we have a file that is, arguably, indistinguishable, from the original file <A>, and now no longer has watermark <B>

    The conclusion? Watermarks can be removed without destroying the audible data. That's just how MP3 and such work. If one cannot remove watermarks, then the MP3 encoder must think the watermark is, well, audible!

    We can always try to invert this 'proof',

    The nick is a joke! Really!
  • Tamperproof because it never leaves my possession and because it is designed to be secure. It may or may not be networked- not all protocols require this.

    What's to stop me having multiple signatures in normal life anyway? I don't think that this is a problem- its probably an advantage.

    Standard contracts aren't distributable across a network reliably; they can be modified. Standard contracts most definitely ARE prone to deletion; crytographic protocols ensure that crypto-signed contracts AREN'T changed at all after signing otherwise the signature won't verify.

    I'm not saying that crypto-systems are super secure. What I am saying is that they are about the same, and if used with care, can be MORE secure than the other methods used. They are NOT magic-solve-all-your-security issue schemes. But they are useful tools.
  • Here is a nice article [abanet.org] by the ABA (American Bar Assoc) demonstrating that they think digital signatures are better than the 'real thing'

  • by 11thangel ( 103409 ) on Friday November 17, 2000 @09:31AM (#616975) Homepage
    As the article points out, the SDMI contest has no real meaning, other than fame and dough for them. Nothing that can be decrypted can't be cracked. It may be hard, but there is always a way. I especially liked the little point that watermarked files can still be duplicated. It's just like the ID3 tag "copyrighted". A pirate is not very likely to care about the FBI warning on the first part of a copied video tape. Of course, this still doesnt protect the average consumer with the intelligence of a potato, who believes what the company tells them, and goes out to buy all the software for this "copy proof signature". Technology: friend or foe?
  • Sure you can. Mathematics is full of such proofs.

    However, you cannot make something designed to be detected simultaneously undetectable. It's simple logic; a and not-a cannot be simultaneously true of the same property of the same object.

    And anything in a digital format that can be detected can be altered, in extremis by using a hex editor to change specific values.

    So a digital watermark, since it must be detectable under certain conditions, must be removable.
  • by LoKi128 ( 145233 ) on Friday November 17, 2000 @09:32AM (#616978) Journal
    After reading this article I have a few concerns about what this person is talking about:

    1. He mentions that a digisig is less secure than a normal sig because the person does not have to read what he/she is signing. Well, isnt this also the case with normal sigs? How many of you read the contract when you joined your local video club? It is hoped that the person doing the digisiging will have read and agreed the document. Something that could be done about this could be maybe include a signing message, in which you sign the document, and also include a short sentence like "I agree" or "I disagree".

    2. The computer is not a trusted environment. Well, if you dont trust your machine, then thats your own problem. I trust mine, because I take care of it remaining trusted. Sure, some assumptions have to be made, but one thing is caution, and another paranoia. I am SURE that at this moment I have no backdoor programs running in my Win98 system. I also know that I have no Office virii in here either. This is not only due to the antivirus software, but also to my downloading/trusting habits. I also have to make the assumption that Win98 itself is not sending data to someone else, but then that becomes the stuff of legend amongst the MS haters.
    Point is that forgery and thievery occurs in the real world and in the digital world. The idea that a program will sign another document when you didnt tell it is akin to telling you to sign with a pen a peice of paper and having underneath it a carbon paper and another document with the signature line in the same place, but saying something else. Or hell, even easier, just beating you until you sign a paper or you die.

    This sort of fear towards technology is nothing new, but it is shocking to see who is displaying this fear in this case.

    The problems presented in this article are not computer problems, but rather human problems, and the lack of ethics in the world of today (and yesterday too).
  • by Anonymous Coward
    The problem, as the article noted, is that you can't prove who used the computer, or even which computer was used.

    The only thing that you CAN trust is the key (and only to the extent that that particular public key encryption method is secure. RSA, for example, is only as secure as the product of two primes is against being reduced.)

    So, how to make digital signatures more "secure" and more tracable? One solution, again, as the article noted, is to have the whole signing mechanism offline and on a PDA device.

    However (once again, as the article noted), you can't necessarily trust the software or hardware to do what you expect.

    The only way round this would be to have a PDA device with fixed software & hardware, which was mathematically proven "correct" and "trustable". Instead of having generic apps run on the device, the device would ONLY read/write documents, never code.

    This would require a near-universal format for documents (so that the PDA could allow the user to verify what it was they were signing). Pockets filled with 1001 cards for memberships, stores, cardkey locks, etc, are bad enough. Imagine having 1001 PDAs stuffed in there, as well!

    A universal document format is unlikely to happen in my lifetime, even if workable whole-body crypgenics did.

    Having said that, let's play-pretend that Microsoft and SUN will some day learn to play fair with everyone else, and that someone is willing to go to the effort to develop a proven, tamper-proof PDA to the former A1 standard, with sufficient screening to block any remote scanning, such as TEMPEST, sufficient memory to hold entire documents in RAM, sufficient ease-of-use to be practical, and biometrics to validate the operator.

    THEN, we can talk about digital signatures which can be sensibly matched to the signer.

  • Moreover, it's logical, if not proper, English.

    "I am." Perfectly logical.
    "It is." By extension, equivalent.
    "It isn't." Simply a negation.

    The verb "to be" is just that, a verb. It does not require an object or an adjective.
  • Maybe we should try and get a few test cases into court to set precident that these "signatures" are not valid.
  • There was a thread about this on the vuln-dev list as well:

    hacksdmi? [securityfocus.com]
  • by The Raven ( 30575 ) on Friday November 17, 2000 @10:13AM (#616984) Homepage
    It is the cost of entry to forgery that is the basis by which we can judge any signature method. Creating a well forged signature is difficult... you must know the person well, or have lots of practice forging their signature (or all handwriting). Bribing a notary republic is expensive, can can blow up in your face. And for all of these activities, they are not what most people consider 'fun and involving', or practicing the skills required a particularly safe thing to be caught doing. However, with digital signatures anyone who has access to a computer lab has access to the tools required. There is a large society of hackers who enjoy trying to take apart encryption methods, and exploits are often posted publicly up for all to see. Well known exploits have programs written specifically to take advantage of them, allowing barely skilled users to utilize the security flaws. Thus, the cost of entry for digital forgery is lower than the cost of entry for physical forgery. The chances of detection are lower, and the ability to hide your tracks is greater. This is why digital signatures must have a much GREATER security level than normal ones, and the differences inherent in how they are, and are not, secure from written signatures should be well documented and publicised. Raven


    And my soul from out that shadow that lies floating on the floor
  • I liked the comment on solipsism.

    The only way to build more trust (not build trust, just more) into the system is if the digital signature captures the info of where it was created, when it was created, and what program it was created on. Timestamps and logs, essentially.

    This just boils down into the whole trust issue, however. Someone somewhere must place trust into the system. For the signer, that the system works as it is proposed. For the unsigner, that the signer packaged and signed the parcel in good faith, and that no tampering was done. In the digital world, it's possible to forge and copy with much better fidelity than it is in the real world. In the real world, it takes masterful manipulation of real things.

    In the digital world, it is only bits. Which can be hacked, copied, and played around with.

    Which means that digital solutions have to be created to make hacking, copying, and forging that much harder. Not that it will be impossible, just that it will be more of a deterrent.

    The nick is a joke! Really!
  • From dictionary.com, a definition of solipsism...
    1.The theory that the self is the only thing that can be known and verified.
    2.The theory or view that the self is the only reality.

    As far as I understand it, this 3 dimensional world you speak of is a construct of the self called Cuthalion. Your statement then, that it is an excellent model for explaining everything, is the point of solipsism. That everything we know is just a model of reality, and that reality itself cannot be be known without our senses.

    If I understand solipsism correctly, each person can only ascertain their own reality (by assuming that they trust their senses).

    To share their reality with other people is another trust exchange. Once we have shared realities, we can construct another reality, a second level of reality, that we both believe because it fits with the first level personal model of reality.

    Perhaps you can be more clear; what about solipsism don't you believe in?

    The nick is a joke! Really!
  • So you trust your Windows 98 computer...

    I think the relevant thing is how much you trust it. I mean, I trust my Win2K machine at work enough to read my hotmail, and even order things from CheapBytes and other web sites, typing in my credit card number each time. The risk is limited - someone could get my credit card number, but so what - the waiter at the Keg could get my credit card number too. VISA limits my liability there.

    But I don't trust it (or even my heavily firewalled home computer) enough to do on line banking - if that was compromised, my entire bank account could be wiped out, my line of credit maxed out, and it would be a lot more difficult to recover, especially with "digitally signed" transactions proving that I really meant to do all that!

    My point is, the term "trusted environment" is not a true/false description: it is a matter of degree.

    The article (the author is Bruce Schneier, btw) sort of mentioned this as well, when he referred to transactions that have a monetary value too small to worry about...


    Torrey Hoffman (Azog)
  • The problem is that the watermark has to survive obvious variances in encoding- for example, compressing into an MP3 or OOG file. Or being piped out a speaker into a D/A and re-recorded. In other words, the encoding *has* to have and audible effect. One of the first things MP3 encoders do is throw away all non-audible data- and there goes your watermark.

    They need three states to be detectable- "I'm a (legal) uncopied watermark", "I'm an (illegal) copied watermark", and "I'm not watermarked". The third is necessary if they are not insisting that all non-watermarked media (i.e. all songs and recordings already in people's hands) cannot be played.

    The problem is that all steganography (which watermarking is just a practical application of) depends upon it's existance being unsuspected. If I even *suspect* that steganography is being used, I can replace the steganographic data channels with data of my own.

    Take the classic steganography example- transmitting text hidden within a GIF, where each bit of text replaces the low-order bit of a single pixel. If I even suspect that this is occuring, I can go through and change each low order bit to 0, or to a random value. This is the equivelent of jamming a radio frequency by broadcasting noise. Goodby steganographic channels.

    Or, to take your example, if they used inaudible phase shifts or volume changes, I just go through and eliminate all inaudible components of the music, and add my own (random) inaudible phase shifts and volume changes.

    So all I would need to do in this case is replace the steganographic channels which encode "I am a watermark" with data that says "I am not watermarked" and everything is gravy.

    Notice that both "transmissions" on steganographic channels changes the data. The picture is not the same. The de-watermarked version *by definition* will be different from the watermarked version. And the watermarked version will also be different from the original, pre-watermark version. With some cleverness you could make the de-watermarking processes end up closer to the original than the watermarked version (instead of shoving in random data, you guess what you think the original data might have been before watermarking). But this is irrelevent, as they are measuring difference from the watermarked version, not the original. If adding the watermarking is audible (as it almost certainly has to be, see above), then removing it- even removing it perfectly and returning the true original recording- fails the test because it is audibly different from the watermarked version.

    The other alternative is to combine the categories of "I am an (illegal) copied watermark" and "I am not watermarked"- making all existing (non-watermarked) media instantly obsolete. Note- I wouldn't put this past them. Simply purchasing a legal copy of IP does not imply the legal right to play back that IP- notice that you cannot play a legal (non-pirated) DVD on a legal DVD player if the two come from different zones. And simply because you own the White Albulm and can play it *now* does not necessarily mean you will be able to do it ten years from now. What, did you think you had *rights* or something?

    Brian
  • by unformed ( 225214 ) on Friday November 17, 2000 @09:37AM (#616995)
    my opinion on written signatures vs digital signatures is that, in the end, they both rely on a bsic concept: trust in the sytem.

    Digital signatures trust that the computer is reliable, and that no one else has access to the signature. Digital signatures can be copied.

    But, so can written signatures. The articles states that a written signature guarantees contact between the signer and the document. What about forgery?

    The article also mentions that public notaries are often used for important documents. Public notaries are people too; they can be bribed.

    There is no truly secure method of signing a document, of encrypting information, or anything else of the sort. Anything and everything can, and will, at some point be broken.

    As it stands, PGP is fairly secure. Current computers can not current perform the mathematics required to break a PGP encryption in a reasonable amount of time. However, when quantum computers are available, PGP will be useless.

    Although the advent of quantum computers will also bring about quantum cryptography, which has been labelled as "unbreakable."

    True, the concepts regarding quantum physics would currently render the encryption unbreakable, who knows what technologies may later emerge?

    As of yet, only one encryption method has been proven to work flawlessly, and it's not even encryption: it was the translation of English into Navajo during World War II.

    (For more information on these subjects, read Singh's -The Code Book- ... an excellent book, i might add)
    --------------
  • by Crutcher ( 24607 ) on Friday November 17, 2000 @09:37AM (#616996) Homepage
    Well, not really, but this is the basic solopsistic problem.

    Since your only interaction with the world is through your senses, how can you verify that it is as it seems, or even exists at all; /without/ using your senses?

    The best answer that anyone ever came up with is "I refute it thus" and kicking a rock. (not making this up). In reality, there is no true answer, indiviudals must make the "leap of faith", or the "leap of presumption" at least, and presume that the world is more or less as it appears to be.

    Since true signatures validity can only be 'proven' by either A) testimony to the fact (which doesn't really require the signature, after the testimony) or B) the voice of 'experts'; the 'experts' can be cryptography experts, and can, like the hyndwriting experts, testify about the /probability/ of error.

    And it is ultimately only about how probable it is, since you can't prove anything.

    -- Crutcher --
    #include <disclaimer.h>
  • The paper-digital signature analogy is very valid. And it is often ignored, often in the name of improving E-commerce, or more recently, with digital signatures being advocated as authentication for electronic voting. The important thing is that both are subject to tampering. Unlike with a signature on paper, which is very hard to duplicate exactly with another person using a pen, and where copies are obvious (i.e. a photocopy would have trouble passing), digital 'signatures' can be made exact without detectability provided that the manner in which your private key was stolen is no longer apparent. In addition, courts, judges, and police are unlikely to understand these issues.

    These are important issues to consider. Perhaps one day we will be required to use digital 'signatures' on a regular basis to conduct normal everyday business -- perhaps the software used will be a propietary system provided by one company (let's call this company Macrosoft for purposes of illustration). Now if the single company Macrosoft provides the software, and due to trade secrets there's no proper external review of the software, and anti-hacking treaties make white hat review impossible, perhaps one day we will live in a world where those with the knowledge can commit easy forgeries and impersonate others, and the citizenry will be powerless to do anything.

    Digital Signatures: Be careful what you ask for, as you may get it.

    --

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Working...