p2pnet - rss feed: Audible Magic’s ’silver bullet’
p2pnet.net News:- We’ve written frequently about the RIAA’s Audible Magic ‘filter’ software.
We say “RIAA’s” because the Big Music US enforcer has been promoting it as if it owned it with RIAA boss Mitch Bainwol as chief salesman.
The EFF (Electronic Frontier Foundation) has some interesting ideas …
Encrypt the data transfer with a one-time session key.
Change the TCP/IP stack to better defend against spoofed TCP RST packets
Now read on >>>>>>>>>
Audible Magic - No Silver Bullet for P2P Infringement
By Chris Palmer - EFF staff technologist
The Recording Industry Association of America (RIAA) has been touting technologies offered by Audible Magic as the cure for peer-to-peer (P2P) file sharing on university (and high school!) campuses. The company has also been making the rounds of congressional offices in Washington, DC, talking up its technologies as a silver bullet for P2P infringement.
While we at EFF support universities taking steps to educate staff and students about copyright law and to control excessive bandwidth usage, it is important that universities are not sold expensive, ineffective solutions simply to appease the public relations needs of the RIAA. It is also important that policymakers not be misled by the bullish pronouncements of the RIAA and Audible Magic regarding the effectiveness of “acoustic filtering” technologies.
Information from public sources suggests that Audible Magic’s filtering technology is trivial to defeat. For universities, this means an investment today may well be worthless tomorrow. Policymakers, meanwhile, would do well to examine all filtering technologies closely before putting faith in the promises of vendors. A close look at Audible Magic’s technology suggests that its filtering is no silver bullet.
Acoustic Fingerprinting - How It Works
Audible Magic’s CopySense, a network appliance product, examines network traffic at the content layer - that is, it analyzes the actual file transferred in an application-layer transaction. In order to determine whether the content is a copyrighted song, CopySense treats the content as audio and analyzes its acoustic properties. It examines only a small portion of the content, extracting an “acoustic fingerprint.” This fingerprint is then matched against the fingerprints of copyrighted musical works in a pre-compiled database. Audible Magic boasts a database of more than 3.7 million fingerprints, growing continually.
This method is a clear improvement over earlier “hash”-based filtering approaches. With those earlier approaches, changing even a single bit in a file would frustrate efforts to match the file to a pre-calculated hash. Audible Magic’s approach should be more robust against this kind of subterfuge. As detailed below, however, Audible Magic’s technology can easily be defeated by using one-time session key encryption (e.g., SSL) or by modifying the behavior of the network stack to ignore RST packets.
Network Topology
An engineering goal of Audible Magic’s network appliance is to add no additional latency to the network. Therefore, it cannot be interposed between the client and the server, as it would be in traditional firewall or filtering proxy deployment. The network appliance is installed as a peer to other hosts on a network segment, not as a gateway or bridge. The segment is configured such that the appliance can sniff all traffic going over the link layer fabric.
Application of Policy
To block transmission of content the Audible Magic network appliance deems copyright-protected, it issues spoofed TCP RST packets to disrupt the data transfer between client and server. CopySense™ sends spoofed RSTs to both client and server; if either client or server is successfully attacked, the file transfer will stop.
Thus, it is not capable of implementing more nuanced policies such as traffic shaping — in particular, it can only:
- disrupt data transfer;
- log the data transfer event; or
- alert an administrator of the event.
(Enough content must pass over the wire for the Audible Magic network appliance to make a determination of the identity and copyright status of the content before it can implement a policy. For more information, see Audible Magic’s White Paper: Managing Peer-to-Peer Traffic with the CopySense Network Appliance. [PDF])
Defeating Audible Magic
There are two obvious ways to defeat Audible Magic’s CopySense network appliance.
- Encrypt the data transfer with a one-time session key. This can be accomplished easily by employing SSL for file transfers. Because SSL is widely used for a variety of e-commerce applications, blocking or otherwise interfering with SSL communications would be problematic for most network administrators.
- Change the TCP/IP stack to better defend against spoofed TCP RST packets. It is not possible to perfectly defend against this attack, and most users will have to wait for an upgrade from their operating system vendor to get any defense at all. Over time, however, it is likely that many systems will incorporate such defense, limiting the effectiveness of CopySense’s mechanism.
Session encryption for file transfers based on ephemeral keys represents a cheap, easily implemented countermeasure that would effectively frustrate Audible Magic’s filtering technology. Based on publicly available information, it does not appear that this vulnerability can be easily remedied. Should Audible Magic’s technology be widely adopted, it is likely that P2P file-sharing applications would be revised to implement encryption. Accordingly, network administrators will want to ask Audible Magic tough questions before investing in the company’s technology, lest the investment be rendered worthless by the next P2P “upgrade.”
Sources
Audible Magic White Paper: Managing Peer-to-Peer Traffic with the CopySense™ Network Appliance [PDF]
TCP/IP Illustrated, Vol. 1 by W. Richard Stevens (Explains the TCP protocol and the function of the RST flag, pp. 246 - 250.)
About the TCP RST Spoofing Attack (Technical explanation of how CopySense™ can disrupt the communication between client and server.)
July 14th, 2004 at 12:05 am
Most of the newly developed P2P protocols and those still in development employ some type of encryption. One of them, P2Pnet.net sponsor Blubster, will soon release a fully encrypted new version (currently in beta testing) due out this summer.
P2P will always continue to adapt and evolve to fight any threat against it. The effect of anti-P2P weapons such as Audible Magic will simply encourage people to migrate from the vulnerable protocols to the secure networks.
July 14th, 2004 at 12:42 pm
“…will simply encourage people to migrate from the vulnerable protocols to the secure networks.”
absolutely, proof is already there, just look at the flight from Kazaa to other P2P apps when it was under siege, principle is already proven.
November 29th, 2005 at 2:02 pm
I wonder what it would do with zipped files. Seems to me compressed and zipped would stop the analysis as well.
April 23rd, 2008 at 10:33 pm
In theory, it could unzip or otherwise analyze files on the fly, but would require
a) significantly more resources to do so in realtime
b) a very large library of possible compression algorithms, and methods to reverse them
c) the ability to constantly update that library as new algorithms and obfuscations methods change.
In similar fashion, the p2p networks could XOR the files, flip all the bits, or otherwise obfuscate them. In practice, it’ll just be easier for us to encrypt our sessions, and there is nothing they can do about it.
April 24th, 2008 at 1:33 am
Wait Wait… the sheer idiocy of this made my head hurt.
The RIAA is suing an ISP because they are not installing the RIAA’s software filter of choice?
I see a number of things wrong with the but primary among this is that its the RIAA’s job to defend its own copywrite, not anybody elses. Just as ma bell is not required to make sure no criminal activities are planned on its network the ISP’s have no obligation to do anything to their networks, certainly not at the behest of a third party, and most definitely not to help said third party stop a civil offence from occouring.
The other big one here is that you cant sue someone into using a specific product, even if a judge went so far as to mandate that the ISP must cooperate with the RIAA (lord knows why) they cannot mandate what program to use to do it.
April 24th, 2008 at 4:44 am
Hmmm, one thing that hits me here is that it doesn’t seem to have any method of seeing if the copyrighted content is legally owned in the first place, i.e a digital download from an online store. Identifying copyrighted material in general is one thing, identifying illegally transfered copyrighted material is something completly different.
If this software will try to interupt every download that is copyrighted then it will interupt legal downloads much more than illegal ones. But it wouldn’t suprise me if this part of there “plan” to get people to buy more hardcopies, since it seems these types of companies have a very hard time to adapt to the digital age and are clinging to an old (and hopefully soon deprecated) distribution method of entertainment content.
April 24th, 2008 at 2:33 pm
Why anyone would install software provided by the RIAA, or use an ISP that will, is completely beyond me.
April 24th, 2008 at 3:12 pm
The issue here is that it is an Irish ISP, and they dont necessarily have the same safe harbor protections that ISPs here in the US have. If we didn’t have safe harbor laws here, we would see plenty of this.