Some Preliminary Thoughts

1

P2P Research and Reality: Some Preliminary ThoughtsZheng Zhang

Microsoft Research [email protected]

AbstractIn this paper, we start by recounting some of the myth and truth of P2P systems. Getting a good understanding of those issuesare good starting points. Even more important will be performing researches that understand the fundamental properties, andthat actually build the environment and forester the creativition of new applications.

1. Introduction

Relatively speaking, P2P research has a short history.However, the amount of world-wide efforts that hasbeen devoted to this topic is impressive. As a result, theunderpinning theories are getting mature. What is alsoencouraging is that researchers from China have alsomade considerable strikes.

Nevertheless, running systems and applications thatutilize the latest theoretical results are relatively lack-ing. Without building real systems and conduct solidexperiments to obtain further insights, it will be hard topush to the next stage.

In this paper, we give a very brief overview of P2P sys-tems (Section 2), and then suggest some research topicsand approaches (Section 3). The paper is hastily puttogether, the references are not complete, and manypoints might be wrong. Nevertheless, we hope this willbe enough to get the discussion going.

2. A simplified view of P2P systems

One definition of a P2P system is that it is decentral-ized and symmetric, from a functional perspective ofeach participating entity. An ideal P2P system, how-ever, should be decentralized and asymmetric – one inwhich more powerful and able peers are providingmore, but the system as a whole does not necessarilyrely on these nodes to function correctly.

There are many ways to slice and dice different P2Poverlays. Let us try a thought-experiment to show that,after all, things are not that different.

Figure 1: The simplest P2P DHT – a ringFigure 1 illustrates the simplest DHT (distributed hashtable, or structured P2P) where nodes line up in a 1-dimension logical space, with every node rememberinga constant set of neighbors to each side in what’sknown as the leafset. Generalizing it to d-dimension

torus, one gets CAN[13] with O(N1/d) routing perform-ance. Adding O(logN) directional fingers whose target-ing nodes are spaced with exponentially increasinglogical gaps in between yields proposals such asChord[18], Pastry[16] and Tapestry[24], with O(logN)routing performance. Adding denser fingers gainshigher performance, all the way to O(1) steps with O(N)fingers, but typically with additional maintenanceoverhead.

There are several important things to pay attention to.First, the most rudimentary data structure in the so-called structured P2P is the leafset, not the fingers.Fingers are there purely as routing optimizations, withthe sweet-spot being O(logN) fingers. While leafsetmaintenance has to employ failure detection mecha-nisms (i.e. periodical heartbeats), there exists differentapproaches to update fingers. For instance, the 1-hopDHT[1], XRing[21] and SmarBoa[8] all use multicastto update fingers. Second, the quality – instead ofquantity, of the state (e.g. leafset and finger table) mat-ters more. Stale entries will result in routing timeoutwhich may cost 10x more than a routing hit. Third,depending on the application scenarios and contexts,we should pragmatically choose different DHTs. For anenvironment where churn is low or when scale is lim-ited, 1-hop DHT makes perfect sense. There has notbeen a one-size-fit-all proposal, and doubtful if there isone with low complexity. Finally, a perfect 1-hop pre-sents an interesting design point, in that it is equivalentto an eventually reliable global membership service,and can be a building block for large and scalable dis-tributed system.

If we now remove the leafset and let the fingers be bi-directional, we arrive at what is known as unstructuredP2P. The distribution of fingers in unstructured P2Pcan be different, and so are the construction, tuningand maintenance of the fingers. Arguably, anyGnutella-like protocol may be significantly simpler,compared with any of the well-known structured P2Pproposals. The absence of leafset dictates that the onlysemantic that can be reasonably supported is queryflooding. For the most up-to-date research results,please refer to [7].

xp q

zone(x)=(ID(p), ID(x)]

R0(x)

2r+1

Proceedings of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business (CEC-East’04) 0-7695-2206-8/04 $ 20.00 IEEE

2

From the above discussion, it is clear that we alwaysdeal with a graph. Whether there is a leafset to guaran-tee the integrity of the space is the key differentiationpoint. Hence, one can build a structured P2P but use itas an unstructured P2P [3], or augment an unstructuredP2P with a leafset to provide DHT functionality. Thelatter is something we have been working on.

3. Potential research topics

3.1 Understanding the fundamentals

Before we build applications, it is fruitful to get a senseof what guarantees that the underlying infrastructureprovides and whether they meshes well with the re-quirements of the applications, if at all. The “pick two”paper [2] is compelling precisely because it pointed outquantitatively (even with a back-of-envelop approach)what many have suspected, that it is impossible to builda large-scale and highly-available P2P storage systemwhen peers constantly come and go (e.g. Ocean-store[9], Pond[15], CFS[4], PAST[17] and Ivy[11]),which is a hopeful candidate that will amount tonothing short of a breakthrough if successfully built.

To give some other examples, considering tuning prox-imity of overlay neighbors. The goal is to “align over-lay topology with that of underlay (IP)” so as to obtainbetter performance with lower tax on network resource.It is also well-known, however, that this comes with ahefty price when resilience of the network is consid-ered, especially for unstructured P2P overlays. Aggres-sive tuning will tend to make the system more fragile,in that the connectivity can be broken if nodes (effec-tively) connecting islands of nodes leave or are underattack. If the system relies on some nodes more thanothers, this indeed violates the P2P spirit to start with.The amount of work proposing various tuning tech-niques far outweighs those that do take that into ac-count; and we still lack the knowledge of just whenpushing for performance will become dangerous.

Problems in structured P2P can be even more. Given akey k in the logical space, two queries that lookup kwill return different nodes that owns k and this canhappen because: 1) node dynamism – the space that kresides has undergone ownership change and 2) thereare network jitters such that different nodes can simul-taneously claim ownership of k. From a system re-search perspective, it is an interesting question as whatproperties that even the simplest get/put APIs hold: forinstance what is the bound and guarantee of livenessand safety?

It is possible to adopt some practical measures to buildapplications without digging deep into the system prop-erties. For instance, it is a popular proposal to keep theinvariant such that a number of consecutive copies arekept following the root of k, as exemplified byDHash[18]. Yet, as [2] points out, enforcing thisinvariant for the ambitious design point (dynamic,large-scale, highly-available and wide-area) can beprohibitively expensive. Therefore, a more practicalapproach may be the one advocated by Tapestry[24], inwhich the upper-layer application manages the avail-ability of the objects all by itself, and uses the P2P as arepository of soft-state data storing pointers. Thepointers need to be continuously refreshed.

From the above discussion, it then becomes clear that itis not interesting – and indeed can be quite misleading,to talk about overlay maintenance overhead in an iso-lated fashion: if one adopts the leafset replication ap-proach, the traffic dedicated to maintaining the invari-ance must be taken into account; if, instead, we adoptthe approach of soft-state pointers, then the republish-ing traffics are to be included. These traffics are indeednot part of the overhead maintaining the overlay topol-ogy, but exist if the infrastructure is to serve any statefor the application. It is not very meaningful to talkabout the overlay maintenance overhead alone[10]. If itturns out that traffic to maintain application stategreatly dominates that of maintaining the topology,then the practicality of the structured P2P is question-able.

Optimizing the routing performance (by picking upneighbors carefully) and reducing the base of O(logN)routing are well-understood. It will make minor contri-bution to propose yet another (or several more) O(logN)DHT. The larger challenge is to figure out the bestperformance given that heterogeneity is well explored.Yet this pales in comparison to the need ofunderstanding what “overhead” truly is, its magnitudeand impacts.

3.2 Pulling through new applications

3.2.1 Switching the context

Today’s P2P researches have mostly rooted in wide-area context, and this is due to several factors: thespectacular rise and fall of Napster (which gave birth toseveral more content sharing systems), and the dis-tributed system research community’s quest to find amuch tougher environment and hence more challeng-ing research topics.

This is not the only context that P2P technologiesshould be applied to. Switching the context means that


3

we can and should let go some of the more popularscenarios and drive towards the core of the technologyofferings. For instance, the fundamental attributes thatP2P have brought to the table – self-organizing, self-managing and self-healing etc., are extremely useful toreducing the management overhead of large IT infra-structures’ TCO (total cost of ownership). As theROC[12] (Recovery Oriented Computing) initiativepoints out, it is time to focus away from performanceand onto manageability and reliability. In a worldwhere commodity components will prevail to be thebuilding blocks of large systems, failure will be normrather than exception [6]. Thus, challenges and oppor-tunities are abundant even in the machine-room sce-nario: how to easily plug-in a new box and let it beintegrated as part of the system, and with what speed?How to detect a failed component and make sure thatno data are lost? As data will surely outlive the hard-ware, how to gradually drop in new generations ofhardware and let the older ones phase out, all without aglitch to the users? These are hard and interestingproblems which have immediate and practical implica-tions. We have designed and implemented several self-organizing distributed storage that can scale from onebox to 100K [22][23], and our experience has taught usat least one thing: that it is not at all trivial to buildsuch a system.

We can also switch the context to the wireless and sen-sor network setting, where the challenges are quitedifferent: range and reach matters, proximity matters,and probably most important to all – power consump-tion matters. Again, self-organizing is key. While it isnot immediately clear how current P2P research resultscan bear fruits, we are aware of several works that ap-ply the O(logN) DHT and routing to these settings.These approaches are somewhat misled because that ifone is willing to let go the sexy O(logN) label, it be-comes obvious that mesh and hence a 2-d CAN wouldhave worked out the best.

3.2.2 Sharing content responsibly

The number one P2P application is content-sharing.While many works have devoted to improving the per-formance and search, the larger question is whether thesharing is amenable to the call of being responsible in ahuman community. If we are to question what arebeing shared, a large fraction of content will be porno-graphic materials, pirate copies of entertainment clipsand software. This is problematic.

It will be easy to duck one’s head under the sand andpretend that these are not the problems that the re-search community ought to solve; it would be even

somewhat “heroic” to come up with novel techniquesthat would get around the counter-measures: the recordindustry has mounted some trivial but effective attacksby simply polluting the system with corrupted copies.Granted, the P2P content sharing has its place as ahigh-tech mirror of old-times underground circulationof anti-censorship materials1. Yet, sharing content in aresponsible way has far-reaching implications: if soft-ware and other intellectual properties are not protected,so won’t be the future of the budding Chinese softwareindustry.

It can be very difficult technically, but doing content-sharing and yet allowing some degree of DRM (digitalright management) seems ripe to be tackled. Probablythe first that is required is to define the appropriatescenario. The P2P content sharing can continue toserve as the distribution venue, should we then addenforcement in the content itself, or in the P2P systemto give the possibility of tracking the flow? The idealcase should be a win-win situation: those who contrib-uted to the content (artists and the record industry,software vendors) get their due, and the users find iteasy to obtain the trial copies and, if they indeed enjoythem, pay as they go. Notice that this does not neces-sarily break the functionality of anti-censorship sup-port: authors can anonymize their contents, but it oughtto be possible to track those who injected piratedcopies.

3.2.3 Harness the computing power

seti@home is a telling story of how many idle re-sources there are and how much power lies therein: itis the biggest computer on the planet.

Thus, P2P computing continues to be an interestingresearch area. It will be great to find the nextseti@home application. However, for system research-ers, the more interesting problem is to find applicationsthat are not embarrassingly parallel to start with. Forexample, there are many large scale simulations thatrequire a process to communicate to a set of other proc-esses. It is then a mundane requirement that theseneighbors are connected among them with low-latencyand high-throughput links. This requires techniques ofpositioning and finding peers, and which has so far notbeen used much (DHT of course uses this heavily, butagain DHT itself lacks applications). There are severalother non-technical factors: the source of the computa-tion should have the incentive to publish the initial setof data free to every participants, and the results of

1In the 70’s of last century in China, this is the primary form of passing

poetry and other literature bits – by hand and underground.


4

computation is of some interest and value to the gen-eral public – think of real-time weather prediction in atight schedule or, in the other extreme, into a very longfuture (e.g. 5 years ahead); think of rendering of theevolution history, or simulating a human brain.

3.2.4 Finding other applications

In his keynote speech at SOSP’99, Butler Lampsonstated that “the biggest mistake of the system researchin the past 10 years is not having invented the Web.”So, what can we do right this time?

We should enable a testbed which is open for everyoneto try. If we are not that creative to foresee the newbreed of applications, let us at least contribute by set-ting up the stage. In summer of this year, MSR-Asiaand NSFC will co-found a wide-area, windows-basedtestbed called ImagineONE.net. With Butler’s re-minder in mind, the codename can not be more appro-priate. This testbed is not to be built in one day, andthere are many hard problems to solve. They range allthe way from resource-isolation issue on a single ma-chine among simultaneous experiments, to appropriat-ing distributed resources per single experiment, and tobuilding other necessary tools. Researchers in Chinahave already accumulated many great experiences do-ing Grid computing, it is hopeful that some of thetechnologies can be leveraged.

There are many interesting P2P applications in the webscenario, such as searching[14], spam fighting [25],even troubleshooting [19]. It will also be useful to see ifP2P can be used as sensors in the network to detectworms and viruses. Collaborative and interactive learn-ing, P2P gaming etc. are also interesting scenarios.

3.3 Learning through building

It is encouraging to see that researchers in China havequickly caught up. However, most results are math-ematic deductions or simulations. Also, topics such asO(logN) DHT that are getting increasingly lukewarmacceptance in international research community arestill pursued with great rigor. What is perhaps moretroubling of all is that there is a lack of concerted effortto actually build and deploy P2P applications. With orwithout an open platform such as ImagineONE.net, itis important to realize that we only learn throughbuilding, especially at this stage when theories are get-ting mature, and that we don’t get to the next stage ofinsights unless we engage more hands-on practice.

When we do build the system, it is critical to performconcrete experiments to mine the lessons and insights,and make traces and logs available for the community

at large. Platforms such as MAZE from Beijing Uni-versity are ripe for this kind of activities.

4. Conclusion

For system research, theory and practice go hand-in-hand. Furthermore, practice to build application de-pends on the practice to build infrastructure, and thereis a reverse dependencies between the two. P2P systemsare fun to study and build, and it is time to examineand take actual steps to cover these grounds.

References

[1] Gupta, A., Liskov, B., and Rodrigues, R. “One Hop Lookups for Peer-to-Peer Overlays”, HotOS IX, 2003, Hawaii, USA.

[2] C. Black, R. Rodrigues, “High Availability, Scalable Storage, DynamicPeer Networks: Pick Two”, HOTOS’03.

[3] M. Castro, M. Costa and A. Rowstron, "Should we build Gnutella on astructured overlay?" HotNets-II, Cambridge, MA, USA, November 2003.

[4] F. Dabek, M.F. Kaashoek, D. Karger, et al, “Wide-area cooperative storagewith CFS”, SOSP’01.

[5] S. Frolund, A. Merchant, Y. Saito, et al, “FAB: enterprise storage systemson a shoestring”, HOTOS’03.

[6] S. Ghemawat, H. Gobioff, S.T. Leung, “The Google File System”,SOSP’03.

[7] Krishna P. Gummadi et al. “The Impact of DHT Routing Geometry onResilience and Proximity,” Sigcomm’03.

[8] J. Hu, M. Li et al. “Smartboa: Constructing p2p Overlay Network in theHeterogeneous Internet using Irregular Routing Tables,” IPTPS’04

[9] J. Kubiatowicz, D. Bindel, Y. Chen, et al, “OceanStore: An Architecturefor Global-Scale Persistent Storage”, ASPLOS’00.

[10] R. Mahajan, M. Castro and A. Rowstron, "Controlling the Cost of Reliabil-ity in Peer-to-peer Overlays", IPTPS'03

[11] A. Muthitacharoen, R. Morris, T. M. Gil, et al, “Ivy: A Read/Write Peer-to-peer File System”, OSDI’02.

[12] D. Patterson, A. Brown, P. Broadwell, et al, “Recovery Oriented Comput-ing (ROC): Motivation, Definition, Techniques, and Case Studies”, UCBTechnical Report No. UCB/CSD-02-1125.

[13] S. Ratnasamy, P. Francis, M. Handley, et al, “A Scalable Content-Addressable Network“, SIGCOMM’01.

[14] Reynolds, P. and Vahdat, A.. “Efficient Peer-to-Peer Keyword Searching”.Middleware, 2003.

[15] S. Rhea, P. Eaton, D. Geels, et al, “Pond: the OceanStore Prototype”.FAST '03

[16] A. Rowstron, P. Druschel, "Pastry: Scalable, Distributed Object Locationand Routing for Large-scale Peer-to-peer Systems", IFIP/ACM Middle-ware’01.

[17] A. Rowstron and P. Druschel, "Storage management and caching in PAST,a large-scale, persistent peer-to-peer storage utility", SOSP’01.

[18] I. Stoica, R. Morris, D. Karger, et al, “Chord: A Scalable Peer-to-peerLookup Service for Internet Applications”, SIGCOMM’01.

[19] Wang J. H. et al. “Friends Troubleshooting Network: Towards Privacy-Preserving, Automatic Troubleshooting”. In IPTPS’04

[20] Q. Xin, E. L. Miller, T. Schwarz, et al, “Reliability Mechanisms for VeryLarge Storage Systems”, Mass Storage System’03.

[21] Z. Zhang, Q. Lian, Y. Chen, “XRing a Robust and High-Performance P2PDHT”, Technical Report.

[22] Z. Zhang, S.D. Lin, Q. Lian, et al, “RepStore: A Self-Managing and Self-Tuning Storage Backend with SmartBricks”, ICAC’04.

[23] Z. Zhang et al. “BitVault: a Highly Reliable Distributed Data RetentionPlatform”, paper under submission.

[24] B.Y. Zhao, J. Kubiatowicz, A.D. Josep, “Tapestry: An Infrastructure forFault-tolerant Wide-area Location and Routing”, UCB Technical ReportNo. UCB/CSD-01-1141.

[25] Zhou, Feng et al. “Approximate Object Location and Spam Filtering onPeer-to-Peer Systems”. Middleware 2003.


Peer-to-peer Direct Sales

Adam Wierzbicki

Polish-Japanese Institute of Information Technology [email protected]

Krzysztof Goworek

Warsaw University of Technology

Abstract

The article describes and gives an economic analysis of a business model for commercial content delivery networks (CDN) based on the Peer-to-Peer model. The content is stored in the CDN on the hosts of the peers. An user pays for access to the content, and can sell the content to other users as in a direct sales net-work. The content trade is a free market. Transac-tions (including billing and accounting) are handled by superpeers, who receive a markup for their ser-vices and pay the content provider a gratification for every transaction. The system makes use of reputation mechanisms with a goal contrary to most P2P re-search: to promote content trading and discourage sharing for free. The article compares the profit ob-tained by the content provider in a client-server CDN and the P2P CDN, and analyzes the stable-state prices in a P2P CDN.

Keywords

Peer-to-peer, content delivery, direct sales, economic

model, free market, reputation

Introduction Lack of business models for P2P systems has been

frequently discussed as a factor that limits commer-

cial applications of the peer-to-peer model. On the

other hand, P2P file sharing networks remain popular

and continue to develop new technological solutions.

The wide use of P2P file sharing can have a real eco-

nomic impact as well, since it may lead to losses of

content provider sales and as a result, to increased

prices [1] (although some studies show that there is

no such impact [5]).

In this paper, we wish to explore an emerging busi-

ness model of a commercial P2P content delivery

network (P2P-CDN) [22, 23]. We shall attempt to

present an economic analysis of such a system, and to

compare the profits of content providers in a P2P

CDN and a client-server CDN (C-CDN).

We are also interested in seeing whether there exist

economic reasons that lead to a distribution of the

content for free, or whether such a distribution is not

a necessary economic solution and can be prevented

by system design.

We will introduce a concrete model of a P2P-CDN.

This model follows the design used by most popular

P2P file sharing networks (a network with super-

peers). We then discuss an economic model of the

system and analyze a steady-state solution of this

model, discussing the effects of price relations, com-

paring profits in a P2P-CDN and a C-CDN.

We also analyze systematic mechanisms (such as

reputation) that can be used to motivate peers to re-

quire payment for the content, instead of distributing

it for free. An innovative feature of our P2P-CDN is

that it can use the income of a peer as reputation.

Such a reputation mechanism has several desirable

properties that artificial reputation mechanisms lack.

Also, it is used for a different purpose than most repu-

tation mechanisms in the literature of P2P file sharing

systems: to encourage trading of content, and dis-

courage sharing of content for free.

The P2P Content Distribution System In our work, we have assumed that the P2P content

distribution system is designed similarly to the most

commonly used contemporary file sharing networks.

For that reason, we have not considered DHT net-

works [18,19,9]. Our design resembles closely the

BitTorrent network (a superpeer model). It is not the

purpose of our work to introduce innovations in P2P

system design; rather, we wish to explore the eco-

nomic foundations for a business model of such a

system. In order to discuss economic issues, we re-

quired a concrete idea of how such a system would

work.

There already exist commercial examples of P2P-

CDNs (that use the superpeer model). The Potato

System [23] is the closest in spirit to the P2P-CDN

considered here; however, it uses a complex licensing

model that makes economic analysis difficult.

Proceedings of the Fifth IEEE International Conference on Peer-to-Peer Computing (P2P’05)

0-7695-2376-5/05 $20.00 © 2005 IEEE

Figure 1 — Model P2P content distribution system; OSi—Origin Server, SPi—Super Peer, Pi—Peer

Centerspan [22] is a company that uses Digital Rights

Management (DRM) in its P2P-CDN. In our work, we

show that increased user participation in legal P2P con-

tent distribution is one of the main sources of increased

profits for the content provider. We believe that the use

of DRM would discourage such participation, besides

being ineffective against serious attempts of intellectual

property theft. For that reason, we have not considered

the use of DRM in this paper, although we do not ex-

clude the possibility.

A schematic view of the P2P content distribution system

is presented on Figure 1. Some functions that have been

simplified on this diagram (like content purchase and

billing) will be described in more detail further on.

The system consists of three main, logically distinct

roles: the Origin Server role (also called Content Pro-

vider), the Super Peer role and the Peer role. It is worth

noting that the OS and SP are functional roles only,

therefore they can both be realized by the same physical

unit.

Origin Server role. The Origin Servers is a party that

provides content that is distributed in the network. It has

rights to copy and distribute the content, and is respon-

sible for paying the royalties to the owners of copy-

rights. Origin Server is interested in distributing the

content through a network of peers because it can lead

to improvement of QoS without incurring extra costs.

OS is paid for the content it sells—it gets a payment for

every copy sold directly to a peer as well as a markup

for every copy of the content sold by a peer to other

peer. There can be many OSs in the market; they com-

pete in the content market by offering wide ranges of

content and competitive prices.

Superpeer role. A superpeer (SP) is responsible for

bookkeeping in the system and does not trade content.

It maintains the following datasets:

Index of content. A row of the index has the follow-

ing structure: {Cid, Pid, V} where Cid is the id of the

content, Pid is the id of the peer that offers the con-

tent, and V is the price (i.e. the cost of a single

download).

Peer directory. A record of this directory contains

{Pid, Paddr, Repp}, where Pid is the id of a peer, Paddr is

the address of the peer, and Repp is current value of

reputation of the given peer.

Billing data. A billing record has the form of

{Ps_id,Pb_id,Cid, VPS, VSP, VCP}, where Ps_id is the id of

seller (a peer or a content provider), Pb_id is the id of

the buyer, Cid is the content id, VPS is the amount to

be paid to the selling peer, VSP—superpeer’s markup

and VCP —the amount to be paid to the content pro-

vider.

The last dataset is secret, the others are publicly avail-

able.

Peer role. Peers are the clients of the CDN. They can

(and are encouraged to) play the role of storage pro-

viders. A peer purchases content from an origin server.

Content can be purchased in order to get consumed by

the peer (which is a client in this case) and/or to be-

come available for other peers. A peer pays OS for

downloading the content and it is paid part of the price

of the content that is downloaded by other peers from

his storage.

Peers join the system by registering with one or more

superpeers. Peers can leave the system silently at any


0-7695-2376-5/05 $20.00 © 2005 IEEE

time. To purchase content a peer contacts a superpeer

and requests an index of sellers.

Purchase process The process of purchasing content from a broker peer

consists of the following steps:

1. Buyer PB connects to a superpeer and searches

for the content in index held by SP. SP returns

a list of peers that store the content. Peers that

sell more content will rank higher on the list—

peer reputation is a function of income (ob-

tained from transactions brokered by the given

SP).

2. The peers can have different content prices and

this, along with the value of reputation, influ-

ences the choice of content providing peer PS.

Buyer chooses the offer that suits him best and

informs the SP of the decision.

3. PB pays the price for content to SP and sends a

request for content to PS.

4. PS connects to SP to verify that PB has paid for

the requested content.

5. If SP confirms payment, PS sends the content

to PB.

6. PB sends confirmation of the content receive to

SP. SP finalizes the transaction by updating its

billing record. The payment is divided into

three parts: gratification for CP (who is the

owner of copyright), SP’s markup and PS’s

gain.

To avoid the necessity of contact described in steps 4

and 5, one can use the mechanism of nonces. PS can

periodically obtain a list of nonces from SP. PB receives

a nonce from the list after paying for content to SP and

sends it to PS along with the request for content.

The confirmation sent in step 6 can be abused by PB to

prevent payment for downloaded content. To avoid this,

SP should follow a two-phase transaction protocol.

When the price of content is paid by PB, SP should keep

the money on a separate account until it receives con-

firmation of correct content delivery. Then, the money

is paid to PS. If PB complains that delivery is incorrect,

SP should request PS to send the content to SP. SP will

then act as a proxy between the peers and forward the

content to PB. SP should also be able to verify content

correctness (perhaps using a digital signature). If PS

does not send the content, the money is refunded to PB.

Note that this mechanism is used only for failure situa-

tions and should not adversely impact system scalability

and efficiency.

Billing, accounting and payment processes SP is the party responsible for billing the process. It

keeps the billing records of transactions between peers.

Every transaction between peers must be registered in

SP’s records. SP calculates the total charges and sends

invoices to peers. The payments can be periodic to

prevent too frequent exchange of paper or electronic

invoices and reduce billing costs. In a system there can

be many CPs and many SPs. It is peer who can choose

the SP that offers best conditions and SP has an index

of CPs it has agreements with. Since peer can be paid

for the content that has been downloaded from him,

and SP is the broker of these payments, it can pay peer

for each download or—as it does to CP—pay on peri-

odic basis (e.g. once a month). No matter which pay-

ment system for peers rewarding is used, SP has to

keep their records since they are used for calculating

their reputation.

Trust and security Trust management is a central issue in the design of

P2P systems [8,12,13]. In the proposed P2P content

distribution system, both content providers and peers

must trust the superpeer. Let us briefly justify this ap-

proach. First, the peer must trust the superpeer to fairly

pay for content that the peer sells. The selling peer may

trust SP because it can verify billing correctness from

its own records and from the prices published by the

superpeer.

The content provider must trust SP to correctly account

transactions and to fairly pay gratifications for content

usage. This can be justified using an audit approach.

CP may control a set of peers that are used to audit

accounting correctness of an SP. These peers would

execute certain transactions, report these transactions

to CP and allow CP to verify that SP correctly pays for

the audited transactions.

In order to correctly account and bill transactions, SP

must have means to authenticate peers [14]. This can

be solved using one of several known cryptographic

techniques, like PKI certificates or the negotiation of

shared secrets between SP and P during the registration

of P at SP. The second approach would allow for peer

anonymity.

Certain information (like account or credit card num-

bers) must be transmitted securely in the system. Note,

however, that not all transmitted information needs to

be encrypted. Existing protocols (such as TLS) allow

to implement this requirement.

Economical model of a P2P-CDN

Motivations The Peer-to-Peer model is proposed for use in

a commercial CDN because of some economical bene-

fits that, as the authors believe, all the players receive.

OS is encouraged to use a P2P-CDN instead of a C-

CDN because of the following benefits:

Better scalability of the system and higher service

availability. Since everyone can easily join the P2P-

CDN at no threshold cost (only the content cost has


0-7695-2376-5/05 $20.00 © 2005 IEEE

to be paid), so the network is going to automatically

scale to the needs.

Lower storage and bandwidth costs. The content is

stored on extra space on peer hosts.

Saving revenue by reducing illegal P2P distribution.

A superpeer is a totally commercial market player. Its

only motivation is the revenue for providing content and

peer indexes, maintaining billing, accounting and pay-

ments. A superpeer does not participate in content trade.

As mentioned above, the superpeer role may also be

assumed by the content provider, and thus OS and SP

may be integrated. A very interesting motivation for the

existence of a separate superpeer has been demonstrated

by the Potato system [24]. There, the OS is a single art-

ist (independent music author), and SP is a radio station

that specializes in independent music. In such a system,

SP is also responsible for the promotion of the sold con-

tent, and has a separate channel for that promotion (ra-

dio). OS is usually too small to launch a commercial

content distribution over the internet and to handle all

organizational and legal issues.

One of the fundamental assumption of our work is the

standard economic assumption of agent rationality: we

assume that all agents, including peers, are interested to

maximize their profits. A peer is motivated to become a

content broker (i.e. a player that resells the content) by

the revenue it gets for every download of the content

done by other peers. Peers also benefit from increased

content availability and quality of service.

Later on, we shall consider the issue of how this as-

sumption can be upheld in contrast with P2P file sharing

systems, where peers share content for free. We believe

that peers in such systems enter into a complex mutual

agreement that they will receive something (other con-

tent) for their service. There exist technical, as well as

legal reasons (the need for micropayments) why peers

choose to share, rather than to resell their content. We

believe that in a P2P-CDN these reasons can be re-

moved, resulting in an increased participation of peers

in legal content trading.

PricesEconomical characteristics of the described system are

similar to characteristics of free market. The parties of

every kind compete with each other. The means of the

competition are: prices and markups, available content

spectrum, bandwidth and quality of service.

The peers can compete with each other by offering

competitive prices for their content. A peer that offers

lower price for the same content may attract more buy-

ers, but the per-download gain is smaller.

There can be many categories of broker peers. Some

peers may decide to offer the most popular content. It is

probable that there will be many such peers—so the

competition is going to be hard. Others may sell less

popular content (niche products). They are not likely to

attract as many buyers—so their revenue is going to be

smaller, but per-unit gain can be greater since competi-

tion will probably not be as hard as in the latter case.

One can distinguish the following areas of competi-

tion:

Content Providers compete with each other by

offered content range and prices level.

Peers who sell content (brokers) compete with

each other by content range, download prices,

and QoS (bandwidth, availability etc.).

Content Providers compete with broker

peers—every peer who needs a download is

free to choose between downloading from a

CP or a broker peer.

Superpeers compete in markup levels, CP

market coverage, and broker peer market cov-

erage.

Every party of the market is therefore encouraged to

offer best level of service at the lowest possible prices

to attract as many clients as possible.

Stable state analysis Here we assume that the CDN market fulfills all the

free market assumptions—the number of players of

each kind is large, and they can fully and freely com-

pete with each other. This assumption implicates that

in the stable state of the market, no net gain can be

achieved by any of the players.

The prices on such stable market are given by the ex-

ample formulas:

CPmonthmth

CRSCPRSCP C

B

BCCCV

E

where VCP is the single download price offered by CP,

CRS is the royalty fee for “first download” (which gives

a right to redistribute the content), CCP is the CP opera-

tion cost, BC—volume of content, EBmth—expected

monthly download volume, and CCPmth is the monthly

operation cost of CP (storage, network access, staff,

and marketing).

tran

SPmthSPtran N

CV

E

where VSPtran is the per-transaction price offered by a

superpeer, CSPmth is the monthly operation cost of SP,

and ENtran is the expected number of transaction per

month.

BPmthmth

CSPtranREBPSPtranREBP C

B

BVCCVCV

E

where VBP is the download price offered by a broker

peer, CRE is the royalty for every P2P download, CBP is

the operation cost, BC—volume of content, EBmth—

expected monthly download volume, CBPmth—monthly

operation cost of a BP.


0-7695-2376-5/05 $20.00 © 2005 IEEE

We assume here that all the costs are accounted on

monthly basis, and that both CPs and broker peers de-

cide to split their operation costs according to volume of

the content. The value of CBPmth can be zeroed if peer’s

hard disk is large enough to keep the offered content

(and he does not need the space for any other purposes)

and his network access is charged with a flat fee (is in-

dependent of traffic volume). If we assume that broker

peers do not treat content reselling as a commercial ac-

tivity, but as a way to lower their own content consump-

tion costs, free market rules will stabilize their markups

at a very low level (because there is no market-entry

cost other than download cost so anyone can join the

market).

Lack of extra costs leads to a very cheap way of content

distribution. CRS and CRE are the only fixed costs (but

they do not make a cost of distribution). All the other

per-unit costs become smaller as the scale of the system

increases. If we assume that the peers don’t act com-

mercially, which means they don’t buy bandwidth and

storage in order to provide better services, on a highly

competitive market the prices they offer can asymptoti-

cally reach CRE+VSPtran level.

Price ratio analysis As shown above, the price of content in the system gen-

erally consists of three parts—CP’s costs and copy roy-

alties, SP’s costs and peer’s cost. The analysis of impact

of price levels on probable peer behavior gives interest-

ing results.

The CRE/CRS ratio is especially interesting from our

point of view, as it may have serious impact on peer

tendencies for free content redistribution. The lower the

ratio is, the more a broker peer (BP) is encouraged to

resell the content. He/she had to make a serious invest-

ment to buy the content from a CP and can sell it for

quite a low price (because CRS is rather low). So it is

possible that a stable strategy would be: to buy content

at price V1 and then to try to resell it to as many peers as

possible, at price V2, where NVV E12 , EN being the

expected number of buyers. Other peers may decide to

buy content from BP, because the price he/she offers is

lower than V1. The drawback is that copyright owner

may disagree to use such pricing model (with quite high

start payment and rather low per-copy payments). It is

probably less attractive to copyright owners—the price

of first download cannot be very high (no peer would

want to invest in such content), and the per-copy price

should yet be considerably lower. It is possible that the

total revenue is lower than in a model with CRE/CRS=1.But in the latter model the tendency to illegal content

sharing may appear to be very strong, which makes total

royalties even lower. So perhaps it is better to accept

lower royalties with only a little piracy than potentially

high (but less probable) ones. In other words, content

providers in our model must make the decision: is it

better to have all of nothing or a little of everything?

It can be easily seen than if SP per-transaction price is

high (because of relatively high operation costs) the

system is unlikely to have wide coverage. Every single

download transaction is expensive, which can lead to

collapse of the system. We believe that the fixed cost

of SP operation can be relatively high, while the in-

cremental costs are low. So there probably exists

a “critical mass” of expected transactions number

above which they can be cheap—the CDN operation is

likely to get cheaper as the network grows.

If peer’s costs are relatively large, he/she is discour-

aged from freely distributing the content, but he/she is

also discouraged from buying relatively expensive

content from other peers. In such a case, our model can

degenerate into a system with a centralized content

distribution from OS to all peers.

Peer-to-Peer CDN vs. Centralized CDNHere we compare the costs and revenues that CPs and

peers have in two models: Centralized Content Distri-

bution Network (C-CDN) and P2P Content Distribu-

tion Network (P2P-CDN)—the model described

above. In order to perform the comparison, we shall

assume that the per-download price from the origin

server in the C-CDN is the same as in the P2P-CDN

(VCP).

The total revenue achieved by a CP in C-CDN is given

by the formula:

CPCmthC VBR

where RC is the total revenue (in unit of time—a month

in our example), Bmonth is the total volume of

downloads and VCCP is a per-byte download price. We

use the simplest possible tariff model that assumes

a constant price per byte of download. In our analysis

there are no essential differences between pay-per-

download and pay-per-byte models.

In P2P-CDN, CP’s revenue is:

CPPmthREPmthP VBhChBR )1(

where RP is the revenue, BPmth is the total volume of

downloads (per CP), CRE—royalty-fee (for every

downloaded byte in the system) and —price for

a byte of download from the central server.

CPV

1;0h is

the “hit-rate” of broker-peers (i.e. the fraction of

downloads that do not involve CP). Example values of

h can be obtained from studies of caching of P2P traf-

fic. The closest to our definition of h is the study of

[24], where authors used a “passive peer” instead of a

cache and reported values of h above 80%. This obser-

vation is supported in [25].


0-7695-2376-5/05 $20.00 © 2005 IEEE

The argument that our P2P model encourages users to

stay legal, allows using coefficient,

where 1C

P

N

N. Example values of are hard to es-

timate, but consider that the percentage of US

downloaders who paid for music online increased from

8 percent to 22 percent in the first 12 months after the

launch of iTunes [21]. This would give a value of

=2.75.

The costs are given by, respectively:

PmthCPP

CmthCPC

BhCC

BCC

)1(

)(

where CCP is the operation cost (cost of storage, band-

width and other enterprise costs)—it is a function of

downloads volume. If we assume that CCP is propor-

tional to volume of downloads1.The above give the gain

formulas (after simplifying):

CPCPRECmthP

CPCPCmthC

CVh

hCBhG

CVBG

1

Note that if 0,1 h , then GC=GP.

The introduction of the and h coefficients simplifies a

comparison of content provider profits. We wish to

answer the question: when is ?CP GGThe P2P-CDN has profits that are not less than in the

C-CDN under the following condition:

RSCPCPRE CCVC )(

whereh

h

h

11. In other words, the royalty for

every download must be sufficiently high in relation to

the royalty for the first download. However, the ob-

tained relationship allows to draw two conclusions: first,

that it is possible to obtain the same profit in the P2P-

CDN as in the C-CDN. For our example values of

8.0,75.2 h the value of the coefficient 2.0 .

This means that the royalty need not be prohibitively

high (recall our discussion of price ratios that this has an

impact on the participation of trading peers in the sys-

tem). The second conclusion is that as and h increase,

the royalty can decrease – and this can form a self-

enforcing relationship with the number of peers in the

system. It is also worth noting that h is likely to grow

with number of peers—the more broker peers in the

1 It may not be the case in reality, but it is convenient for our consid-

erations and does not influence the conclusions

system, the more files can be found on their hosts,

without need for incurring CP costs.

User costs and profits are given by the formulas:

)(E REBPCPP

CPC

CVncVg

cVg

where gC is the gain of C-CDN user and gP is the gain

of P2P-CDN broker-peer2, En is the expected volume

of downloads of the given content from the peer, CRE is

per-byte royalty fee, and c is the per-byte storage and

bandwidth cost.

If we suppose that BPPCP VV , i.e. a peer sells the con-

tent at the same per-download price he/she has bought

it, the price formula is:

PREBP gcCn

nV

1

On a stable free market, the net gain is close to zero.

Therefore, in a large P2P environment the per-

download price of the content gets close to real

download costs ( cCRE ) as 11

limn

nn

. However,

if a peer has got rare content in his/her storage (de-

mand for which is greater than its supply), he/she can

easily earn money from reselling it.

Is free content sharing an economic necessity?One of the questions we have wanted to answer is

whether there exist economic reasons for the sharing of

content for free in contemporary P2P file sharing sys-

tems. The economic analysis of our model shows that

in a steady state content would not be distributed for

free, but at a price that is determined by operation

costs.

A subject that has been ignored by our economic

analysis is the cost of financial transactions. If the op-

eration costs for content distribution are low, then the

financial transaction cost may be higher than the con-

tent price. In our system, we have tried to avoid this

case by introducing periodic, aggregated billing. How-

ever, in real life this remains a concern. (In the Potato

System, the share of financial transaction and code

license cost in the total price is three times higher than

the share of the other system costs [23]). Additionally,

the commercial distribution of content on a P2P basis

may require the use of micropayments, which is still a

technological obstacle.

Another explanation of free content sharing is that the

free market model used in our work is inappropriate.

Perhaps a file sharing network is better modeled as an

evolving, cooperative strategy in a game of selfish

2 We do not consider the value content represents for the user (util-

ity)—gain is a financial value only.


0-7695-2376-5/05 $20.00 © 2005 IEEE

players (such as the Prisoner’s Dilemma). Indeed, many

authors in the field have made that assumption

[8,10,11]. If that is the case, then perhaps it could be

possible to use systematic mechanisms that function as

incentives for content trading (and disincentives for free

content sharing). Such mechanisms could change the

conditions of the game in such a way that an evolution

of a cooperative strategy (sharing for free) becomes

impossible. In our system, we propose to make use of

reputation mechanisms with a goal that is contrary to

most work in P2P systems: promote content brokering,

discourage sharing for free.

Reputation model In this section, we describe a reputation mechanism that

can be used to promote content brokering by peers (in-

stead of free sharing).

Reputation in the given system should:

Promote best peers. If reputation were based on con-

tent-buyer grades, the system would be sensitive to

cheating. A common problem is that peers do not

want to issue grades.

Encourage peers to register in a few local super-

peers—registering in more than one SP leads to pro-

viding better information for potential buyers. A peer

should register in local SPs only, since it makes the

network traffic local and reduces unnecessary core

network load. Promoting local transfers helps achieve

better quality of service as well.

Discourage peers from distributing the content for

free (illegally—we assume the content is commercial

and royalties must be paid).

The reputation of a peer in the system is determined by

its income. The more money a peer earns for selling

content (as shown in the bookkeeping of a superpeer),

the higher the reputation of that peer is. The reputation

of a peer known to one of his superpeers is based only

on income accounted by this SP. This fact can influence

the registration decisions of a peer. If a peer decides to

stay “loyal” to a single SP, its whole income is ac-

counted only by the one SP, which results in higher

reputation. Registering in many SPs could make peer’s

content visible to more potential downloaders and result

in higher total income. However the reputation on each

SP is lower which can lead to less downloads.

Traffic can be kept local using reputation if the function

Reputation(Income) is convex, so that a peer decides to

register with only few superpeers. On the other hand, if

a peer registers with only one superpeer, content avail-

ability may suffer. So it seems that the relationship be-

tween Reputation and Income should have a shape as

shown on Figure 2:

Figure 2 — Desired Reputation(Income) function shape

Reputation based on income reveals information about

the real utilities (Quality of Service) obtained by peers

during previous interactions. This information is more

complete than it could be in a reputation system based

on artificial reputation. The main drawback is that

a peer gets only the final value of the reputation—it

cannot obtain the values of the criteria that influence

reputation in which case it could assess the content

provider using own weights of quality, price and avail-

ability criteria.

As stated before, the reputation could influence the VCP

and VSPtran prices. A peer with high reputation can get

lower prices for both content and transaction process-

ing. High reputation means that a peer can be trusted

by CPs and SPs it had many transactions with. CP and

SP can project high level of future revenues from the

peer and may want to encourage him/her to stay loyal

and buy even more content. Such super-broker peer is

likely to care about his reputation level as it gives him

serious benefits.

The income accounted by superpeers can be used in

one more way. Periodically, all superpeers remove

from their directory all peers that have zero income

over a configured time period. This mechanism is used

in order to prevent peers from distributing the content

for free.

ConclusionWe have analyzed the economic foundations of the

emergent business model of a commercial P2P content

delivery network. An analysis of a free-market model

of the system has shown that peers in the system would

not share content for free, but at operation costs. A

comparison of the content provider profits has shown

that the content provider can obtain the same profits in

a P2P-CDN, provided that the use of the P2P-CDN

model will increase user participation. Our economic

analysis shows also that as peer participation increases,

the revenues per download paid by every peer can de-

crease, while the same level of profit is maintained.


0-7695-2376-5/05 $20.00 © 2005 IEEE

We have shown that the P2P content distribution system

can be equipped with mechanisms such as reputation

based on income, or removal of peers with zero income

over a time period. These mechanisms motivate peers to

obtain a fair price for their content. In our work, we use

reputation with a goal that is contrary to most P2P re-

search: to promote content brokering, and discourage

sharing of content for free.

One of the conclusions of our analysis could be that the

current, free distribution of content in file sharing net-

works may be a consequence of inadequate technologi-

cal and organizational support for payment and account-

ing of electronic transactions.

Future Work We consider the following topics the most important for

future work:

An analysis of impact of the income-based-reputation

formula and its parameters on the behavior of brokers

and buyers.

An analysis of financial transaction cost on the

steady-state solution of the economic model.

Answering the question of whether micropayments

will be needed in our system.

Investigating whether income-based reputation leads

to the creation of small-worlds of bestselling peers.

Considering the impact of removal of zero-income

peers on content availability.

References1. H. Varian, The Social Cost of Sharing, In Workshop on

Economics in Peer-to-Peer Systems, 2003

2. P. Antoniadis, C. Courcoubetis, R. Weber, An Asymptoti-cally Optimal Scheme for P2P File Sharing, In Second

Workshop on Economics in Peer-to-Peer Systems, 2004

3. A. Fuqua, T Ngan, D. Wallach, Economic Behavior of Peer-to-Peer Storage Networks, In Workshop on Eco-

nomics in Peer-to-Peer Systems, 2003

4. M. Adler et al, Optimal Peer Selection in a Free-Market Peer-Resource Economy, In Second Workshop on Eco-

nomics in Peer-to-Peer Systems, 2004

5. F. Oberholzer, K. Strumpf, P2P's Impact on Recorded Music Sales, In Second Workshop on Economics in Peer-

to-Peer Systems, 2004

6. R. Cole, Y. Dodis. T. Roughgarden, Pricing Networks with Selfish Routing, In Workshop on Economics in Peer-

to-Peer Systems, 2003

7. Cohen B. Incentives build robustness in Bittorrent. In

Workshop on Economics in Peer-to-Peer Systems, 2003

8. K. Lai, M. Feldman, I. Stoica, and J. Chuang. Incentives for cooperation in peer-to-peer networks. In Workshop

on Economics of Peer-to-Peer Systems, 2003

9. Zhao, J. Kubiatowicz, A. Joseph, Tapestry: An infrastruc-ture for fault-resilient wide-area location and routing, Technical Report CSD-01-1141, U.C.Berkeley, 2001

10. Tran T. Reputation-Oriented Reinforcement Learning Strategies for Economically-Motivated Agents in Elec-tronic Market Environments, PhD Thesis, University of

Waterloo. 2003

11. M. G. Zimmermann, Victor M. Egufluz and Maxi San

Miguel. Cooperation, adaptation and the emergence of leadership. In `Economics with Heterogeneous Interact-

ing Agents', pp. 73-86, A. Kirman and J.B.

Zimmermann (eds.), Springer, Berlin. 2001

12. Gmytrasiewicz, P.J. and E. H. Durfee. Toward a theory of honesty and trust among communicating autonomous agent. Group Decision and Negotiation 1993.2:237-258

13. L. Mui (2003) Computational Models of Trust and Reputation: Agents, Evolutionary Games, and Social Networks, Ph.D. Dissertation, Massachusetts Institute of

Technology

14. J. Douceur, The Sybil Attack, In Proc. of the IPTPS02

Workshop, Cambridge, MA (USA), March 2002

15. Gnutella/ng, World Wide Web page,

http://mangocats.com/annesark/gnutellang/wego_pages.

html, 2000

16. Freenet, World Wide Web page,

http://freenetproject.org/cgi-

bin/twiki/view/Main/WebHome, 2002

17. Mojo Nation, World Wide Web page,

http://www.mojonation.net/, 2000

18. Stoica, R. Morris, D. Krager, M. F. Kaashoek, H.

Balakrishnan, Chord: a scalable peer-to-peer lookup service for internet applications, Proceedings of ACM

SIGCOMM'01 Conference, 2001

19. P. Druschel, A. Rowstron, Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems, Proceedings of the 18th IFIP/ACM Interna-

tional Conference on Distributed Systems Platforms

(Middleware'01), 2001

20. G. Cohen, Building a Successful P2P Business Model,Proc. O'Reilly Peer-to-Peer and Web Services Confer-

ence, Washingto, 2001

21. M. Einhorn, B. Rosenblatt, Peer-to-Peer Networking and Digital Rights Management. How Market Tools Can Solve Copyright Problems, Policy Analysis, no.

534, February 17, 2005

22. Mediated Peer-to-Peer (P2P) Enables Viable, Cost Effective Delivery of Digital Entertainment, Whitepaper,

Centerspan, 2002

23. The Potato System, Whitepaper, Potato System,

http://www.potatosystem.com/info/eng/index.html

24. A. Tagami, T. Hasegawa, T. Hasegawa, Analysis and

Application of Passive Peer Influence on Peer-to-Peer

Inter-domain Traffic, Proceedings of Fourth Interna-

tional Conference on Peer-to-Peer Computing (IEEE

P2P'2004), Zurich, August, 2004

25. A. Wierzbicki, N. Leibovitz, M. Ripeanu, R. Wo niak,

Cache Replacement Policies For P2P File Sharing Pro-

tocols, European Transactions on Telecommunications,

special issue on Peer-to-Peer systems, November 2004,

(15:6), 559-569


0-7695-2376-5/05 $20.00 © 2005 IEEE

Integrated Copyright Protection in Peer-to-Peer Networks* Xiaosong Lou, Kai Hwang and Runfang Zhou

University of Southern California, Los Angeles, CA, 90089 Abstract: We propose an integrated copyright-protection scheme for large-scale content delivery over the Internet. We focus on using trust-enhanced peer-to-peer (P2P) networks. Our framework integrates anonymous peer authentication, content poisoning, peer collusion detection and reputation aggregation. Some of the trust and security mechanisms are newly developed and first-time reported. Complementary protection techniques from DRM (digital right management) and watermarking are explored for P2P copyright protection.

The proposed integrated system enables large-scale distribution of copyrighted digital content in existing P2P networks such as Gnutella, KaZaA, BitTorrent, eMule, etc. Analytical and simulation results are reported to support the claimed advantages. The reported trust-enhancement mechanisms, gossip aggregation protocol, and experimental results have broader impact to future Internet applications. The copyright-protection system will widen the legal applications of P2P networks in business services, e-commerce, and distance learning, where intellectual property rights are of primary concerns.

Index Terms: Peer-to-Peer systems, Internet content delivery systems, peer collusion, content poisoning, reputation systems, and digital right management.

1. Introduction and Related Work Although Peer-to-peer (P2P) file-sharing networks

significantly reduce the cost for large scale Internet content delivery, they have not been explored much in commercial content-delivery applications for lack of protection on intellectual copyrights[14]. While P2P traffic grows rapidly over the Internet, a large portion of the P2P distribution is illegal and violates copyright laws. This paper attempts to provide an integrated approach to solving this long-awaited open problem. We aim at enabling P2P file-sharing networks as a legitimate

∗ Presented at IEEE First Workshop on Trust and Reputation Management in Massively Distributed Computing Systems, (TRAM-2007) in conjunction with IEEE ICDCS-2007, Toronto, June 25, 2007. This work was supported by NSF Grant ITR-0325409 at USC. Corresponding author is Kai Hwang at [email protected].

channel for legally distribution of copyrighted digital contents such as music and video over the Internet.

Most current P2P content delivery systems like KaZaA, eMule, and BitTorrent [10], [13] are home grown; not supported by specialized Internet protocols. Unlike web server and content delivery networks (CDN), they do not require a central server. While these systems are widely used for distributing free contents such as open-source software and Linux operating systems, a significant portion of the contents are music and movies that are possible copyright violations by Internet piracy.

The illegal distribution of copyrighted material over the Internet has become a serious problem long before the introduction of Napster and KaZaA [3]. However, lowered distribution cost along with peer anonymity makes P2P networks most attractive to Internet pirates. Some digital right management (DRM) systems [5], [6], [10] are developed to distribute digital contents to authenticated clients. By far the most popular DRM in use today is Content Scramble System (CSS)[11]. Unfortunately, CSS uses fairly weak encryption and was broken three years after its market release.

Like CSS, most DRM systems make use of digital watermark, such as in [15]. Digital watermark makes every copy slightly different, therefore it is very difficult to implement in P2P file-sharing networks. Digital fingerprinting [9], [12] is a similar technique with much better resistance on collusion attacks. Music2share [7] is an interesting proposal that is specifically designed for P2P music sharing. It relies on public key encryption to make copyrighted music inaccessible to unpaid peers.

The deliberate falsification of file content is referred as poisoning, while accidental corruption of file content is referred as pollution [4]. Content poisoning has been patented and implemented to fight against Internet piracy, although several poisoning attempts by industry were not successful in the past. The rationale behind a deterrent technique to stop or discourage copyright abuses is that if the unpaid clients keep downloading falsified file, eventually frustration will lead them to stop the abusive use of P2P file-sharing services.

In this paper, we focus on using gossip-based reputation system for peer collusion detection and avoidance. Gossip protocols were proposed for randomized communication [2], [8]. These protocols do not rely on specific network topologies. They support the computation of aggregate functions like weighted sum,

27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07)0-7695-2838-4/07 $20.00 © 2007

Administrator

Highlight

Administrator

Sticky Note

Administrator

Highlight

Administrator

Highlight

Administrator

Highlight

average value and maximum over large collection of distributed numeric values. Zhou and Hwang [16] suggested using gossip protocol for fast global reputation aggregation in unstructured P2P networks.

The rest of this paper is organized as follows: Section 2 presents the new copyright protection architecture for P2P networks. Section 3 specifies anonymous peer authentication protocol. Section 4 discusses selective content poisoning techniques. In Sec.5, we use a gossip protocol for peer collusion detection and prevention in P2P networks. Finally, we conclude with design guidelines and suggest further research issues.

2. Copyrighted Peer-to-Peer System In this paper, we propose a copyrighted P2P (CP2P)

content distribution framework for copyright protection in P2P content delivery. Copyright protection is achieved in this system by three complementary techniques: (1). An anonymous peer authentication (APA) protocol is developed to distinguish paid customers from unpaid peers. (2). Selective content distribution and poisoning assures that paid customer will receive clean digital content, while unpaid peers only receive poisoned copies. (3). Using a gossip-based protocol, the system is applied to avoid collusions between paid and unpaid peers.

The APA protocol uses identity-based signature (IBS)[1]. IBS is a form of asymmetric cryptography. A communicating party in IBS only needs a private key, unlike in the well-known public key infrastructure (PKI) where a pair of public/private keys is needed. In essence, its identity is its public key. Clearly, IBS is much more suitable in terms of scalability for P2P environments where peer number is huge and each peer would need to communicate with any other peer.

As shown in Fig.1, the CP2P content distribution framework employs a three-layer design centered on the content owner/distributor. In the first layer resides the conventional web server. It is responsible for conducting transactions related to the purchasing and billing of the digital content. The second layer consists of a number of distribution agents setup by the content owners.

The primary function of an agent is to provide peer authentication, distribute digital content to paid customers and preventing unpaid peers from downloading the same content via content poisoning. All other peers, including both customer and unpaid peers, form the third layer. The second and third layers together form a common P2P file-sharing network.

In CP2P, a customer uses two form of communication to receive the digital content. First, he login to the website and conduct a transaction to purchase the digital content. At the end of the transaction, the

customer receives an encrypted digital receipt containing information such as content title, customer ID etc. The customer also receives the address of a bootstrap distribution agent, as its first point of contact in P2P file-sharing network.

C o n te n t o w n e r 抯c e n t ra l s e r v e r

P 2 P F ile S h a r in gN e tw o r k

C o n te n t O w n e r

C u s to m e r s a n d P e e r s

D is t r ib u t io n A g e n ts

Figure 1 Layered architecture of the P2P content

distribution system with copyright protection

The customer uses P2P file-sharing software to download the content. In reality, since the content owner has no control over the software used by a customer, there will be deliberate attempts from both paid customers and hackers to distribute the content to unpaid peers. CP2P provide techniques to detect and defend against such attacks.

CP2P anticipates both rule-binding customers and potential attackers. In order to prevent copyright violations inside P2P file-sharing system while providing secure and exclusive file distribution to paid customer, three critical functions are identified in Table 1. In Table 1, we summarize protocol requirements corresponding to each of the three key functions.

Table 1: Functionalities and Protocols for Copyright Protected P2P Content Distribution

Function Protocol Requirements

Anonymous peer authentication (APA) protocol

Peer sends digital receipt to authenticate distribution agent and obtain an IBS based token. The token must be refreshed periodically.

Content distribution and poisoning

The IBS based token is attached to all download request and responses. Replying peers send clean or poisoned content based on token validity.

Collusion detection/ avoidance

Distribution agents and all customers are required to report suspected colluding peers via gossip based protocol

All three techniques are performed inside P2P file-sharing network (layers 2 and 3 of CP2P). Modifications to existing P2P file-sharing protocols are thus necessary.


We design the CP2P framework so that it is backward compatible with existing P2P file protocols. The framework is also designed on top of an abstract layer of P2P file-sharing network, so that it can be implemented in any of the existing popular networks such as BitTorrent, Gnutella and eMule.

Overall, the CP2P system uses identity based signature to distinguish paid customers from unpaid peers while protects customer’s privacy; it uses content poisoning techniques to ensure unpaid peers will receive poisoned content; and it utilizes gossip-based reputation system to enable fast and accurate collusion detection.

3. Anonymous Peer Authentication There needs to be a mechanism that can properly

identify a paid customer in P2P networks. At the same time, the content owner is obliged not to disclose customer’s identity information to third parties. In traditional Client/Server architecture, this problem is trivial. Because all information resides on the server, a userID/password pair is usually sufficient to identify a customer. Since no third party is involved in client/server communication, the peer privacy is preserved.

In P2P file-sharing networks, this problem is much more complicated. First, only the content owner can verify the userID/password pair; peers cannot verify each other. Second, since the content is distributed via file sharing among peers, revealing a user’s identity to other peers violates its privacy. We design the APA protocol based on IBS.

Content owner set up a number of peers in the P2P file sharing system called distribution agents. These agents form an exclusive sub-network. In our system, digital content is distributed not from web server as traditional Client/Server architecture. Rather, it is shared among distribution agents and customers. Sharing by paid customers and unpaid peers is very different in a P2P network. Collectively, the agents carry out two major functions: to paid customers, they are normal peers sharing clean digital content. To un-paid peers, they act as decoys that poison the content.

The identities of all agents, except the bootstrap agent, are hidden from a customer. This design serve two purposes: first, a paid customer has a single point of authentication: the bootstrap agent. Second, a malicious node cannot blacklist or attack all distribution agents.

When a customer purchases the digital content from the web server, it is assigned a bootstrap agent. At the end of the transaction, the customer receives an encrypted digital receipt. The digital agent also receives the same information via a separated connection. When the customer enters P2P network, it first contacts the

bootstrap agent using the encrypted receipt. The bootstrap agent verifies the receipt, and digitally signs the content title and current timestamp as a token.

With a valid token, a customer will then request file download from all other peers, including those hidden agents. Each peer needs to verify the token and then decide whether to share clean or poisoned content. For a paid customer, it is important that it does not receive any content from unpaid peers, for those contents could be poisoned. This is achieved by checking the token attached in the responses. The APA protocol is shown in Fig. 2.

Web Server Bootstrap distribution agent Customer Other Customers

and Peers

Msg0: Content purchasing

Msg1: Digital receipt

Msg3: Authentication request

Msg4: Digital signature

Msg5: File download request

Msg6: Content sharing

Msg1: Digital receipt

Figure 2 Anonymous peer authentication (APA) protocol

Let k be the private key of content owner and id be the identity of the content owner. We use Ek(MSG) to denote encrypting MSG with key k; and Sk(MSG) denote a digital signature of plaintext MSG with key k. Assume a customer is identified as userID and the file identifier for the digital content is fileID. The messages in APAP are specified as:

Msg0: content purchase request

Msg1: bootstrap_DA_addr, Ek(digital_receipt)

Msg2: Ek(digital_receipt)

Msg3: userID, fileID, Ek(digital_receipt)

Msg4 (token): nonce, fileID, peer_IP, timestamp, Sk(nonce, fileID, peer_IP, timestamp)

Msg5: request(fileID), token

Msg6: response(fileID), token

The APA protocol achieves customer authentication because all file download request must have a valid token, and only bootstrap agent can generate such token. It also assures customer anonymity because only bootstrap agent has access to the digital receipt. All other peers can only extract nonce from the token, which does not have any meaning other than assure the uniqueness of the token.


Our APA use identity based signature to create tokens. In particular, all tokens are signed with the identity of the content owner. Since it is well known to all customers, verifying each token can be done locally at any customer without the need to acquire public key.

Download request received

Is token present and valid

Requesting peer is unauthorized.

Send poison

Is token expired

Send reminder to the requestor for

token update

Customer authenticated.

Send my token for verification, and start

sharing file

No Yes

No

Yes

Figure 3 Message specifications for anonymous

peer authentication (APA) protocol

Figure 3 illustrates the procedure for each peer when responding to download requests. A peer must first verify the existence of a token. If the request does not contain a valid token, then the requestor is unauthorized, therefore a peer must send poisoned content. If the token expires, then instead of sending content, a reminder is sent so that the requestor would obtain new token. Clean content is shared only if the token is valid and unexpired. When a peer requests a file, the peer also checks the responses to Msg6 for a valid token. Without a token, the content provider could have been poisoned.

Unlike generic identity based signature schemes where a peer can use anything as its identity, APA uses peer endpoint address as its identity. This design has two distinctive advantages: (a) A peer needs to expose its endpoint address to its neighbors in order to establish connection. Therefore, using endpoint address does not change the current anonymous nature of P2P users. (b) If a peer fakes its endpoint address, all other peers will immediately detect such forgery when attempting to establish connection to the endpoint. These two advantages make APA a reliable protocol.

4. Selective Content Distribution/Poisoning We define content distribution as sharing of clean,

uncorrupted contents among agents and customers. Content poisoning refers to the deliberate falsifications of digital content to those download attempts that are initiated from unpaid peers. The content poisoning technique is based on the assumption that the digital content is useful only if the content is received in its

entirety. This is usually the case for many compressed files, CD-ROM images, and MPEG-4 videos.

The rational behind content poisoning technique is that when a user keep downloading falsified file from the P2P network, eventually he would give up using the system because of frustration. It is most suitable for those contents that cannot be used partially, which forces a complete re-download once poisoned.

Most P2P file-sharing software has some sort of built-in content verification functions in the form of different hash schemes. Corrupted content can be detected via hash mismatch. Depending on hashing schemes used, part or the entire file needs to be re-downloaded. If such download attempts fail multiple times, then the user will become impatient and give up.

A decoy is a peer that shares poisoned content. In CP2P, every agent and customer is a decoy towards unpaid peers. Let S be the actual file size and D be the total number of bytes downloaded. We define the poisoning effect by:

Poisoning Effect = 1 - S/D (1)

Poisoning Effect isolates the download effort wasted due the existence of decoys providing poisoned chunks. Its value represents the portion of downloaded bytes that are wasted due to the existence of decoys in a P2P file-sharing system. For example, in an ideal P2P file-sharing system where no decoy was present, we have S = D, meaning the client received exactly the same amount of bytes as the actual size of the file. Thus, the poisoning effect becomes zero. The poisoning effect approaches 100%, if the download size D becomes extremely large, meaning most download requests failed.

Many P2P protocol use file chunking protocols and hash algorithms to ensure the integrity of file contents. It is obvious that the different hashing schemes will have direct impact on the poisoning effects. Table 2 shows three distinct hash schemes used in existing P2P file-sharing networks. BitTorrent clients acquire clean set of file chunk hashes prior to download. In basic Gnutella protocol, hash mechanism is not required. eMule clients exchange file chunk hashes during the P2P download.

Table 2: Hashing Schemes in Three P2P Networks

P2P Network

Hash Distribution

Poisoning Detection

BitTorrent Hash tree in index file outside of P2P network

Detectable at chunk level

Gnutella Not specified Detectable after

download entire file

eMule FileID generated from chunk hashes; peers exchange part hashset

Detectable only if part hashset is not poisoned


We evaluate in Fig.5 the poisoning effects on the eMule network from simulation results. We experimented on files containing 1000 chunks. A 1000-chunk file is equivalent to 64~2000MB in BitTorrent, or 180MB in eMule. The poisoning effect is directly related to file chunk numbers, not the file sizes.

Figure 5 Poisoning effects in the eMule P2P network

Throughout our experiments, we attempted to download clean copy of each file 100 times, and report the average poisoning effect. We define decoy density as the percentage of decoys among all peers. Two commonly used techniques against content poisoning are also evaluated. First, many P2P clients prefer to select the current peer as the provider for the next file chunk, if it is available on that peer. We call this strategy preferred peer selection (PPS).

Second, some P2P file-sharing client software has already included a rudimentary subset of reputation system functions called blacklisting. Using a manually configured blacklist, a client can identify untrusted peers so that it will not be included in peer selection. However, such as system is fundamentally imperfect: the user might not be able to blacklist all decoys, and in some cases a common provider might also be blacklisted.

These quantitative studies clearly demonstrate that by making agents and customer peers act as decoys in the P2P network, the content owner can effectively elevate poisoning effect of unpaid peers to such a high level that almost all the bytes downloaded are poisoned. On the other hand, CP2P ensures that rule-biding customer will not be poisoned. The large discrepancy between the download performance of a customer and an unpaid peer will further discourage unpaid peers from download.

5. Collusion Detection using Gossiping When a distribution agent receives download requests

from unauthorized peers, it replies by sending poisoned content to ensure such download attempts will fail.

However, since our system rely primarily on sharing of content among peers and content owner has no control over the P2P software used by customers, a willing customer can purchase the content, receive it via P2P sharing, and distribute it to other unpaid peers. We call this kind of copyright infringement collusion.

To fight against collusion, agents randomly probe customers with download request that has invalid or expired token. Notice that CP2P requires customer not sharing clean content with such requests. If the reply received is not poisoned, then the customer is suspected of collusion and assigned a lower reputation score. These scores are collected in the agents’ overlay via gossip-based reputation aggregation, and the identities of those customers are revealed. The colluding customer will not be able to renew its token. The rest of this section describes the gossip-based reputation system in detail.

In a P2P network of n nodes, each node evaluates the trustworthiness of other nodes with local trust scores after conducting a P2P transaction, such as a file download. Consider a trust matrix R=(rij), 1≤ i, j ≤ n, where rij is the local score issued by node i for node j. If there is no feedback from node i to j, rij is set to 0. For global reputation aggregation, each node must normalize all local scores issued by itself. The normalized local score sij is defined as follows:

sij = rij / ∑j rij (2)

Then we have a normalized trust matrix S = (sij). Note that 0 #sij #1 and each row sum ∑n

j=1 sij = 1 for all rows i = 1, 2, …, n.

Let vi(t) be the global reputation score of node i at aggregation cycle t, where i = 1, 2, …, n and t = 0, 1, 2, …, d for d cycles. The global scores of all nodes form a normalized reputation vector with n components V(t) = {vi(t)}T, where ∑i vi(t)= 1. The iterative method specified below calculates the V(t) at cycle t. Let V(0) be the initial reputation vector value. For all iterative cycles t =1, 2,…, d, we generate successive reputation vectors, recursively, by performing the following matrix-vector computations:

V(t+1) = ST × V(t) (3)

Initially, all nodes are equally trusted, i.e. vi(0) = 1/n, where i = 1,2,…,n. The iterative computation in Eq.(2) continues until the average relative error between V(d) and V(d+1) is lower than δ for a given aggregation error threshold δ at the last cycle d. It can be proved that d ≤ ⎡logb δ⎤ with b = λ2/ λ1, where λ1 and λ2 are the largest and second largest eigen values of the trust matrix S. The convergence threshold δ is often predefined by system designers. After d cycles, the global reputation vector converges to the eigenvector of trust matrix S.


Gossiping is done iteratively in a small number steps. We reserve the index k to indicate the gossip step. According to Kempe, et al[8], k is upper by a final step g = O(log2n). We use index t to refer to discrete times for aggregation cycles. The upper bound for t is d iterations specified earlier. Associated with each peer node i is a gossip pair {xi (k), wi(k)} at each gossip step k.

At time t, we have the weighted score xi (t) = sij×vi(t) as the local score sij weighted by the global score vi(t) of node i. The wi(k) is called the consensus factor of node i at step k. During each gossip step, every node i executes two computing threads: One thread sends the halved gossip pair {½ xi (k), ½ wi (k)} to itself (node i) and to a randomly selected node in the network.

Another thread receives the halved pairs from other nodes and computes the updated xi(k+1) and wi(k+1) as follows, where r refers the index of remote nodes sending halved gossip pairs in step k:

xi(k+1) = Σr ½ xr (k) and wi(k +1) = Σr ½ wr (k).

This process continues until the consensus values βi(k) = xi(k)/wi(k) agree on all nodes i = 1, 2,…, n. The global score vj(t+1) is thus generated as follows on all n nodes at the final step g : vi(t+1) = xi(g)/wi(g) = βi(g).

The gossip process is best illustrated by a small example in Fig.6. Consider a P2P network with three nodes. At time t, the global scores are given: v1(t) = 1/2, v2(t) = 1/3, and v3(t)=1/6. Given also normalized local score s12 = 0.2, s12 = 0, and s32 = 0.6. By Eq.(1), the updated global score of node N2 is calculated as:

v2(t+1) = v1(t)×0.2 + v2(t)×0 + v3(t)×0.6 = (1/2) ×0.2 + (1/6) ×0.6 = 0.2 (4)

We use Table 3 to illustrate the gossiping procedure in Fig.6. The end purpose is to generate the global score v2(t+1) = 0.2 at all 3 nodes in 2 steps. In general, gossip protocols are used to calculate any aggregate function such as sum, maximum, or average of the numeric values distributed over many nodes.

Here, we concentrate on the gossiped calculation of the global score of node N2. Initially at step 0, we thus assume w2(0) = 1 and w1(0) = w3(0) =0. The initial weighted scores x1(0) = (1/2)×0.2 = 0.1, x2(0) = (1/3)×0 = 0, and x3(0) = (1/6)×0.6 = 0.1. At the first gossip step as shown in Fig.6(a), N1 sends the pair (½x1(0), ½w1(0)) = (0.05, 0) to N1 and to a randomly chosen node N3.

The node N2 sends the pair (0, 0.5) to N2 and a random node N1. Node N3 sends the pair (0.05, 0) to N3 and a random node N1. Then N1 updates x1(1) = 0+0.05+0.05=0.1 and updates w1(1) = 0+0.5+0 =0.5. After first gossip step, N1 has the pair {x1(1), w1(1)}= (0.1, 0.5). The gossiped score x1/w1 = 0.2 on N1.

Similarly, nodes N2 and N3 go through the same gossiping process to produce x2/w2 =0 and x3/w3 = ∞.

(a) First gossip step (b) Second gossip step

Figure 6. Half score sharing to reach consensus on global scores over all peer nodes, concurrently

Table 3 Gossiped Scores Aggregated in Successive Steps on All Nodes in Fig.6, Concurrently

Node N1 x1(k) w1(k) β1 (k) = x1(k)/w1(k)

Step 1 0.1 0.5 0.2 Step 2 0.05 0.25 0.2

Node N2 x2(k) w2(k) ∃2(k) = x2(k)/w2(k) Step 1 0 0 0 Step 2 0.1 0.1 0.1

Node N3 x3(k) w3(k) ∃3(k) = x3(k)/w3(k) Step 1 0.1 0.1 0.1 Step 2 0.05 0.05 0.05

Figure 6(b) illustrates halved score sharing by the same gossiping process in step 2. After step 2, we have reached the consensus that x1/w1 = x2/w2 = x3/w3 = 0.2. Thus, we accept the updated global score for node N2 as v2(t+1) = x1/w1 = x2/w2 = x3/w3 = 0.2, which agree with the dot product calculation. Thus, gossiped scores are equalized in all 3 nodes at the process end.

Suppose we extend the gossiping process to another step, we will see no more changes in the consensus values x1/w1 = x2/w2 = x3/w3 = 0.2. Lacking centralized control, the consensus must be determined on distributed nodes locally. This last step determines the global consensus.

If a pre-set threshold is reached, then the customer is confirmed of collusion, and its privilege of content sharing is stripped. The greedy factor α indicates the eagerness for a peer to work with selected power nodes. We plot in Fig.7 the RMS errors under various α and peer group size.. The experiments were performed to curtail collusive peer operations.

In a collusive setting, abusers collaborate with each other to boost up their own ratings. They rate the peers in their collusion group very high and rate outsiders very low. The probability of a node behaving maliciously is inversely proportional to its global reputation, because a node providing corrupted services is highly likely to issue dishonest local trust scores.


2 3 4 5 6 7 8 9 10 110.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1.0

1.1

1.2

1.3

1.4RM

S Agg

rega

tion

Erro

r

Collusion Group Size

α = 0 w/5% malicious peers α = 0.15 w/5% malicious peers α = 0 w/10% malicious peers α = 0.15 w/10% malicious peers

Figure 7. Global aggregation errors from fake scores

reported by malicious peers in a P2P network

However, increasing the greedy factor α to 0.3 does not lead to higher performance. This is because relying too much on the power nodes will miss the global view of the reputation data provided by majority nodes in the system. Therefore, setting α = 0.15 is indeed a very good choice. Figure 7 reveals the effects of various colluding group sizes.

In all cases (5% and 10% collusive peers), leveraging the power nodes with a greedy factor α = 0.15 makes the system more robust against peer collusions. With 5% collusive peers, using power nodes has resulted in 30% less errors when collusion group size is greater than 6. The message being conveyed here is that power nodes are indeed effective to cope with peer collusions.

6. DRM Techniques for P2P File Delivery Two DRM techniques are popular in the copyright-

protection community: encryption versus watermarking. The basic idea of encryption is that the digital content is encrypted, and cannot be played unless user obtains a key. The key is obtained through a separate channel, and the user agrees not to share the key with others. This scheme is popular because it is used by Microsoft in its Windows media players.

We do not see many researchers exploring this idea because once a user gets the key and decrypts the file; he can share it with anyone, unless the player is made not to play such decrypted files. Microsoft can implement this idea because it has dominant control over all media players, and make sure that windows media player cannot play these hacked files.

The basic idea of watermark/fingerprinting DRM is that each digital copy contains an individual watermark that is slightly different from each other, and therefore if anyone shares his copy with others, content owner can detect the original point of leakage and take actions, including penalty and lawsuits. Many researchers look into this scheme, and have many good ideas, such as reported in [12].

This scheme is really the current focus of research. However, there is a problem inherent with this scheme: watermarking modifies the content. Because P2P only shares the same digital copy, this scheme cannot be applied to P2P file-sharing networks.

Existing DRM systems focus on enforcing usage rules of digital content such as copy and replay, while our proposed CP2P system provide a copyright-protected mass distribution platform. Combining the strength of both DRM and CP2P will lead to a complete copyright protection solution for digital content owners.

7. Conclusions and Suggestions P2P file-sharing networks have been categorized as

the latest generation of Internet content delivery systems. However, lack of copyright protection mechanisms in current P2P applications prevented them from being considered as a viable platform to distribute copyrighted contents. The proposed copyrighted P2P content distribution framework supports P2P networks, either structured or unstructured.

A. Anonymous peer authentication: Peer anonymity is one of the key features behind the

success of P2P networks, while copyright protection requires peer authentication and access control. We design the anonymous peer authentication protocol to facilitate both requirements. The proposed APA uses identity-based signature to provide each peer with a short-lived authentication token. This process avoids disclosing customer’s identity to other peers. The APA protocol has a timeout mechanism that helps avoid peer collusions.

B. Selective content poisoning:

A valid token in download request proves that a peer is authorized to download the content. With selective content poisoning, all distribution agents and customers will send poisoned content to unpaid peers, while sharing clean content among each other. Simulations show that this technique creates a huge difference in the download performance between paid customer and unpaid peers.

C. Gossip-based reputation system for collusion avoidance: Gossip protocol enables peers to compute global

reputation scores in a fully distributed, secure, scalable and robust fashion. The simulation results show that the system scales well with the increase of network size. The system can also tolerates link failures and peer collusions. The DRM and reputation system are complementary approaches to enforce intellectual copyrights.

Our system is not capable of preventing a customer from purchasing the digital content and distributing it in electronic bulletin boards, http downloads, or hard copies. The copyright protection is limited inside P2P file-sharing


Administrator

Highlight

Administrator

Highlight

network. For continued effort, we suggest two tasks for further research on large-scale P2P copyright protection.

D. From collusion avoidance to prevention:

Collusion avoidance offers a passive move. We need collusion prevention techniques that can stop the peer from copyright violations completely. Therefore, more aggressive and proactive methods are still under sought. The ultimate goal is to guarantee complete prevention of peer collusions or collective abuses on the open networks.

E. Integration through prototyping experiments:

The integration system cannot be proven effective until real prototyping and benchmark experiments are carried out. Cybertrust and security industry should drain their resources to make this happening. Three integration tasks are identified: (1). Investigation of poisoning effects under various decoying schemes. (2). Optimization of the APA (3). Integration with reputation systems and performance benchmarking

Acknowledgements: This work was fully supported by NSF ITR Grant ACI-0325409 at the Internet and Grid Research Laboratory, University of Southern California.

References: [1] J. Baek, J. Newmarch, R. Safavi-Naini, and W. Susilo, "A

Survey of Identity-Based Cryptography " Proc. of Australian UNIX Users Group Annual Conference 2004.

[2] S. Boyd, A. Ghosh, B. Prabhakar, D. Shah, “Randomized Gossip Algorithms”, IEEE Trans. on Information Theory, June 2006, 52(6):2508-2530.

[3] A. K. Choudhury, et al, "Copyright protection for electronic publishing over computer networks," IEEE Trans. on Networking, vol. 9, pp. 12-20, 1995.

[4] N. Christin, et al, “Content Availability, Pollution and Poisoning in File Sharing Peer-to-Peer Networks,” ACM Conference on Electronic Commerce, 2005, pp. 68–77.

[5] P. Djekic and C. Loebbecke, "Software Piracy Prevention through Digital Rights Management Systems," Seventh IEEE International Conference on E-Commerce Technology, 2005. CEC 2005. , 2005.

[6] M. Fetscherin and M. Schmid, "Comparing the Usage of Digital Rights Management Systems in the Music, Film, and Print Industry", Proc. of the 5th International Conf. on Electronic commerce, 2003

[7] T. Kalker, D. H. Epema, P. H. Hartel, R. L. Lagendijk, and M. Van Steen, "Music2share - Copyright-Compliant Music Sharing in P2p Systems," Proceedings of the IEEE, vol. 92, pp. 961-970, 2004, 0018-9219.

[8] D. Kempe, A. Dobra and J. Gehrke, “Gossip-Based Computation of Aggregate Information”, IEEE Symp. on Foundations of Computer Science, Cambridge, Oct.2003

[9] D. Kundur and K. Karthik, "Video Fingerprinting and Encryption Principles for Digital Rights Management," Proceedings of the IEEE, Vol. 92, pp. 918-932, 2004.

[10] E. Luoma and H. Vahtera, "Current and Emerging Requirements for Digital Rights Management Systems through Examination of Business Networks," Proc. of the 37th Annual Hawaii Int’l Conf.on System Sciences, 2004.

[11] M. Maes, T. Kalker, J. P. M. G. Linnartz, J. Talstra, F. G. Depovere, and J. Haitsma, "Digital Watermarking for DVD Video Copy Protection," Signal Processing Magazine, IEEE, vol. 17, pp. 47-57, 2000, 1053-5888.

[12] W. Min, W. Trappe, Z. J. Wang, and K. J. Liu, "Collusion-Resistant Fingerprinting for Multimedia," Signal Processing Magazine, IEEE, vol. 21, pp. 15-27, 2004.

[13] J. A. Pouwelse, P. Garbacki, D. H. Epema, and H. J. Sips, “The BitTorrent P2P File-sharing System: Measurements and Analysis,” 4th In’l Workshop on Peer-to-Peer Systems (IPTPS’05), 2005.

[14] P. Rodriguez et al, “On the Feasibility of Commercial Legal P2P Content Distribution” SIGCOMM Comput. Commun. Rev.36, 1 (Jan. 2006), pp.75-78.

[15] J. Zhang, N. S. Wu, J. G. Luo, and S. Q. Yang, "A Scalable Digital Rights Management Framework for Large-Scale Content Distribution," Proceedings of 2005 International Symposium on Intelligent Signal Processing and Communication Systems, 2005

[16] R. Zhou and K. Hwang, “Gossip-based Reputation Aggregation for Unstructured P2P Networks”, IEEE International on Parallel and Distributed Processing Symposium, Long Beach, CA. March 27-29, 2007.

Biographical Sketches: Xiaosong Lou is a Ph.D. candidate in the USC Computer Engineering program. His research interest covers the areas of peer-to-peer and Grid computing, poisoning detection, distributed content delivery, and semantic networks.. He can be reached via the email address: [email protected].

Kai Hwang is a Professor of Electrical Engineering and Computer Science at USC. He received the Ph.D. degree from the University of California, Berkeley. An IEEE Fellow, he specializes in computer architecture, parallel processing, Internet and wireless security, Grid, cluster, P2P, and distributed computing systems. Contact him at [email protected] or visit http://GridSec.usc.edu/Hwang.html.

Runfang Zhou earned the Ph.D. degree in Computer Science at the University of Southern California in 2007. She is presently working at Hewlett Packard. Her technical interests include peer-to-peer reputation systems, overlay network design, web services performance improvement, and trust and secure collaboration in Grid computing. She can be reached at [email protected].


Secure Media Distribution in P2P Networks

Chen Xi E-Commerce Department, Management School, Nanjing University, Nanjing 210093, China

[email protected]

Foundation Item: Supported by the National Ministry of Education Foundation, China (No. 06JC630016).

Abstract

A secure content distribution scheme is presented in this paper, which can trace illegal distributors in Peer to Peer networks. In this scheme, the encrypted content is decrypted into different copy under the control of a fingerprint (e.g., peer ID) and encryption key at the peer side. Thus, each decrypted media copy contains a unique peer ID that identifies the peer. For the decryption operation and fingerprint embedding operation are combined together, which avoids the leakage of clear media content. Additionally, these operations are implemented by the peer, which makes the scheme compliant with existing Peer to Peer Digital Rights Management (DRM) systems. 1. Introduction

Peer to peer (P2P) technology supports direct file sharing among peers, is an easy way for anyone to provide content, for content seekers to discover the latest content, and for network provider to reduce the distribution cost. For these properties, it is now widely used in file downloading, music sharing, video sharing or network gaming. However, P2P is infamous for copyright infringement, and makes P2P rights management’s establishment more and more urgent [1].

In some applications, the customer can decrypt the media content, get the clear content from the displaying buffers or by camera capturing, and redistribute it to unauthorized customers. To resist this illegal action, only encryption is not enough to keep the DRM systems [2][3][4] effective. Digital fingerprinting can be a good compensation. Digital fingerprinting [5][6] is the technology to embed customer information into media content with watermarking algorithms [7]. Based on digital fingerprinting, different customer receives different media copy. Each media copy contains a unique code that identifies the owner of the copy. Thus, if the media

content is distributed illegally, the unique code can be used to trace the illegal distributors.

In this paper, we propose a secure media distribution scheme suitable for P2P networks based on joint decryption operation. In the proposed scheme, the sender peer encrypts and distributes the media content, and the receiver peer uses the decryption key together with his peer ID to decrypt media content. For media content is decrypted and fingerprinted at the same time, which avoids the leakage of clear media content and keeps secure in practice. The fingerprint can be extracted from the decrypted media content and used to trace the distributor.

The rest of the paper is arranged as follows. In Section 2, the secure distribution scheme based on joint decryption is presented in detail. Conclusions are drawn in Section 3. 2 The Proposed Distribution Scheme

In the following content, we present a secure distribution scheme suitable for all the existing DRM systems. For simplicity, the super-node based DRM architecture [8] is taken for an example, and the secure distribution scheme based on it will be presented in detail. 2.1 Super-node based DRM architecture

Super node

Peer A Peer B

Content ListLicense List

ContentLicense

Regis

ter

Searc

h Result

Fig. 1 Super-node Based DRM Architecture

First International Symposium on Data, Privacy and E-Commerce

0-7695-3016-8/07 $25.00 © 2007 IEEEDOI 10.1109/ISDPE.2007.91

212

First International Symposium on Data, Privacy and E-Commerce

0-7695-3016-8/07 $25.00 © 2007 IEEEDOI 10.1109/ISDPE.2007.91

212

Administrator

Highlight

Administrator

Highlight

Administrator

Highlight

Administrator

Highlight

In the super-node based DRM architecture shown in

Fig. 1, Peer A is selected by Super node as an issue-able node, and Peer B applies the media content stored in Peer A. The process is composed of the following steps: 1) Peer A registers the content and license in Super node, 2) Peer B applies the content stored in Peer A from Super node, 3) Super node tells Peer B that the content is stored in Peer A, 4) Peer B gets the license and content from Peer A, and 5) Peer B decrypts the content with the license, and watches the content under the licensed condition.

2.2 The proposed secure distribution scheme 2.2.1 Architecture of the proposed scheme. In the proposed secure distribution scheme, the traditional decryption operation is replaced by joint decryption operation, as shown in Fig. 2. Here, the media content P’ is decrypted under the control of both the key and the fingerprint F. F is the unique peer ID. In practice, different peer nodes may receive the same K in the license, while they have different peer ID. Thus, the decrypted copy P’ is different from each other, from which, the unique peer ID can be extracted and used to trace the receiver.

Encryption

P

Joint DecryptionUniquePeer ID

K

F

K

C

P'

Peer A Peer B

License

Content

Fig. 2 The Proposed Secure Distribution Scheme

The encryption operation is defined as C=E(P,K) . (1)

Here, P, K, C and E() is the original media content, the key, the encrypted media content and the encryption algorithm, respectively.

The joint decryption operation is defined as P'=D(C,B(K,F)) . (2)

Here, C, K, F, P’, D() and B() is the encrypted media content, key, fingerprint, decrypted media content, decryption algorithm and key combination operation, respectively. 2.2.2 The secure distribution scheme based on a stream cipher. Taking a stream cipher for example, the encryption operation E() is defined as

( ) mod ( 0,1, , 1)i i ic p x L i n= + = − . (3)

Here, P=p0, p1, …, pn-1 (0<pi≤L, i=0,1,…,n-1, n is the length of media content), C=c0, c1, …, cn-1 (0<ci ≤ L, i=0,1,…,n-1, n is the length of media

content), X=x0, x1, …, xn-1 (0<xi≤L, i=0,1,…,n-1, n is the length of media content), and X is generated from a pseudorandom number generator under the control of K.

In the joint decryption operation, the key and the fingerprint are firstly combined by the key combination operation B() that is defined as

( ) mod ( 0,1, , 1)i i iz x y L i n= + = − . (4)

Here, Y=y0, y1, …, yn-1 (-R<yi≤R, i=0,1,…,n-1, n is the length of media content) is generated from a pseudorandom number generator under the control of F, and Z=z0, z1, …, zn-1 (0<zi≤L, i=0,1,…,n-1, n is the length of media content) is the combined key. Then, Z is used to decrypt media content C according to the following operation D().

( ) mod ( 0,1, , 1)i i ip c z L i n′ = − = − . (5)

213213

Here, P’=p’0, p’1, …, p’n-1 (0<p’i≤L, i=0,1,…,n-1, n is the length of media content) is the decrypted media content. According to Eqs. (4) and (5), we get

( )mod ( 0,1, , 1)i i ip c y L i n′ = − = − . (6)

Thus, the decrypted media content P’ contains only the pseudorandom sequence generated by the fingerprint F. To keep the modification imperceptible, R should be keep small.

By detecting the embedded pseudorandom sequence, the peer ID can be determined. Here, the correlation is firstly computed.

1

01

0

( ),

n

i i ii

n

i ii

p p yP P Y

y y

−

=−

=

′ −′< − >=

∑

∑.

(7) For peer node owns different peer ID, the produced

pseudorandom sequences are often independent from each other. Thus, set the threshold be T, then the customer can be detected by the following method.

, ' ,, ' ,

Peer IDis F P P Y TPeer IDis notF P P Y T

< − > ≥ < − > < .

(8) 2.2.3 The scheme for image or video transmission. Using this stream cipher based scheme to encrypt images or videos, the operations should be designed according to the compression process. For uncompressed images or videos, they are encrypted or watermarked pixel by pixel. That is, P=p0, p1, …, pn-1 (0<pi≤L, i=0,1,…,n-1, n is the number of pixels, L is the maximal gray level of the pixels) is composed of all the pixels. Differently, for compressed images or videos, e.g. H.264/AVC videos [9], in order to reduce the effect on the compression ratio, only DC coefficients in the macroblocks are encrypted, while other coefficients are left unchanged. That is, P=p0, p1, …, pn-1 (0<pi≤L, i=0,1,…,n-1, n is the number of DC coefficients, L is the maximal value of all the DC coefficients) is composed of the DC coefficients in all the macroblocks.

3 Conclusions

In this paper, a joint decryption operation is proposed to construct the secure media content distribution scheme suitable for P2P networks. In super-node based architecture, the joint decryption operation is presented to decrypt and fingerprint media content under the control of the decryption key and peer ID. The decryption and fingerprint embedding processes are implemented simultaneously, which avoids the leakage of media content. The encrypted media content is too chaotic to be understood, the fingerprint in the decrypted media content is imperceptible, and the embedded fingerprint is robust against JPEG compression in some extent. 4. References [1] Andy Oram et al., “Peer To Peer: Harnessing the Benefits of a Disruptive Technology”, O’Reilly & Associates, 2001. [2] OMA. Open Mobile Alliance Specification Version 2.0 http://www.openmobilealliance.org. [3] ISMA. (2005). Internet Streaming Media Alliance Implementation Specification 2.0, http://www.isma.tv. [4] AACS. (2004). Advanced Access Content System (AACS) Technical Overview. http://www.aacsla.com. [5] M. Wu, W. Trappe, Z. J. Wang, R. Liu, “Collusion-resistant fingerprinting for multimedia,” IEEE Signal Processing Magazine, March 2004, pp. 15-27. [6] D. Kundur and K. Karthik, “Video fingerprinting and encryption principles for digital rights management,” Proceedings of the IEEE, Vol. 92, No. 6, pp. 918-932, 2004. [7] I. J. Cox, M. L. Miller, and J. A. Bloom. Digital Watermarking. San Francisco: Morgan-Kaufmann, 2002. [8] J.Y. Sung, J.Y. Jeong, K.S. Yoon, “DRM Enabled P2P Architecture,” ICACT2006, pp. 487-490. [9] S. Lian, Z. Liu, Z. Ren, H. Wang, “Secure Advanced Video Coding Based on Selective Encryption Algorithms,” IEEE Transactions on Consumer Electronics, Vol. 52, No. 2, pp. 621-629, May 2006.

214214

The Implementation Architecture of Content Protection in P2P Network

Cheng Yang Communication University

of China [email protected]

Jianbo Liu Communication University


Yichun Zhang, Aina Sui Communication University


Abstract

P2P content sharing is often blamed for copyright

infringement, making the establishment of content security technologies an urgent need. A PCP(P2P-based Content Protection) system is proposed in this paper. The system is based on a trust model that focuses on content security, rights management and access control in P2P network. Encryption, digital watermarking, and packaging technologies are adopted to protect the confidentiality and integrity of contents, and support copyrights verifying and piracy tracing. The structure of rights management integrates the distributed and centralized modes, which not only reduces the burdens of networks and rights server, but also provides controllability. For the access control, the authentication is divided into three aspects of certificate, identity, and credit. The PCP system is implemented to prove that it can provide a more robust intellectual property protection solution for P2P content delivery. 1. Introduction

P2P networks have grown rapidly in information sharing to havens for trafficking in unauthorized copies of Intellectual Property. P2P file sharing systems, such as Napster, Gnutella and KaZaA, allow contents to be shared between distributed peers. Most P2P networks do not have any content protection (CP) or access control. P2P networks are often blamed for illegally sharing copyrighted materials [1][2].

There are many traditional CP solutions, such as the Microsoft’s Windows Media Rights Manager (WMRM), IBM’s Electronic Media Management System (EMMS), InterTrust’s Rights|System, and RealNetworks’s RealSystems Media Commerce Suite (RMCS) [2][3]. However most of them are applicable only to conventional client/server based content delivery. A few CP products are applicable to P2P content delivery. Guofei Gu etc. propose a PLI (Public

License Infrastructure)-based CP system to provide digital rights management for users of Peer-to-Peer (P2P) networks. The system is the first distributed CP license service system, which is especially useful for small content providers such as peers in a P2P network. Other researchers also have pay attention to integrating CP with P2P networks, such as Tetsuya Iwata etc. of NTT Corporation studying on a CP system suitable for P2P content delivery[4], Bill Rosenblatt of GiantSteps Media Technology Strategies studying on integrating CP with P2P networks[5], Paul Judge and Mostafa Ammar of Georgia Institute of Technology studying on the benefits and challenges of providing content protection in Peer-to-Peer Systems[6].

a novel PCP (P2P-based Content Protection) system is proposed in this paper that will allow content providers to safely delivery their digital media, such as films and television programs.

In this paper, Section 2 introduces the PCP system architecture. From aspects of content packaging, right management and content playing, the section 3.1 discusses the method and format of content packaging, which integrates encryption and digital watermarking. Then we present right agent that is the core of the system in section 3.2. Section 3.3 addresses the playing process supporting PCP. 2. The architecture of PCP system 2.1. The characteristics of PCP system

The requirement of P2P content protection is from users and commercial application, mainly focusing on content security, the rights control and copyright protection. In order to create a environment to protect the copyright for the programming, delivery and consuming of digital content, the characters of PCP system as follows:

1) Security: From aspects of content, user and right, the content is packaged with special format through

2007 International Conference on Computational Intelligence and Security Workshops

0-7695-3073-7/07 $25.00 © 2007 IEEEDOI 10.1109/CIS.Workshops.2007.70

455



455



455



455



455



455



455



455

encryption and watermarking, and is granted special right. Users must register to login the system with certificate, identity and credit. The content could be decrypted and the right could be parsed, and then played by media player.

2) Controllability: This characteristic includes access control, usage control, transmission control, post control. In access control, the contents should be access according to a right license. In usage control, the special media player must be used to play the content. In transmission control, the encryption and SSL or IPsec are adopted. In post control, the extracting watermark and verifying copyright are used to monitor piracy behaviors.

3) Scalability: PCP can be treated as middle ware and be realized from many aspects such as the functions, modularization, interfaces and rights expression language.

4) Behavior monitor and piracy tracing: the right certificate can be used to monitor and verify the users’ behavior. And the piracy tracing can be implemented through watermark extracting and verification. 2.2. The framework of PCP system

In PCP system, the contents with copyright desire will be packaged firstly. Then the content packages are delivered to peer-user through P2P networks. Before the content is played, the relevant rights of contents must be purchased. The figure 1 addresses the framework of PCP system.

Figure 1. Framework of PCP system

1) CA (Certificate Authority) presides over distributing identity certificates to the entities in P2P network, such as the peer users, index agent, package agent (PA), rights agent (RA), etc.

2) The content owner B calls the API of PA to packages his digital productions using the integrated scheme of cipher and watermark, binds and stores specified rights, informs index agent to create the content indexes for P2P downloading. The index agent

also updates indexes using traditional P2P delivery scheme after the B backup obtain the same content.

3) Within the P2P network, the peer user A finds out content through index agent, he starts download from B and B backup. And he could select to purchase one or more rights from RA.

4) In order to obtain rights, RA and A need to bidirectional identity authentication using SSL or IPSec, meanwhile RA must queries the users manager to verify user’s identity information and user’s credit information. After authentication, RA generates rights certificate using XrML with stored rights information, distributes to peer user A. 3. The modules in PCP system

According to the analysis above, PCP system includes five modules: Content Packaging, Content Delivery, Right Management, Content Play and Copyright Verifying. The use case digraph is showed in figure 2.

Content Package

Intellectual Node

Content Provider

Peer UserRight Manage

Content Play

Index Agent

Users Manager

Content Delivery

Content Manager

Copyright Verify

Figure 2. Use case digraph of PCP system

3.1. Content packaging

The PCP system packages the media resources to the content object in predefined format with encryption and watermarking algorithm. 3.1.1. The pattern of content packaging. The self-determined packaging is adopted. The content manager will call the API of PA directly. Its implementation is simple and flexible. The process of self-determined packaging in PCP system is presented in figure 3.

Content Manager: 1. FilePackaged 2. KEY

Content Packager

Content

Package

Framework

Embed Watermark

Encrypt

Hash

Content Manager: {FileID, FileType, FileTitle, Athor, Owner, Time, ValidPeriod }

Configuration File: 1. Attribute 2. Metadata

System File: 1. PackageTime 2. PackageHeadLen 3. HashLen

Figure 3. Self-determined packaging in PCP system

By the content manager system, the content owner

Index AgentA

B的的备

Rights Agent

CA

Package Agent

Index Agent

Check Agent

B

B

Users

456456456456456456456456

transfers copyright information of his content M to PA. According to the specified encryption algorithm identifier and watermarking algorithm identifier, PA calls algorithm modules to create new productions packaged with P-DCF format criterion. The new media files and the protection keys for content encryption are returned to content manager.

The digital watermarking algorithm is able to embed copyright information W into the content, such as the video streamings or images. So, MW, the new content with watermark is created:

),( WMFMW = The encryption adopts AES algorithm that is used to

encrypt MW to ensure the confidentiality of content. The Hash function is realized by SHA-1 to abstract digest from the encrypted MW, which can verify the integrity of content. The watermark will be extracted to verify copyright and trace piracy behavior in the future. 3.1.2. The format of content packaging. Some relevant information should be packaged with content, such as content identifier, copyright. In PCP system, the content is packaged and is appended to a head file including file head, attribute, metadata and Hash digest.

FileHead FileID FileName FileType FileLen

Attribute WatermarkAlg EncryptionAlg PackageTime RSURL FileTitle Author Owner Time ValidPeriod

Content

Metadata WatermarkAlg EncryptionAlg PackageTime RSURL FileTitle Author Owner Time ValidPeriod

HashDigest

Content with Watermark

Encrypt

Package

Content Packaged

Figure 4. Format of content packaging

The definition of attribute and metadata will conduce to the scalability of PCP system. The name of information is presented in attribute list. However, the metadata could be defined according to practical applications. And the position of metadata can be computed from the offset address in attribute list. 3.2. Right agent with distributed-centralized structure

Right control is the core of PCP. Only legally authorized users could consume content correctly. In PCP system, RA binds the rights to contents, and controls the rights distribution according to users. 3.2.1. The Structure of right agent. After contents are packaged, contents and its users must be authorized.

This can be done through the interface provided by RA, and then the rights will be saved. If peer user decides to purchase one or more rights, and the bidirectional identity authentication between RA and peer user is successful, RA creates right certificate. RA includes three modules: rights info management, right certificates management and identity authentication.

Right Management

User Info Query

Right Signature

Right Encryption

Rights Group Management

Bill Creating

XrML File Creating

Certificates Management

Users Manager

Content Manager

Content Provider

Identity Authentication

Right Certificates Management

Rights Info Management

Peer User

Figure 5. Structure of right agent

In order to make every content provider, for example TV station, control his own media resources and usage rights easily and securely, the structure of RA adopts the mix-mode combined distributed and centralized modes. Every content provider can build and control his own RA server that can deal with the right requests from peer users located at same region, which could not only reduce the burden of networks bandwidth and server computing, but also provide the controllability. Moreover, right certificates and contents are stored and delivered separately, which will bring more flexibility to PCP system. 3.2.2. XrML-based rights info management. There are three main functions in rights info management: right group management, rights management and XrML file creating.

Right Customization

Right Modification

Right Deletion

Right Group Customization

Right Group Modification


Rights Management Right Group Management XrML File Creating

Right GroupDeletion

Figure 6. Modules of right info management

PCP system adopts XrML (Extensible Rights Makeup Language) to express and standardize rights, which includes four important elements: principle, right, resource and condition. Based upon them, a template is builds to contains the license metadata and semantic. The XrML template has a standard structure and syntax that is conduced to data interchange among

457457457457457457457457

systems with different structures. By the XrML template, XrML file can be created automatically. 3.2.3. PKI-based identity authentication. To secure the rights purchase process, the bidirectional identity authentication based on PKI is needed between peer-user and RA. The public key of CA is 2048 bits, and the RSA public key of peer user and RA is 1024 bits. Hash algorithm is SHA-1, and signature algorithm is RSA. The interaction between peer-user and RA is:

1) Connecting with Ipsec or SSL: negotiating about the parameters of authentication, such as the pattern of authentication, and session key (Ks).

2) User send RA the EKs(Cu, UAname, URI, Rid), where the Cu is identity certificate of user agent, Rid is ID of right selected by user.

4) RA verifies peer user’s identity certificate, and send user the EKs(Cr, RAname), where the Cr is identity certificate of RA.

6) User verifies RA’s identity certificate. 3.2.4. Right certificate management. After the identity authentication is successful, RA will query users manager about whether the peer user has enough balance and credit to purchase right. If yes, RA will create right certificate and distribute it to peer user.

Right Certificate Management

Right Certificates Database


Identity Authentication

Users Management

UA

1. Request Right

5. Distribute Right Certificate

2. Bidirectional Identity authentication

3. Query User Info

4. Obtain Right (XrML File)

Figure 7. Right certificate creating and management

The XrML right file is obtained from rights info management, after that, right certificate is created:

1) Signing XrML right file R to ensure the integrity of right certificate: SR = SignKr (Hash (R))

2) Encrypting SR and R to ensure the confidentiality of right certificate: ER = EKu (R, SR)

After creating is successful, the right certificate is given a serials number(SN) and is saved into database with the pattern {SN, UAname, IssueDate, Rid, URI}.

3.3. Content playing supporting PCP

In PCP system, peer user could play downloaded contents by a player supporting PCP.

When peer-user received the right certificate from RA, the validity of right certificate needs to be verified by judging whether (R, SR) = DKu(ER) and DKr(SR) is equal to Hash(R).

When peer user begins to play contents, Right certificate will be checked. If right certificate does not exist, peer-user will be inducted to purchase it. Otherwise, the player opens it and verifies details. And the player will decrypt the content by AES algorithm to play. During the playing, the right certificate needs to be updated after the content is played. 4. Conclusion

In this paper, we propose and implement a PCP system based on peer to peer networks for content providers. This system focuses on the content security, rights management and access control, which forms the whole trust model of PCP system. The content security is carried out through AES encryption, RSA signature, packaging and SSL/IPsec. The rights management with the distributed-centralized structure is more controllable and can reduce the burden of networks bandwidth and server computing. And the downloaded content can be played only with the rights control. The access control demands every user in the PCP system to register, and needs identity authentication during important interactions such as right purchasing. The implemented PCP system shows that it can provide a more robust intellectual property protection solution for P2P content delivery. 5. References [1] G. Guofei, L. Shipeng, “A New Framework to Protect Digital Content for P2P Networks”, Lecture Notes in Computer Science, Springer-Verlag, Berlin Heidelberg New York, 2003, pp. 206-216. [2] Y. Yinyan, Z. Tang, “A Survey of the Research on Digital Rights Management”, Chinese Journal of Computers, Vol. 28, Beijing, 2005, pp. 1221-1225. [3] L. Qiong, S. Reihaneh, and P. S. Nicholas, “Digital Rights Management for Content Distribution”, The Proceedings of 2nd Australian Institute of Computer Ethics Conference, Australia, 2000, pp. 121-132. [4] I. Tetsuya, A. Takehito, “A DRM system suitable for P2P content delivery and the study on its implementation”, Proceedings of the 9th Asia-Pacific Conference, 2003, pp. 806- 811. [5] B. Rosenblatt, “Integrating DRM with P2P Networks”, http://www.drmwatch.com/resources/whitepapers/article.php/3112631, 2003 [6] J. Paul, A. Mostafa, “The Benefits and Challenges of Providing Content Protection in Peer-to-Peer Systems”, Proceedings of the International Workshop for Technology, Economy, Social and Legal Aspects of Virtual Goods 2003, 2003, pp.22-24.

458458458458458458458458

Can a P2P File-Sharing Network Become an e-Marketplace?

Fu-ren Lin, Hau-ming Lo, Cong-ren Wang Institute of Technology Management

National Tsing Hua University Hsinchu City, Taiwan 300

Abstract The prevalence of P2P technology contributes the ease of file-sharing, but it also brings some problems such as free-riding and copyright infringement. To solve these problems, many researchers have proposed incentive mechanisms. At the same time, some applications and business models based on P2P technology are developed. However, those new business models would not allow users redistribute files which they have downloaded. This study proposes a new business model which adopts a reselling mechanism to distribute contents on P2P networks. Users who have downloaded contents from peers other than the author peer can resell them by paying a portion of reselling gains as the royalty to the author. Content providers and consumers may re-price shared contents dynamically via incremental learning. This study aims to verify that authors can gain more through P2P reselling model than through client/server architecture, and we will investigate into the factors which influence this possibility. Keywords: Peer-to-Peer, Reselling mechanism, Multi-Agent Simulation, Dynamic pricing. 1. Introduction

Peer-to-Peer technology enables computers around the world to directly share resources like CPU processing capability, disk storage, contents, etc. However, because of the lack of proper incentive mechanisms, a majority of users download files via P2P networks but very few people contribute contents in return, which render to the free-riding problem. In 2000, an experiment conducted on Gnutella shows that approximately 66% of peers shared no files and 73% shared ten or fewer files, while top 1% represents approximately 37 % of the total files shared and top 20% represents 98% of the total files [1]. Another study in 2005 shows that 85% of peers share no files and 86% share 10 or fewer files [2]. Free riding has increased

significantly since then. Moreover, the distribution of unauthorized contents on P2P networks hinders the productive uses of P2P technology. Over the past years, extensive transactions of copyright-infringed files on P2P networks have severely damaged record brands [3]. In consequence, IFPI (International Fédération Phonographique Industrie) started to fight back against the tendency towards illegal downloading. IFPI first canvassed US Congressmen for the adoption of a forbidding P2P Act. Subsequently, IFPI brought suits against software companies and large-volume-illegal-file providers. The record brands even added DRM (Digital Right Management) technology on CDs, which is used to protect music from transforming into digital format. Meanwhile, Apple Company took the lead in launching online music service, which allows consumers to legally download music with specific format to their iPods or iTunes. After the success of iPod, several online music services emerged in Taiwan, such as KKBOX, Kuro and ezPeer, noted that Kuro and ezPeer provided their services over P2P network architecture, while the service of KKBOX uses DRM to protect the music files from illegal copies over client/server architecture. Nevertheless, the same illegal downloading happened on Kuro and ezPeer.

The responsibility of software companies has not been clear and definite until US Supreme Court pronounced that whoever distributes equipments, by which others might facilitate copyright infringement, should be in charge of others’ copyright infringement. This sentence has caused a lot of famous P2P technology companies go bankrupt, e.g., eDonkey and limewire, or has driven them to find another way out. In 2003, IFPI in Taiwan made an accusation against Kuro and ezPeer. They forced Kuro and ezPeer to provide a legitimate platform which would not ease the copyright infringement, or they should take charge of the copyright infringement of their members. At this moment, the declaration of the alignment between Warner

Proceedings of the 41st Hawaii International Conference on System Sciences - 2008

1530-1605/08 $25.00 © 2008 IEEE 1

Bros. and well-known P2P software, BitTorrent, was catching mass attention indeed, which implied that a new business model apparently came into a reality.

However, the possibility of a content distribution channel based on P2P networks still remains questionable. A concrete business model needs to answer questions, such as how the digital content is priced and whether the downloaded files can be redistributed.

This study proposes a business model which adopts a reselling mechanism to distribute contents on P2P networks. Users who have downloaded contents from other peers can resell them by paying a portion of reselling gains as the royalty to these peers. Content providers and consumers may re-price shared contents dynamically via incremental learning. Besides, this study aims to verify that authors can gain more through P2P reselling model than through client/server architecture, and we will investigate into the factors which influence this possibility.

2. Literature review

We will first review the literatures on the current economic issues of P2P network and related techniques used in this study.

2.1. Peer-to-Peer network

P2P technology takes advantage of the resources owned by hosts on the Internet, such as CPU processing capability, storage, contents and user participation, to enable various applications [4]. Some famous examples are MSN, SETI@home and KaZaA. In addition, P2P technology presents the advantages of distributed systems that save the expense of constructing centralized computation and storage facilities. Many researches have investigated business-oriented applications based on P2P technology, for example, marketing [5], enterprise application integration [6], B2BI [7], workflow [8], and the distribution channel of digital-stored goods [9]. At present, the hottest application of P2P is file-sharing.

Nevertheless, P2P technology has several drawbacks of management. Because P2P is free from the central control unit, the access to P2P is unmanageable. The development of trust among users becomes the key to the business applications of P2P. Some researches studied the construction of trust on P2P networks [10]. The payment on P2P networks also needs to be noticed. Arora et al. proposed the framework of

CasPaCE to ensure the security of transactions and payments under P2P context [11].

The lack of appropriate management makes people distribute unauthorized copyrighted files via P2P software easily. This problem influences many industries, especially music industry, which incurs many debates. P2P indeed beats CD sales of music industry [12]. Clark (2000) pointed out that the estimate of annual CD sales loss caused by online music will reach $3.1 billions by 2005 [13]. The piracy on P2P decreases consumers’ willingness of CD purchasing to 65% [14].

Accordingly, the Recording Industry Association of America (RIAA) did a great effort to protect copyright from infringement. However, the effort of RIAA conflicts with the intention of P2P software developers, the normal use of legal music consumers, and the privacy-protected obligation of ISPs [15].

From the perspective of policy makers, it is important to design a mechanism for distributing information goods, to balance the interest between copyright-owners and Internet users. Researchers recognized that existing business models need to be modified behind P2P appearance [16]. Hui and Png suggested that people use P2P software for business [17].

Researchers have also started to investigate the design of e-commerce architectures under P2P contexts, which provide the details of transaction procedures and information transitions [18-20]. However, most of them lack the ability of file-sharing. Hence, Grimm and Nutzel proposed a business model which allows users to redistribute downloaded files and share the profit [21]. Under this model, consumers have two choices: free downloading and purchasing. Once a peer pays for downloading, it will have the right of redistribution automatically, and it can gain commission from redistribution. Courcoubetis and Antoniadis identified several important parameters on P2P business models, including reputation, cost, utility, and degree of competition [22].

However, the described redistribution model doesn’t allow users to price their downloaded files. This study combines the concept of royalty with redistribution as a new reselling mechanism. Content providers will price their products and set royalties, which are drawn from consumers’ reselling revenue. Consumers will be able to set reselling prices for their downloaded files, and some of their revenue from reselling will be drawn as royalties. Consumers in the proposed reselling mechanism are more autonomous, and


2

have more motivation to purchase files. In addition, Lang and Vragov developed the

monopolistic pricing mechanism for distributing digital contents on P2P [23]. Their study revealed that the distribution by P2P networks will be more profitable than by a client/server platform as P2P networks present stronger incentives for users to redistribute digital contents. But this pricing mechanism looks for an optimal price via optimization process, which needs giant computation and complete information about users. This study aims to find the optimal price via incremental learning.

2.2. Radial basis function network (RBFN)

Radial Basis Function Networks (RBFN) is

a neural network technique, containing an input layer, a hidden layer, and an output layer. In the output layer, with an unknown function y(x): Rd → R, a RBFN can approximate y(x) with a set of d-dimensional radial basis functions. These radial basis functions are centered on centroids, which can be treated as the nodes of the hidden layer. Therefore, the transformation from the input space to the hidden-unit space is nonlinear, whereas the transformation from the hidden-unit space to the output space is linear.

Suppose that we want to use a set of m radial basis functions ψ(x), centered on the centroids cj to approximate y(x), where j = 1, 2,...,m. φ(x) can be defined as φ: Rd → R: φ = φ(||x − c||) where ||.|| denotes the Euclidean norm, cj ∈ Rd. Then we can get the estimation of y(x), denoted by ŷ(x), representing a linear combination of the radial basis function ψ(x): ŷ(x)

= ∑=

−m

jjj cx

1

||)(||φθ , where θj is a weight

factor. A radial basis function is a Gaussian function typically, i.e., φ(||x − cj||) =

exp(- 2j

2j ||c-x ||

σ), where σj is the width factor of

the jth unit in the hidden layer. Chen, Cowan and Grant proposed an

alternative learning procedure for RBFN based on the Orthogonal Least Squares (OLS) method [24]. The procedure chooses radial basis function centers one by one in a rational way until an adequate network has been constructed. Each selected center maximizes the increment to the explained variance of the desired output and does not suffer numerical ill-conditioning problems. The orthogonal least-squares learning

strategy provides a simple and efficient way for fitting radial basis function networks.

The main advantage of RBFN is that it can solve both linear and nonlinear problems by fast learning and reducing sensitivity to the order of presenting training data. Lin, Huang & Yang adopted RBFN to automatically model multi-attribute utility function of a peer [25]. A multi-attribute utility function may be either linear or nonlinear. Rapidly modeling a user’s utility function is important to many agent applications.

This study builds a preference model for each peer to make decisions, in which a peer’s preference is usually determined by many decision attributes. We combine weighted utility of decision attributes into a conjoint model and adopt RBFN to formulize the multi-attribute utility function.

2.3. Semi-Markov decision process

(SMDP)

Many sequential decision making problems can be modeled as Semi-Markov Decision Processes (SMDPs) embedded on continuous time semi-Markov processes (SMPs) [26].

Suppose a random variable, state, Xn takes values in a countable set ℘ , and a random

variable, time, Tn takes values in +ℜ = [0,∞], such that 0 = T0 ≤ T1 ≤ T2… . The stochastic process (X ,T) = {X n ,T n : n∈N} is said to be a Markov renewal process (MRP) with state space ℘, when for all n∈N , j∈℘, and t∈ +ℜ , the following condition is satisfied:

{ }{ }nnnn

nnnnn

XtTTjXPTTXXtTTjXP

|,,...,;,...,|,

11

0011

≤−==≤−=

++

++

Define a process { }+ℜ∈= tYY t : , where

nt XY = , if 1nn TtT +≤≤ . The process is called a semi-Markov process associated with the MRP (X,T). Clearly, decision epochs in SMDPs are not restricted to discrete time epochs but are all time epochs at which the system enters a new decision making state. That is, the system may change several times during two decision epochs.

This study formulates the author’s and the reseller’s decision processes as SMDPs; however, the computation of the immediate reward is quite difficult. Thus, we adopt reinforcement learning to solve this problem.


3

2.4. Temporal-difference learning (TD learning)

Sutton (1988) introduced Temporal

Difference (TD) learning approach to solve the problem of learning-to-predict, which uses past experience with an incompletely known system to predict its future behavior [27]. For instance, through experience one might learn to predict for particular chess positions whether they will lead to a win, for particular cloud formations whether there will be rain, or for particular economic conditions how much the stock market will rise or fall. An important advantage of prediction learning is that its training examples can be taken directly from the temporal sequence of ordinary sensory input; no special supervisor or teacher is required. TD learning is a class of incremental learning procedures specialized for prediction. Whereas conventional prediction learning methods are driven by the error between predicted and actual outcomes, TD learning are similarly driven by the error or difference between temporally successive predictions, with which learning occurs whenever there is a change in prediction over time. TD learning requires less memory and peak computation than conventional methods, but produces more accurate predictions.

2.5. Leader-follower incentive game

In the P2P file sharing network with a

reselling mechanism, the relationship between the content provider and consumers can be modeled as a leader-follower incentive game. In this game, the leader would act by his/her policy and seek to maximize his/her profit. Each follower chooses one of actions to respond to the leader. Similarly, every follower’s goal is to gain maximum for himself. Therefore, when a leader is making decision, s/he is thinking what actions the followers would take, and what action s/he should take to respond to the followers’ reactions. S/he tries to find the optimal answer to this question. To make decisions, the followers would both observe the leader’s action and consider the other followers’ responses to leader’s action. Thus, followers will wait leader’s decision and compete with other followers.

For example, in a supply chain, the provider decides the wholesale price, and the retailers would consider the other retailers’ prices and decide their retailing prices. For the leader, his wholesale price is the best price he can find to

maximize his/her profit.

2.6 Swarm The Swarm project was started in 1994 by

Chris Langton, then at Santa Fe Institute (SFI) in New Mexico. It is currently based at the non-for-profit organization, Swarm Development Group, which is also based in Santa Fe, New Mexico. Their aim is to develop both a vocabulary and a set of standard computer tools for the development of multi-agent simulation models (so-called ABMs, short for Agent-Based Models).

Swarm is designed to help researchers build models in studying complex systems. A researcher has to give contents to "agents," possibly by thinking of them as honey bees, investors, trees, or bugs. One research goal of Swarm is to discern overall patterns that emerge from these detailed behaviors at the individual level.

A Swarm simulation proceeds in discrete time steps. Agents are created and then interact according to a scheduling mechanism. As the simulation proceeds, agents update their instance variables and may be asked to report their states to the observer swarm layer of the simulation. The core of Swarm contains two categories of swarms: the model swarm and the observer swarm. The model swarm encapsulates the simulated model. Everything in the model swarm corresponds to an object in the world being modeled. The model swarm contains a schedule of activities on the model. A model swarm consists of a set of inputs and outputs. The inputs to the model swarm are model parameters such as the number of agents and the length of the observed period, etc. The outputs of the model swarm are the observables of the model, the author’s price, and the royalty, etc.

In Swarm computer simulations, those observation objects are placed in an observer swarm. The most important object in an observer swarm is the model swarm that is being studied as shown in Figure 1. The model swarm is one component of the observer. Other observer objects can then input data into the model swarm (setting simulation parameters, for instance) and read data out of the model swarm (collecting statistics of the behavior of agents). (For more details, visit the official web site of Swarm, http://www.swarm.org/, and the Swarm user guide, http://pj.freefaculty.org/Swarm/Beta/SwarmUserGuide/userbook.html)


4

Figure 1. Nested hierarchy of Swarms

3. A new P2P business model of online music industry

This study proposes a new P2P business

model of online music industry and aims to verify the proposed model is more profitable than one based on client/server architecture.

3.1 Model overview

We start the model with a scenario shown in

Figure 2 that an online music provider offers the online music through a P2P network. The consumers of this online music provider may download music files from either the provider or the other consumers who have already downloaded the music files. A consumer who downloads music files from the provider or other consumers needs to pay the fees to these music sources. A provider of a music file needs to pay the loyalty to the origin peer if the provider downloaded the file from the origin peer. A provider which may be the original source or secondary distributor can decide the price of the music file.

The relation between an original provider and its consumers as well as between distributors and end consumers can be seen as leader-follower incentive games. The utility function of downloading decision of a consumer can be accomplished by RBFN. The pricing issue, including reselling price, and the royalty issue can be modeled by SMDPs and TD Learning approaches.

To verify that a new business model of online music distribution on P2P networks is more profitable than one based on client/server architecture, we construct a simulation platform used to model peers’ transactions on P2P networks. In the simulation, peers are autonomous to make decisions, and the roles

agents play can be categorized into provider and consumer. A provider acts as a leader who prices his/her products at each decision epoch, and a consumer who wants to resell what s/he has downloaded plays as a follower who decides his/her reselling price with the reselling mechanism.

Figure 2. Model overview

We describe the details of agent behaviors,

including downloading decisions, price and royalty decisions, and reselling decisions in Section 3.2. The relationship of agents is described in Section 3.3, and the procedure of agent interaction is in Section 3.4.

3.2 Agents

We first construct agents in the simulation.

When agents decide to sell or download contents, they invoke their peers on P2P networks. Thus, in the simulation, agents are not always on the P2P network. Agents can make decisions autonomously. Depending on the role agents play in the simulation, they make different decisions. An agent of a content provider makes price and royalty decisions, and an agent of a consumer makes downloading and reselling decisions. The details of these decisions are presented in the following.

3.2.1 Price and royalty decisions

The content provider repeatedly monitors

the market situation, changes the product price and royalty, and tries to find the optimal pair (price and royalty) which brings him/her the largest revenue. This problem could be formed as a semi-Markov Decision Process (SMDP) described in Section 2.3. Figure 3 presents the provider’s decision as a SMDP. Because the optimization method for SMDP needs complete information about the participants in the market,


5

which is impossible to obtain in the real world, we consider TD learning method described in Section 2.4, which learns to predict by past experience.

Figure 3. Provider’s decision as SMDP For the prediction of price and royalty, we

keep one TD network for each decision. In our implementation of TD learning model, we use the current market information and the provider’s action (price or royalty) as inputs, and the output is the provider’s profit. The market information consists of the popularity of MP3, the potential market of MP3, and the price or royalty of MP3 (depending on the purpose of TD learning). Figure 4 presents the implementation of TD learning model.

Figure 4. Implementation of TD Learning model

The popularity of MP3 is defined as (the

number of current downloaders − the number of prior downloaders) divided by the number of prior downloaders, and the potential market for MP3 is calculated by the following function based on the original Bass Diffusion Model; that

is, m

tNmmtNqp )]([]/)([ −××+,where p

is the coefficient of innovation, q is the coefficient of imitation, N(t) is the cumulative number of consumers at time t, and m is the fixed market size.

At the beginning of TD learning, the provider uses the training data to train the weight of TD learning model, and then collects the current market information as the input data. Next, the provider decides the best action to

respond to the current situation. In return, the provider records the market information and the profit gained by the action. At next decision epoch, it repeats this procedure. After few times (we called “learning periods”), the provider uses the recorded data to re-train the weight of TD learning model. This procedure iterates until the end of observation period.

3.2.2 Downloading decision

To make a downloading decision, each

consumer needs to assign the utility value to available products. The utility value consists of many attributes. Conventionally, we assign utility value to products by utility functions. In the simulation, we use RBFN described in Section 2.2 to formulate a consumer’s utility function.

To implement RBFN, we use the product information as input, and the output is the utility value of the product. The product information consists of the price, the royalty, the download speed, the popularity, and the potential market.

A consumer first collects the product information as the input data, and then assigns utility values to products shared by other peers. A consumer chooses the product with the highest utility value to compare with their acceptable utility value in mind. If the utility of the product is higher than that in their minds, they will download the product. At each decision epoch, consumers repeatedly make downloading decisions until they decide to download.

3.2.3 Reselling decision

Once a consumer decides to download, he

may also consider reselling the downloaded file. To resell the downloaded file, the peer of a consumer needs to decide a reselling price to the file, and s/he compares the reselling price with the acceptable price in mind. S/he will resell the product when the value is higher than that in mind. The goal of his/her reselling files is similar to the provider’s, and s/he repeatedly re-prices the product like the provider does as well. Therefore, a reselling decision could be formed as a SMDP, and we can use TD learning method to find the best reselling price.

Here we only use TD learning to predict reselling price, so that we keep one TD network. The inputs are the market information and the action (reselling price), and the output is the reselling profit.

A consumer who downloads a file will


6

repeatedly make the reselling decision at each decision epoch, no matter they are resellers or not. The algorithm of reselling decision is similar to that in Section 3.2.1, and it is described in Figure 5.

Figure 5. Algorithm of reselling decision

3.3 The relationship of agents The relationship among these participants

can be formulated by the concept of “leader-follower incentive game”. In the simulation, the roles played by agents can be categorized into the leader and followers; i.e., the content provider plays the leader, while the resellers play the followers. The content provider repeatedly monitors the state situation, and tunes product price and royalty. The resellers decide their reselling prices respectively. Some of the reselling revenue will be taxed as royalty set by the leader. Followers repeatedly review their situation and change their price as well. The content provider is a monopolist, and consumers compete with each other.

3.4 The procedure of agent interaction

In the simulation, the content provider and

resellers repeatedly review the current market situation and tunes their prices and royalties, respectively. Consumers search product information from the provider and resellers. They evaluate all the available candidates and decide whether to download or not and where to download (from the provider or resellers). Once consumers decide to download, they need to decide whether to resell. They might choose not to resell, and just to be consumers. The reselling decision won’t be changed until the next decision epoch.

4. Experimental design

Simulative experiments are based on the

following context. There is an online MP3 aggregator, which distributes MP3 media made

by singers. The aggregator pays a fixed amount of money as loyalty to these singers to exchange the exclusive authorization to distribute their songs. The aggregator has two different channels to access MP3 consumers: one is based on client/server architecture, and the other is based on P2P networks. The former is commonly used for current aggregators, such as iTunes and KKBOX, etc.; the latter is the proposed business model in this study. An aggregator may be interested in knowing which channel is more profitable, and how they influence the profitability. To conduct experiments, we specify variables in Section 4.1, market settings in Section 4.2, and the experimental design in Section 4.3.

4.1 Variables

Variables used for the experimentation are

categorized into three types: environmental, behavioral, and dependant variables.

In the multi-agent simulation for online music market, players such as aggregator, resellers, and end users, are modeled as agents. Environmental variables denote contexts which agents exist. We first consider the size of agent population, noted as AMOUNT_OF_AGENTS, which is the base of downloaders and resellers. Next, we denote an MP3 product life time as OBSERVED_PERIOD. Due to that the aggregator and resellers re-price by incremental learning, the length of learning time may influence the profitability via dynamic pricing. We finally consider λ value used by TD(λ) learning algorithm, denoted as LAMBDA, which implies the percentage of one’s past experiences used in prediction. The environmental variables are summarized in Table 1.

The roles of an agent play are categorized into an aggregator or a consumer. A consumer’s and aggregator’s behavior variables are specified in Tables 2 and 3, respectively. The simulative experiments will observe such variables as shown in Table 4.

Table 1. Summary of environmental variables


7

Table 2. A consumer’s behavioral variable

Table 3. An aggregator’s behavioral variables

Table 4. Dependent variables

4.2 Market settings

Assuming that consumers in general behave one of three types of risk attitude toward purchasing: risk seeking, risk averse, and risk neutral. For each type of consumers, we have asked students to answer assumptive questions to fill out the utility value for each item, and then collect their preferences as training data of RBFN and TD learning.

By this data, we tune some scores to compose different ratios of these three types of consumers to form four different market environments to denote different compositions of prospect consumers as shown in Table 5.

4.3 Experimental design

The experimentation aims to identify which

behavioral variables significantly influence dependent variables on P2P and client/server networks, respectively. Thus, we examine the effect of one behavioral variable, and each behavior variable is set four values for four experiments, respectively. Therefore, we have four results for each behavior variable. We conduct ANOVA to verify whether four different values of each behavioral variable have different influences on dependant variables across four market settings. Moreover, we verify whether four different marketing settings have different influences on dependant variables across four values of one behavioral variable. These experiments are also conducted for the client/server context in order to compare the performance between P2P and client/server networks. Finally, we compare the aggregator’s revenue of P2P distribution channel with that of client/server architecture.

Table 5. Market settings

5. Experimental results and analysis This section will present the experimental

results and analyze them corresponding to variables specified in Section 4.

5.1 Effects of environmental variables

We examined whether the environmental

variables influence the dependant variables. We found that the amount of agents only significantly affects the amount of total downloaders, average amount of resellers, and the aggregator’s revenue, as we expected. Based on this finding, the following experiments are conducted under the market size with 100 agents.

The ANOVA test on experimental results under various λ values for TD(λ) learning, and shows that there are no significant influences on dependant variables. Thus, in the following experiments, λ is set to 0.5.

5.2 Summary of experimental results

The results of experiments in P2P


8

distribution channel are described as follows: (1) the average aggregator’s price is influenced by the threshold of purchasing, (2) the amount of total downloaders is influenced by the threshold of purchasing and a consumer’s network bandwidth, (3) the average amount of resellers is influenced by the threshold of reselling, an aggregator’s initial royalty, and a consumer’s network bandwidth, an aggregator’s revenue is influenced by the threshold of purchasing and the threshold of reselling, and (4) both of the average reseller’s revenue and reseller’s price are influenced by the threshold of reselling.

The results of experiments in client/server distribution channel are described as follows: (1) the amount of total downloaders is influenced by the threshold of purchasing and an aggregator’s network bandwidth, and (2) an aggregator’s total revenue is influenced by the aggregator’s bandwidth.

The results show that, in P2P distribution channel, the average aggregator’s price is influenced by the initial royalty, and the average reseller’s revenue is influenced by contract cost. Revenue gained from both channels differ insignificantly except for contract set at $2000, aggregator’s network bandwidth set at 100M bps, initial price set at $20, and threshold of purchasing set at 0.3 that the client/server network outperforms significantly P2P networks. However, the P2P network outperforms significantly client/server when the aggregator’s network bandwidth set as 1M bps. 6. Conclusion

This study proposes a new business model which adopts a reselling mechanism to distribute contents on P2P networks. Users who have downloaded contents from a peer can resell them by paying a portion of reselling gain as royalty to the peer. The provider and consumers may re-price shared contents dynamically via incremental learning from market feedback. This study also aims to verify that authors of digital goods can gain more through the P2P reselling model than through the client/server architecture.

This study adopted Swarm as a multi-agent simulation platform to model peer networks as agent interactions in the real world. An agent which acts as a content provider makes price and royalty decisions, and the other agents who play as consumers make downloading and reselling decisions. The provider-consumer relationship is similar to the leader-follower incentive game,

where the consumers do not make re-selling price decision until the provider have made the price decision.

In the experimentation, each simulation is designed for each value of behavioral variables in four market settings. Then, we conducted ANOVA test to analyze the experimental results to answer the following questions: 1. Do different values of the environmental variable influence the dependant variables?

With ANOVA test, we found that environmental variables do not influence the dependant variables. Thus, we set those variables as constants. 2. Is threshold of purchasing important to both distribution channels?

From the results of ANOVA, in P2P channel, a consumer’s lowest acceptable utility of downloading MP3 really influences those dependant variables and the average number of resellers during an MP3 product life time. However, in the client/server architecture, it only influences the final number of downloaders. We inference that this results may result from some other variables that have higher weights than a consumer’s lowest acceptable utility of downloading MP3 files in the client/server architecture. 3. Is contract cost important to both distribution channels?

Both channels would not be influenced by the cost of gaining the exclusive distribution right from singers, because the cost is a fixed cost and more users share less cost by each one. Thus, we set the cost of gaining the exclusive distribution right from singers as a constant. 4. Is provider’s bandwidth important to both distribution channels?

From ANOVA test, the bandwidth provided by the aggregator only influences the amount of total downloaders in the client/server architecture because the quality of service of client/server architecture depends on the speed. Consumers prefer faster service, so that the network bandwidth becomes the key to success. 5. Is provider’s initial price important to both distribution channels?

Both channels are not influenced by the initial price for MP3, because of the dynamic pricing scheme. Agents re-price periodically, so that the effect of the initial price for MP3 is weakened. 6. Is the threshold of reselling important for a content provider on a P2P distribution channel?

Four dependant variables, the average number of resellers during an MP3 product life


9

time, the total revenue of an aggregator, each reseller’s average revenue, and the average reselling price during an MP3 product life time, are influenced by a consumer’s lowest acceptable price of reselling MP3. The reason is that the core of a reselling mechanism is the participation of resellers. The preference of reselling is undoubtedly the key to a P2P network with reselling mechanism. 7. Is a consumer’s network bandwidth important for a content provider on P2P distribution channel?

From ANOVA test, the final number of downloaders, and the average number of resellers during an MP3 product life time are influenced by the network bandwidth provided by a consumer when s/he resells MP3 files. 8. Is aggregator’s initial royalty important for a content provider on P2P distribution channel?

From ANOVA test, the average number of resellers during an MP3 product life time is influenced by the initial royalty of MP3. We can certainly assert that the initial royalty of MP3 is important to the amount of total downloaders.

7. References [1] Adar, E., Huberman, B.A. (2000) Free Riding on

Gnutella. First Monday 5. [2] Hughes, D., Coulson, G., Walkerdine, J. (2005)

Free Riding on Gnutella Revisited: The Bell Tolls? IEEE DISTRIBUTED SYSTEMS ONLINE 6.

[3] Sudip, B., Ram, D.G., Sanders, G.L. (2003): Digital music and online sharing: software piracy 2.0? , ACM Press, pp. 107-111.

[4] Shirky, C. (2000): What is p2p... and what isn' t. [5] Tomoya, K., Shigeki, Y. (2003): Application of

P2P (Peer-to-Peer) Technology to Marketing. In Proceedings. 2003 International Conference on Cyberworlds, pp. 372-379.

[6] Kupsch, F., Werth, D. (2005): Integrating Business Processes with Peer-to-Peer technology. In INTEROP ESA Conference 2005.

[7] Bussler, C. (2002): P2P inB2BI. In Proceedings of the 35th Hawaii International Conference on System Sciences.

[8] Yan, J., Yang, Y., Raikundalia, G.K. (2003) Enacting Business Processes in a Decentralized Environment with p2p-Based Workflow Support. WAIM 2003, LNCS 2762: 290-297.

[9] Gayer, A., Shy, O.: University of Haifa, 2002. [10] Liu, L., Xiong, L. (2003): A Reputation-Based

Trust Model for Peer-to-Peer e-Commerce Communities. In Proceedings of the IEEE International Conference on E-Commerce.

[11] Arora, G., Hanneghan, M., Merabti, M. (2005) P2P commercial digital content

exchange. Electronic Commerce Research and

Applications 4: 250-263. [12] Liebowitz, S.: University of Texas, 2003. [13] Clark, D. (2000) Steps by music industry to halt

Internet piracy may be futile. The Wall Street Journal Interactive Edition.

[14] Zentner, A.: University of Chicago, 2004. [15] Krishnan, R., Smith, M.D., Telang, R. (2004)

The economics of peer-to-peer networks. J. Information Technology Theory and Application (JITTA) 5: 31-44.

[16] Torbay, M.D., Pigneur, Y., Usunier, J.C. (2004): Business Models for Music Distribution after the P2P Revolution. In Proceedings of the Fourth International Conference on Web Delivering of Music (WEDELMUSIC' 04).

[17] Hui, K.L., Png, I.: Working Paper Thesis, National University of Singapore, 2002.

[18] Gang, Y., Li, T.Y. (2003): A Decentralized E-Marketplace Based on Improved Gnutella Network. In Proceeding of International Conference on Intelligent Agents, Web Technology and Internet Commerce - IAWTIC'2003.

[19] Iwao, T., Wada, Y., Yamasaki, S., Shiouchi, M., Okada, M., Amamiya, M. (2001) A Framework for the Next Generation of E-commerce by Peer-to-Peer Contact: Virtual Private Community. WETICE 2001: 340-341.

[20] Androutsellis-Theotokis, S. (2004) Diomidis Spinellis: A survey of peer-to-peer content distribution technologies. ACM Comput. Surv. 36: 335.

[21] Grimm, R., Nutzel, J. (2002): A Friendly Peer-to-Peer File Sharing System with Profit but Without Copy Protection. In Innovative Internet Computing Systems. Proceedings IICS, Kühlungsborn, pp. 133-142.

[22] Courcoubetis, C., Antoniadis, P. (2002): Market Models for P2P Content Distribution. In Workshop on Agents and P2P Computing, Bologna, Italy.

[23] Lang, K.R., Vragov, R. (2005) A Pricing Mechanism for Digital Content Distribution Over Computer Networks. Journal of Management Information Systems 22: 121-139.

[24] Chen, S., Cowan, C.F.N., Grant, P.M. (1991) Orthogonal least squares learning algorithm for radial basis function networks. IEEE Transactions on Neural Networks 2: 302-309.

[25] Lin, F.R., Huang, S.L., Yang, Y.C. (2005): Using Radial Basis Function Networks to Model Multi-attribute Utility Functions. In In proceedings of the 4th Workshop on e-Business (Web), Las Vegas, Nevada, USA.

[26] Das, T.K., Gosavi, A., Mahadevan, S., Marchalleck, N. (1999) Solving Semi-Markov Decision Problems Using Average Reward Reinforcement Learning. MANAGEMENT SCIENCE 45.

[27] Sutton, R.S. (1988) Learning to Predict by the Methods of Temporal Differences. Machine Learning 3: 9-44.


10

The Copyright Protection Problem:

Challenges and Suggestions

M. Campidoglio, F. Frattolillo, F. Landolfi

Department of Engineering

University of Sannio

Benevento, Italy

{campidoglio,frattolillo,landolfi}@unisannio.it

Abstract—The advances in networking and multimedia tech-nologies have created opportunities for producers of digitalcontent. However, the ability for anyone to make perfect copies ofdigital content and the ease by which copies can be distributedfacilitate misuse, illegal distribution, plagiarism, misappropria-tion. Moreover, popular peer-to-peer software are widely used byInternet “pirates” to illegally share digital copyrighted content,thus violating the legal rights of the copyright owners. Knownsolutions like Digital Rights Management (DRM) systems aimat protecting and enforcing the legal rights associated with theuse of digital content distributed on the Internet, but they mayalso disturb the balance between the information creation anddistribution, and give rise to problems concerning with privacy.In fact, “fair use” and privacy are often invoked by web users:the former in order to prevent copyright owners from havingthe exclusive control over their creations than the copyright lawintends, and the latter in order to preserve the ownership anddistribution of confidential data. This paper reports on the mostimportant problems tied to the use of DRM systems and, inthe light of the current forensic trends, provides a number ofsuggestions that can be helpful to meet the conflicting interestsof web users and content providers.

I. INTRODUCTION

The growth of networked multimedia systems promoted

by content digitalisation has greatly increased the possibil-

ities to reproduce and distribute information. Digitalisation

allows for copying without loss of quality at a very low

cost, whereas the Internet increases and accelerates the access

to and the distribution of information. Furthermore, in the

age of electronics, new features of sharing information and

knowledge are widely available [1]. However, the ability for

anyone to make perfect copies of digital content and the ease

by which copies can be distributed facilitate misuse, illegal

distribution, plagiarism, and misappropriation [2], [3]. These

features represent a threat for the producers and owners of

information, because it becomes more and more difficult to

sell information at a profitable price. Therefore, displaying,

downloading, copying or printing digital copyrighted content

should be performed under control license, since copyright

violation leads to considerable revenue loss for copyright

owners.

These considerations have magnified the need for the copy-

right protection of digital content. In fact, copyright protec-

tion is usually considered as a basic requirement by authors

and web content vendors, whereas it is perceived as a use

restriction by web users. More precisely, authors aim at a

wide dissemination of their works which does not compromise

the originality and creativity of their intellectual properties.

Publishers want to sell as many products as possible at the

highest possible price and reduce the costs of production and

distribution. In contrast, web users think that anything that is

on the Internet is of public domain and may be taken without

permission from the creator/owner. They want to purchase

digital content at the lowest possible price, at the very most

[4].

DRM systems can be used for lawful purposes, such as to

protect copyrights from infringement and to encourage wider

dissemination of digital content on the Internet [5]. However,

some positive uses have also caused unintended injury. More

precisely, some uses have served no lawful purpose, but instead

have enforced unlawful agreements in restraint of trade or have

evaded statutory limits upon the copyright. Furthermore, such

uses have also given rise to problems concerning with the basic

rights of “fair use” and privacy: the former is invoked in order

to prevent copyright owners from having the exclusive control

over their creations than the copyright law intends, whereas

the latter is invoked in order to preserve the ownership and

distribution of confidential data. As a consequence, the use of

DRM systems requires the adoption of specific legal measures

and contractual mechanisms in order to regulate “fair use” and

minimize privacy conflicts in managing copyright protection.

Starting from crucial problems tied to the use of DRM

systems, we reports on the current forensic trends in the

field of copyright protection of digital content distributed

on the Internet. The main aim is to formulate a number of

suggestions helpful to meet the conflicting interests of web

users and content providers, including basic concerns about

“fair use” and the adverse implications that enhanced copyright

protection may have on the dissemination of information and

protection of personal privacy.

The outline of the paper is as follows. Section II deals with

legal aspects about copyright protection and describes the ways

in which piracy can occur. Section III reports on the main

problems evidenced by the use of DRM systems. In Section IV

some current forensic trends in the field of copyright protection

are reported. In Section V a number of suggestions useful to

2009 Fourth International Conference on Internet and Web Applications and Services

978-0-7695-3613-2/09 $25.00 © 2009 IEEE

DOI 10.1109/ICIW.2009.84

522

solve the copyright protection problem taking into account the

interests and rights of web users and content providers are

formulated. In Section VI a brief conclusion is available.

II. COPYRIGHT RIGHTS AND PIRACY

Copyright law in the United States protects “works of au-

thorship”, and is based on the Copyright Act (1976), a federal

statute that went into effect on January 1, 1978. Then, in order

to reward author creativity and stimulate innovation while safe-

guarding web users’ interests, the World Intellectual Property

Organization (WIPO) elaborated the World Copyright Treaty

(WCT) and the World Performances and Phonograms Treaty

(WPPT), called “The WIPO Internet Treaties” (December

1996), which provided a more modern overview of copyright,

updating some international standards of the author’s right and

establishing new international standards applicable to digital

technologies, thus allowing the development of DRM (Digital

Right Management) systems and enabling a legal regime for

digital works [5]. The United States, with the adoption of

the Digital Millennium Copyright Act (DMCA) in 1998, and

the European Union, with the implementation of the Directive

2001/29 (called EU Copyright Directive or EUCD, May 2001),

confirmed in their laws the entry into the sphere of copyright

content on the Internet, thus permitting the development of

digital content protected by copyright.

According to section 106 of the Copyright Act, a copyright

owner has five exclusive rights in the copyrighted work:

1) Reproduction Right is the right to copy, duplicate, tran-

scribe, or imitate the work in fixed form.

2) Modification Right is the right to modify the work to

create a new work. A new work that is based on a

preexisting work is known as a “derivative work”.

3) Distribution Right is the right to distribute copies of the

work to the public by sale, rental, lease, or lending.

4) Public Performance Right is the right to recite, play,

dance, act, or show the work at public place or to

transmit it to the public. In the case of a motion picture

or other audiovisual work, showing the work’s images

in sequence is considered “performance”.

5) Public Display Right is the right to show a copy of the

work directly or by means of a film, slide, or television

image at a public place or to transmit it to the public. In

the case of a motion picture or other audiovisual work,

showing the work’s images out of sequence is considered

“display”.

Anyone who violates any of the exclusive rights of a

copyright owner is an “infringer”. This means that piracy is

the unauthorized use or reproduction of music, movies, texts,

and other types of content that are granted protection under

copyright law. In particular, there exist two basic ways in

which piracy can occur:

• Unauthorized acquisition. This form of piracy occurs

when a consumer obtains copyrighted content illegiti-

mately, for example, by an unauthorized download of

content from a peer-to-peer file sharing service, such as

Gnutella, or by obtaining illegitimate CDs or DVDs from

a street vendor or friend [1].

• Unauthorized use. This form of piracy occurs when a

consumer obtains a piece of copyrighted content legit-

imately and then attempts to use it in an unauthorized

way.

Piracy of digital content is considered a serious problem by

content companies, so that a universal challenge faced by those

trying to protect intellectual property on the Internet consists

in addressing measures of prevention to be adopted in order to

deterring illegal sharing or reproduction of standards. These

measures mainly consist in:

• raising awareness by ensuring that stakeholders know the

facts about copyright and understand the consequences of

copyright infringement;

• creating incentives to abide by copyright, thus making

the legitimate versions of standards more desirable and

useful than copies;

• enforcing the law;

• employing DRM systems that can limit the users’ ability

to commit copyright abuse through technology [6], [7],

[8], [9].

III. THE DRM APPROACH

Among the possible solutions to the copyright protection

problem, the international research community has mainly

focused on the development of DRM systems to match the

rising and conflicting expectations of both authors, vendors,

and web users [10], [11], [12]. Such systems restrict the use

of digital content by

• limiting the number of times a content can be opened

and/or the length of time allowed for content viewing;

• preventing content from being altered, shared, copied,

printed or saved;

• embedding digital watermarks including identification

information in the content to be protected [13], [14].

Although DRM systems can be effective in limiting the

inappropriate or illegal use of digital content, they cannot be

considered foolproof in preventing copyright infringement, and

they are also affected by some drawbacks concerning with

privacy and the high costs of their implementation [15], [16],

[17].

Furthermore, an approach based on the adoption of DRM

systems also means deferring to industry self-regulation and

technological mechanisms the solution of the copyright pro-

tection problem. However, both self-regulation and technical

tools do not recognize the political nature of privacy, but

assume that all privacy values can and should be resolved

by a marketplace [18], [19], [20]. In fact, the web operators

are strong advocates of the self-regulatory philosophy. Unfor-

tunately, the self-regulation approach has demonstrated that

technological solutions cannot effectively solve the problem

without the support of new and specific laws. On the contrary,

legal measures and contractual mechanisms might minimize

privacy conflicts for copyright protection management [15].

523

Administrator

Highlight

Moreover, the protection implemented by the DRM systems

typically gives the owner of the content the exclusive right to

perform certain actions on the content or to authorize others

to do so [11]. However, it is worth noting that determining

whether an action is authorized or unauthorized may require

protracted and subtle debate, and reasonable people may differ

in their assessment of a given situation.

In light of these considerations, many have expressed alarm

that DRM systems may be used by copyright owners to erode

capabilities that had been previously permitted to web users

by copyright law under the “fair use” doctrine granted to

owners dominion over the reproduction, public performance

and display, and distribution of a work, as well as a monopoly

on the creation of derivative works [17].

“Fair use” has been repeatedly invoked to prevent copyright

owners from misusing their copyrights in order to stifle

legitimate marketplace competition. In fact, some people assert

that protection controls give copyright holders more exclusive

control over their creations than the copyright law intends.

Therefore, the doctrine of “fair use” can be considered a

limitation upon a copyright holder’s exclusive rights. It permits

the public to use a copyrighted work for limited purposes, such

as criticism, comment, news reporting, teaching, scholarship or

research, and protects the public interest in a free exchange of

ideas and discourse. In fact, although the concept of “personal

use”, i.e. copying lawfully acquired copyrighted materials for

one’s personal use, is not expressly protected by statute, it is

widely accepted and judicially sanctioned.

So, fair use plays a crucial role in limiting the reach of what

would otherwise be an expansive grant of rights to copyright

owners. Content owners, however, argue that allowing limited

circumvention only to facilitate fair use, including personal

use, is impracticable: once the circumvention technology be-

comes publicly available, its protective value is compromised.

Unfortunately, the “fair use” term has not been defined in

the law and has been left to the court, in the event of a

dispute, to decide. Therefore, “fair use” cannot be defined

with precision, and the rights granted by the United States

Copyright Act are limited to certain specified rights, and

certainly they do not extend to all uses. In general, whether

a use is fair is determined by balancing the purpose and

character of the use, the nature of the copyrighted work,

the amount and substantiality of the portion used in relation

to the copyrighted work as a whole, and the effect of the

use on the potential market for, or value of, the copyrighted

work. As a consequence, the approach based on DRM systems

is challenging the law and social norms to keep up with

individual rights and technological developments.

IV. CURRENT FORENSIC TRENDS

Although the DRM systems can be improved, for example,

by minimizing the amount of confidential data they manage,

thus making them “privacy-oriented”, the main aim of bal-

ancing conflicting interests concerning with both the need

to ensure the protection of intellectual properties and the

rights to competition, to freedom of thought, and to privacy,

requires revising the existing laws and the corresponding basic

principles (such as transparency and proportionality) so that

to create real opportunities to develop new technical solutions

that are inherently capable of matching the interests of web

users and content providers. In fact, the current forensic trends

show a lack of specific laws that can safeguard all the rights

involved without offending, or at least impair some of them.

However, the recent legal disputes in the field of copyright

protection can be considered a valid basis for formulating

new rules. To this end, recently, GEMA, a German non-profit

organization whose main aim is the protection of authors and

the administration of their rights, accused RapidShare, a web

company that offers a hosting service which enables users

to store their files and make them available for sharing, of

causing copyright violations, thus receiving economic benefits.

A law court of Hamburg (Germany) forced RapidShare to

remove all the copyrighted contents from the sharing service,

to control content uploaded by users, and to keep track of the

IP addresses from which copyrighted files are uploaded.

On the contrary, an innovative ruling made by a law court in

the USA could open a new frontier in the campaign conducted

by web content companies against peer-to-peer networks. In

fact, the law court of Minnesota revoked the ruling on the

case of Capitol Records Inc. against Jammie Thomas, who

was ordered to pay 222 thousand dollars because of an illegal

distribution of copyrighted mp3 files performed by using the

Kazaa peer-to-peer application. In the new ruling, the court

stated that making content available on peer-to-peer networks

does not mean to distribute them. Therefore, Jammie Thomas

cannot be considered responsible for the downloads of the

shared, copyrighted files performed by web users. The court

also asked the Congress of the USA that the Copyright Act

be modified, in order to avoid, in the future, disproportionate

requests for damages. More precisely, if the download of

the shared, copyrighted files is not proved, nobody can be

forced to pay thousands of dollars in fine for few songs,

whose commercial value is about few dollars. Such a decision

represents an actual threat to the web content companies,

which have to change their strategy if they wish to combat

peer-to-peer content exchanges.

Furthermore, in Italy, the Supreme Court exculpated two

students who had set up an FTP server to share games, movies

and music. The Supreme Court stated that downloading copy-

righted files and software applications from the Internet and

making them available to web users has not to be considered

as an illegal action if the conducted activity does not cause

any tangible economic benefit.

The experiences described above show that the current

forensic trends tend to punish who downloads copyrighted

content from the Internet in order to make a profit, rather than

who just makes content available online. However, during the

G8 summit in Japan, the eight world leaders called for final-

ising negotiations of the much-debated “Anti-Counterfeiting

Trade Agreement” (ACTA), an international treaty against

counterfeiting proposed in 2007 by Japan, the European Com-

munity, the USA and Switzerland. The treaty proposes penal-

524

ties for web users who make voluntary, significant violations of

intellectual property that penalize the copyright owners, even

without economic benefit for users and even without a specific

complaint from rights holders. It also proposes procedures

that allow rights-holders to obtain the information needed to

identify the web users guilty of illegal file sharing.

The punitive approach appears to be emerging also in

Ireland, where EMI (Electric and Musical Industries) accused

Eircom.net, the most important Irish ISP (Internet Service

Provider), not of preventing web users from performing illegal

actions, such as illegal content sharing.

However, the involvement of ISPs in the activity of mon-

itoring data traffic of web users in order to prevent illegal

content sharing is often considered to be questionable. In fact,

the law court of Rome in Italy considered as unfounded the

request of the Peppermint Records to Wind, a major Italian

ISP, for knowing the confidential data of 3636 web users

who had illegally downloaded copyrighted songs, reaffirming

the “prevalence” of privacy as a fundamental value of a

person. To this end, as for the “duel” between privacy and

copyright, the last forensic trends show that the former tends

to prevail over the latter, despite the European Court of Justice,

which, with the ruling of September 12, 2006, included the

intellectual property rights among the fundamental rights to

be protected by international regulations (Articles 17 and 47

of the European Union Charter of Fundamental Rights, Nice).

V. SUGGESTIONS

The considerations reported above suggest that a number

of different approaches can be adopted in order to solve the

problem of the copyright protection so as to balance both the

interests and the rights involved. However, a possible solu-

tion should not limit the fundamental individual’s rights and

should employ identification methods that require a moderate

intrusion into the user’s privacy, who should be made aware in

advance of how his/her personal data are used. In particular,

web users wanting to exploit all the opportunities offered by

the Internet cannot claim to be anonymous, but they should

accept more invasive forms of privacy protection in order to

preserve other relevant rights.

Moreover, in order to address the problem of the wide

spreading of copyrighted content, the web content companies

should be allowed to “attack” peer-to-peer network operators,

such as the providers of content sharing services, without

affecting the web users’ privacy. In fact, such a solution

should also be integrated by specific laws requiring ISPs

to prevent web users from visiting web sites considered as

“dangerous” for copyright. This approach can be implemented

by developing a legal system based on licenses that force web

users to provide ISPs with lump sums in payment for the

download of protected content. More precisely, ISPs could

disconnect web users who repeatedly download copyrighted

content from the Internet. In particular, who is discovered

performing illegal content sharing should be warned by an

e-mail that his/her ISP detected an illegal usage of his/her

internet connection. Then, if the user persists in performing

illegal content sharing, his/her account should be suspended.

Moreover, ISPs unwilling to prosecute web users who perform

illegal peer-to-peer content sharing should be considered as

“accomplices” and should suffer penalties.

VI. CONCLUSIONS

DRM systems can support the protection of the legal rights

associated with the use of digital content, but they also cause

specific problems, the most relevant of which concern with

privacy and the concept of “fair use”. Therefore, DRM systems

can be used, but the problems they cause have to be tackled

by regulation. In fact, current forensic trends show a lack of

specific laws that can safeguard all the rights involved in the

process of copyright protection. However, in the light of a

number of current forensic experiences, some suggestions can

be formulated. In particular, three main directions should be

followed:

1) web users should accept more invasive forms of privacy

protection in order to preserve other relevant rights;

2) producers of digital content should be able to legally

prevent peer-to-peer network operators from supplying

sharing services involving copyrighted content without

affecting the web users’ privacy;

3) ISPs should be involved in the process of monitoring

the network connections of web users, so as to prevent

illegal behaviors.

Such suggestions can be considered as a basis to develop

new systems to manage the rights of copyright holders, so

as to encourage them to disseminate their works with some

comfort that the rights conferred by law will be respected.

REFERENCES

[1] J. Spencer, “Beyond file sharing-commerce in peer-to-peer networks:Surveying the landscape,” Journal of Internet commerce, vol. 5, no. 2,pp. 1–19, 2006.

[2] F. Bartolini, A. Piva, and M. Barni, “Managing copyright in opennetworks,” IEEE Internet Comput., vol. 6, no. 3, pp. 18–26, 2002.

[3] F. Bartolini, A. Piva et al., “Electronic copyright management systems:Requirements, players and technologies,” in Proc. of the 10th Int.

Workshop on Database and Expert Systems Applications, 1999, pp. 896–899.

[4] A. N. Greco, The Book Publishing Industry, 2nd ed. Allyn & Bacon,2004.

[5] E. T. Lin, A. M. Eskicioglu, R. L. Lagendijk, and E. J. Delp, “Advancesin digital video content protection,” Proceedings of the IEEE, vol. 93,no. 1, pp. 171–183, 2005.

[6] IBM, The IBM Electronic Media Management System, http://www.ibm.com/software/data/emms/, 2005.

[7] Microsoft, The Microsoft Windows Media DRM platform, http://www.microsoft.com/windows/windowsmedia/drm/default.aspx, 2005.

[8] RealNetworks, The Helix Community, https://helixcommunity.org/,2005.

[9] C. Serrao, D. Neves et al., “Open SDRM - An open and secure digitalrights management solution,” Moses project, Tech. Rep., 2003.

[10] M. Ceccarelli, M. Di Santo, S. D’Onofrio, and F. Frattolillo, “A webmulti-tier platform for adaptively protecting and securely deliveringmultimedia contents on the web,” in Proc. of the 5th Int. Workshop on

Image Analysis for Multimedia Interactive Services, Lisbon, Portugal,2004.

[11] F. Frattolillo and S. D’Onofrio, “An effective and dynamically extensibleDRM web platform,” in Proc. Int. Conf. on High Performance Com-

puting and Communications, ser. Lecture Notes in Computer Science,L. T. Yang, O. F. Rana, B. Di Martino, and J. Dongarra, Eds., vol. 3726,Sorrento, Italy, Sept. 2005, pp. 411–418.

525

Administrator

Highlight

[12] F. Frattolillo and F. Landolfi, “Designing a DRM system,” in Proc. 4th

Int. Conf. on Information Assurance and Security, Naples, Italy, 2008.[13] M. Barni and F. Bartolini, “Data hiding for fighting piracy,” IEEE Signal

Process. Mag., vol. 21, no. 2, pp. 28–39, 2004.[14] I. Cox, J. Bloom, and M. Miller, Digital Watermarking: Principles &

Practice. Morgan Kaufman, 2001.[15] M. Campidoglio, F. Frattolillo, and F. Landolfi, “Security and privacy

in web-oriented watermarking protocols,” in Proc. 10th Int. Conf. on

the Social and Ethical Impacts of Information and Communication

Technology, Mantua, Italy, 2008.[16] R. Dhamija and F. Wallenberg, “A framework for evaluating digital rights

management proposals,” in Proc. of the 1st Intl Mobile IPR Workshop:

Rights Management of Information Products on the Mobile Internet,

Helsinki, Finland, 2003.[17] E. W. Felten, “A skeptical view of DRM and fair use,” Communications

of the ACM, vol. 46, no. 4, pp. 57–59, 2004.[18] F. Frattolillo, “Watermarking protocol for web context,” IEEE Trans. Inf.

Forensics Security, vol. 2, no. 3, pp. 350–363, 2007.[19] K. Rannenberg, “Multilateral security - Why and How?” in Proc. 23rd

National Information System Security Conf., Baltimore, MD, USA,2000.

[20] ——, “Multilateral security. A concept and examples for balancedsecurity,” in Proc. 9th ACM Workshop on New Security Paradigms, Cork,Ireland, 2000.

526

TLMS: A Novel DRM Scheme for Multimedia Sharing in P2P Networks

Wei-Chen Wu Department of Information Management, National

Central University No.300, Jhongda Rd., Jhongli City, Taoyuan County

32001, Taiwan, R.O.C.

Computer Center, Hsin Sheng College of Medical Care and Management

No. 418, Kaoping Village, Lungtan Township, Taoyuan CountyTaiwan, R.O.C.

e-mail: [email protected]

Yi-Ming Chen Department of Information Management, National

Central University No.300, Jhongda Rd., Jhongli City, Taoyuan County

32001, Taiwan, R.O.C. e-mail: [email protected]

Abstract—A Three Layer Multimedia Sharing (TLMS) for managing access right of user in a P2P network is proposed in this paper. The features of TLMS include: 1) a novel DRM scheme for P2P networks, 2) a digital content protection without the need of an on-line server, and 3) low communication and computation cost. In addition to introducing the operation of TLMS model, we also compare its performance and security with Zhang et al’s design in the context.

Keywords- P2P; DRM; Group Key; Threshold Scheme; Digital Content Sharing

I. INTRODUCTION As multimedia content can be efficiently distributed

among peer users, using Peer-to-Peer (P2P) network communication to distribute large volume contents have increased in recently years [3]. However, P2P file sharing is infamous for copyright infringement. Therefore, several papers talked about Digital Right Management (DRM) on P2P network have been published [1-2, 6-7] to address these issues for achieving more functionality. This authors of [6] categorizes three types of DRM for P2P network. The first type uses existing DRM system architecture. In other words, this type of architecture only uses P2P networks for content distribution. The second type is distributed P2P architecture. In this architecture, although all of the DRM functions are executed by the peer node, for the reason of encapsulation permits and content flow control, a static DRM server is needed. The third type is semi-distributed P2P architecture. It is similar to distributed P2P architecture. But user authentication functions exist on the DRM server for the sake of greater security. Unfortunately, both [2] and [6] only talk about the system architecture; little is discussed with respect to the DRM mechanism.

Recently, Zhang et al. [7] proposed a novel scheme based on an asymmetric key algorithm to implement DRM mechanisms in BitTorrent (BT). They give a detail about the operation of DRM on BT. But as they adopt the asymmetric

key approach and either encryption or decryption must link up with Tracker Site (TS) to obtain keys. Their DRM solution would be inefficient and the TS may become a bottleneck when the number of peer users increased.

To overcome the problems of related work mentioned above, this paper proposes a three layer scheme which uses the Group Diffie-Hellman (GDH) protocol to generate a group key (First Layer) for protection of Shadow Key (Second Layer), which in turn can recover Master Key (Third Layer) to allow peers in a group to secretly share multimedia stream. Considering the dynamic nature of P2P networks where peers come and go frequently, we extend the traditional GDH protocol for efficiency.

The remainder of this paper is organized as follows. Section 2 briefly introduce Zhang et al.’s scheme. Section 3 introduces our scheme. In Section 4, we compare the performance of our schemes against Zhang et al. [7] and analyze the various aspects of security in our scheme. Finally, we conclude this paper and indicate future research directions in Section 6.

II. ZHANG’S SCHEME Figure 1 shows Zhang’s scheme and their proposed

protocol for a transmission of the digital content between peers. The components are similar to those in a typical original BT system, except that there is a peer table maintained by the TS to different peer and different pieces of file. For example, ri,k is a TS key and is used by a peer Uk

to download a file pieces mi. Suppose Uk’s public key is gSk and mi g

ri,k Sk represents the encryption of file piece mi .The Uk has to provide its own private key Sk to decrypt mi g

ri,k Sk. The main disadvantage of Zhang’s scheme is that either

encryption or decryption must link up with tracker site to obtain keys. If n is the number of pieces of a file and k is the number of peers in the P2P network, the P2P system will be inefficient because it requires n times to compute mi g

ri,k Sk during the transmission of encryption file. The cost includes

2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing

978-0-7695-3762-7/09 $26.00 © 2009 IEEE

DOI 10.1109/IIH-MSP.2009.176

873

2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing

978-0-7695-3762-7/09 $26.00 © 2009 IEEE

DOI 10.1109/IIH-MSP.2009.176

873

asymmetric encryption costs and modular exponentiation costs and an additional network communication cost because the tracker site must be contacted to obtain the public key and the TS key.

Figure 1. Zhang et al. proposed scheme

III. OUR PROPOSED SCHEME

A. Overview Figure 2 shows the design of our scheme and the

protocol. The operation of our scheme consists of the following phases: Peer Registration Shadow Key Generation, Group Key Agreement and Digital Content Accessing. We explain each of them in order:

Figure 2. Our proposed scheme

Step 1. Peer Registration: a user peer submits

registration information that may contain the identity of the user, which digital content is desired, and payment information (if any), to the CP. Then the CP replies to the peer with acknowledgement.

Step 2. Digital content encryption: the CP generates Master Key (a random number). To protect Master Key, the CP uses Shamir A.’s (t, n) threshold scheme [4] to hide Master Key by shadow key which is generated for each registered peers. The details of these operations are described in Section 3.2.

Step 3. Group Key Agreement: Peers generate Group Key to protect Shadow Key. The reason why and how to generate group key are described in Section 3.3.

Step 4. Digital content accessing: After receiving encrypted digital content from other peers, the receiving peer can use Group Key to retrieve Shadow Key. With Shadow Key, the peer can recover the Master Key to

decrypt the protected contents. The details are described in Section 3.4.

B. Shadow Key Generation Let KDCj be the secret Master Key of jth piece of digital

content (Notated as DCj for abbreviation) and is randomly generated by the CP.

First, CP generates KDCj for DCj to be shared among peers. Second, the CP choses a large prime p. Third, the CP selects t 1 random, independent coefficients a1,DCj, … , at-

1,DCj, 0 aj,DCj p 1, to define the random (t polynomial f (x) over GF(p). In other words, fj (x) = ai,DCj xi, where 0 i t-1. So for digital content DCj, it will have a polynomial as below:

fj(x) = at-1,DCj x t-1 + at-2,DCj x t-2 + … + a1,DCj x + a0,DCj mod p

…… (1) Here we assume a constant term a0,DCj = KDCj Finally, assume every peer user Ui has distinct identified

number U. The CP computes the Ui’s Shadow Key of DCj, si,DCj = fj(U) mod p, (1 Ui p 1).

Example 1: Assume U1, U2, U3 and U4 are registered in CP to purchase DC2, popularity value t 1

is set to 3 and Master Key is 13. Then, the CP selects 2 random numbers: 2 and 10. Then for DC2, we can generate 2 degree polynomial f2(x) according to (1) as follows:

f2(x)=2 x2+10 x1+13 mod 17

Suppose the identified U1=1, U2=2, U3=3 and U4=5, respectively, then their Shadow Keys are computed by the polynomial functions:

s1,DC2 = f2(1) mod 17=8 s2,DC2 = f2(2) mod 17=7

s3,DC2 = f2(3) mod 17=10 s4,DC2 = f2(5) mod 17=11

C. Group Key Agreement Because Shadow Key is very important to recover

Master Key, how to secretly transfer shadow key to each user is a challenge problem. Hence, we modify the IKA.2 [6-8] protocol to IKA.2-like protocol and the four steps of the protocol will be described below. To simplify the notation, we let (i) represent N1 N2 ….Ni for all i members and be generator of G. So (i+j) represents the value (i) to the power of j (i.e. (i) j ) and (i- j) is the value (i) factored out j by Uj (i.e. N1 N2 ….Ni / Nj). Note that factoring out Nj requires computing it’s inverse Nj

-1. This computation is always possible if q is chosen as a group of prime order.

1 Popularity value t means there are at least t peers on-line so that they can exchange digital content.

Step 3.3 to Step 4.

4

4

4

3.4 3.3

3.3 3.3

3.4

U1

U2

U3

CP

3.4 3.2

3.2

3.1

3.1 1

1

1

2 U2

U3

CP

U1

Step 1 to Step 3.2

7

8

9 12 6

4

5

3 2, 11

mi gri,2 S2

( g S

3)ri,3

( g S

2)ri,2

1, 10

U1

U2

U3

Tracker site

874874

Step 1: Line up the peers and pass the contributions (i) of each peer one by one in the line. (See the solid line in Figure 3, where we assume there are four peers register to the CP) Step 2 The last peer in the line sends (n) to all other peers including CP. (See the dash line in Figure 3)

Figure 3. Stages 1 and 2 of Group Key Agreement

Step 3 Each peer sends (n i) to the CP (See the solid line in Figure 4, the (n i) is to prevent the outsider of the group from deriving group key by eavesdrop the communication among peers) Step 4 The CP sends (n+CP i) and Øsi,DCj GKn to each peers respectively. (See the dash line in Figure 4). Here Øsi,DCj represents string concatenation for all legal shadow keys for one Ui

Figure 4. Stages 3 and 4 of Group Key Agreement

Our proposed protocol, IKA.2-like, is different from

IKA.2 in its message sizes and in that sending the Shadow Key and Group key in disguise in step 4. In the final step, the CP collects all inputs from the previous step, raises every one of them to the power of NCP, and broadcasts the resulting n values to the rest of the group. Every Ui now has a value of the form and can easily generate the intended group key GKn = (n+ ).

D. Digital Content Accessing

When a peer Ui wants to access the digital content DCj, he/she follows the steps

Step 1: Derive a Group Key In the step 4 of last subsection, Ui got (n+CP i) from

CP, so by powering (n+CP i) with Ni, Ui can obtain the GKn which is equal to (n+ ). Step 2: Retrieve Shadow Keys

Using group key to make an exclusive operation with Ø si,DCj and (n+ ) to derive the Shadow Keys.

Ø si,DCj GKn (n+ )

= Ø si,DCj

=si,DC1 || si,DC2 || si,DC3||…. || si,DCj ..........(2)

Step 3: Using Shadow Keys to derive the Master Key KDCj for the digital content DCj.

Any group of t or more users provides t distinct points (x, y) = (Ui, si,DCj) allowing computation of the coefficients ak,DCj , 1 k t 1 of fj(x) by Lagrange interpolation. The secret is recovered by noting fj(0)=a0=KDCj.

The coefficients of an unknown polynomial fj(x) of degree less than t, defined by points (xi, yi), 1 i t, are given by the Lagrange interpolation formula:

Since fj (0) = a0 = KDCj, the Master Key may be

expressed as: Example 2: Based on example 1, Any 3 users in (1,8),

(2,7), (3,10), (5,11) can re-acquire polynomial f2(x). Suppose (1,8), (2,7) and (5,11) are selected, f2(x) is acquired as following:

Step 4: Decrypt encryption message

A legal peer user decrypts these messages EKDCj(Bjm) to obtain m streaming media blocks Bjm of digital content DCj. Here EKDCj(Bjm) is secure symmetric cryptosystem using the secret key KDCj to encrypt m pieces of digital content j. Step 5: Combine streaming media blocks

Legal peer users combine m streaming media blocks in their numbered sequence m.

U1 U2 U3

U4 CP N1N2N3 N1N2N3N4

N2N3N4

N1N3N4 N1N2N4

NCPN2N3N4, (s1,DC1 || s1,DC2 || s1,DC3 ) GK4

NCPN1N3N4, (s2,DC1 || s2,DC2 || s2,DC3 ) GK4

NCPN1N2N4, (s3,DC2 || s3,DC3 ) GK4

NCPN1N2N3, (s4,DC1 || s4,DC2 ) GK4

U1 U2 U3

U4

CP

N1N2N3

N1 N1N2

N1N2N3N4

N1N2N3N4

N1N2N3N4

N1N2N3N4

t

iijtj ji

ji p

XXx

yxf1

,1

modX

)(

t

iijtj ji

jiDCj p

XX

yfK1

,1

modX

)0(

17mod13102)3)(1)(8(11)5)(1)(4(10)5)(3)(8(8

8)3)(1(11

4)5)(1(10

8)5)(3(8

)35)(15()3)(1(11

)53)(13()5)(1(10

)51)(31()5)(3(8

17modX

)(

2

111

1,1

xx

xxxxxx

xxxxxx

xxxxxx

XXx

Yxf t

iijtj ji

ji

875875

IV. ANALYSIS

A. Efficacy Analysis

Let n represents the number of pieces of a file and k represents the number of peers in a group of P2P network. Table 1 shows a comparison of computation costs between TLMS and Zhang’s scheme.

Table 1: Comparisons of computation costs.

Encryption Transformation (re-encryption)

The amount of messages

Our scheme

n T(SE) 2k T( ) n (k 1)

k=4, n=5

5T(SE) 8 T( )* 15

Zhang et al. [10]

n (2k 1) T(ME) n (2k 1) T(MM) k T(Net)

n (k 2) T(MM)

n (6 k 6)

k=4, n=5

35 T(ME) 35 T(MM) 4 T(Net)

10 T(MM)* 90

T(SE): Computation cost of symmetric encryption. T( ) : Computation cost of exclusive-OR operation. T(MM): Computation cost of modular multiplication. T(ME): Computation cost of modular exponentiation. T(LF): Computation cost of polynomial function (Lagrange interpolation function). T(Net): Network communication cost using tracker site to obtain public key and TS key. *Usually T( ) < T(MM)

This table shows that our proposed TLMS is more

efficient in a P2P system. Zhang et al.’s scheme requires n times to compute asymmetric encryption processing and modular exponentiation processing, and there are additional network communication costs in encryption. By contrast, our scheme requires just n times to compute the symmetric encryption processing.

B. Security Analysis

Table 2: comparisons of security issues. Issues Zhang et al. [10] Our Scheme

Digital content are protected

Yes Yes

Need an on-line Authentication Server

Tracker Site Not Need

Adjustable on-line member access.

Not Solved Yes, presents the popularity value t.

Cryptography Asymmetric encryption using TS key and secret key

Symmetric encryption using group key and shadow key

Computation costs High Low Zhang’s scheme requires a Trusted Third Party to

maintain a set of random numbers as TS keys for each peer, one number for each piece of the file. To prevent a peer from sharing plain pieces during downloading, decryption keys are included in the license file for each user. After downloading all cipher pieces of an object, the users have to contact the License Server to obtain the license file. As our scheme allows peers to recover Master Key through group key, it does not need to separately deliver the decryption key

and license file. Table 2 shows the comparisons of security feature between Zhang’s and our scheme.

V. CONCLUSIONS In this paper, we propose a Three Layer scheme for

Multimedia Sharing (TLMS) among a closed group of users within P2P networks. This scheme is derived from the GDH protocol. But considering the varied popularity of different multimedia content, we extended the conventional GDH by Shamir’s (t, n) threshold scheme in the protection of Master Key. Compared with Zhang et al.’s research, our advantages includes: an on-line authentication server is unnecessary, adjustable on-line member access and lower computation costs. Our future research direction includes more detailed comparison of our scheme with traditional DRM technologies and the adaptation of a BT program to implement this scheme.

REFERENCES [1] C-C Chu, X. Su, B.S. Prabhu, R. Gadh, S. Kurup, G. Sridhar and V.

Sridhar, “Mobile DRM for Multimedia Content Commerce in P2P Networks,” IEEE CCNC, vol.2, pp.1119-1123, Jan 2006.

[2] T. Iwata, T. Abe, K. Ueda, H. Sunaga, “A DRM system suitable for P2P content delivery and the study on its implementation,” The 9th Asia-Pacific Conference on Communications, vol.2, pp.806-811, 2003.

[3] S. G. M. Koo, C. S. G. Lee, and K. Kannan, "Using P2P to distribute large-volume contents - research problems, solutions and future directions," in Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI 2005), Orlando, FL, July 10-13 2005.

[4] A. Shamir, How to share a secret. Comm. ACM. Vol.22, pp.612-613, 1979.

[5] M. Steiner, G. Tsudik and M. Waidner, “CLIQUES: A New Approach to Group Key Agreement,” ICDCS, pp.380-387, 1998.

[6] Jae-Youn Sung, Jeong-Yeon Jeong, Ki-Song Yoon, "DRM Enabled P2P Architecture,” The 8th International Conference Advanced Communication Technology, vol. 1, pp.487-490, 2006.

[7] X. Zhang, D. Liu, S. Chen, and R. Sandhu, To”wards Digital Rights Protection in BitTorrent-like P2P Systems,” In the 15th SPIE/ACM MMCN, 2008.

.

876876

The Use of Peer-to-Peer Networks in Copyright Protection

Dimitrios Tsolis1, Eleftherios Georgatos2 & Spyros Sioutas3

1Department of Computer Engineering and Informatics, University of Patras, 26504, Patras, Greece

2 Department of Cultural Heritage Management and New Technologies, University of Ioannina, Neapoli, 30100, Agrinio, Greece

3 Department of Informatics, Ionian University, Tsirigoti Square, 7, 49100, Corfu, Greece

As a general and effective protection measure for copyright violations which occur with the use of digital technologies including peer to peer (P2P) networks, copyright owners often use digital watermarking techniques so as to encrypt copyright information to the content or otherwise restrict or even block access to the digital content through the Internet and the P2P infrastructure. This paper claims that DRM and P2P can be quite complementary. Specifically, a P2P infrastructure is presented which allows broad digital content exchange while on the same time supports copyright protection and management through watermarking technologies for digital images.

Index Terms—Computer networks, copyright protection, peer to peer networks, digital image processing.

I. INTRODUCTION EER TO PEER networking is supported by suitable

software which enables a computer to locate a content file (text, image, video, sound, software etc.) on another networked device and copy the encoded data to its own hard drive. P2P technology often is used to reproduce and distribute copyrighted content without authorization of rights owners. Except for digital music and video the P2P infrastructure is also used to make and distribute illegal copies of digital content which lies under the protection of the Intellectual Property Rights (IPR) legislation. For this reason the short history of P2P technology and software has been one of constant controversy by many in the content industry. The content owners are feeling even more threatened by the broad and unregulated exchange of digital content in P2P environments [2].

As a general protection measure for copyright violations through digital technologies including P2P, copyright owners often uses digital watermarking techniques to encrypt and watermark content or otherwise Digital Rights Management technologies to restrict access, totally blocking digital content to be accessed through the Internet and the P2P software infrastructure.

This paper claims that watermarking, Digital Rights Management (DRM) and P2P can be quite complementary. Specifically, a P2P network infrastructure is presented which allows broad digital content exchange while on the same time supports copyright protection and management through watermarking technologies. In brief, the platform is functioning mainly for digital images and is tracking all the watermarked image files which are distributed and copied through the P2P network. The challenge is the algorithmic complexity of detecting multiple watermarking keys in the P2P network effectively and quickly, especially when thousands of image files are concerned. This is managed by an optimization detection algorithm which allows effective watermarking key detection in optimal P2P hops.

Equivalent systems, which combine watermarking, DRM and P2P technologies do not yet exist in practice but only in theory. Certain methodologies and strategies have been proposed for exploiting P2P technologies in DRM and vice versa [9]. The proposed system is setting a new basis for the close cooperation of the two different scientific areas of DRM and P2P aiming at exploiting the distributed computing nature of P2P networks for efficient digital rights protection and management.

II. PROTECTION – WATERMARKING & KEYS In this section the copyright protection part of the P2P infrastructure is presented which is mainly based on a watermarking algorithm for digital images which produces the correspondent watermarking keys distributed within the P2P environment.

A. Copyright Protection through Watermarking The copyright protection system’s main objectives are to

provide an appropriate information infrastructure which supports rights management for the digital content and for the transactions taking place and on the same time protects the copyright of the digital images though robust watermarking techniques.

The watermarking techniques are playing a very important role in such systems mainly because they provide the protection means for proving the identification of the copyright owner and detecting unauthorized use of digital content [4, 8]. Towards this functionality, watermarking algorithms are casting keys to the digital content (in most of cases invisible keys) which when detected prove the copyright ownership of the digital content [13].

In case of digital content transactions a very large number of digital images are being exchanged through networks and the Internet for which the legality of their future use is highly improbable. The situation is even more difficult in P2P network infrastructures through which digital content is being exchanged based on specialized stand alone applications which exchange digital files of all kinds (and not only

P

2009 13th Panhellenic Conference on Informatics

978-0-7695-3788-7/09 $25.00 © 2009 IEEE

DOI 10.1109/PCI.2009.48

97

Administrator

Highlight

Administrator

Highlight

images). A proposed solution is to apply a watermarking algorithm

which produces sufficient information which is distributed to the P2P nodes. This information consists mainly of the watermarking key and other data relating to the digital image itself.

B. Generating Keys with the Watermarking Algorithm Generally, a watermark is a narrow band signal, which is

embedded to the wide band signal of a digital image [7]. In our case spread Spectrum techniques are being used and are methods by which energy generated at one or more discrete frequencies is deliberately spread or distributed in time or frequency domains.

In particular, this technique employs pseudorandom number sequences (noise signals) to determine and control the spreading pattern of the signal across the allotted bandwidth. The noise signal can be used to exactly reconstruct the original data at the receiving end, by multiplying it by the same pseudorandom sequence: this process, known as "de-spreading", mathematically constitutes a correlation of the transmitted pseudorandom number sequence with the receiver’s assumed sequence [14]. Thus, if the signal is distorted by some process that damages only a fraction of the frequencies, such as a band-pass filter or addition of band limited noise, the encrypted information will still be identifiable. Furthermore, high frequencies are appropriate for rendering the watermarked message invisible but are inefficient in terms of robustness, whereas low frequencies are appropriate with regards to robustness but are useless because of the unacceptable visual impact [1, 5, 6].

In our case, the embedding of a robust multibit watermark is accomplished through casting several zero-bit watermarks onto specified coefficients. The image watermark, a random sequence of Gaussian distribution in our case, is casted multiple times onto the selected coefficients preserving the same sequence length but shifting the start point of casting by one place.

Actually the final watermark that is embedded into the image is not a single sequence but many different sequences generated with different seeds. These sequences are casted, one after the other, on the mid coefficients of the image, using the additive rule mentioned above and begging from successive starting points. If all sequences where to be casted, beginning from the same starting point, then, besides the severe robustness reduction resulting from the weak correlation, the possibility of false positive detector response would dramatically increase, since every number that has participated as a seed during the sequence generation procedure, will be estimated by the detector as a valid watermark key. Shifting the starting point by one degree for every sequence casting ensures that the false positive rate will remain in very small level due to the artificial desynchronisation introduced. Every single random sequence of Gaussian distribution is generated using a different number as the seed for the Gaussian sequence generator. It is

important to differentiate the sequences in order not to mislead the detection mechanism, since it is based on the correlation between the extracted sequence and the sequence produced with the watermark key.

The watermark key is responsible both for the generation of the first sequence and the construction of a vector, containing the rest of the numbers that will serve as the corresponding seeds. The placement of several Gaussian sequences into the image content can model, under specific conventions, a multi-bit watermark. The detection of a zero-bit watermark is interpreted as if the bit value of the specified bit is set to one. On the contrary, failure of the detector to detect the zero-bit watermark leads to the conclusion of a zero bit value. Thus, in order for a message to be casted into the image content, it is initially encoded using the binary system and applied afterwards in the sense of zero-bit watermarks using the embedding mechanism and according to the derived bit sequence.

Some important remarks regarding the novelty of the proposed schema are addressed below.

Data payload: The reason that most of the proposed robust watermarking systems are zero-bit, is highly related to the data payload. Data payload is the amount of information encoded into the image during the watermark procedure. In other words, it is the number of coefficients modified according to the additive rule. The performance of the correlation function adopted by the detector is increased when a strong statistical dependency is present. On the other hand, the statistical dependency requires a significant sequence length in order to fulfill the requirements of the correlation function. In addition, the position and the amount of coefficients modified, affects directly the resulting image quality. This is on of the most important tradeoffs that the designer of a watermarking system has to balance.

Casting multiple sequences will maximize the problem of image distortion. In that sense, the maximum number of bits allowed for encoding the watermark message is crucial. In the proposed scheme a total number of 16 bits were selected. The first bit indicates the existence of a watermark. If the response is positive the detector continues with the following zero-bit watermarks, otherwise the mechanism outputs a negative response. This is a useful shortcut saving the detector of valuable time and processing power. The second bit serves as a flag important for the decoding operation. The role of this bit flag is described in detail in the following paragraph. The next 14 bits are dedicated to the encoding of the watermark message. Under the aforementioned conventions the system is capable of embedding 214 different messages.

Seed Vector Generation: The watermark key is a positive integer value playing a vital role in the overall watermarking procedure. It corresponds to the private information that must be shared between the embedder and the detector of the watermark. One of the basic principles of private watermarking is that the encryption of the information to be embedded is performed according to a private key. Thus, if an image is watermarked using a specified key, it is impossible

98

for the detector to detect the watermark unless provided with the same key. The encryption is accomplished by using the private key as the seed for the pseudorandom sequence of Gaussian distribution generator. In our case, there is the necessity of 15 extra numbers, one for each sequence. Thus, the private key except from its basic operation as a pseudorandom generator seed is also used as the seed for producing a vector containing 15 numbers. It is important for every private key to produce a different vector of numbers, in order to avoid undesirable statistical dependencies between different watermarks. A pseudorandom generator provided by any compiler is capable of applying this one-way relationship between the private key and the produced vector of numbers.

Flag bit operation: Under the convention, that for every one-bit-value we cast a zero-bit watermark and for every zero-bit-value we don’t do anything except moving to the next starting point, the number of zero-bit watermarks to be casted is dictated by the bit sequence. It is obvious that a bit sequence containing only a single one-bit-value is preferable from a sequence consisted of 14 aces. Both for, processing power and watermark’s imperceptibility purposes, a bit re-versal trick is required for optimizing the embedder’s performance.

Thus, after acquiring the binary representation of the message, a counter scans the bit sequence counting the zeros and the aces. If the number of aces is grater than the number of zeros a bit reversed sequence is generated. The zerobit watermarks casting is now performed according to the newly generated sequence. In that case, the flag bit is set to one serving as an indicator to the detector that the extracted sequence is bit-reversed. As a consequence, the decoder, equipped with the appropriate information, can easily decode a message represented by 14 aces binary sequence, even though the embedder had casted only two zero-bit watermarks. The benefit of using the specified trick is that even though a 16-bit watermark is supported, we only need to cast 8 zero-bits watermarks in the worst case.

FIG. 1 Multiple Watermarking Keys per Image The detector used in the proposed information system

reveals the existence of 11 watermarks. Three of them correspond to the three zero-bit schemes while the rest 8 positive responses are used for the encoding of the fingerprint.

The detector has succeeded in detecting all eleven watermarks without any confusion or misleading, resulting in a capability of facilitating proof of ownership for the digital content, copy control, digital signature and transaction tracking at the same time [3].

C. Intermediate Conclusions In this section a watermarking algorithm has been presented

which is robust enough to facilitate copyright protection and management for the digital images while at the same time produces sufficient information which is distributed and stored to the P2P nodes. This information consists mainly of the watermarking key.

Taking into consideration that for each digital image a set of watermarking keys are being used for copyright protection, the next step towards an efficient P2P environment which supports digital rights management is to use these keys as an information for retrieving the copyright status of each image transacted through the P2P network. For this reason, the watermarking keys are being stored in the independent network Peers. The copyright owner can use the watermarking key as query information to track down its digital images and their use. The issue is how quickly and efficiently the Peer that contains the under inspection key is being located taking into account that thousands of digital images could exist in the P2P network and multiple watermarking keys could exist in a digital image. The solution proposed is a scalable and robust data indexing structure based on a Nested Balanced Distributed Tree (NBDT).

III. NBDT P2P NETWORK – AN OVERVIEW NBDT provides a tree-like structure for the P2P network

upon which watermarking key-based searching can be performed. In terms of bandwidth usage, searching scales very well since no broadcasting or other bandwidth consuming activities take place during searches. Since all searches are key based there are two possibilities: either (a) each host implements the same algorithm, that translates a keyword to a binary key or (b) another service provides the binary key. This service accepts keyword based queries and can respond with the corresponding key. The second approach is more precise. It is also possible to use a more centralized implementation for such a service. From now on we assume that the key is available. This section describes an algorithm for the first case.

The structure was built by repeating the same tree-structure in each group of nodes having the same ancestor, and doing this recursively. This structure may be imposed through another set of pointers. The innermost level of nesting will be characterized by having a tree-structure, in which no more than two nodes share the same direct ancestor. The figure 2 illustrates a simple example (for the sake of clarity we have omitted from the picture the links between nodes with the same ancestor). Thus, multiple independent tree structures are imposed on the collection of nodes inserted. Each element inserted contains pointers to its representatives in each of the

Multiple Watermarking

0102030405060708090

100

1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61 65 69 73 77 81 85 89 93

Key value

Det

ecto

r Out

put

99

trees it belongs to. Let � an initial given � sequence of w-bit keys belonging in

universe K=[0,2w-1 ], where � an unknown density. At initialization step we choose as peer representatives the 1st key, the lnKst key, the 2lnKst key and so on, meaning that each node with label i (1<i<N) stores ordered keys that belong in range [(i-1)lnK,..ilnK-1], where N=K/lnK the number of peers. Note that during update operations; it is not at all obvious how to bound the load of the N peers, since new w’-bit keys with w’>w may be appeared in the system and K must exceed. For this purpose we will model the insertions/deletions as the combinatorial game of bins and balls presented in [10]: Modeling the insertions/deletions of keys in this way, the load of each peer becomes Q(polygonN) in expected case with high probability. Obviously, peers’ representatives early described have also been chosen according to this game. We also assume that each key is distinct and as a result the probability of collisions is zero. Each key is stored atmost in O(loglogN) levels. We also equip each peer with the table LSI (Left Spine Index). This table stores pointers to the peers of the left-most spine (for example in figure 2 the peers 1, 2, 4 and 8 are pointed by the LSI table of peer 5) and as a consequence its maximum length is O(loglogN). Furthermore, each peer of the left-most spine is equipped with the table CI (Collection Index). CI stores pointers to the collections of peers presented at the same level (see in figure 2 the CI table of peer 8). Peers having same father belong to the same collection. For example in the figure 2, peers 8, 9, 10, and 11 constitute a collection of peers. It’s obvious that the maximum length of CI table is OpN. For example in figure 2 we are located at (green) node 5 and we are looking for a key k in [13lnn, 14lnn-1]. In other words we are looking for (green) node 14. As shown in [12], the whole searching process requires an optimal number of O(loglogN) hops or lookup messages for detecting the watermarking key and that is also validated using the proposed simulator.

FIG. 2 The NBDT P2P System When we want to insert/delete a key/node from the

structure, we initially search for the node that is responsible

for it (using a number of O(loglogN) hops in worst-case) and then we simply insert/delete it from the appropriate node.

If new w’-bit watermarking keys, with w’>w, request to be inserted into the system, then we have to insert new peers on the network infrastructure and as a result we have to re-organize the whole p2p structure. In practice, such an expensive reorganization is very sparse. The new peers of NBDT are inserted at the end of the whole infrastructure consuming O(1) hops in worst-case. In particular, when a node receives a joining node request it has to forward the join request to the last node. The last node of NBDT infrastructure can be found in O(1) hops in worst-case by using the appropriate LSI and CI indexes.

If the load of some peer becomes zero, we mark as deleted the aforementioned peer. If the number of marked peers is not constant any more then we have to re-organize the whole p2p structure. Based on the basic theorem of [10], if we generate the keys according to smooth distributions, which is a superset of regular, normal, uniform as well as of real world skew distributions like zipfian, binomial or power law (for details see [11]), we can assure with high probability that the load of each peer never exceeds polylogn size and never becomes zero. The latter means that with high probability split or delete operations will never occur. In other words, the re-organization of the whole P2P structure with high probability will never occur which means that only the O(loglogN) hops are necessary to detect the appropriate watermarking key and no further time is being consumed for structure re-organization.

IV. CONCLUSIONS In this paper we focused on a P2P network infrastructure

which allows broad digital content exchange while on the same time supports copyright protection and management through watermarking technologies. In brief, a watermarking algorithm casts watermarking keys to the digital images and the same time the watermarking keys are being stored in the independent network Peers. Based in the NBDT system, in the steady state, in a N-node network, each node resolves all lookups via O(loglogN) messages to other nodes. Key updates require only O(loglogN) number of messages in worst-case. Node updates require O(1) number of messages in expected-case with high probability. The watermarking key detection process withih the P2P framework is very efficient and outperforms the most popular infrastructures used directly for many solutions for P2P information discovery. The key detection process is very important for the copyright owner because when successful the copyright status of each digital image can be retrieved and evaluated. The future applicability of the proposed infrastructure is strong as it could be used for the creation of P2P environments, supported by GUIs, with which a user could exchange digital files while copyright protection occurs at the same time.

100

REFERENCES [1] Ingemar J. Cox, Matthew L. Miller and Jeffrey A. Bloom, Digital

Watermarking. Morgan Kaufmann Publishers 2002. [2] Computer Science and Telecommunications Board, National Research

Council. (1999). The Digital Dilemma: Intellectual Property in the Information Age (pp. 2-3). Washington: National Academy Press.

[3] House of Representatives. (1998, october). Digital Millennium Copyright Act.

[4] Nikos Nikolaidis, Ioannis Pitas: Digital Image Watermarking: An Overview. ICMCS, Vol. 1 1999: 1-6

[5] N. Nikolaidis and I. Pitas, Robust image watermarking in the spatial domain, Signal Processing, Elsevier, vol. 66, no. 3, pp. 385-403, 1998

[6] N. Nikolaidis, S. Tsekeridou, A. Nikolaidis, A. Tefas, V. Solachidis and I. Pitas, Applications of chaotic signal processing techniques to multimedia watermarking, Proceedings of the IEEE workshop on Nonlinear Dynamics in Electronic Systems, pp. 1-7, Catania Italy, May 18-20 2000

[7] Randall Davis, "The Digital Dilemma", Communications of the ACM, Volume 44, February 2001, pp. 80.

[8] P. Wayner, Disappearing Cryptography – Information Hiding: Steganography and Watermarking (Second, pp. 291-318). (2002). Morgan Kaufmann.

[9] S.Sioutas, "NBDT:An efficient P2P indexing scheme for Web Service Discovery", International Journal of Web Engineering and Technologies, Vol 4(1), pp. 95-113.

[10] A. Kaporis et. al (2003) "Improved Bounds for Finger Search on a RAM", ESA, LNCS 2832, 325-336.

[11] A. Kaporis et. al (2006) "Dynamic Interpolation Search Revisited", ICALP, LNCS 4051, 382-394.

[12] M. Einhorn and B. Rosenblatt, (2005) "Peer to Peer Networking and Digital Rights Management - How Market Tools Can Solve Copyright Problems", Policy Analysis Journal, No. 534.

[13] M. Barni, F. Bartolini, V. Cappellini, A. Piva, "A DCT-domain system for robust image watermarking", Signal Processing, "Special Issue on Watermarking", (66) 3 (1998), pp. 357-372.

[14] V. Fotopoulos, A.N. Skodras, “A Subband DCT Approach to Image Watermarking”, Proc. X European Signal Processing Conference (EUSIPCO-2000), Tampere, Finland, 5-8 Sept. 2000.

101

Research on Secure Digital Content Distribution for Peer to Peer E-Commerce Applications

Xi Chen School of Management

Nanjing University, NJU Nanjing, China

[email protected]

Shiguo Lian France Telecom R&D Beijing

Beijing, China [email protected]

[email protected]

Abstract—To resolve network congestion and other problems in electronic commerce (e-commerce) applications, such as digital content distribution in e-commerce, the e-commerce applications distributed systems based on the traditional paradigm are nowadays replaced by peer-to-peer (P2P) systems. Peer to peer technology has a lot of advantages for e-commerce applications especially in digital content distribution field. For commerce applications, the security and P2P rights management become more and more urgent. New schemas and solutions for P2P e-commerce applications' security and right management, which are expected to function automatically or semi-automatically, should be proposed. In this paper, a secure digital content distribution scheme is presented, which can trace illegal distributors in Peer to Peer e-commerce applications. In this scheme, the encrypted content is decrypted into different copy under the control of a fingerprint and encryption key at the peer side. Thus, each decrypted media copy contains unique information that identifies the peer. For the decryption operation and fingerprint embedding operation are combined together, which avoids the leakage of clear media content. Additionally, these operations are implemented by the peer, which makes the scheme compliant with existing Peer to Peer Digital Rights Management (DRM) systems and very proper for P2P digital content distribution e-commerce applications, performance evaluation is also included.

Keywords-Electronic Commerce; digital content distribution; Peer to Peer; fingerprint; Digital Rights Management

I. INTRODUCTION E-commerce covers trading activities that are supported

by variety of information and communication technologies. Server-based schema is the mature application mode in e-commerce, the information and business data in the business processes are provided through the portals of the e-commerce websites, and the business activities are progressed on the websites. Business data and business services are stored in and rely on the central servers. Along with the sharp increasing of the accessing amount to the e-commerce websites, network congestion may easily caused in the server-based e-commerce mode. With the development of P2P [1] technology, P2P e-commerce opens up new possibilities of trade, P2P technology offers a solid alternative to the traditional Client-Server model of computing. While Client-Server model typically bases on a single or small number of servers, in P2P systems every user

(peer) acts as both the client and the server at the same time, and provides a portion of the system capability. Thus, P2P technology allows a dynamic set of users to efficiently share resources without any centralized management. The advantages of P2P technology model include roughly unlimited scalability and low costs. Sharing and aggregation of the resources guarantees robustness and high availability of P2P systems.

In P2P e-commerce applications, when the amount of business users increases, the data accessing speed will be accelerated and business resources will be enriched. In P2P e-commerce applications where new business partners from around the globe can be found, their offers can be compared, even complex negotiations can be conducted electronically, and a contract can be drown up and fulfilled via an electronic marketplace. E-commerce is carried out in a highly dynamic environment where companies enter the marketplace some others drop out. P2P supports flexible e-commerce applications and is the useful complementarity for Server-based mode, even more it could be the main e-commerce mode in the future.

Nowadays, digital content transfer and distribution are very important applications in e-commerce [2], such as video content, audio or pictures content. Digital content transfer can lower the cost of e-commerce and decrease the transport time compared with delivering the physical digital content. Peer to peer technology supports direct file sharing among peers, is an easy way for anyone to provide content, for content seekers to discover the latest content, and for network provider to reduce the distribution cost. For these properties, it is now widely used in file downloading, music sharing, video sharing or network gaming especially in e-commerce applications. However, P2P is infamous for copyright infringement, and makes P2P rights management’s establishment more and more urgent [3]. It is one of the key problems in P2P commerce applications.

There are some DRM systems [4][5][6], but most of them are applicable only to traditional server-client based networks. P2P suitable DRM systems [7][8][9][10][11] can be categorized into four types, i.e., server-client based architecture, distributed architecture, semi-distributed architecture and super-node based architecture. In server-client based architecture, P2P networks are used only as the channels of content distribution, while all the licenses are issued by the DRM server. With the rise of peers, the DRM server’s loading will be increased greatly, which cause

2009 International Conference on Multimedia Information Networking and Security

978-0-7695-3843-3/09 $26.00 © 2009 IEEE

DOI 10.1109/MINES.2009.242

463

bottleneck of the service. In distributed architecture, most of the DRM functions are implemented by the peer node except the license issuing of peer nodes. The DRM server’s loading is greatly reduced, while the security cannot be confirmed. Such function as content flow monitoring or license issuing control still depends on the server, and the network is not sable when some peer nodes leave the network. In semi-distributed architecture, the structure is similar to the distributed architecture with only a difference that the functionality of user authentication is implemented by the DRM server. This scheme improves the security of the system. However, the DRM server is required to provide secure services. In the super-node based architecture, no DRM server is needed, and all peer nodes can issue a license. In practical, the super node acts as a temporary DRM server to find specific license issue-able peer nodes, and the found peer node can issue license to other nodes. It is reported that this architecture can support P2P network’s scalability and distributed processing.

In some applications, the customer can decrypt the media content, get the clear content from the displaying buffers or by camera capturing, and redistribute it to unauthorized customers. To resist this illegal action, only encryption is not enough to keep the DRM systems effective. Digital fingerprinting can be a good compensation. Digital fingerprinting [12][13] is the technology to embed customer information into media content with watermarking algorithms [14]. Based on digital fingerprinting, different customer receives different media copy. Each media copy contains a unique code that identifies the owner of the copy. Thus, if the media content is distributed illegally, the unique code can be used to trace the illegal distributors.

Digital fingerprinting has been recommended by some DRM systems, such as OMA [4] and AACS [6]. Generally, where to embedding the fingerprint is a key point, which is in relation with the security and efficiency. Till now, three types of scheme have been reported. The first one embeds fingerprint at the server side, the second one embeds fingerprint in the routers [15], and the third one embeds fingerprint at the customer side [16][17][18]. In the first scheme, the server’s loading is increased greatly with the rise of customer number. In the second scheme, whether the router is secure should be confirmed. In the third scheme, the fingerprint should be embedded in a secure way in order to avoid that the customer steals the clear media content. P2P network is different from traditional networks. The typical difference is that there are few servers in a P2P network. Additionally, the peer nodes are often of versatile capability. Due to P2P networks’ property, it is more suitable to embed the fingerprint in peer nodes, that is, at the customer side. According to this case, the secure fingerprint embedding scheme needs to be investigated.

In this paper, we propose a secure digital content distribution scheme suitable for P2P e-commerce applications based on joint decryption operation, and analyze the performances of the scheme. In the proposed scheme, the sender peer encrypts and distributes the media content, and the receiver peer uses the decryption key together with his

peer ID to decrypt media content. For media content is decrypted and fingerprinted at the same time, which avoids the leakage of clear media content and keeps secure in practice. The fingerprint can be extracted from the decrypted media content and used to trace the distributor.

The rest of the paper is arranged as follows. In Section 2, the secure distribution scheme based on joint decryption is presented in detail. Its performances, including security, imperceptibility, robustness and compliance, are evaluated in Section 3. Finally, future work is given, and some conclusions are drawn in Section 4.

II. THE PROPOSED DISTRIBUTION SCHEME In the following content, we present a secure distribution

scheme suitable for all the existing DRM systems. For simplicity, the super-node based DRM architecture [10] is taken for an example, and the secure distribution scheme based on it will be presented in detail.

A. Super-node based DRM architecture In the super-node based DRM architecture shown in Fig.

1. Peer A is selected by Super node as an issue-able node, and Peer B applies the media content stored in Peer A. The process is composed of the following steps: 1) Peer A registers the content and license in Super node, 2) Peer B applies the content stored in Peer A from Super node, 3) Super node tells Peer B that the content is stored in Peer A, 4) Peer B gets the license and content from Peer A, and 5) Peer B decrypts the content with the license, and watches the content under the licensed condition.

Super node

Peer A Peer B

Content ListLicense List

ContentLicense

Regis

ter

Searc

h Result

Figure 1. Super-node based DRM architecture

B. The proposed secure distribution scheme 1) Architecture of the proposed scheme: In the proposed

secure distribution scheme, the traditional decryption operation is replaced by joint decryption operation, as shown in Fig. 2. Here, the media content P’ is decrypted under the control of both the key and the fingerprint F. F is the unique peer ID. In practice, different peer nodes may receive the same K in the license, while they have different peer ID. Thus, the decrypted copy P’ is different from each other, from which, the unique peer ID can be extracted and used to trace the receiver.

464

Encryption

P

Joint DecryptionUniquePeer ID

K

F

K

C

P'

Peer A Peer B

License

Content

Figure 2. The proposed secure distribution scheme

The encryption operation is defined as

C=E(P,K) . (1)

Here, P, K, C and E() is the original media content, the key, the encrypted media content and the encryption algorithm, respectively.

The joint decryption operation is defined as

P'=D(C,B(K,F)) . (2)

Here, C, K, F, P’, D() and B() is the encrypted media content, key, fingerprint, decrypted media content, decryption algorithm and key combination operation, respectively.

2) The secure distribution scheme based on a stream cipher: Taking a stream cipher for example, the encryption operation E() is defined as

( ) mod ( 0,1, , 1)i i ic p x L i n= + = − . (3) Here, P=p0, p1, …, pn-1 (0<pi L, i=0,1,…,n-1, n is the

length of media content), C=c0, c1, …, cn-1 (0<ci L, i=0,1,…,n-1, n is the length of media content), X=x0, x1, …, xn-1 (0<xi L, i=0,1,…,n-1, n is the length of media content), and X is generated from a pseudorandom number generator under the control of K.

In the joint decryption operation, the key and the fingerprint are firstly combined by the key combination operation B() that is defined as

( ) mod ( 0,1, , 1)i i iz x y L i n= + = − . (4) Here, Y=y0, y1, …, yn-1 (-R<yi R, i=0,1,…,n-1, n is

the length of media content) is generated from a pseudorandom number generator under the control of F, and Z=z0, z1, …, zn-1 (0<zi L, i=0,1,…,n-1, n is the length of

media content) is the combined key. Then, Z is used to decrypt media content C according to the following operation D().

( ) mod ( 0,1, , 1)i i ip c z L i n′ = − = − . (5) Here, P’=p’0, p’1, …, p’n-1 (0<p’i L, i=0,1,…,n-1, n is

the length of media content) is the decrypted media content. According to Eqs. (4) and (5), we get

( ) mod ( 0,1, , 1)i i ip c y L i n′ = − = − . (6) Thus, the decrypted media content P’ contains only the

pseudorandom sequence generated by the fingerprint F. To keep the modification imperceptible, R should be keep small.

By detecting the embedded pseudorandom sequence, the peer ID can be determined. Here, the correlation is firstly computed.

1

01

0

( ),

n

i i ii

n

i ii

p p yP P Y

y y

−

=−

=

′ −′< − >=

. (7) For peer node owns different peer ID, the produced

pseudorandom sequences are often independent from each other. Thus, set the threshold be T, then the customer can be detected by the following method.

, ' ,, ' ,

Peer IDis F P P Y TPeer IDis notF P P Y T

< − > ≥< − > < . (8)

3) The scheme for image or video transmission: Using this stream cipher based scheme to encrypt images or videos, the operations should be designed according to the compression process. For uncompressed images or videos, they are encrypted or watermarked pixel by pixel. That is, P=p0, p1, …, pn-1 (0<pi L, i=0,1,…,n-1, n is the number of pixels, L is the maximal gray level of the pixels) is

465

composed of all the pixels. Differently, for compressed images or videos, e.g. H.264/AVC videos [20], in order to reduce the effect on the compression ratio, only DC coefficients in the macroblocks are encrypted, while other coefficients are left unchanged. That is, P=p0, p1, …, pn-1 (0<pi L, i=0,1,…,n-1, n is the number of DC coefficients, L is the maximal value of all the DC coefficients) is composed of the DC coefficients in all the macroblocks.

III. PERFORMANCE EVALUATION

A. Security of the proposed scheme

(a) original (b) encrypted (c) decrypted

(d) original (e) encrypted (f) decrypted

Figure 3. Perception security of encrypted images (uncompressed)

(a) original (b) encrypted (c) decrypted

(d) original (e) encrypted (f) decrypted

Figure 4. Perception security of encrypted videos (H.264/AVC

compressed)

In the proposed scheme, the media content is decrypted and fingerprinted at the same time, which avoids the content leakage between decryption and fingerprint embedding. The pseudorandom number based stream cipher confirms the scheme’s security against brute-force attack or cipher-only

attacks [19]. The encrypted media content is often unintelligible, as shown in Fig. 3 and Fig. 4, which keeps the scheme secure in perception.

B. Imperceptibility of the fingerprint By selecting suitable parameter R, the quality of the

fingerprint media content can be kept bigger enough. Taking different images for example, the relationship between R and the fingerprinted image’s quality is tested and shown in Fig. 5. As can be seen, the PSNR keeps no smaller than 30dB when R is no bigger than 10.

Figure 5. Quality of the fingerprinted images

C. Robustness of the embedded fingerprint The parameter R is in relation with the robustness of the

embedded fingerprint. Generally, the bigger R is, the more greatly the decrypted media data are degraded, and the bigger the correlation value will be. Otherwise, on the contrary, the robustness denotes the ability for the peer ID to survive such operation as adding noise or recompression. Taking various images (Lena, Airplane, Couple, Boats, Village, Bridge, Baboon, Cameraman, Crowd, and Barbara) for example, the relation between the average correlation value and compression quality is tested and shown in Fig. 6.

Figure 6. Robustness against JPEG compression

As can be seen, when the compression quality is certain, the bigger R is, the higher correlation value is. Generally, if

466

R is no smaller than 8, the correlation value keeps no smaller than 0.4 when compression quality (JPEG) is no smaller than 70.

D. Compliance with existing P2P DRM Architectures Compared with existing DRM functions, only the joint

decryption operation is introduced to replace the traditional decryption operation. And the peer ID is used to control the joint decryption operation besides the decryption key. Thus, it is easy to be implemented in the peer node. In Section 3, the secure distribution scheme in super-node based architecture is proposed. In fact, the joint decryption operation can also be introduced to other P2P DRM architectures, such as server-client based architecture, distributed architecture and semi-distributed architecture. Thus, the proposed scheme is compliant with existing P2P DRM architectures.

IV. CONCLUSIONS AND FUTURE WORK In this paper, a joint decryption operation is proposed to

construct the secure media content distribution scheme suitable for P2P e-commerce digital content applications. In super-node based architecture, the joint decryption operation is presented to decrypt and fingerprint media content under the control of the decryption key and peer ID. The decryption and fingerprint embedding processes are implemented simultaneously, which avoids the leakage of media content. The encrypted media content is too chaotic to be understood, the fingerprint in the decrypted media content is imperceptible, and the embedded fingerprint is robust against JPEG compression in some extent. Additionally, the scheme can be implanted in other DRM architectures. These properties make the scheme a potential choice for secure content distribution in P2P networks for e-commerce applications. The scheme’s robustness against other operations and some new joint decryption operations will be investigated in future work, also the secure scheme for software distribution in P2P e-commerce applications will be researched for its different features. Besides peer to peer e-commerce applications, the proposed secure scheme can be applied to mobile commerce applications by services technology and 3G network supporting. The encryption and joint decryption processes can be realized by web services provided by some online e-commerce sites. The unique peer ID will be the mobile commerce user’s unique ID, such as mobile phone number. The key, the unique peer ID and the digital content will be the parameters of the invoked web services. The application methods and services realization will be investigated in future work. Along with the security problems resolved, it will lay down the foundations for future e-commerce applications development in P2P networks and other commerce applications.

ACKNOWLEDGMENT The work was supported in part by the National Ministry

of Education Foundation of China under Grant No. 06JC630016, National Postdoctoral Science Foundation of China under Grant No. 20090450144, Pre-research Foundation of Nanjing University for National Social

Science Foundation under Grant No. 200711, Jiangsu Postdoctoral Science Foundation under Grant No. 0901104C and by the Business School Science Research Foundation of Nanjing University.

REFERENCES [1] D. S. Milojicic, V. Kalogeraki, R. Lukose et al, Peer-to-Peer

Computing, Technical Report HPL-2002-57, HP Labs, 2002. [2] G. Padmavathi, S. Annadurai, “A Security Framework for Content-

Based Publish–Subscribe system”, Electronic Commerce Research and Applications, vol. 5, no.1, 2006, pp.78–90.

[3] Andy Oram et al., Peer To Peer: Harnessing the Benefits of a Disruptive Technology. O’Reilly & Associates, 2001.

[4] OMA. Open Mobile Alliance Specification Version 2.0 http://www.openmobilealliance.org.

[5] ISMA. Internet Streaming Media Alliance Implementation Specification 2.0, http://www.isma.tv, 2005.

[6] AACS. Advanced Access Content System (AACS) Technical Overview. http://www.aacsla.com, 2004.

[7] T. Iwata, T. Abe, K. Ueda, H. Sunaga, “A DRM System Suitable for P2P Content Delivery and the Study on its Implementation”, Proceedings of the 9th Asia-Pacific Conference on Communications (APCC), vol. 2, 2003, pp.806-811.

[8] S. H. Kwok and S. M. Lui, “A License Management Model to Support B2C and C2C Music Sharing”, In Proceedings International WWW Conference, Hong-Kong, 2001, pp.136-137.

[9] Ton Kalker, Dick HJ Epema, Pieter H. Hartel, Reginald L. Lagendijk, M. Vansteen, “Music2Share - Copyright-Compliant Music Sharing in P2P Systems”, Proceedings of the IEEE, 2004, pp.961-970.

[10] J.Y. Sung, J.Y. Jeong, K.S. Yoon, “DRM Enabled P2P Architecture”, Proceedings of the 8th International Conference of Advanced Communication Technology(ICACT), vol. 1, 2006, pp. 487-490.

[11] Y. Zhang, C. Yuan, Y. Z. Zhong. “Implementing DRM over Peer-to-Peer Networks with Broadcast Encryption”, Proceedings of the 8th Pacific Rim Conference on Multimedia (PCM), Lecture Notes in Computer Science, vol. 4810, 2007, pp.236-245.

[12] M. Wu, W. Trappe, Z. J. Wang, K. J. R. Liu. “Collusion Resistant Multimedia Fingerprinting: A Unified Framework”, Security, Steganography, and Watermarking of Multimedia Contents, Vol. 5306, 2004, pp.748-759.

[13] D. Kundur and K. Karthik, “Video Fingerprinting and Encryption Principles for Digital Rights Management”, Proceedings of the IEEE, vol. 92 , no. 6, 2004, pp.918-932.

[14] I. J. Cox, M. L. Miller, and J. A. Bloom. Digital Watermarking. San Francisco: Morgan-Kaufmann, 2002.

[15] I. Brown, C. Perkins, and J. Crowcroft, “Watercasting: Distributed Watermarking of Multicast Media”, Proceedings of International Workshop on Networked Group Communication, Springer-Verlag LNCS, vol. 1736, 1999, pp.286-300.

[16] J. A. Bloom, “Security and Rights Management in Digital Cinema”, Proceedings of IEEE Int. Conf. Acoustic, Speech and Signal Processing, vol. 4, 2003, pp. 712-715.

[17] S. Lian, Z. Liu, Z. Ren, H. Wang, “Secure Distribution Scheme for Compressed Data Streams”, Proceedings of 2006 IEEE Conference on Image Processing (ICIP 2006), 2006, pp. 1953-1956.

[18] A. N. Lemma, S. Katzenbeisser, M. U. Celik, M. V. Veen, “Secure Watermark Embedding Through Partial Encryption”, Proceedings of International Workshop on Digital Watermarking (IWDW 2006), Springer LNCS, 4283, 433-445, 2006.

[19] Mollin, R. A. An Introduction to Cryptography. CRC Press. 2006. [20] S. Lian, Z. Liu, Z. Ren, H. Wang, “Secure Advanced Video Coding

Based on Selective Encryption Algorithms”, IEEE Transactions on Consumer Electronics, vol. 52 , no. 2, 2006, pp. 621-629.

467

Fingerprinting For Copyright Protection in P2P Context

Haibo Gao

College of Computer Science & Tec,

Hunan International Economics Univ.,

Changsha 410205, Hunan, China

E-mail: [email protected]

Wenjuan Zeng

Registrar’s Office,



E-mail: ghb66 [email protected]

Zhen Chen

College of Computer Science & Tec,



E-mail: [email protected]

Abstract—Despite the immense potential of Peer-to-Peer(P2P) networks in facilitating collaborative applications, theyare generally considered to be free havens for pirated multi-media content. Ensuring the proper distribution and usage ofmultimedia content in P2P networks has become increasinglycritical. Encryption can provide multimedia contents with thedesired security during transmission, which disappears afterthey are decrypted. Digital fingerprinting is an emerging tech-nology to protect multimedia data from illegal redistribution,where each distributed copy is labeled with unique identifica-tion information. In this paper, we propose a fingerprintingscheme for copyright protection of P2P systems, where eachuser gets a slightly different version of the same content.

Keywords-copyright protection; digital fingerprinting; P2Pnetwork; secure content distribution;

I. INTRODUCTION

A main advantage in Peer-to-Peer (P2P) networks is

that all clients can provide resources, including bandwidth,

storage space, and computing power. Therefore, as nodes

arrive and demand on the system increases, the total

capacity of the system also increases. A number of P2P

networks have been proposed in the past few years. Roughly

speaking, they can be classified as either unstructured or

structured. Unstructured P2P networks have no control over

the object placement and generally use “random walk” to

discover data, they support arbitrarily complex queries but

have poor query performance. Structured P2P networks,

like Chord [1], EpiChord [2], MsPastry [3], were developed

to improve the performance of data discovery, they impose

constraints both on the topology of the overlay and on

data placement to enable efficient discovery of data, and

then they have good query performance. In the past few

years, there have a large amount of applications built upon

structured overlays, for example, file-sharing systems.

Despite the immense potential of Peer-to-Peer networks

in facilitating collaborative applications, they are generally

considered to be free havens for pirated multimedia content.

While P2P traffic grows rapidly over the Internet, a large

portion of the P2P distribution is illegal and violates

the corresponding copyright laws. Therefore, to protect

the welfare of the industries and promote multimedia

related services, ensuring the proper distribution and

usage of multimedia content in P2P networks has become

increasingly critical, especially considering the ease of

manipulating digital data. The core of the existing digital

right management (DRM) systems is encryption that can

provide multimedia contents with the desired security

during transmission and prevent them from unauthorized

accessing. For example, Music2share [4] that is specifically

designed for P2P music sharing, which relies on public

key encryption to make copyrighted music inaccessible

to unpaid peers. However, when a piece of multimedia

content is decrypted, the dishonest user can redistribute it

arbitrarily. Thus, only encryption is not enough to protect

the multimedia contents effectively.

As one of the prominent solutions, digital fingerprinting

is used to identify the customers who use their multimedia

content for unintended purposes, such as redistribution,

where a unique identification is embedded into each

distributed copy [5]. Each each codeword of the collusion-

secure code is used to represent the users’ fingerprint [6].

Once an unauthorized content copy is found, the embedded

fingerprint can uniquely identify the source of the leakage.

To this end, many fingerprinting schemes have been

proposed to protect the multimedia recently years [7, 8].

There is a cost effective attack against coded fingerprinting

systems, collusion attack, where several users combine

several marked copies of the same content to remove or

attenuate the original fingerprints to avoid being identified.

To the best of our knowledge, there is no collusion-secure

fingerprinting scheme is designed for P2P networks.

In this paper, we propose a fingerprinting scheme that

is suitable for P2P network. The basic idea is that the

distributor divides the media content into two parts: one

is not encrypted that is used to be as a demo clip, so that

the users can know that the content they are requesting is

indeed they want, and the other is encrypted. Then both

parts are published to a P2P system. Each user gets a

unique decryption key from the super node according to

their peer IDs. When decryptions with different decryption

keys are performed on the same encrypted content, the

result are slight different fingerprinted copies for each user.

2010 International Symposium on Intelligence Information Processing and Trusted Computing

978-0-7695-4196-9/10 $26.00 © 2010 IEEE

DOI 10.1109/IPTC.2010.101

114

The rest of this paper is organized as follows. Section

2 introduces the our fingerprinting scheme in detail. Some

experimental results are presented in Section 3. Finally, a

short collusion of this paper is given in Section 4.

II. PROPOSED FINGERPRINTING SCHEME

In [9], the authors proposed a fingerprinting scheme for

traitor tracing, where the fingerprinting process is done at

the client side by decryption. In their scheme, the distrib-

utor generate the encrypted digital copy by embedding a

high strength watermarking signal into the original copy. A

unique decryption that is generated from the peer ID and the

corresponding watermarking signal is assigned to each user.

Our scheme is mainly based on the fingerprinting scheme

proposed in [9]

A. Encryption

We use the AND anti-collusion code that proposed in [5]

to represent the corresponding node(peer). Each column of

the matrix M (Equation 1) is used to represent a node ID.

M =

0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 10 1 1 1 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 10 1 1 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 1 10 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 1 1 11 0 1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 1 11 0 1 1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 11 0 1 1 1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 01 1 0 1 1 0 1 1 1 1 0 1 1 1 1 1 0 1 1 01 1 0 1 1 1 1 0 1 1 1 1 0 1 0 1 1 0 1 11 1 0 1 1 1 1 1 0 1 1 0 1 0 1 1 1 1 0 11 1 1 0 1 0 1 1 1 1 1 1 0 1 1 0 1 1 0 11 1 1 0 1 1 0 1 1 1 1 0 1 1 1 1 0 0 1 11 1 1 0 1 1 1 1 0 0 1 1 1 1 0 1 1 1 1 01 1 1 1 0 1 0 1 1 1 1 1 0 0 1 1 1 1 1 01 1 1 1 0 1 1 0 1 0 1 1 1 1 1 1 0 1 0 11 1 1 1 0 1 1 1 0 1 0 1 1 1 1 0 1 0 1 1

(1)

We assume that a piece of multimedia content P can

be denoted as a real number vector {p1, · · · , pl}, whose

elements represent the discrete cosine transform (DCT)

coefficient in low frequency. Let u1, · · · , um be m orthog-

onal vectors whose generator is g, where uk={u1

k, · · · , ulk}.

Let Ek={e1, · · · , el} be the encryption key that can be

considered as a high strength watermark signal, with the

j-th element of Ek generated by

ej =

m∑

k=1

ujk + θ, (2)

where θ is a real number that is used to control the

encryption strength, and larger θ means higher encryption

strength. The encryption operation is defined as

cj = pj + ej , (3)

where cj is the ciphertext of pj . Then the encrypted copy is

published in a P2P network.

B. Decryption

Let c1, · · · , cn be n IDs generated from the used anti-

collusion code, where fi={c1

i , · · · , cmi } (see Equation 1).

In our used anti-collusion code, the logical AND of any

subset of k (collusion threshold) or fewer codewords is

distinct from the logical AND of any other subset of k or

fewer codewords. The merchant generates n decryption keys

dk1, · · · , dkn, with the j-th element of dki generated by

dkji =

m∑

t=1

ctiujt + θ . (4)

The decryption operation with dki is defined as

yji = cj − dk

ji = pj + v

ji ,with v

ji =

m∑

t=1

(1− cti)ujt , (5)

where yji is the decrypted version of cj (marked version

of pj). A unique vector vi={v1

i , · · · , vli} corresponding to

the i-th node’s ID ci is left into each decrypted copy

Yi={y1

i , · · · , yli}, which can be used to identify the corre-

sponding customer.

C. Fingerprint detection

Once the content provider finding a pirated copy some-

where, he tries to trace the traitors. Here, We consider a

widely used collusion attack model, average attack, where

a group of k users collectively obtains an average of their

individually marked copies. The following equation shows

this model

Z =1

k

k∑

i=1

Yi , (6)

where Z is the pirated copy and Yi is the marked copy of

customer i. Here, we adopt hard detection algorithm to trace

traitors, and the algorithm is shown in Figure 1.

115

Algorithm 1

Function name HardDetection( )

=1 // is a vector of length n

J records the subscript of ¡ =

when

f¡1; ¡2; ¢ ¢ ¢ ; ¡vg

¡ = 1i

Jj

For t =1 to |J| do

j = J(t)

© = © e

End

Return

Here J

denotes the logical AND.

Figure 1. The hard detection algorithm.

To detect traitors, we compute the correlation vector T of

length m, with the i-th element of T expressed by

Ti =(Z − P )⊤ui

√

‖u2

i ‖, (7)

where ‖u2

i ‖ is the Euclidean norm of ui. Then a value of 1

or 0 is assigned to Ti according to

Ti =

{

1, Ti ≥ ϕ

0, Ti < ϕ, (8)

where ϕ ∈ [0, 1] is a predefined threshold, which is associ-

ated with the probability of detection and that of false alarm.

If a fingerprint fα bitwise-AND T is equal to T , then fα is

suspected to be a source of the leakage.

III. EXPERIMENTAL RESULTS

In this section, we show some experimental results to

examine the performance of the proposed scheme. We take

a 512 × 512 gray scale image as the test image. In this

simulation, 10240 DCT coefficients in low frequency are

chosen as the candidate coefficients for encryption. Each

fingerprint (the corresponding node’s ID) is a column of

the matrix M proposed in Section 2. The original image,

encrypted image and the fingerprinted image are shown in

Figure 2, Figure 3 and Figure 4 respectively. PSNR (peak

signal-to-noise ratio) is a common image quliaty evaluation

criteria that is defined as follows:

PSNR = 10 lg

M ×N ×max∑

x,y

I(x, y)

∑

x,y

{I(x, y)− I(x, y)}(9)

We can see that the fingerprinted image has no visible

artifacts with a PSNR of 44.8 db.

Figure 2. The original image.

Figure 3. The encrypted image with PSNR=9.8 db.

Figure 4. The fingerprinted (decrypted) image with PSNR=44.7 db.

In this paper, we use the following three measurements

to examine the performance of the fingerprint detection

116

algorithm: (a) the fraction of traitors that are successfully

captured for different values of WNR (watermark-to-noise

ratio), which is shown in Figure 5; (b) the fraction of

innocent users that are falsely placed under suspicion for

different values of WNR, which is shown in Figure 6; (c)

the probability of that no any colluders are captured, which

is shown in Figure 7. Here, the selected threshold values are

0.7E(T ) and 0.9E(T ) respectively, where E(T ) is the mean

value of T . We can see that the use of a higher threshold

is able to capture more of the traitors but also places more

innocent customers falsely under suspicion.

−25 −20 −15 −10 −5 00

0.05

0.1

0.15

0.2

0.25

WNR

Pro

(innocent custo

mers

are

fals

ely

suspecte

d)

hard 0.9

hard 0.7

Figure 5. Fraction of traitors that are successfully captured.

−25 −20 −15 −10 −5 00

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

WNR

Pro

(collu

ders

are

successfu

lly c

aptu

red)

hard 0.9

hard 0.7

Figure 6. Fraction of that innocent customers are falsely suspected.

−25 −20 −15 −10 −5 00

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0.4

0.45

0.5

WNR

Pro

(no a

ny c

ollu

ders

is c

aptu

red)

hard 0.9

hard 0.7

Figure 7. Fraction of that no any colluder is captured.

IV. CONCLUSION

In this paper, we proposed a fingerprinting scheme that

can be used to protect the digital contents distributed in P2P

network. Each user gets the same encrypted digital copy

from the P2P network and gets a unique decryption key from

the content provider. The decryption key is generated from

the node’s ID that is derived from anti-collusion code. After

decryption, the ID is left into the decrypted digital copy,

which can be used to trace the traitors. The experimental

results show that the proposed scheme can trace the traitors

effectively.

REFERENCES

[1] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Bal-akrishnan. “Chord: A scalable peer-to-peer lookup service forinternet applications”, In Proceedings of ACM SIGCOMM’01,ACM Press, 2001, pp. 149-160.

[2] B. Leong, B. Liskov, and E. D. Demaine. “EpiChord: paral-lelizing the chord lookup algorithm with reactive routing statemanagement”, In Proceedings of the 12th IEEE InternationalConference on Networks, IEEE Computer Society, 2004, pp.270-276.

[3] M. Castro, M. Costa and A. Rowstron. “Performance and De-pendability of Structured Peer-to-Peer Overlays”, In proceed-ings of Dependable Systems and Networks, IEEE ComputerSociety, 2004, pp. 9-18.

[4] alker, T., Epema, D.H.J., Hartel, P.H., Lagendijk, R.L. and vanSteen,M. “Music2Share-Copyright-Compliant Music Sharingin P2P Systems”, Proceedings of the IEEE, 2004, vol. 92, no.6, pp. 961-970.

[5] W. Trappe et al., “Anti-collusion fingerprinting for multime-dia”, IEEE Trans. Signal Process, 2003, vol. 41, no. 4, pp.1069-1087.

[6] A. Barg, G. R. Blakley, and G. Kabatiansky. “Digital finger-printing codes: problem statements, constructions, identifica-tion of traitors”, IEEE Trans. Inform. Theory, vol. 49, no. 4,pp. 852C865, 2003.

[7] H. V. Zhao et al., “Forensic analysis of nonlinear collusionattacks formultimedia fingerprinting”, IEEE Trans. Image Pro-cess., vol. 14, no. 5, pp. 646C661, 2005.

[8] S. He and M. Wu. “Joint coding and embedding techniquesfor multimedia fingerprinting”, IEEE Trans. Inf. ForensicsSecurity, vol. 1, no. 2, pp. 231C247, 2006.

[9] Defa Hu and Qiaoliang Li. “Asymmetric fingerprinting basedon 1-out-of-n oblivious transfer”, IEEE Communications Let-ters, 2010, vol. 14, no. 5, pp. 453-455.

117

An Efficient Peer-To-Peer Digital Resource Management System for Video Content

Chun Yuan Division of Information Technology

Graduate School at Shenzhen, Tsinghua University Shenzhen, China

[email protected]

Yuguang Guo Division of Information Technology

Graduate School at Shenzhen, Tsinghua University Shenzhen, China

[email protected]

Abstract—We present a Peer-To-Peer (P2P) Digital Resource Management (DRM) system for video content in this paper. The encryption arithmetic of our system is flexible and is careless in this paper. Encryption algorithm of high intensity as bilinear mapping is acceptable and Encryption algorithm of low intensity is OK. Meanwhile the security of our system is based on the structure of the system and illegal user cannot decrypt content completely. Also the content is public through Peer-To-Peer network, which makes the system efficient and the pressure of content server is low compared to traditional DRM system.

Keywords-DRM; P2P;Lagrange;

I. INTRODUCTION With the improvement of P2P network, multimedia

services based on streaming live media have gained much attention recently. P2P architecture is a distributed net work model, which is independent of server, meanwhile, it makes content (text, image, videos etc.) infamous for copyright infringement. In P2P network, illegal resource is popular, every peer can get pirate edition content freely.

DRM (Digital Right Management) technology is important in copyright protection, but early systems are server-client based, so the Pressure of server is increasing with the improvement of number of users. Huge redundancy of data is downloaded from server, and this well secure structure usually allows only about 100 users to login the system and watch video on server. At the same time, there are also DRM systems supporting P2P network. P2P network is a highly dynamic and distributing circumstance. All the digital information may be used by anonyms and stored anywhere. These systems could release video content quickly and the stress of content server is low, however, security of system is low. When a small group of users crack the content, and release clear content, the content is unsafe, and the DRM system useless.

Our contribution is that we design a highly secure P2P-DRM system, in this system, content is well protected, even if a few users try to crack the content, they would be discovered shortly and banned by system. Our system is especially suitable for live streaming video releasing, illegal user could be detected shortly and leakage of data is blocked. And for the P2P basement, most content data is release though P2P network, all of users cannot get whole content

without authentication. And users have to complete decryption process to get whole content.

II. RELATED WORKS In this section, we will study about existing researched

papers and then we will compare advantage and shortage of these P2P-DRM systems.

The first type is traditional DRM system. Content server and CA server are usually separated in this structure, and it does not support P2P network well.

Figure 1. Traditional DRM System

Then we will talk about the Server-Client based Architecture. And only contents distribution uses P2P network in this structure. This architecture use existing Server-Client DRM architecture for protecting the contents and only use P2P networks as the channel of contents distribution. All of the Licenses only can be issued from DRM server. All of DRM functions are performed on the DRM server. DRM server can make

Protected-content using encapsulation or packaging functions on it. And DRM server issues License that contains content decrypt key and usage permission. And DRM server issues License that contains content decrypt key and usage permission or right to the authorized DRM client. It is a big challenge if a group of legal users try to crack the content for each user in this system could get whole content.

Figure 2. Traditional P2P-DRM System

Content server

Content owner

CA server

Client

DRM

Peer C

Peer

Peer A

CA

2011 Fourth International Symposium on Computational Intelligence and Design

978-0-7695-4500-4/11 $26.00 © 2011 IEEE

DOI 10.1109/ISCID.2011.167

259

With the development of P2P-DRM research, many mutation P2P-DRM system come up. Some are clouded servers, and some use trust users to distribute license. Most time, these structures seem complex, and security is not well. If trust users leak the license, the content is unsafe, and synchronization of server is very big problem in these systems.

Figure 3. Distributed P2P-DRM System

III. P2P DRM SYSTEM FOR LIVE STREAMING VIDEO

A. System structure Live streaming video is a special kind of content in

common DRM resource, so our DRM is also special against this distinctive content.

The distinctiveness of live streaming video is that whenever crack is detected, system can knock the cracking user to protect the content, so what we care most is to find cracking users at first and knock them. In this way, cracking users cannot get whole content in DRM resource.

Our system structure is similar to traditional P2P DRM structure as Figure 4.

Figure 4. Our System

In this system we use a web service (WS) server to manage all interface of the system. All of the management of users and CA process is managed through this WS server. WS server is easy to transform to distribute structure, and is flexible in security. Manager can change encryption algorithm without modifying interface, so users do not know these changes. Even if encryption is cracked, manager can make these cracks useless.

The release of content is through P2P network, but CA process should only be managed by CA server to guarantee the content is safe and leakage of content is traceable by DRM system.

Figure 5. Relation of Servers and Clients

B. Content Missing Our method is video cutting or called content missing.

We cut video into s pieces, and define a group of continuous pieces which are encrypted by the same public key. At this time, video is cut into m groups and each group contains s small pieces. Then we do not release all pieces of group. On P2P network we only publish s-1 pieces of content for each group, and keep the other one piece on content server, we can call these pieces key content. And before the live streaming video released on P2P network, all keys are kept in key management server or CA server. By this way, we can manage content into several servers, for example, one server is connected to P2P server and store public part of content for user downloading, while some other servers storing secret parts of contents. So the accessing to server is little for only a few contents which users have to visit frequently are stored on main content server.

Figure 6. Content Missing

When a legal user decide to watch a video, he get public part of content from P2P network, of course the secret parts are kept in content server, when user is watching the first group of video, he can get key of this group and secret part of this part, however, content server would also send a random message to the user. User should decrypt the message using same key and same algorithm and reply it to content server in t second, or, content server would consider the user an illegal one and send another message to CA server. After CA server receive the message, it would add the user into black list and avoid sending more keys to the user.

C. Key Management Keys are stored in CA server at beginning. And with the

spreading of video, keys would also store in clients, this topic would not talked in this paper, and any method of sending keys is OK.

In our system, CA server is to manage keys, but user should get keys from Web Service server. Web Service server provide a getkey() interface to make users get their own key. We design this method for two situations.

CA server

Peer C

Peer

Peer A

Content server

DB Server

Web Server

KM Server

Content Server

WS Server

Client A Client B Client C

G1 G2 G3 G4

DRM

Peer C

Peer B

Peer A

CA DB

260

First situation, if content is a low security one, we use symmetric encryption algorithm in clients and servers. We use sh4 algorithm in our demo. All user get same content, but different keys in this structure. Traditional threshold scheme based on Lagrange Polynomial Interpolation is encouraged here, and also, there are many researches for traitor tracing in this structure.

We chose a big prime number p first, which should be bigger than biggest user numbers and biggest secret. When secret sharing, CA server generate m-1 polynomial. For example, if we decide to generate a (4, n) threshold program, polynomial is a 3 polynomial like this.

F(x) = (ax3+bx2+cx+m) mod p

Parameter a, b, c is random and they are secret, m is a

message and secret, p is public. Each user get random number t, and for x=t, there would be F(t), so to get message m, there would be at least 4 user joint to generate equations to compute message m. That is in a (m, n) threshold program, there should at least m users joint to compute secret, this is called anti m-1 strike system.

So if threshold is big enough in our system, it is hard for traitors computing message, however, if numbers of traitor is big enough and nearly equaling to threshold, feather of Lagrange’s congruence polynomial would be guessed, and if sample number is big enough, security of our system is threatened.

Second situation, if content is a high security one, we use public key encryption algorithm, and in this structure, public keys and private keys may be stored in different servers. And through getkey() method user can not only get his own public key, but also other people’s public key.

Figure 7. Transfer Process

Ciphertext encrypted by symmetric encryption algorithm is stored in content server and legal users can get the key to the ciphertext freely. So in this structure, all user got different ciphertext, and in our P2P network, if user A decide to transmit a part of video to user B, A use getprivatekey(A) method to get A’s own private key, decryption this part, then use getkey(B) method to get B’s public key, encrypt message to ciphertext, and transmit it to B. Because A could get his own private key through web service, CA server should limit the accessing of A’s private key. For example, only a quarter

of A’s private keys could be accessed, and they are discretely distributed in the whole content. And because the content missing method in previous article, it is hard for user A compute whole content.

IV. CONCLUSION We present a P2P Digital Resource Management (DRM)

system for video content in this paper. The encryption arithmetic of our system is flexible and is careless in this paper. Encryption algorithm of high intensity as bilinear mapping is acceptable and Encryption algorithm of low intensity is OK. Meanwhile the security of our system is based on the structure of the system and illegal user cannot decrypt content completely. Also the content is public through Peer-To-Peer network, which makes the system efficient and the pressure of content server is low compared to traditional DRM system.

REFERENCES [1] A Unified Peer-to-Peer Database Framework for Scalable Service

and Resource Discovery, Wolfgang Hoschek [2] PLI: A New Framework to Protect Digital Content for P2P Networks,

Guofei Gu, Bin B. Zhu, Shipeng Li, Shiyong Zhang [3] Mobile DRM for Multimedia Content Commerce in P2P Networks,

Chu, C-C, Su, X., Prabhu, B.S., Gadh, R., Kurup, S., Sridhar, G., Sridhar, V.

[4] DRM Model Based on Friend Peer in P2P Networks, MENG Xian-fu LI Li

[5] Peer-to-peer. Technical report, June, 2009. http://en.wikipedia.org/wiki/Peer-to-peer.

[6] DiffieW, HellmanME. New Directions in Cryptography. IEEE Transactions on Information Theory, 1976, (22):644–654.

[7] Diffie–Hellman key exchange. Technical report. http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange.

[8] Zhang Y, Yuan C, Zhong Y. Implementing DRM over Peer-to-Peer Networks with Broadcast Encryption. Proceedings of Advances in Multimedia Information Processing - PCM 2007, volume 4810, 2007. 236–245.

Peer A (ciphertext A)

Peer B (ciphertext B)

Peer A (ciphertext O)

Web Service Server

getprivatekey()

getkey()

261

A DRM system suitable for P2P content delivery and the study on its implementation

Tetsuya Iwata Takehito Abe’ Kiyoshi Ueda Hiroshi Sunaga Network Service Systems Laboratories, Cyher Solutions Laboratories’, NTT Corporation

Abstract

P2P (peer-to-peer) architectures like Gnutella, which support direct file sharing among peers, are attracting interest these days. At present, however, P2P file sharing is infamous for copyright infringement, making the establishment of rights management technologies an urgent need. In this paper we discuss a digital rights management (DRM) system applicable to P2P content sharing, and focus on DRM methods and assignments of DRM functions, and we propose functional assignments suitable for P2P content delivery, and also describe a trial implementation.

1; Introduction .,

P2P (peer-to-peer) architectures like Gnutella, which support direct file sharing among peers, are attracting interest these days [ll. From the standpoint of users; these mechanisms offer an easy way for anyone to provide content, since they do not use servers. Another advantage is that content seekers can discover the latest content as soon as it becomes available, without having to wait for conventional search engines to index it. For network providers, it has the advantage of reduced cost in that they do not have to operate and manage servers. At present, however, P2P file sharing is infamous for .copyright infringement, making the establishment of rights management technologies an urgent need [21. There are many DRM technologies, however most of them are applicable only to conventional client server based content delivery. A few DRM products are applicable to P2P content delivery [3,41, but now they are applied only to free promotion content, not to pay content [51. We still have a lot of things to be considered applying DRM t o actual P2P content delivery business. We should consider a license management method [61 and an assignment of DRM functions suitable for P2P content delivery with high scalability and easiness in issuing content. We believe we should keep these advantages of P2P even if DRM functions are needed.

This paper discusses ,the requirements for a digital rights management (DRM) system applicable to P2P content sharing, summarizes the issues for implementing such a system, determines DRM methods for P2P content delivery and proposes some possible implementations suitable for the P2P

0-7803-8114-9/03/$17.00 02003 IEEE. 806

environment, keeping the advantages of P2P. It also reports the results of a trial DRM system applicable to P2P content delivery.

2. Requirements for Digital Rights Management

Digital rights management systems in general are required to meet the following conditions.

* Active security: Encrypting content, checking usage conditions (user name, terminal, usage count, usage time, payment, etc.), and preventing decrypted content files from being saved.

Passive security: Embedding watermarks in content and keeping track of delivery and usage conditions. To these ends, when content is registered in a digital

rights management system, the content is encrypted, given an embedded watermark, and encapsulated along with the usage conditions and a capsule control program for distribution. When the capsule is used, the control program included in the capsule queries the digital rights management system to determine whether its use is allowed.

3. Features of P2P Content Sharing

P2P content sharing differs from conventional distribution means in the following ways.

The content itself (capsule) is transferred directly from one user to another (‘‘secondary distribution”) without going through a server. a Content can be registered (encapsulated) by any user. * Content will be used by an indeterminate number of users. , a ,

4. Digital Rights Management Issues in P2P Content

,

Sharing

4.1 Deployment of rights management functions

P2P does not require the operation or management of servers and makes it easy for users to become content providers. Parts of the digital rights management system deployed on the server side. in conventional client-server content distribution (Fig. 1) need to be redeployed for optimum effectiveness in a P2P content sharing network.

~. . The following cases are considered as conditions for handling DRM processing. ."..padallon funrtio"

0 Y.ag'mntmlr"ntti0" " r r Aufhenfiufio" . . Databad AB&) . + mntentbr EansuU

1) user name: the content can be used

3 2) terminal identifier: the content can

3) number of times the content can be

only by predefined users

be used only in predefined terminals

Figure 1: DRM system for client-sewer based content delivery . . ,

4.2 Preventing the.distribution of copyright-idXnging content . I

. . , '

An encapsulM/ng mechanism is of no value..if. the content can be redistributed. without being encapsulated. As an active security measure, P2P file sharing applications must have a means of preventing the distribution of non-encapsulated content. As a passive security measure, periodic checks are necessary to make sure tha t copyright content is not being distributed illegally.. I . . i

4.3 Preventing the registration of illegal content

Conventionally, content was registered by a limited set of (trusted) users; but with P2P, an indeterminate number of users can register content. This makes it difficult to prevent illegal content being registered and legal content being registered by someone other than the author without h i sher permission, perhaps with minor changes to file names or content, etc.

4.4 Taking into account secondary distribution in managing use 1.

The management of content use must take into account secondary delivery, as part of (1) keeping track of content use and distribution, (2) enabling users to be charged after use, and (3) identifying users who engage in illegal activity. Special measure's are necessary, however, in a P2P system with its indeterminate number of users, including some kind of authentication mechanism.

5. DRM methods suitable for P2P content delivery

6.1 B a h DRM functions for conventional delivery

. . .

.

There .are various possible DRM methods depending on the purposes or policies of-the content owners. In this section, we fnst list DRM methods or functions used in server/client-based content delivery systems, and then we map them to PBP-based DRM functions. The main function of DRM is-to restrict the use,of contents to users who satisfy predefined conditions.

used by one user

can be used

be used

only by a user who has access to a particular account

4) amount of time for which the content

5) time period during which the content can

6) user account: the content can be used

In cases 1) and 21, the use of contents is restricted to users who have 'paid charges via a capsule usage control function. In cases 3 4 , irrespective of payment, anyone can open a capsule and use the content in it, provided the usage threshold has not been exceeded, in which case the capsule cannot be 'opened. The threshold is .also. supervised by the capsule usage control function. In case 61, anyone who has access to the user account can open a capsule and use the content, but the charges are recorded and payment is demanded later.

5.2 Basic DRM functions for P2P content delivery

Here, we show the functions required for P2P content delivery in the above cases and clarify methods for charging for contents exchanged between peers. In this study, we exclude the case where use of the contents is unrestricted and free. .

6.2.1 Methods to restrict the usage per user / terminal

The methods of restricting the' usage of contents per user or terminal are based on the capsule usage control function, which prohibits the decapsulation and use of contents. However, the existing capsule usage- control function, tuned- for .the server-client communication model, does not permit the relay of capsules. When a client (originating peer) sends a capsule to.another user (destination peer), the received capsule cannot be opened at the destination. Therefore, it is necessary to relax the restriction in the secondary pee&). There are two approaches to solving this problem:

1) separate the content and its license 2) rewrite the license at the destination

.

In case l), the license, i.e., the right to use the content, their contents. This method is only effective if the is separated from the content 'to be delivered, and content owner collaborates with 'a billing 'and managed by a license server (DRM server). A capsule settlement server that manages user accounts. containing content cannot be opened without the license, which should prevent illegal use of the content. 5.3 Summary of DRM tuned for P2P content delivery Acapsule is delivered from one peer to another peer in a P2P manner, while the license is transferred to the destination peer only when the charge has been the basic elements of P2P DRM. . .

appropriately paid. To prevent the use by another peer that gets the license improperly, the license is given an (A-1) The license is separated from the content and is identifier linking it to each user having permission. delivered by a capsule restricted on a per user Also, a mechanism is needed.to prevent falsification of (terminal) basis, while the content is -delivered by a the license. In addition, watermarking should be used non-restricted capsule. . '

to prevent license falsification and .the license itself (A-2) The use of a capsule is restricted on a per user should .be encapsulated. basis. The license contained in the capsule is

rewritahle. In case 2), the license is not separated from a content, (A') In addition to-A-1 and A-2, the amount of credit but can be rewritten based on permission given by the remaining is managed. Content with any remaining content owner. This mechanism, installed in the balance can be retransmitted to another peer (user) for content owner's terminal, controls the following resale. procedure. When peer B receives a content from (B) No specific license management is performed, but another peer, e.g., peer A, the content contains A's the user ID is sent to the DRM server at the time of license, so peer B cannot-use this content. If peer B content usage. Note that this method is less secure pays the owner, it receives from the owner a key to than the others. rewrite the license. Then peer B can use the content.

5.2.2 Methods to restrict the usage volume

'

. ,, Considering the above'discussion, we can summarize

I ; * , '

These methods are chosen according to the content types and business policies of content owners or network service providers.

In this case, any peer that receives the content can use i t as long as some prepaid charge remains. However, under this condition, content that someone has bought can be used by others and the remaining usable volume decreases. This is so unfair that it 6.1DRMfunctiohs '

should not be allowed. Therefore we need to restrict both the usage volume and the user (terminal) using the method described in 5.2.1. In addition, if .this method is used, the fact that

someone who purchases the content can resell the remaining volume will make content delivery networks more attractive, because it will lead to a wider variety of types of content (in terms of price, usage, volume, quality, usage conditions, etc) being created. To enable resale, the following mechanisms are required.

I I

6. Functional assignment of PZP-based DRM

The functional assignment in the PZP-based DRM is most important in designing digital right protected content delivery network services. The key functions perform the following actions.

1) encapsulate contents 2) prevent illegal content registration 3) check conditions for use 4) monitor usage . . 5) authenticate users 6) handle billing and settlement, (1) The reseller proposes the resale condition to the

(2) If the seller permits resale, the reseller 6.2 Considerations for functional assignment seller and asks the seller to permit resale.

re-encapsulates the content together with the permitted resale conditions. '. The following considerations need to be studied for

. appropriate functional assignment. 5.2.3 Methods to manage o& user IDS I i : ,( . ( , . . . I

, 1) encapsulating contents '

In this case, basically no specific license management The encapsulation processing is very heavy and is performed. Instead, by collecting user IDS at the time-consuming. There is a possibility of server time of content usage, content owners can charge for congestion or bottleneck if this processing is

808

codcentrated in the DRM server. Even if it is done by each peer user, the processing imposes a heavy load on the terminal.

2) preventing illegal content registration The DRM mechanism protects the registered content from illegal use, but if .the registered content is improper (illegally copied digital movies, etc.), the DRM system would be seen as helping the illegal content trade, which would.thus undermine confidence in the service provider. Furthermore, improper contents could be circulated in the network by changing the file name. It is -necessary to identify the registered content with the original one .(e.g., video, music, file, ... ) ,by the active search method [murase]. Since this method requires a.huge amount: of data, illegality tracing methods -are more practical, such as the use of watermarking.

3) checking usage conditions This accompanies encapsulation, so this mechanism

.~

' should be set in the same placed.

4) monitoring usage Thisshould be done where usage is metered.

5 ) authenticating useqs . t

When hilling and settlement ?re ~ performed, ' . authentication is used. These 'functions should he

installed in the same place. .

6) handling hilling and settlement The destination of the payment for-the content fee is

'. t6e content owner's terminal. In this sense, the billing and '.settlement functions, and the . authentication

'function according to -the above discussion,. may. be located i n the content owner's terminal. However, such processing in the user terminal is not secure.

. .

6.3 Proposed functional assignment , . .

There. are three.'functional assignment methods( See Table l)., One places all the DRMrelated functions in. a server. as in existing client server based content delicery systems. The second places most of them in a peer terminal. This distributed .management method has the advantages .Of PZP,,thatis, high scalability and easy information-sending form ordinary peers. Hopiever, since tw much distribution. deteriorates security, the third method uses.a server that performs authentication; hilling; and settlement, while the other functions are located i n t h e user terminal. : . . ~. .

?

. .

. . ., . .~ . .

. ..

Table 1: Options of Functional Assignment

6.4 Option 1:~ Ehating server client model based method

All the DRM processing is performed in the server, while encapsulated content is delivered in a P2P-mode. The content owner has a. function for accessing the DRM server to request encapsulation of the content to be delivered. User peers have a function for accessing the DRM server to request permission to decapsulate received content. . This user-side. function is automatically activated upon receipt by a program encapsulated with the content. ...

If patterns A-1 and A 2 (described in section 5.2) are implemented, a function for requesting the issue of the license to the DRM. server.must be installed in the user terminal. In case A', functions are-necessary to request resale permission and re-encapsulation. In this method, the server must manage the accounts of all the users along with authentication, billing, and settlement, or it must cooperate with widely used authentication services such as .Net PassportTM.

,

Figure 2: Option l -Edt ing server-chent based method

6.5 Option 2: Distributed P2Pbased DRM

All the DRM processing is performed without a server. The content owner's terminal is equipped with functions for encapsulation, illegal content prevention, usage checking, and management, authentication, and billingkettlement. User terminals have a function for accessing . the owner's terminal t o ' ' ask for authentication and hilling, and to request permission (a license) to decapsulate received content: If pattern.& (described in section 5.2) is implemented,

the granting of permission.for resale is done in the owner's terminal, and re-encapsulation is-done in the user's terminal : -User registration and management are performed in

- . .

809

each peer terminal. The contek owner's terminal may manaze od>-' users u-anting the-o1erier.s own contents. However. as discussed in the next section, functions for preventing the registration of improper content and for bilhng and settlement should he installed in a server M ensure.security ind confidenti,llity

u a U- A Dy1hr4B.C)

E i w e 3 : 0 + 3 : & ~ b d d P b a d " k d

6.6 Option 2': Semi-Dihibuted PZPhased DRM

Authentication and billing and settlement performed on users terminals are unreliable. In thii option. t,o increase the reliability and security. they are performed on the server on behalf of users. Other functions are performed on users terminals. as in the case of option 2.

Nest, we e d u a t e from the viewpoint of performance. In options 2.and 2 , the load on the seller terminals may be a problem because encapsulation is performed there. However. as shown in the next section, it only requires a.fen megabytes of memory. so it is not, a big problem. On the other hand, in option 1, the load on the server explodes as the numbers of users increases. Nest, we evaluate from the viewpoint of the P2P

admntage: "fewer ndministrative operations on servers". In options 1 and 2'. the server must. manage all user ackounts in the network, sa the operations on the server increase in proportion-to the number of users. In option 2, getting usage information is hard because the server should ask every seller ,and reseller. Moreover. operations for checking usage qv3 reporting the billing are needed.

Finally, we evaluate from the'riewpoint of anoth? P2P advantage: "scalability". The fewer fun&ons.the server is equipped with, the greater the system dability..Therefore, option 2 system has the highest scalability. Table 2 shows the result of the ev$uation.

Consequentl]?. option 2' is the most appropriate. But when the system that handles billing between users with high reliability; such as electronic money systems. is nidely used in the future. option 2 may become the most aDDrODliate. . . .. .

Table 2- Result of Evaluation

6.7 Evaluation

First. u;e evaluate these three options from the viewpoint of digital rights management. With option 2. usage ehecking and management is 5:er.p &fficult. The seiTer needs to nsk users or sellers for usage information because it does not have its own user authentication database. Resale makes usnge management eren more difficult. To get all the usage informahon. the server should Ask not onlj- content sellers but also resellers who bought from the sellers. and so on. Furthermore. in option 2. billing and settlement are unreliable because when they are done dirwtly between users, the billing and usage repori might be manipulated.

We have implemented a trial DRM system for P2P content delivery Initially. we implemented minimal DRM functions to confirm its feasibility. As we had already developed a DRM system for client-server based content deliveG- nehl-ork [71 and a P2P file sh.ming application, we planned to apply the DRM svstem for the P2P file sharing application. To make a minimal trial system, we lilpited the functions to only restricting by usage 7-olume and allowed ali user encapsulation regardless of content. The configuration of the trial system is shova in

Figure 5. When User A wants to issue his content. he asks the server to encapsulate it. .dl users are regarded equdly a3 a P2P common user for the DRM systbm. so anyone can encapsulate content. Then he

810

Figure 6: Trial DRM system for PZP content delivery

receives the capsule from the server. He can share content with others via a P2P file sharing application, only when it is in encapsulated format. If someone else gets the capsule and wants to use it, the capsule automatically asks the server if the conditions of use are satisfied. We measured the memory (RAM) and time required

for encapsulation.

Memory 1.5-3.5 MB Time: music (mp3) 5 MB: ’ , 110 s

music (mp3) 1 MB: 52 s

As this is a mimial implementation, the system regards every user as a “P2P common user”, so it is difficult to apply this system to business solutions. We are now developing a new version which resolves the problem and satisfies some possible requirements of businesses, such as mechanisms for incentives to promote publishing, transferring and using content, forming a community related with content, giving users’ feedback to the publisher. In this version we expect a DCD function[bl to embed ID of content or user is more important.

8 Conclusion

We investigated the requirements for a DRM system for P2P content delivery and the issues for implementing such a system. Then we examined the functional assignment of DRM system for P2P content delivery, and proposed distributed DRM functional assignment and determined the most appropriate one to be “semi-distributed PZP-based DRM (option 2’). Finally we described the trial implementation and the view of the next version of the system.

References [11 Andy Oram et al., “Peer-To-Peer: Harnessing the Benefits of a Disruptive Technology”, O’Reilly & Associates, 2001

[21 “The OReilly Peer-to-Peer and Web Services Conference, Washingt0nD.C. November 5-8,2001 LegislativeIDRM Sessions”, http://conferences.oreillynet.com/cs/pZpwebZOOl/pub/w /16/sessionslegislative.html [31 “Blend of Digital Rights Management and Peer-to-Peer Distribution Ensures Efficient TrustedCommerce”,http ://www.intertrust.com/ [41 “Trymedia systems -ActiveMARK overview”, http://www.trymedia.com/html/overview.htm [51 Centerspan Communications Corporation News Release . 14-May-2002,”CenterSpan and Sony Music Entertainment Take Partnership to Next Level With Artist Promotion on Scour.eom”,http://www.centerspan.comP [61 S. H. Kwok and S. M. Lui, “A license Management Model to Support B2C and C2C Music Sharing”, Tenth International World Wide Web Conference,2001 171 T. Abe , “A video delivery capsule implemented using Java,” the Information Processing Society of Japan Workshop on Multimedia & Distributed Processing (2000),p229 [in Japanese] I81 Content ID Forum, http://www.cidf.org/ english/index.html

811

http://conferences.oreillynet.com/cs/pZpwebZOOl/pub/w

http://www.intertrust.com

http://www.trymedia.com/html/overview.htm

http://www.cidf.org

GiantSteps Media Technology Strategies

1841 Broadway, Suite 200 New York NY 10023

212 956 1045 fax: 212 258 3286

http://www.giantstepsmts.com

Integrating DRM

with

Peer-to-Peer Networks

Enabling the Future of Online Content Business Models

By Bill Rosenblatt

November 22, 2003

© 2003 GiantSteps Media Technology Strategies. All trademarks are the property of their respective owners.

http://www.giantstepsmts.com/

Contents

Contents............................................................................................................1 Executive Summary .........................................................................................2 Background.......................................................................................................2

The Rise and Importance of Peer-to-Peer..................................................2

The Rise and Importance of DRM...............................................................3

The Gulf between P2P and DRM................................................................5

Integrating DRM with P2P: Needs and Opportunities.....................................5 DRM Technology Features for P2P Networks ................................................7

Reasonable Usage Support ........................................................................8

Lightweight Superdistribution.......................................................................8

Standards Support .....................................................................................10

User Experience.........................................................................................12

Gaps in Existing DRM Technology................................................................13 Cost-Related Functionality Limitations......................................................13

Device Tethering ........................................................................................13

Lack of Superdistribution Support .............................................................14

Complexity of Integration ...........................................................................14

Conclusions: Developing the Market .............................................................15 About the Author ........................................................................................17

About GiantSteps Media Technology Strategies .....................................17

About DigitalContainers LLC .....................................................................17

© 2003 GiantSteps Media Technology Strategies Page 1

Executive Summary

The rise of peer-to-peer (P2P) networks has been an inevitable outgrowth of the rise of the Internet. Unfortunately, P2P networks have grown from useful tools in information sharing to havens for trafficking in unauthorized copies of intellectual property (IP). Owners of IP, meanwhile, have been pushing for digital rights management (DRM) technologies to control distribution of IP so that it does not fall into the wrong hands.

Supporters of P2P networks appear to be at odds with DRM-supporting IP owners, but P2P networks offer a lot to users as well as other participants in content business models, and they are here to stay. Integration of DRM into P2P architectures is inevitable, as IP owners try to walk the fine line between embracing functionality that users want and maintaining control over their IP.

This white paper explains the motivation for and inevitability of integrating DRM with P2P. After briefly reviewing how both DRM and P2P came into being, we explain the need and opportunity to integrate DRM functionality into P2P networks. We discuss features of DRM technology that make it especially appropriate for integration with P2P, and we summarize shortcomings of many existing DRM solutions with respect to those features. We conclude with some suggestions for how to develop the market for DRM solutions that are optimal for integration with P2P networks.

Background

Both DRM and P2P are creatures of the Internet era, but they came into being at different times and for different reasons. Here we will examine the origins of and motivations for each.

The Rise and Importance of Peer-to-Peer

Technologies for peer-to-peer data exchange over networks have been in existence virtually since the beginning of computer networking in the 1980s. Nowadays, in its most generic form, the term peer-to-peer is used to distinguish a network architecture from client-server, which has been a dominant architecture in both pre-Internet network applications and on the Internet itself.

The idea of client-server is that resources (such as files) are on a server computer, and clients can only obtain resources through servers. If Client C1 wants to get Resource R from Client C2, then it needs to go through a server to do so, thereby requiring the server to have a list of resources that includes Resource R and C2 as its location. In contrast, peer-to-peer networks allow clients to exchange resources directly among each other.

Peer-to-peer architectures came into being in the pre-Internet age about ten years ago with technologies such as Microsoft’s Windows for Workgroups (WFW), which enabled PC users to access files on each others’ PCs. Sun Microsystems’s Network File System (NFS), which emerged even earlier and enabled all computers on a network to make their file directories available in a network-wide hierarchy, can also be considered as a form of peer-to-peer. When the commercialization of the Internet began in the early-to-mid 1990s, File Transfer Protocol (FTP) – particularly the variation called “anonymous FTP” that does not require a file user to identify itself to the file owner – became the most important antecedent to P2P as we know it today.

2

Internet P2P networks provide services similar to the likes of NFS, WFW, and FTP, though with more sophisticated searching and browsing functionality, over the public Internet instead of institutional networks. Most of the early commercial development of the Internet centered on the World Wide Web, which is very much a client-server model. P2P networks needed to build on Internet-based protocols other than the HTTP protocol that powers the Web. The important thing to understand is that P2P networking is not a new model; at its core, it is simply an application of well-known networking models to the Internet.

P2P networking is not a new model; at its core, it is simply an application of well-known networking models to the Internet.

The first well-known P2P service on the Internet was, of course, Napster, which came online in June 1999. Napster was actually not a pure P2P network, because it relied on a central server to act as a catalog of files on the network and their locations. (Napster’s server-based architecture ultimately led to its shutdown by a judge a year after it started.)

The Napster phenomenon gave rise to post-Napster P2P networks, such as the proprietary FastTrack network used by KaZaA and Grokster, and the open-source Gnutella network used by LimeWire and Morpheus. Both of these networks were designed without central servers so as to avoid Napster’s legal fate, but even FastTrack is not a pure peer-to-peer service: it relies on so-called supernodes, which constitute the first level of connectivity in the network and help make request routing decisions. Gnutella, in contrast, is purely peer-to-peer, with no clients having special distinctions of any kind.

Owners of copyrighted intellectual property (IP) have seized upon P2P networks because they embody a set of attributes that make them ideal for unfettered distribution of files:

• Unlike local-network file sharing technologies such as NFS, WFW, and their successors, they are accessible throughout the Internet, not just on an institutional network.

• Unlike sending file attachments in email messages, they do not require that the source of a file actually send it or even know the identity of the recipient.

• Unlike duplication of physical media such as CDs or DVDs, P2P networks allow files to be copied instantaneously, with maximum automation, and without the cost of physical media.

Of course, the same attributes that frighten IP owners make P2P networks attractive to those who genuinely want to publish information as easily and widely as possible.

The Rise and Importance of DRM

Although P2P on the Internet did not come into being until 1999, IP owners were concerned with digital networks as conduits for unauthorized file copying long beforehand. Most industry observers identify 1994 as the year when digital rights management began to emerge as a field on its own1 – the same year as the beginning of the

1 See, for example, Proceedings: Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment, 1994, http://www.cni.org/docs/ima.ip-workshop/.

3

http://www.cni.org/docs/ima.ip-workshop/

commercialization of the Internet, although early contributors to the DRM field did not necessarily see the Internet as being as dominant as it has become.

IP owners in the mid-1990s looked at online rights management primarily as a question of emulating business models from the offline world. As a crude example, the “rights management” properties of a printed book result directly from its physical characteristics, e.g., it is difficult to copy books in their entireties and virtually impossible to change their contents in place. Publishers sought technologies that would bring similar behavior to the online digital world, and early DRM solutions, such as IBM’s Cryptolope and EPR’s (later InterTrust’s) DigiBox, attempted to provide this.

Just as P2P is an Internet application of preexisting network architectures, DRM technology is really an extension of techniques long used in operating systems to control users’ access to system resources. There are many different types of DRM implementations, but they tend to conform to a common architecture2. In this architecture, the user receives an encrypted file, containing the content, along with a license that stipulates what rights the user has to the content. A piece of software or hardware on the user’s client device interprets the license and, if authorization is successful, decrypts the content and does what the user intends (play, view, print, copy, etc.).

Variations on the canonical DRM architecture involve such issues as:

• Whether the authorization is done on the basis of a user’s identity, a device’s identity, or both.

• Whether the software doing the authorization is built in to the playback device or software, built in to the platform on which it runs, or independent of those.

• Whether the license is bundled in with or separate from the content.

• How much fine-grained control the IP owner has over specification of rights.

• Whether or not the user is required to be connected to the network at all times.

• How financial transactions are integrated with the authorization process.

IP owners have been using DRM to implement new business models, which are not just analogs of existing offline models. Such models represent the brightest future for online content distribution. However, they have only been modestly successful, because it takes a lot of time and effort to get users comfortable with new ways of consuming content.

As a result, DRM is starting to take off as a component of online content models in niche markets, such as the online music distribution of Apple’s iTunes, RealNetworks’s Rhapsody, and Napster 2.0; eBooks and ePeriodicals from various publishers; and online film download services like MovieLink and CinemaNow.

DRM is starting to take off as a component of online content models in niche markets.

2 For more details, see Bill Rosenblatt et al, Digital Rights Management: Business and Technology, John Wiley & Sons, 2001, Chapter 5.

4

DRM has had a hard time developing as a market, for several reasons. Online emulations of offline content models have been very rough from the perspectives of user convenience and support for some usage modes that are legally protected or that users have come to expect, which we will examine later. There is also an ingrained notion in consumer behavior (and, some feel, in legal precedent as well) that people should be allowed to do what they wish with digital content products, without fear of being controlled or monitored – as DRM technology can do.

Yet at the same time, the networked digital paradigm has opened up the possibilities of “do what they wish” to include rampant, unrestricted, perfect copying, and IP owners need to be able to control that. Therefore, DRM continues to develop toward giving users convenient, seamless experiences along with guarantees of privacy.

The Gulf between P2P and DRM

The way various advocacy groups portray it, DRM and P2P are polar opposites. To IP owners, P2P offers open invitations to copyright infringement and rampant theft of intellectual property, while DRM is the only way to keep the Internet from killing the media industry. To consumer advocates and some others, P2P is natural outgrowth of the “open” functionality of the Internet, while DRM represents the media industry’s attempts at playing “Big Brother” and controlling user behavior in ways that are inconsistent with the balance of interests embodied in intellectual property law.

As a result, there is a lot of posturing on both sides of the issue, as people from both sides work to get sympathetic ears from technology implementers, legislators, and the news media.

We can hope that everyone will see both DRM and P2P for what they are and are not, and get on with the business of using both to their advantage.

The reality, of course, is that both DRM and P2P are sets of capabilities, and they are far from mutually exclusive. As we will see, P2P functionality is key to implementing important new business models for content – models that IP owners ignore at their long-term peril. At the same time, DRM is necessary to close at least the larger holes that P2P creates in IP owners’ ability to profit from their IP. We can hope that once both sides finally get past the rhetoric, everyone will see both DRM and P2P for what they are and are not, and get on with the business of using both to their advantage.

Integrating DRM with P2P: Needs and Opportunities

IP owners need to consider how they can integrate DRM functionality with P2P networks so that they can offer their customers P2P functionality while also protecting themselves from copyright abuse. If we look at the history of IP owners’ business models on the Internet, we draw the inevitable conclusion that P2P is really an evolutionary extension of the user-oriented features that IP owners have been obliged to offer since the beginning of Internet commercialization.

The early digital products (including CD-ROMs and websites) produced by publishers and other IP owners were “shovelware” that merely contained repurposed content from the companies’ analog output. User contributions to websites were confined to the kind of

5

letter-to-the-editor sections typically found in print products. As publishers needed to find ways to overcome the liabilities of screen reading and slow, expensive dialup connections, as well as to compete with one another, they added various interactive features that included user control or user-originated content. Examples of the former include personalized content filtering, choices of look and feel, and rich search functions; examples of the latter include “community” features like discussion groups and chat rooms. Despite initial resistance from both editorial and legal departments, these features flourished and are standard on virtually all name-brand media websites today, while product formats with limited interactivity, such as CD-ROMs, are in permanent decline.

Another important step beyond shovelware is IP owners looking beyond their own websites and sending their content to places where they may find more audiences for it. Two important manifestations of this development can be viewed as precursors to P2P: syndication and affiliate programs.

Syndication is one IP owner sending content to other publishers on a formal, regular basis – for example, a restaurant reviewer syndicating its content to travel websites. Several vendors created tools for automating syndication relationships, and the open standard protocol ICE3 (Information and Content Exchange) was developed to promote interoperability. ICE has constructs that let publishers describe the rights they are conveying to subscribers, but no mechanism to enforce those rights; ICE-compliant (and other) syndication software merely automates publish-subscribe relationships that are controlled by legal contract terms. With syndication, in other words, the publisher has to know and trust the subscribers.

Affiliate programs provide another key step forward for IP owners, although they are more closely associated with general online retailing than with content. Perhaps the most famous user of affiliate programs is Amazon.com; in addition, many other retailers – including IP owners like Sony Music and Scholastic – have affiliate programs through the LinkShare network. In an affiliate program, operators of special-interest websites “stock” products from retailers by placing special links on their sites; for example, a website devoted to stamp collecting may feature various books and have links to their pages on Amazon.com. If a user clicks on one of those links and purchases the book, then the stamp collecting website gets a commission.

When used with content products, affiliate programs approximate Superdistribution – which is similar to peer-to-peer but is more controlled and implies that there is an IP owner that originates the distribution4 – except that the Superdistribution is only done to two levels. Although most products purchased through affiliate networks are physical, there is no reason why they can’t be digital – that is, delivered in digital form to the buyer as part of the purchase process.

If one were to look at extending both syndication and affiliate networks for content, one may well want capabilities that allow distribution of content to arbitrary (and arbitrarily many) parties, with technological controls over usage supplanting contractual ones because the trustworthiness of the other parties is unknown. One would also want the ability to facilitate e-commerce among all levels in the network. Put these requirements together, and you get P2P with integrated DRM.

3 See www.icestandard.org. 4 For more information, see Cox, Brad J. Superdistribution: Objects as Property on the Electronic Frontier. New York: Addison Wesley, 1996.

6

http://www.icestandard.org/

http://www.amazon.com/exec/obidos/ASIN/0201502089/giantstepsmediat

Participants in a P2P network can bring lots of legitimate value to both IP owners and users. IP owners have been bemoaning the need to “compete with free,” but they are coming to realize that there is much more to a positive user experience than merely claiming to have a certain item of content available for those who specifically look for it. There is a huge difference, for example, in looking for a song on KaZaA and having to put up with decoys, poor-quality encodings, spyware, and so on, versus finding the same song on a legitimate online music service, playing it in its entirety with good quality, finding artist information and recommendations for similar music, getting technical support, and having one’s privacy respected.

There are many types of services around content that might appeal to users. It’s unrealistic to think that IP owners’ websites will provide them all; it’s also unrealistic to think that all desirable content-related services even fit the business-to-consumer model in general. For example, DRM-integrated P2P networks make a lot of sense for certain types of corporate applications, such as knowledge management and collaboration, where maximum dissemination of data is paramount but so is security, and in the distribution of video and other large-sized content, where it’s desirable to offload corporate servers.

In general, peer-to-peer data exchange models provide IP owners with more ways to add value to content, including ways that the IP owner may not think of on its own. At the same time, P2P networks do provide large, scalable opportunities for abuse. The architecture that solves this problem, while scalably facilitating value-added services for content, is P2P with integrated DRM.

Peer-to-peer models provide IP owners with more ways to add value to content, including ways that the IP owner may not think of on its own. At the same time, P2P networks do provide large opportunities for abuse. The architecture that solves this problem, while facilitating value-added services for content, is P2P with integrated DRM.

At the same time, DRM technology must meet certain criteria to be acceptable to P2P participants. The two most important requirements are easy to state, if not to implement:

• The DRM technology must support users’ reasonable usage expectations. At a minimum, this includes a user’s right to use content in any format on any device she owns. Ideally, it also includes legal fair-use rights such as copying for research or criticism purposes.

• The DRM technology must also be seamless and unobtrusive. This includes installation with no extra effort on the user’s part, no adverse effects on the user’s device or platform, and operation in the background as much as possible.

In next section, we will look at technical requirements of DRM technologies that enable them to meet the above criteria and others.

DRM Technology Features for P2P Networks

DRM technology has been around for almost a decade. There are many types of DRM solutions on the market today, some of which have found success in niche markets, as mentioned above. What are the specific features of DRM solutions that make them attractive for integrating with P2P networks? Here we suggest several.

7

Reasonable Usage Support

The term “fair use” is a loaded one; it has a specific meaning under U.S. copyright law (its analog in the U.K., Canada, and Australia is “fair dealing”), but consumer advocates and others have extended it to stand for content consumers’ reasonable expectations of usage rights. The legal term refers to uses of content that are valid defenses to charges of copyright infringement. Uses must conform to broad legal guidelines, but ultimately a judge and jury make decisions about whether uses are fair. Therefore it is impossible to create any kind of automated system that proactively decides whether to allow a use based on legal fair-use criteria.

However, reasonable usage expectations are another matter. If a user buys a piece of content, she may well expect to be able to render (display, play, or print) that content on any device she owns5. The paradigmatic example of reasonable usage expectations in the analog world is to play a music CD in one’s car in addition to one’s home stereo, perhaps by taping it onto a cassette.

DRM systems should be able to support a user’s reasonable content usage expectations; this should include acting independently of individual formats and playback software or devices, and facilitating any necessarily format conversions or transcoding. DigitalContainers is an example of a DRM system that facilitates reasonable usage support: it is cross-platform, works with a multitude of media formats, and does not require a client application that the user must download and install.

DRM systems should be able to support a user’s reasonable content usage expectations.

The most important precondition to supporting reasonable usage expectations is interoperability of identification schemes for both users and devices. Currently, and with few exceptions, each DRM scheme has its own notion of identity and its own way of authenticating identities. A user’s identity in one scheme (e.g., for an Adobe eBook) is only coincidentally related to her identity in another scheme (e.g., for an online music subscription service). Attempts to create universal online identification schemes have been thwarted by a combination of technical complexity and concerns over privacy.

An ideal DRM scheme for integration with P2P networks should at least offer some degree of identity interoperability among popular formats, devices, and services; existing technology for aggregating personal information online (such as Yodlee in financial services) might apply. Yet consumer rights advocates tend to concur that identity schemes – such as DigitalContainers’ – that are based on users, not devices, offer a first approximation to reasonable usage support.

Lightweight Superdistribution

Superdistribution has been mentioned in the same breath as DRM since the early days of DRM, when a few DRM technology vendors attempted to support it. The complexity of a DRM and e-commerce scheme that allows every participant in a content Superdistribution scheme to make its own economic offers is prohibitive. For example, one peer may want

5 This is sometimes known as “space shifting” content, a term that is related to “time shifting,” i.e., playing broadcast content after it was originally broadcast. The U.S. Supreme Court upheld the right to time shifting in Sony v. Universal, 1984 (the landmark “Betamax” decision); the legal right to space shifting is still being contested.

8

to sell content items individually at a profit, while another may want to sell them at cost, another may want to loan them, and yet another may want to make a repository of items available on a monthly subscription basis.

The nearest that most DRM schemes have gotten to “Superdistribution” is a URL included in encrypted files that takes users who are not authorized to access the content to a website where they can purchase rights. This is inadequate to the needs of a P2P network, in which peers should be able to define their own business models, as suggested above. At the same time, peers should not be expected to deploy cumbersome, expensive e-commerce systems in order to implement their chosen business models.

For Superdistribution to work well with P2P networks, DRM systems should provide simple ways to define and implement content business models, including rights specifications and commerce terms. Emphasis on defining individual users or classes of users for authentication purposes should be minimized, because one of the most important aspects of P2P, as mentioned above, is that the identities of participants in P2P networks are not known in advance.

DRM systems should provide simple ways to define and implement content business models.

DRM schemes can also facilitate Superdistribution by providing as much business model support as possible integrated with content objects, to minimize implementation complexity. This implies the ability to precisely specify details of content rights being offered, such as number and type of renderings, time limits, and so on; see Rights Expression Languages on p. 10. It also means the ability to handle certain functions directly onboard content items, and to interface with web services that handle external functions that make it easy for participants to implement their business models – such as billing, usage tracking, and subscription management.

For example, DigitalContainers is a DRM technology that supports lightweight Superdistribution through its Hybrid P2P architecture, which supports the ability to describe content rights in a fine-grained manner, the ability to facilitate on-the-fly server-based user authentication, and rich functionality for supporting a wide variety of business models, including payment processing, onboard the encrypted content objects rather than on a server.

For Superdistribution support that is too complex to handle onboard encrypted content objects, DRM schemes should support integration with web services through standard interfaces so that they can be developed by a multitude of vendors. Ease of integration with web services will encourage the development of such services and their adoption by P2P participants.

For example: assume peer P1 makes content item C available as part of a repository though a paid-subscription service. When user P2 obtains the object, it should have self-contained functionality to retrieve P2’s identity, send it to a service for verification that P2 is a subscriber to P1’s service, and then receive a license L from that subscription service that enumerates the rights to which P2 is entitled. This is shown in Figure 1.

9

P1

P2

Identity

ContentRepository

C

AuthenticationService

C

P1Subscribers

P1Rights

LicenseService L

Figure 1: Two peers in a peer-to-peer architecture with DRM-packaged content. The content C has functionality for accessing web services. The Authentication Service authenticates P2’s identity, and the License Service issues a License L for P1’s content C.

Standards Support

The development of functions and services surrounding DRM in P2P networks would be best facilitated by DRM technology that supports various types of open standards, including:

Rights Expression Languages

To implement flexible, interoperable content distribution schemes on P2P networks, DRM schemes need to embrace standards for creating content rights specifications; these are usually known as Rights Expression Languages (RELs). RELs provide standard semantics for elements of rights specifications, such as those that would be stored in a rights database such as the one labeled P1 Rights in Figure 1, including:

• The right being granted, such as Play or another render right.

• The entity to which the right is being granted, such a user or device.

• The terms under which the right is granted, such as payment or presentation of credentials (e.g., a valid subscription to a service).

10

The most prevalent standards in the REL area are MPEG REL6, from the Moving Picture Experts Group, which derives from XrML7 (eXtensible Rights Markup Language) from ContentGuard, Inc.; and OMA DRM8 from the Open Mobile Alliance, which derives from ODRL9 (Open Digital Rights Language) from IPR Systems Ltd. Other standards bodies, including OASIS (the XML and SGML standards body) and the Open eBook Forum, are also defining RELs.

RELs are especially important in Superdistribution networks. If P1 passes some content to P2, then P2’s rights to that content need to be a subset of P1’s rights, and if P2 passes the same content to P3, then P3’s rights need to be a subset of P2’s – or, if P2 or P3 want additional rights, they need to be able to define them with precision and acquire them from the original IP owners. A properly designed REL enables this.

Network Identification

As mentioned above, universal – or at least interoperable – identification of users and devices is a critical factor in supporting DRM ease of use and consumers’ reasonable content usage expectations. The concept of a universal ID implies that a single entity controls all such IDs, which concerns privacy advocates and others. Microsoft’s .NET Passport10 identification scheme, which allows users to use a single ID to access many different online services (including Microsoft’s own services as well as many others), is the closest thing there is today to a universal ID scheme.

Universal – or at least interoperable – identification of users and devices is a critical factor in supporting DRM ease of use and consumers’ reasonable content usage expectations.

Short of a universal ID scheme, the next best possibility is a standard for interoperability of ID schemes, sometimes known as federated network identity. In a federated ID scheme, there is no single repository of IDs, but organizations can use each others’ IDs on a per-transaction or per-service basis as long as users give permission to do so. The Liberty Alliance11, a consortium originated by Sun Microsystems, has defined a specification for a federated ID scheme based on the SAML12 (Security Assertion Markup Language) standard from OASIS.

Meanwhile, Microsoft has announced that it will create a new version of .NET Passport that provides federated ID capability and uses the older Kerberos13 distributed authentication standard from MIT.

Web Services

Web services are the ideal way to foster the development of services that P2P network participants can use in conjunction with DRM schemes to create new types of content-related value added services with minimized cost and complexity. Two examples of web

6 See http://www.chiariglione.org/mpeg/standards/mpeg-21/mpeg-21.htm#_Toc23297977. 7 See http://www.xrml.org. 8 See http://www.openmobilealliance.org/tech/docs/index.htm. 9 See http://odrl.net. 10 See http://www.microsoft.com/net/services/passport/developer.asp. 11 See http://www.projectliberty.org. 12 See http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. 13 See http://web.mit.edu/kerberos/www/.

11

services related to DRM shown in Figure 1 are the Authentication Server and the License Server; if P1 gets these through service providers instead of through licensed software, then P1’s implementation can be much cheaper and simpler.

Web services are the ideal way to foster the development of services that P2P network participants can use in conjunction with DRM schemes to create new types of content-related services with minimized cost and complexity.

There are several emerging standards in the web services area, the most important of which is WSDL14 (Web Service Description Language), from IBM, Microsoft, and Ariba, currently a draft W3C (World Wide Web consortium) specification. WSDL enables the definition of service descriptions through messages that service requesters pass to service providers and vice versa.

Other important web services-related standards include the W3C standard SOAP15 (Simple Object Access Protocol), for describing data objects, and the OASIS standard UDDI16 (Universal Description, Discovery and Integration), a directory service that enables listing and finding web services. There are many other web services related standards in various stages of development; these are beyond the scope of this white paper.

User Experience

Above all, a DRM scheme that is suitable for integration with P2P networks has to preserve a seamless user experience. In addition to providing for reasonably expected usage rights, such as time and space shifting, as mentioned above, the following are aspects of DRM that contribute to user experience:

• Installation of the DRM has to be seamless, including the initial installation of the software as well as maintenance. Ideally, the user should not do or even notice anything about the installation. This should be true for all platforms. Java, XML, and other cross-platform technologies, such as are used in DigitalContainers’ Hybrid P2P architecture, should help achieve this.

• Payment processing should be integrated with ISPs and other service providers, so that users don’t have their experiences disrupted by requests for payment information. Universal or interoperable ID schemes will go a long way towards facilitating this.

• The DRM should track content usage but do so in a way that respects privacy. This is a well-known problem – tracking software is often referred to as “spyware” – and solving it is largely the responsibility of service providers that process usage information. Service providers need to take steps to give users confidence that tracking information is not being abused.

14 See http://www.w3.org/2002/ws/desc/. 15 See http://www.w3.org/TR/SOAP/. 16 See http://www.oasis-open.org/committees/uddi-spec/tcspecs.shtml.

12

Gaps in Existing DRM Technology

DRM is complex technology, and in this early phase of its development, designers have chosen to focus on features of most immediate concern to their customers, mainly media companies, who have mainly been focusing on piracy prevention and simple distribution schemes that emulate physical media distribution models. Another concern at odds with the complexity of DRM is the cost of deployment, particularly any unit costs of bundling DRM functionality in with platforms and consumer devices.

Meanwhile, P2P networks have only recently come into being. Therefore, many DRM technologies in existence today have various gaps in their ability to be integrated into P2P networks. Here are some of the most important of those gaps, which should represent opportunities for DRM technology designers in the future.

Cost-Related Functionality Limitations

DRM schemes designed by consumer device makers typically have just enough functionality to satisfy IP owners while keeping unit costs at a minimum. The best-known example of this is the CSS (Content Scrambling System) for DVDs, which was designed by two consumer electronics makers (Toshiba and Matsushita) and accepted by movie studios with the promise of a stronger future solution that has yet to materialize.

Cost of DRM has also been an issue beyond the world of consumer devices. In general, DRM is virtually unique in the technology world, in that it is a complex technology that encumbers the user without any direct benefit (unlike, say, burglar alarms, which protect people from theft of their own physical assets); the biggest challenge in the market has been to find those participants in the content value chain who would be willing to pay for it. (The media industry in particular has been reluctant to make investments in DRM technology compared to, say, the software industry.) This problem should recede over time as DRM becomes more and more bundled into value-added services that have tangible benefits for users.

The problem of the cost of DRM should recede over time as DRM becomes more and more bundled into value-added services that have tangible benefits for users.

Device Tethering

Many DRM schemes permit access to content only on a specific device, instead of supporting space shifting and other reasonable usage expectations. For device and platform vendors, the reasons for this are obvious: why support usage of content on competitors’ platforms? Some DRM schemes allow usage on up to a fixed number of devices or software of the same type but not of different types.

For IP owners, the reasons for supporting device tethering derive from the media industry’s traditional product orientation: the principle that two different formats of the same content – for example, the DVD and VHS versions of the same movie, or the print and eBook versions of a book – are separate products and should be paid for separately. Most corporate IP owners, which use content for purposes of knowledge management, marketing, collaboration, etc., would not agree with this.

13

IP owners also feel that device tethering is sometimes necessary to curb infringement; for example, if a college textbook is published in eBook format using a DRM technology that allows reading on up to 10 eBook readers, then a class of 20 students is likely to collectively purchase as few as 2 copies. Admittedly, device tethering is a legitimate response to the imperfection of reasonably-priced user authentication, such as passwords that can be shared as opposed to more expensive but more effective biometric authentication devices.

Lack of Superdistribution Support

Most DRM schemes only support single levels of distribution, or they support the limited form of Superdistribution discussed above. As early DRM vendors found out, support for true Superdistribution requires far more complex technology than that required for single-tier distribution. Yet web services, cross-platform functionality, and other technologies that have appeared since the mid-1990s can ameliorate this problem. Standards for rights and web service descriptions will especially help remove the complexity of Superdistribution with DRM.

Complexity of Integration

Even with single-tier distribution schemes, a serious barrier to growth in the DRM market has been how expensive, time-consuming, and complex it is to integrate DRM technology with all of the necessary surrounding functions, including: content production and packaging, user identification, transaction processing, and CRM (customer relationship management). Launching a new content e-commerce initiative has been so complex that integration costs dwarf that of off-the-shelf software, including DRM packaging software. Furthermore, the capital outlay required even with off-the-shelf software is prohibitive for smaller IP producers, including many who might be interested in making content available over P2P networks.

A serious barrier to growth in the DRM market has been how expensive, time-consuming, and complex it is to integrate DRM technology with all of the necessary surrounding functions.

Once again, replacing licensed software with services, and standardizing the interfaces to those services so as to minimize integration effort, will help solve this problem. There have been many attempts to build DRM service provider businesses; most have failed because the kinds of prices that IP owners have been willing to pay for services did not measure up to the service providers’ high cost structures. But the success of a handful of current DRM-related service providers in niche markets points the way to a brighter future for service-based architectures.

14

Conclusions: Developing the Market

We conclude this white paper with some thoughts on how DRM can grow to support integration with P2P networks. Some of the problems that must be solved are technological in nature; others are problems of perception rather than reality; but most are more matters of economics than anything else.

Of the technological problems, the largest one is Superdistribution. Early DRM technologies such as IBM’s Cryptolope attempted to support Superdistribution but failed because of all of the functionality that needed to be built from scratch, on both the server and client platforms, to support it. Nowadays at least some of the required functionality (e.g., network authentication and e-commerce) is standard and widely available, and such functionality is becoming available through standard web-service interfaces. But it is still a daunting technical challenge to implement Superdistribution without undue complexity and disruption of user experiences – to say nothing of prohibitive cost. DigitalContainers is a DRM technology vendor that is addressing these challenges today.

Network identity is a problem of both perception and technology. Universal network identification schemes like Microsoft’s .NET Passport have a “Big Brother” perception problem that may be exaggerated. The same is true for user tracking technology vis-à-vis privacy. On the other hand, federated (interoperable) network identity, a la the Liberty Alliance, is seriously difficult to implement in today’s heterogeneous trust environments.

Technology problems related to meeting reasonable usage expectations, such as device and format portability and rights specification interoperability, derive largely from economic considerations. As mentioned above, one of the biggest challenges in the development of DRM has been getting participants in the content value chain to pay for it.

The two types of participants most closely involved in designing DRM schemes have been platform/device vendors and IP owners. IP owners, as mentioned above, have long thought in terms of “products” instead of “content,” leading them to feel that purchasing content in one format should not allow the purchaser to access that content in other formats. And device vendors are not at all motivated to create DRM technology that allows users to access content on other types of devices.

Aside from advocacy groups like the Electronic Frontier Foundation and DigitalConsumer.org, who attempt to assert content usage rights through lobbying of legislators, case support, and other such activities, third-party DRM vendors are the ones that are actually motivated to build technology that supports users’ reasonable usage expectations as well as other features that promote the integration of DRM with P2P networks.

Third-party DRM vendors are the ones that are actually motivated to build technology that supports users’ reasonable usage expectations as well as other features that promote the integration of DRM with P2P networks.

There have been countless “standalone” third-party DRM technology vendors over the past several years, but very few of them have succeeded, due to several factors, including unrealistic revenue expectations, lack of understanding of content business models, and of course, inadequate technology. To understand how these vendors might find

15

customers, we should answer the question: who stands to gain from the proliferation of DRM-enabled P2P networks?

The answer lies in the fact that P2P network usage promotes use of network bandwidth, equipment, and services; in fact, numerous recent statistics have shown that the majority of bandwidth on the Internet is used by a small percentage of users who mostly engage in file sharing. Therefore, we suggest that network hardware/software makers and internet service providers (ISPs) are the best potential sources of interest in and funding of DRM development for P2P networks.

Network hardware and software makers’ interest in embracing DRM is hampered somewhat by the open nature of the Internet and the W3C’s lack of interest in DRM, but network equipment makers have been looking at DRM, though they have yet to become active in the market. For example, Cisco designed a DRM protocol called OCCAM (Open Conditional Content Access Management) in 2001, but the company appears to have no interest in developing products around it17.

The major Internet service providers have largely avoided DRM; one reason for this is that noninvolvement in DRM has enabled them to stay aloof from various legal liability issues. However, recent activity related to the Digital Millennium Copyright Act, such as the music industry’s subpoena of Verizon over the name of a Verizon Online user suspected of music piracy, may be sending a signal to ISPs that noninvolvement breeds liability too, therefore they should participate in the market and start looking at the service provider opportunities it can afford. Major ISPs are naturals to support DRM-enabled P2P networks and provide value-added services to their participants, as a way of garnering revenue from their heaviest users instead of (or in addition to) monitoring bandwidth usage and charging tiered pricing, as a few have begun to do over strong user objections.

Major ISPs are naturals to support DRM-enabled P2P networks and provide value-added services to their participants, as a way of garnering revenue from their heaviest users.

Of course, the development of some of the technologies mentioned in this white paper should also encourage startups, as well as more established vendors, to build various types of new content-related services that can grow the market.

Finally, we should emphasize that standards can help hasten and lower the cost of solutions to many of the problems mentioned above. There are several existing standards efforts that related to DRM integrated with P2P, as previously mentioned. The problem with many of them is that they are design with much broader areas in mind than that of DRM and P2P networks, meaning that approval processes take longer and applicability is not as straightforward. P2P-related trade associations (e.g., P2P United) are beginning to appear; unfortunately, they engage in anti-DRM posturing for political purposes. Such groups need to get beyond polemics, understand the opportunities for everyone available in DRM integration with P2P networks, and start representing the P2P community in relevant standards initiatives alongside the independent DRM vendors that can most directly impact the market.

17 The OCCAM white paper, no longer available on Cisco’s web site, is available by request from the author.

16

17

About the Author

Bill Rosenblatt, president of GiantSteps Media Technology Strategies, has 20 years of experience in technology architecture, business development, and marketing; publishing; new media; and online education. He has been a business development executive at a leading technology vendor, an IT executive at major publishing companies, and chief technology officer of an e-learning startup. He has expertise in digital media technologies such as content management, digital rights management, streaming media, and publishing systems. Bill is the author of several books, including Digital Rights Management: Business and Technology (John Wiley & Sons, 2001), and he is Managing Editor of the Jupitermedia newsletter DRM Watch (www.drmwatch.com).

About GiantSteps Media Technology Strategies

GiantSteps Media Technology Strategies is a management consultancy focused on the content industries that help its clients achieve growth through market intelligence and expertise in business strategy and technology architecture. Clients have included publishing companies, news, entertainment, and professional information providers, and digital media technology vendors ranging from early-stage startups to Global 500 firms.

Contact: phone: +1 212 956 1045 email: [email protected] Web: www.giantstepsmts.com

White paper commissioned by DigitalContainers LLC

About DigitalContainers LLC

DigitalContainers provides patented digital rights management for use in peer-to-peer networks and the Internet. Digital Containers include self-contained file protection, authentication and e-commerce system,

allowing files and media to travel around the Internet, yet perpetually be tracked, controlled and audited by the content owners. This enables content owners to securely monetize their digital goods in peer-to-peer networks.

Contact: phone: +1 703 208 1040 email: [email protected] Web: www.digitalcontainers.com

http://www.drmwatch.com/

mailto:[email protected]

www.giantstepsmts.com

mailto:[email protected]

http://www.digitalcontainers.com/

The term “peer to peer” (P2P) refers generallyto software that enables a computer to locate acontent file on another networked device andcopy the encoded data to its own hard drive. P2Ptechnology often attracts people who use it toreproduce or distribute copyrighted music andmovies without authorization of rights owners.For that reason, the short history of P2P tech-nology has been one of constant controversy andcalls by many in the content industry to regulateor even ban P2P-based networks or software.

As a general preventive measure against copy-right infringements through digital technologiesincluding P2P, copyright owners often use digi-tal rights management (DRM) techniques toencrypt content or otherwise restrict access.Depending on the access or compensationarrangement, content owners may differentiateprices and limit use by the number of plays,duration of access, temporary or partial uses,lending rights, and the number of devices onwhich the file may be accessed. The potentiallevel of use control may go beyond the expecta-tions of consumers accustomed to a broaderrange of uses enabled by analog technology.Consequently, many consumer advocates now

contend that DRM is harmful to consumersbecause it tilts the balance of control in favor ofcopyright holders. For their part, rights ownersrespond that DRM merely offsets grave dangersmade possible by digitization and Internet distri-bution.

This study argues that the basic functions ofDRM and P2P can be quite complementary andthat innovative market mechanisms that canhelp alleviate many copyright concerns are cur-rently blossoming. Government should protectthe copyrights of content owners but simultane-ously allow the free market to determine poten-tial synergies, responses, and outcomes that tapdifferent P2P and DRM business models. In par-ticular, market operations are greatly preferableto government technology controls, on the onehand, or mandatory compulsory licensingschemes, on the other. Recent court decisionsregarding the liability of P2P networks or soft-ware providers may force the Supreme Court torevisit its own precedents in this area. In theabsence of an efficient resolution by the Court,Congress may pass legislation that may interferewith both technological evolution and free-mar-ket processes.

Peer-to-Peer Networking and Digital Rights Management

How Market Tools Can Solve Copyright Problemsby Michael A. Einhorn and Bill Rosenblatt

Executive Summary

No. 534 February 17, 2005

_____________________________________________________________________________________________________

Michael A. Einhorn is the author of Media, Technology, and Copyright: Integrating Law and Economics(2004) and senior adviser to an international consulting firm. Bill Rosenblatt is president of GiantSteps MediaTechnology Strategies (www.giantstepsmts.com), managing editor of the newsletter DRM Watch(www.drmwatch.com), and author of Digital Rights Management: Business and Technology (2001).

Routing

Introduction

This study examines how digital rightsmanagement (DRM) may complement peer-to peer (P2P) technology and help solve manyof the intellectual property problems nowhotly contested in the current policy arena.From a popular vantage point, Napster—though not a pure P2P network (because itrelied on a central server to direct users tosought content)—illustrated the mass appealof P2P file sharing.1 The Napster phenome-non gave rise to networks built on FastTrack,Gnutella, and other software, which havebeen designed without central servers andhave so far avoided Napster’s legal fate.

P2P services are potentially beneficial for anumber of reasons. They allow users tosearch for and download content files locat-ed anywhere in the network. That couldmake it much easier to find works in the pub-lic domain, assist new artists who can publi-cize their abilities, and widen the audiencefor political speech otherwise confined to afew listeners. However, the costs are sobering;most users simply engage the software inorder to find music and movies that havebeen “ripped” and uploaded to networknodes for free taking by others.2 That threat-ens the content industries by displacing unitsales and licensing opportunities, and there-by undermines their business models fordelivering content.

Though the content industries prevailedin litigation against Scour3 and Aimster,4

industry attempts in California to closedown Grokster and Streamcast failed in dis-trict and circuit courts.5 In the Grokster andStreamcast cases, the courts ruled in summaryjudgment that the particular programs inquestion had significant, noninfringing usesthat qualified for legal protection under theSupreme Court’s 1984 landmark decision inSony v. Universal City Studios, which upheld thelegality of the videocassette recorder.6 Thedistrict and circuit courts also found thatneither software provider had the requisiteknowledge of actual infringement or the abil-ity to curtail immediate use to qualify as a

contributory or vicarious copyright infringer.Thus, at least for the time being, and con-trary to the wishes of industry, decentralizedP2P operations remain in business and freeof contributory and vicarious liability forcopyright infringement.

Meanwhile, the industry continues tolook to DRM technologies to stem the tide ofunauthorized file sharing. Legally differentfrom copyright itself,7 digital rights manage-ment refers to technological tools and capa-bilities that monitor content use and shieldagainst unauthorized uses or distributions.DRM can then go some way toward protect-ing intellectual property by helping contentowners to stop copying, enforce use restric-tions, and otherwise assert property rights tocopyrighted material. In contrast to the viewsof many critics, DRM is an important facili-tating mechanism for protecting copyrightsin a free market.

Moreover, by preserving property rightsmade possible through new market tech-niques, DRM encourages producers to inno-vate because they are more certain of eventualreward. That facilitates the process of “cre-ative destruction”—the new ideas, products,processes, and organizational modes that arehallmarks of dynamic capitalism.8 Govern-ment intervention in this competitive proc-ess could be harmful.

Digital Rights Managementand Versioning

DRM technology includes encryption andother content controls that limit how usersmay make and distribute copies of digitalfiles and physical media (e.g., CDs, DVDs)they may have purchased. While critics fearthe loss of consumer uses due to DRM,9 theyoften fail to consider the effect of mitigatingmarket forces. That is, economic analysisinforms us that content providers who heed-lessly hinder customer control actuallyreduce the value of the product that they areselling in the market. Doing so will reducemarket demand, prices, and profits.10

2

By preservingproperty rightsmade possible

through new market

techniques, DRM encourages

producers toinnovate because

they are more certain of

eventual reward.

The ability of content owners to restrictreuse of their works may lead to a greaternumber of specialized or personalizedoptions and a wider range of consumerchoices. With DRM, content owners mayoffer different rights by designing menus ofdiverse services and charging a different pricefor each. For example, the ability to down-load, burn, and lend a legally accessed moviewould be priced differently than the abilitysimply to view the work without making fur-ther transmissions or reproductions. Theability to design different services enablesproducers to price discriminate with regardto buyer tastes, potentially enabling greaterrevenue recovery.11

The concept of “versioning” is not new inmarket economies.12 Magazine publishersmake printed content available both by sub-scription and as single copies, and studiosmake film available in first-run theaters,video stores, and television and cable pro-grams. Versioning allows consumers tochoose among a number of service optionsinstead of being confined to any one. Theprospective use of different versions andprices is particularly appropriate for contentindustries, where vast production costs aresunk up-front. Those investments must berecovered from the subsequent sale of subse-quent product.

That said, resale or arbitrage between low-and high-end markets needs to be avoided ifversioning is to operate effectively. For exam-ple, if magazine subscribers could resellcopies at higher prices on neighborhoodnewsstands, subscription prices would neces-sarily increase to reflect the value of likelyresale. That would clearly harm readers whodid not resell magazines. Therefore, DRMprotections that stop the resale or redistribu-tion of content from one market segment toanother enable producers to develop moreversions and enhance consumer choice.

The effect of versioning on individualusers is bifurcated. Smaller users generallygain, as producers and distributors lowerprices for “no frills” services to basic cus-tomers without worrying about revenue loss

from high-end users. Content distributorsmay also use personalization techniques toidentify prospective first-time customers andextend to them free previews, time-limitedrentals, and low-price introductory offers.

By contrast, the more intense and devotedusers of any product generally pay moreunder versioning; producers charge higherprices for enhanced service features withoutworrying about attrition at the lower end.Despite the higher prices, those high-endcustomers may be better off, as suppliers nowhave greater incentives to develop innovativefeatures and to take other steps to expand thecapabilities of the network.

The Music Services

Nowhere is the market potential of ver-sioning more evident than in the evolvingmarket for digital music services. Since Applefirst launched its iTunes Music Store in April2003, the constellation of suppliers and ser-vices has reordered considerably. Specifically,the market for digital music content hasmoved well beyond first-generation businessmodels of the major label services.

The two original major label services(MusicNet and Pressplay),13 which werelaunched in December 2001, allowed fulllibrary access through streams and down-loads but ended a buyer’s access to previous-ly downloaded music when he or she termi-nated the service (although Pressplay didcome to permit a limited number of burnsfor an additional fee). The services alsoattempted to divide the customer spectrumby offering alternative service versions thatdepended on contract duration or usagelevel, or both.14 Four major alternative serviceversions came to market in 2003.

Downloads Plus HardwareIn April 2003 Apple Computer launched

an innovative Internet Music Store, callediTunes, which sold more than 125 milliondownloads in the next 18 months andclaimed 75 percent of the download mar-

3

The ability ofcontent owners torestrict reuse oftheir works maylead to a greaternumber of specialized orpersonalizedoptions and awider range ofconsumer choices.

ket.15 Individual songs at the Music Store,which are encoded with the MPEG-4Advanced Audio Coding compression tech-nology, cost 99 cents apiece. With Apple’sproprietary networking technology,Rendezvous, several Mac users on a wirelessnetwork can share collections throughstreaming.16 The Music Store has no sub-scription fee; it does not enable full trackstreaming, but 30-second samples are avail-able for free.17 The average iTunes userappears to download an album per month;the typical teenage shopper in a record storebuys one CD every two months. Nearly half(45 percent) of purchased songs on iTuneswere purchased as part of an album.18

The key innovation of Apple is its light-handed DRM system, called FairPlay, whichallows buyers to transfer tunes to Apple iPodplayers, burn unlimited numbers of CDs,and transmit downloaded songs to threeother hard drives.19 The next generation ofApple’s Music Store also contains a numberof new features, including iMix, which is anew way for users to publish and commenton playlists recommended by fellow fans.

Downloads Plus SoftwareMusicMatch, a service that competes with

iTunes, provides downloads to complementits popular music management jukebox thatis now installed on more than 60 millionPCs.20 With jukebox software that can bepaid for by user fees, advertising, and dataresale, basic users of MusicMatch may buy99-cent downloads, while deluxe users canpay $19.99 per month for an upgraded ser-vice with faster burn speeds and no advertise-ments.21

MusicMatch also offers a complete person-alization service (which Apple now lacks) thattracks an individual’s selected downloads inorder to make subsequent recommenda-tions.22 In addition, MusicMatch fully tracksuser preferences to compose interactive “radiostations” with personalized content.23 More-over, MusicMatch now offers a subscriptionservice (250,000 subscribers) that permits on-demand streaming and playlist sharing of rec-

ommended compositions with friends(described below). The prospective fortunes ofthe MusicMatch platform may increase con-siderably as the result of a prospective mergerwith the complementary search platforms ofYahoo!, which also owns the leading Internetradio service, Launch.24

Downloads Plus Interactive RadioNapster, which was relaunched as a copy-

right-respecting service (using the Pressplayinfrastructure) in October 2003, features adifferent combination of downloading andstreaming services.25 For 99 cents a track,Napster users may download and burn indi-vidual songs; an “all you can eat” subscriptionservice is available at $9.99 per month.26 Thatfee includes on-demand streaming of musicfrom Napster’s library and commercial-freemusic from 50 interactive online radio sta-tions.27 Complementary services for allNapster users include music videos, 30-sec-ond samples, online articles, Billboard charts,interuser e-mail, and playlist browsing.28

Interactive Streaming Plus BurningThe leading subscription service (550,000

subscribers), RealNetwork’s Rhapsody, offersan alternative model to downloading à lacarte.29 Its key competitive feature is “all-you-can-eat” on-demand streaming, which ismade available for a subscription fee of $9.95per month, and its present compatibilitywith Apple’s iPod, made possible by reverseengineering that may yet be legally contest-ed.30 Individual burns are generally availableat 79 cents but were sold for as little as 49cents during an August promotion.31 TheRhapsody service also offers access to 50commercial-free stations.32

As of April 2004, 3 percent of Internetusers and 17 percent of music downloadersused paid music services.33 The percentage ofU.S. downloaders who actually paid for asong at one point or another increased from8 percent to 22 percent in the first 12 monthsafter the launch of iTunes.34 Moreover, 30percent of those downloads were from inde-pendent labels not owned by the five major

4

The percentage ofU.S. downloaderswho actually paidfor a song at onepoint or anotherincreased from 8

percent to 22 percent in the

first 12 monthsafter the launch

of iTunes.

music companies, in contrast to 20 percentin offline markets .35

To summarize, a number of competitivemusic services that incorporate digital rightsmanagement emerged in 2003 and early2004. Each has some interesting features thatare attracting the interest of a segment of thebuying public. When applied in any of thoseservices, DRM stops users from copying con-tent in a manner that would displace marketdemand. Those protections help preservesome commitment to avoiding expropria-tion of investments in content and distribu-tion services.

New Services

With the potential for more innovation in2004–05, some content providers and dis-tributors may again transform the marketwith new offerings of digital music services.In addition to extending and refining thecore services described above, providers willcombine music services with other brandproducts, such as airline tickets, retail mer-chandise, food, and cable services.

Downloads Plus HardwareFollowing the iTunes model, Sony now

markets a competitive download service calledConnect.36 As in iTunes, Sony tracks are com-pressed with a proprietary technology(ATRAC); most songs are available for 99 centsand albums for $9.99.37 All downloaded songscan be transferred to Sony MiniDisc orMemory Stick portable devices that containSony’s proprietary OpenMG DRM technolo-gy, as well as high-end Sony computers nowsold in the company’s retail stores.38 Sony alsorecently launched in Finland a “personalizedradio service” that plays music directly throughmobile phones; a personal playlist featureadapts to consumers’ tastes by enabling themto press a button that indicates approval or dis-approval of a song.39

Downloads Plus StreamingVirgin Digital, a division of Sir Richard

Branson’s Virgin Group (and thus a sister busi-ness to the Virgin Megastores entertainmentproduct retailers), launched in September2004 a competitive “all-you-can-eat” streamingservice that will operate similarly to the exist-ing Rhapsody and MusicMatch subscriptionservices.40 Virgin subscribers will pay $7.99 permonth to access a catalog of more than onemillion songs; service will be coupled withVirgin Electronics’ new music player, whichhas more capacity and weighs less than a simi-larly priced iPod.41 Microsoft launched a musicdownload service around the same time andexpects to add a subscription streaming serviceto it soon.42 Microsoft has also released a newrights management system (called WindowsMedia DRM for Portable Devices) that willenable listeners to make copies to portableplayers that observe the same rights restric-tions controlled on the PC; that will also allowthe transfer to players of temporary down-loads. Microsoft will derive revenue in the com-petitive music space through the sale of playersfrom Creative, Samsung, and other vendorsand the licensing of Windows Media softwareneeded for operation. The new streaming ser-vices will increasingly provide a major test ofthe relative appeal of music streaming anddownloading, as well as alternative sources ofrevenue.

Downloads Plus MerchandiseFrom 1994 to 2004, Wal-Mart, Circuit

City, Best Buy, and Target stores deeply dis-counted popular CDs in order to attract peo-ple to shop at their establishments.43 In lightof their considerable success in “brick-and-mortar” retailing, each chain now plays arelated strategy in the digital marketplace.Wal-Mart now offers online downloads at 88cents apiece.44 Circuit City recently boughtup the digital music platform MusicNow(formerly FullAudio). Target has a distribu-tion deal with Napster, and Best Buy distrib-utes music services from Rhapsody andNapster.45 Amazon should soon launch asimilar strategy to combine music and mer-chandise retailing online.46

Some food distributors use downloads in

5

A number ofcompetitivemusic servicesthat incorporatedigital rightsmanagementemerged in 2003and early 2004.

partnership with the music services as promo-tional tools to stimulate product sales. Pepsiinstituted a promotional program to giveaway 100,000 iTunes in bottlecap coupons;Heineken, Miller Brewing Company, McDon-ald’s, and Coca-Cola plan respective serviceventures with Rhapsody, Napster, Sony, andEurope’s OD2 (now owned by Loudeye).47

Starbucks now allows customers at its SantaMonica location to make customized CDs. Itis distinctly possible that brand building forcorporations can begin if they can activatetheir own music downloading or streamingservices using infrastructure now availablefrom Loudeye and Microsoft48 or from whole-sale provider MusicNet.

As a final possibility, cable operator RCNintroduced in 2004 a bundled music servicewith MusicNet.49 Subscribers would have theopportunity to access both services for onemonthly fee. MusicNet’s present catalog topsone million tracks.

There are three general points to be maderegarding the state of competition in thismarket. First, the spectrum of services is nowquite wide; focused shoppers locate favoredsongs through à la carte downloads, listenersat large are attracted to noninteractivestreaming, and more dedicated browsersinsist upon the full browsing capabilities ofinteractive streaming. Differentiated versionsimply diverse ownership rights, service length,pricing, personalization, and complementarycomponents. With no abiding certainty ofwhere buyer tastes reside in the market, rivalproviders “learn by doing” those features thatconsumers want most.

Second, actual market experience provesthat the use of DRM indeed responds to con-sumer tastes. MusicNet and Pressplay at theiroutset did not support permanent down-loads, burns, or any sort of sharing, and theirfee structures were dauntingly complex. Assubscriptions trailed and illegal file tradingcontinued, the importance of permanentownership, portability, and sharing becameevident to all. Later music services thenimplemented simpler pricing structures andallowed permanent downloads, CD burns,

transfers to portable devices, and sharing(within reasonable limits)—features enabledyet controlled by underlying DRM technolo-gies.

Third, with distribution platforms thatare now proving their adaptability to con-sumer tastes, the potential gains for indepen-dent labels (indies) are considerable. As themarket leader in downloads, Apple’s iTunesnow targets niches of indie fans with catalogrights to more than 600 labels;50 Microsoftnow offers content from 3,000 independentlabels.51 Recent launches by eMusic andAudio Lunchbox respectively feature catalogsof 3,500 and 4,200 labels.52 Digital distribu-tion has worked to the clear benefit of pro-ducers and distributors astute enough tocapitalize on the new technology. For exam-ple, indie label Black Rain and distributorINgrooves pushed artist Kieran to number-one rankings at Rhapsody and iTunes in thesummer of 2004.53

The potential alliance of the music ser-vices and the independent labels may be vitalto the future success of digital music in twokey respects. First, independent labels offerdifferent sounds from fresher and less well-known talent, avoiding the need to promoteto major retail stores and mainstream radioplatforms. In addition, while major labelbusiness financially suffered in 2001–03, anumber of independent labels did very well.54

That suggests that music from independentlabels may gain in market share as alternativedistribution methods improve. The musicservices should then be seen as enablingagents of emerging competition betweenincumbent big labels and the hard-chargingindependent upstarts.

Finally, downloading may be supersededby streaming in the years to come. A majorlabel receives 65 cents from online down-loads that sell for 99 cents.55 The remaining34 cents of an online purchase pays distribu-tion costs—bandwidth, credit card use, anddistributor service and overhead. According-ly, if an online album costs $9.99, the labelreceives $6.50. Accounting for differences indistribution expenses, a label makes a similar

6

Actual marketexperience proves

that the use ofDRM indeed

responds to consumer tastes.

margin in store sales.56

The margin of $6.50–$7.00 goes to covermechanical royalties, artist advances, unre-couped expenses, and general promotionexpenses needed to find talent and distributematerials to radio stations and record stores.With requisite payments to talent and recov-ery of costs, it is consistent with hard-nosedmanagement and competition that a produc-er should recover the same profit marginfrom any new distribution channel that itdoes from its incumbent alternatives. For iflabels fail to recover the requisite margin,profitability in the emerging market declinesas customers migrate. So too does the incen-tive to record and promote new acts.

That said, downloads do not now appearto present the requisite consumer value. Forexample, a survey by research firm Ipsos-Insight found that consumers believed that$7.99 was the best price for digital musicalbums.57 If that amount is an accurate mea-sure of the median buyer’s valuation, a labelwould receive no more than $4.50 from thesale of an album online. That would fail torecover the costs of royalties, production, andpromotion.

The industry may be better off in the longrun with streaming, where profit marginscan be made considerably higher throughlicensing fees that can be adjusted more read-ily. From the perspective of distributors,streaming appears now to be more prof-itable. At present, the online music marketgenerates $271 million annually in revenues,which are split 60/40 between downloadsand streaming subscriptions.58 Those num-bers may change substantially in the next fewyears as the streaming services come to offerthe primary features—“all-you-can-eat”access to the “celestial jukebox”—that digitaltechnology is capable of.

The basic points of the previous sectionmust now be reaffirmed and extended. Thenumber of music services is growing, and themarket is testing new business models andtechnologies that may displace incumbents.Once again, digital rights management,which disallows the copying, resale, and

redistribution of content, protects theintegrity of each system. Relaxing access pro-tection, or otherwise enabling alternativetechnologies to take copyrighted work with-out compensation, harms both content own-ers and the emerging services.

Fair Use and ReasonableUsage Expectations

The notion of reasonable usage bearssome discussion, especially because it hasbeen confused with the legal concept of fairuse. Fair use is the “privilege in other than theowner of a copyright to use the copyrightedmaterial in a reasonable manner without hisconsent, notwithstanding the monopolygranted to the owner.”59 When properlyestablished, fair use must conform to specif-ic legal guidelines and careful economic con-siderations of type and nature of use.60

Although case precedents exist for specif-ic types of uses, a judge or jury must ulti-mately make decisions about whether partic-ular contested uses conform to the fairnessguidelines specified in Section 107 of theCopyright Act. Moreover, the protection offair use is only defensive; that is, fair use isnot a standard for inalienable consumerrights but is only a defendant’s protectionagainst an otherwise valid claim of copyrightinfringement. Some uses, such as noncom-mercial copying of content, are presumptive-ly fair, meaning that plaintiffs must presentadditional evidence that would bolster aninfringement claim.61 That being the case, itis impossible to create any kind of automat-ed system that determines whether a particu-lar use is fair or not, because the stipulationsin Section 107 are guidelines, not specificrules.

Consumer ExpectationsIn addition to fair use, consumers have

other reasonable expectations about how theycan use purchased content. For example, if auser buys an album, he or she may expect to beable to sell it, record a digital cassette for later

7

The number ofmusic services isgrowing, and themarket is testingnew businessmodels and technologies thatmay displaceincumbents.

use in her car, or make duplicate tape copies tosell to her friends and acquaintances. Thelegality of the first use would be covered by thefirst sale doctrine,62 while the second would becovered under the home taping exemption ofthe Audio Home Recording Act.63 The third isa copyright infringement.

Although meeting every consumer expec-tation might not be a legal obligation of anyproducer, he would nonetheless be wise totake steps to heed expectations so as toincrease the value of his service. Moreover, hecan price particular features incrementally inorder to increase the monetary recovery ofthe property or service. That may allow himto offer a basic service at relatively low cost.The situation here may be likened to that ofa restaurant owner who offers an à la cartemenu. By pricing appetizers and deserts sep-arately, the owner can afford to keep pricesdown for the basic entrées.

Accordingly, whether “space shifting” or“burning” is a fair use or not, a content pro-ducer unwilling to provide consumers ameans of moving music tracks off a harddrive will surely lose customers and revenuesin the long run. Harsh economic reality willprevail over narrow copyright law; an overlyprotective system of copyright is a detrimentin the eyes of consumers who have grownaccustomed to a range of copying capabili-ties, legally fair or not.64 Consequently, theability to monetize the value of each servicemay lead producers to offer a great numberof consumer rights that legal “fair use” doesnot cover.65

Interoperability Before buying into digital music in any

big way, many consumers may need greaterassurances that DRM systems will interoper-ate with one another. The industry hasalready made strides toward interoperabilityof so-called rights expressions, whichdescribe the rights that a content ownergrants a consumer and under what condi-tions; however, standardization in this area isnot complete.66 Even if it were, additionalchallenges would remain before DRM

schemes were fully interoperable with oneanother. That would enable a prospectivebuyer to build up a catalog from differentservices without worrying about later obso-lescence.

Chief among the challenges is standardiza-tion of identification schemes for both usersand devices. Currently, and with few excep-tions, each DRM scheme has its own notion ofidentity and its own way of authenticatingidentities. A user’s identity in one scheme (e.g.,for an Adobe e-book) is only coincidentallyrelated to her identity in another scheme (e.g.,for an online music subscription service basedon Microsoft Windows Media). Attempts tocreate universal online identification schemeshave been thwarted by a combination of tech-nical complexity and concerns over privacy. ADRM scheme for integration with P2P net-works should at least offer some degree ofidentity interoperability among popular for-mats, devices, and services.

Unilateral solutions may exist. In its pre-sent Harmony service, RealNetworks enablesthe compatibility of its RealPlayer MusicStore tracks with both Apple’s iPod playersand players compatible with Windows MediaAudio (WMA).67 RealNetworks accom-plished that by producing WMA files andintegrating Windows Media Player on theuser’s PC (both of which are permitted byMicrosoft) and by reverse engineeringApple’s FairPlay DRM file format (whichApple may yet legally contest). In anotherpotential solution, RapidSolution Softwareof Germany now offers software (calledTunebite) that allows users to re-record anyfile played on a PC by simple loopbackthrough the PC’s audio card; songs are storedin an open format for later use.68 Parties dif-fer as to whether the technology legallybreaches access protection.69

It now seems likely that the market willconsolidate to two or three major platformsfor each major media type. A plausible sce-nario is that by the end of 2005 the market willconverge on the Microsoft, Apple, and OpenMobile Alliance’s Download and DRM stan-dards for audio; Adobe, eReader (frequently

8

An overly protective system

of copyright is adetriment in the

eyes of consumerswho have grownaccustomed to a

range of copyingcapabilities,

legally fair or not.

known as Palm Digital Media), andMobiPocket for e-books; and Microsoft andRealNetworks for video downloads.70 Al-though the number of platforms is a bit high-er than that which consumers have beenaccustomed to for analog media,71 it is—inter-estingly enough—consistent with the numberof platforms in many other technology mar-kets (personal computer architecture andoperating systems being a notable excep-tion).72 Content producers and distributorshere would be challenged to enable some formof interoperability in a multistandard market.Otherwise, they may compete to find oneindustry standard or until a number of differ-ent systems coexist, albeit inefficiently.73

Yet market standardization for DRM—whether open, de facto, or somewhere inbetween—seems preferable to government-enforced guidelines, as Sen. Ernest Hollings(D-SC) proposed in the Consumer Broadbandand Digital Television Promotion Act of 2002.Had it passed, the act would have imposedgovernment-selected DRM standards on thecontent and electronics industries if thoseindustries failed to agree on standards on theirown within 18 months of passage.74 However,the bill set out inadequate corrective measures;that is, procedures for moving away from infe-rior or ineffective standards. Among otherthings, the CBDTPA’s provisions for allowingstandards to evolve in order to keep up withnew technologies, potential security threats,and changing consumer preferences wereunworkably slow and cumbersome.

Integrating P2P and DRM

As a practical matter, P2P networks are wellsuited for distribution of unprotected files,regardless of their legal status. P2P software isavailable to all takers on the Internet. P2P doesnot require that the source of a file actuallysend a file or even know the identity of therecipient, and it allows files to be copied virtu-ally instantaneously with maximum automa-tion and without physical media. Some arguethat P2P helps facilitate an “information com-

mons” where users can transmit and modifycontent.75 Accordingly, P2P is quite attractiveto many users and academics who broadlyapprove of the easy information exchange thatP2P makes possible.

The Benefits and Harms of P2PThere are a number of specific capabilities

of P2P that bear consideration. First, P2Ptechnology may facilitate the distributionand discussion of full literary works76 andfilms77 that are in the public domain.Recipients can comment on or adapt certainworks to provide new insights and features,thereby creating a stream of criticism thatusers may sequentially adapt. Second, P2Pallows listeners to sample unprotected musicthat they otherwise might not hear anddevelop interests in bands and songs thatmight otherwise not evolve. Third, thoughnot commonly acknowledged, major labelsthemselves use research from P2P networksto track which songs are traded in local areas,which can suggest new spins or modifica-tions in local airplay and retailing.78 Fourth,P2P can be melded with personalizationtechnology that tracks consumer choices;musicians and labels can use that informa-tion to present music and related material toa group of potential buyers.

Unsigned acts—which earn income main-ly from live performances—may find P2P aninvaluable means of building audience inter-est. Many “jam bands” (such as Phish,Widespread Panic, and moe.) permit fans totape and trade copies of live concerts, as longas they do not profit from it.79 Through P2Pmarketing, a popular band named Wilcolanded a record deal after its original labeldiscontinued their engagement.80

However, well over 90 percent of files nowtraded on P2P networks appear to be nothingmore than unchanged copyrighted tracksand movies that were previously ripped anduploaded without authorization.81 There isno legal or economic reason to relax copy-right protection for full-length tracks thatare taken and passed on without contextsthat typically merit fair use defenses, such as

9

Market standardizationfor DRM—whether open, de facto, or somewhere inbetween—seemspreferable to government-enforced guidelines.

criticism or parody. Such unauthorizeddownloading can potentially displace salesand licensing of legitimate products and fur-ther reduce the chances for success of com-petitive service applications; illegitimate filesharing grabs a substantial center of the dis-tribution space that interferes with the antic-ipated success of any neighboring service.The dimensions of the problem are nowsevere; while iTunes has sold more than 100million tracks, estimated unauthorized filesharing exceeds 2.5 billion tracks permonth.82

P2P and SuperdistributionA capability related to P2P is “Superdistri-

bution,”83 which refers to technology thatallows copyrighted content to be distributedmultiple times. While P2P implies free filesharing among peers, Superdistributionimplies that the process starts with a “publish-er” and includes some kind of commercialtransaction at each step. Depending on thetechnical details, Superdistribution of a workcan provide revenues to content owners fromeach downstream transaction.84

Superdistribution has been mentioned inthe same breath as DRM since the mid-1990s, when a few DRM vendors attemptedto support it.85 Yet true Superdistributionrequires complex technology that is notori-ously difficult to implement; thus, copyright-respecting online content services haveimplemented only partial approximations toSuperdistribution.86

Superdistribution can be integrated into P2Pnetworks if rights are specifically defined, moni-tored, and licensed. Generally speaking, legiti-mate P2P can be used in innovative businessmodels much like other music services—à lacarte service for individual plays, a subscriptionfee for unlimited downloads, and additional feesfor enhanced services. A number of entrepre-neurs have built or are continuing to combinedifferent service capabilities into legitimate P2Pservices. Although their usage figures aredwarfed by the likes of iTunes and Napster—tosay nothing of P2P networks like KaZaA—thereis no reason why such services should not be

tested and vie for market share. We shall nowdescribe a number of those services.

Business ModelsFour current business models enable

Superdistribution. Paid Access Plus Controlled Sharing.

MusicMatch’s new On Demand service,which launched in July 2004, now allows pay-ing monthly subscribers to send e-mailplaylists to nonsubscriber friends. Friendscan play the first 20 tracks on each receivedplaylist up to three times before being askedto pay for them as individual downloads orto subscribe to the On Demand service. Foradditional revenue recovery, MusicMatchobtains the e-mail addresses of each contactand uses them for marketing purposes. Thatcapability uses an existing function inMicrosoft Windows Media DRM that issuesto the friend a license for each track thatexpires after three plays.

Unlimited Sharing of Approved Content for aFixed Fee. Wippit, based in the UK, includesover 60,000 tracks from about 200 recordlabels, including some of the majors, as well asnumerous audiobook, game, and softwaretitles.87 It allows unlimited downloads for $90per year or $23 per month. Users who down-load tracks can potentially share them withother subscribers, depending on the wishes ofthe content owner.88 Some downloads areavailable in unprotected MP3 format; othersare in protected Windows Media format withDRM. To determine whether a file has beenapproved for sharing, Wippit uses theMusicDNA waveform system from Canta-metrix, which is a technology that analyzes thecontent of each file, produces a “fingerprint,”and compares the fingerprint with those in adatabase provided by Cantametrix’s owner,Gracenote.89

Downloads with Alternate Compensation.Hong Kong–based Singwell International haslaunched Qtrax, which like Morpheus is basedon the Gnutella open-source file-sharing net-work software.90 Qtrax offers owner-approvedfiles in a DRM-protected format that is per-manently attached to unprotected MP3 files.

10

A number ofentrepreneurs

have built or arecontinuing to

combine differentservice

capabilities intolegitimate P2P

services.

The DRM reports file uses to collection agen-cies such as BMI. SingWell derives revenuefrom advertising and pays royalties to IBM.Qtrax users can download files at no charge inexchange for viewing advertisements targetedto their revealed tastes in music. Users mustpay for burns to optical discs.

Distributed Agencies. Providers on SharedMedia Licensing’s Weed technology networkcan create e-mails and blogs to recommendtunes from independent musicians to friendsand acquaintances.91 Network users can buymusic that is protected by Microsoft DRMtechnology. Distributors on Weed receive a35 percent commission for each track solddirectly through them, as well as smalleramounts for works resold through their buy-ers. Popular artists may generate strings ofsecondary purchases as their works are resoldsequentially through different e-mails orblogs. That use, which is similar to whatAmazon.com does with its Amazon Affiliatesand Listmania programs, also is somewhatlike a P2P version of the “shared playlist” fea-ture of Napster and MusicMatch.

A final creative business model is P2Pstreaming, which has been introduced byGrouper92 and Mercora.93 Now providing atest version of a P2P radio service, Mercoraclaims that its prospective uses adhere toguidelines that qualify for a statutory licenseestablished in the Digital MillenniumCopyright Act of 1998.94 Even if that assess-ment of statutory privilege is incorrect, recordlabels may look more favorably upon licensinga P2P service that permits sampling much likea subscription service. The service providerwould need to continue to take all possiblesteps to prevent redistribution of any accessedtracks. Nonetheless, protective publishers andartists may reject positive overtures to distrib-ute through digital technology musical worksthat are now under their control.

P2P and the Courts

An important factor in the launch of ser-vices like the above, which use DRM along with

features borrowed from P2P, has been courtdecisions that have helped perpetuate the exis-tence of P2P software, thereby ensuring P2P’scontinuing influence on the online contentmarkets. One recent decision in particular hasbolstered claims that P2P software file sharingis a legitimate service with “significant nonin-fringing uses,” a key benchmark set in the Sonyv. Universal Supreme Court decision to deter-mine the legality of a device that has somepotential uses that may infringe copyright.95

While prevailing against Napster96 andAimster,97 the content industries received afirst jolt in April 2003 when a federal districtcourt (Central District of California) dismisseda complaint brought by the movie and recordindustry against peer-to-peer networks Grok-ster and Morpheus (operated by StreamcastNetworks).98 The Ninth Circuit upheld thesummary judgment under appeal in August2004.99 The U.S. Supreme Court has beenasked by industry to hear the case.100

The Ninth Circuit in Grokster made keydistinctions from its previous Napster deci-sion, which held that Napster was guilty ofcontributory and vicarious infringement andwhich led eventually to a complete shutdownof the service.101 While Napster stored on itsservers information about site locations ofinfringing material, Grokster and Streamcastsimply distributed software and thereforehad no immediate knowledge of the sites andfacilities where infringement resulted.102

The circuit court upheld the district court,which found that the distributed software pro-grams had significant noninfringing uses sim-ilar enough to home video recorders thatsometimes could be used to infringe copy-rights but were legal nonetheless.103 Contribu-tory liability did not result because Groksterand Streamcast had no actual knowledge ofinfringement at the moment of its occur-rence.104 Moreover, although they were finan-cial beneficiaries of file sharing, the twoproviders lacked the requisite monitoring abil-ity to prove vicarious liability.105

From a legal perspective, the outcomeraised some eyebrows. The Ninth Circuit’sdecision apparently differs from the previous

11

Popular artistsmay generatestrings of secondary purchases astheir works are resoldsequentiallythrough differente-mails or blogs.

Napster decision, where the same courts ruledthat contributory infringers knew, or had rea-son to know, of direct infringement.106 The sec-ond point (i.e., had reason to know) was madein an amicus brief filed by nine distinguishedexperts on copyright law.107 The NinthCircuit’s latest decision on Grokster may thenprovide an incentive for software developersto figure out ways in which they can lookblind, innocent, or simply incapable of tak-ing deterrent action, whatever the apparentharms of taking action. The Seventh Circuitreached a different outcome regarding “will-ful blindness” inherent in the Aimster file-sharing system: “[W]illful blindness is knowl-edge, in copyright law, where it indeed maybe enough that the defendant should haveknown of the direct infringement.”108

From an economic perspective, the tech-nological outcome of the conflicting deci-sions in the Ninth Circuit is clearly ineffi-cient. Napster, Grokster, and Morpheus lead tothe same basic result: more than 90 percentof their use infringed on copyrights. If onlyone technology is to be allowed, Napsterwould be the apparent choice; it is more effi-cient than the remaining two, which takeconsiderably longer to operate because of thelack of a central directory. Moreover, if thereis an economic reason to restrict Napster(due to offsetting harms), there is even moreeconomic reason to restrict the less efficientservices.

Whatever the potential uses made possibleby Grokster or Streamcast, plaintiffs contend-ed that the software providers could have takenother protective steps to control use.109

Plaintiffs’ briefs pointed out that the districtcourt failed to consider evidence that defen-dants elsewhere had successfully blockedpornographic content, provided software up-dates, and deactivated existing software.110

Meanwhile, Relatable, Audible Magic, Snocap,and others claim to have devised “fingerprint-ing” (acoustic analysis) technology (similar tothat of Gracenote, described above) that can beused to identify and filter illegal downloads (orrequire payment or other consideration beforeallowing access to copyrighted works).111

However, citing the Sony v. Universal precedent,the Grokster and Streamcast courts avoided pre-scribing any direct filtering that would man-date a change in software technology that wasapparently beyond the capacity of the courts tomanage.

The two outcomes represent an evidentcircuit split, and the Supreme Court hasgranted certiorari. The Court may choose tooverturn the “significant noninfringing use”clause of Sony that can apparently admit anytechnology regardless of offsetting harm torights owners. The Court may indeed imposethe alternative test of a strategic fix (i.e., acomprehensive analysis that maximizes effi-ciency after considering all offsetting costsand benefits of each position). However, sucha fully rational analysis is entirely impracti-cal; it is impossible to determine all likelyevents and alternatives, measure relevantquantities, and make accommodations andadjustments piecemeal. A more specific tacti-cal solution would consider the deploymentof filtering techniques that enable P2P tech-nologies to continue operations so long as allsteps are taken to reduce or eliminate usesthat violate copyright. If filters are imposed,courts may monitor the resulting outcometo determine the need for additional action.

Toward a Market Resolution?

An event in November 2004 may be animportant harbinger of things to come.Universal Music Group (UMG) entered intoa licensing deal with Snocap, a fingerprint fil-tering technology company founded byNapster developer Shawn Fanning, to use itstechnology to control usage of and processpayment for UMG catalog items found onfile-sharing networks.112 The deal resulted ina service that was expected to launch byJanuary 2005. It is currently unclear whichP2P networks will be involved with the ser-vice.

The announcement came shortly after arelated disclosure that Sony BMG Music had

12

If filters areimposed, courts

may monitor theresulting outcome

to determine the need for

additional action.

entered into wider talks with both Snocapand the Grokster file-sharing network.113

Under the envisioned system, Snocap wouldprovide a service to control usage of someSony BMG content on a new file-sharing ser-vice, provisionally called Mashboxx, thatwould be controlled by Grokster. Sony BMGwould make some content, such as musicfrom new artists and low-fidelity versions ofcontent from established names, available forfree downloading, while other content wouldrequire payment and have usage controlledby fingerprint filtering. That would provideSony the ability to use P2P to determine thepotential demand for new releases.

While the Sony deal has yet to beannounced formally, the involvement of amajor P2P network represents a primary dif-ference from the more limited agreementbetween UMG and Snocap. Snocap is nowone of a handful of companies with technol-ogy related to fingerprint filtering that arereportedly in serious licensing talks with themajor labels. The big question is whether anyfingerprinting technology is actually com-patible with an existing P2P network likeGrokster, or whether new file-sharing net-works would have to be built to use the tech-nology—as UK-based Wippit has alreadydone with fingerprint filtering technologyfrom Gracenote.

If Snocap can demonstrate that its tech-nology can be used to complement Groksterwith no (or even reasonable) modificationsto the Grokster software, then the musicindustry will have a demonstrable case thatcombined solutions are technically workable.As a legal matter, the labels could then credi-bly argue that file-sharing networks areavoiding integrating fingerprint filteringtechnology on purpose. By contrast, any P2Pnetwork would risk losing most of its exist-ing customer base if it were forced to convertitself to a copyright-respecting operation,whether using fingerprint filtering, encryp-tion-based DRM, or some other technology.

Yet even if the existing file-sharing net-works find ways to show that fingerprint fil-tering technology does not work with them,

record companies will find other ways to usethe technology to build legitimate onlinemusic services. Therefore, any type of P2P ser-vice that uses fingerprint filtering will serveas ballast in the market to induce DRM-enabled services to add more P2P-like func-tions, such as CD burning or playlist sharing.Most DRM technologies can be configuredto provide those features as well, if contentowners desire them.

Alternatives to Coexistence

Filtering of individual compositionswould be the economically efficient means ofrestraining infringing uses while allowinglegitimate users continued unrestrictedaccess to unprotected files. However, if filter-ing is not technically practical (the questionof practicality with respect to integrating fil-tering with existing P2P networks likeFastTrack and Gnutella is hotly debated atthis time) or courts otherwise fail to deal ade-quately with the legality of P2P technology,the content industries may yet consider addi-tional devices to counter copyright violation.The industry is already employing or advo-cating three primary strategies:

Spoofs and DecoysRights owners may seed false versions of

songs in file-sharing networks using spoofsand decoys available from services such asOverpeer, Vidius, and Media Defender.114

With spoofs, users’ attempts to downloadparticular songs may hit planted ruses withcomplete silence, spoken messages, or repeat-ed loops. Problematically, spoofing strategiesface the generic difficulty that the nextattempt to take a song is literally a mouseclick away. That is, if a track fails, the usermay retry by moving to the next song listingdisplayed on his or her screen. Spoofing thenis practical only to the degree that the addi-tional delays are annoying enough to dis-suade such continued efforts. Protectionthrough spoofing is more likely to be effec-tive with movies that last two or three hours

13

Even if the existing file-sharing networksfind ways toshow that finger-print filtering technology doesnot work withthem, recordcompanies willfind other waysto use the tech-nology to buildlegitimate onlinemusic services.

than with record tracks that can be sampledin a few minutes.

User LawsuitIn September 2003 the major labels began

a legal war against big uploaders by directlysuing them for copyright infringement.There was some survey evidence that the ini-tial Recording Industry Association ofAmerica (RIAA) campaign communicated itsbasic point and reduced the overall size of thedownloading population as an immediateconsequence.115 However, music industrygains may be for naught if new technologieskeep evolving and file-sharing activity keepsgrowing; the most careful scholarly study ofP2P finds no evidence of a long-run slow-down in total file-sharing activity,116

although users seem to be moving from pre-vious market leader KaZaA to new orimproved alternatives such as eDonkey,117

BitTorrent,118 and Limewire.119 If settlementamounts cover costs, there is no particulareconomic reason to stop litigation. However,the number of network nodes appears to bequite high; the top 1 percent of the popula-tion, which may account for 40 percent ofseeded tracks,120 now numbers approximate-ly 400,000 people spread throughout theworld.121 Moreover, the publicity conse-quences are negative to the industry; themusic industry has certainly alienated someportion of its fan base, particularly youngerusers who are potentially more enthusedabout new uses of digital technology.

LegislationThe content industry’s most recent leg-

islative response to the file-sharing problemwas the Inducing Infringement of Copy-rights Act of 2004122 (known as the InduceAct for short), sponsored by Sen. OrrinHatch (R-UT). If the Induce Act had passed,it would have enabled courts to find P2P net-works like Grokster and Morpheus guilty of“inducing” consumers to infringe. Thatdetermination would have involved a judicialassessment of the intent of a P2P network (orother type of service) to induce infringement.

The act failed to pass in 2004, but SenatorHatch intends to try again in 2005.123

Legislative efforts that outlaw technology forprospective harm deserve real caution; anoverly broad bill can implicate existing orprospective technologies with some benefitand chill efforts by researchers unsure of thefinancial consequences of aggressive litiga-tion and a legal status that will depend oncourt enforcement in common law.

Cooperative NoticeWhen initiating action against individual

users found to upload files to P2P networks,the RIAA now must institute lawsuits againstanonymous John Doe defendants beforelearning from their ISPs the identities of theinfringers.124 Although ISPs may reasonablywish to protect subscriber privacy, they canfacilitate settlement and reduce likely pay-ments if they cooperate with the contentindustries. A template strategy has been initi-ated at UCLA. To encourage ISPs to partici-pate, the RIAA could agree to allow a wider“safe harbor” against contributory infringe-ment, which is now normally activated oncefirst awareness is established.125 The RIAAmay wish to compensate ISPs for the costs,eliminating one conceivable excuse for non-compliance. That may seem an ideal solu-tion, but it has little chance of emerging.Given present ISP concerns about commoncarrier status, an engagement on behalf ofcopyright owners may expose them to addi-tional requests for other classes of offendingcontent, such as libel, obscenity, indecency,and fraud.

Compulsory Licensing and LeviesAnother strategy for government involve-

ment emerges from academic advocates ofcompulsory licensing. Under a number of pro-posals, users could freely download some sub-set of music, movies, or other content throughP2P networks of various natures.126 Appropri-ate levy amounts would be determined byCongress or the Copyright Office, or both.Revenues would be collected on Internet sub-scriptions, computers, storage media, and

14

Legislative effortsthat outlaw

technology forprospective harm

deserve real caution; an overly

broad bill canimplicate existing

or prospectivetechnologies.

other services and hardware that have thepotential to be used for an infringing activity.Collections in the United States would be dis-tributed to copyright owners per valuesassigned by a royalty tribunal or arbitrationpanel convened by the Copyright Office.

There are five practical problems with thisscheme. First, the levies would be assessed onindividual equipment purchasers and Internetsubscribers regardless of their actual use ofP2P technology and level of copyrightinfringement; computer users would beharmed by a system of taxation that wouldreduce their wealth and possibly stifle theirpurchases and upgrades of equipment andbroadband service. Second, the panel wouldface the daunting task of parsing out a fixedpot of revenues to contending uses and deter-mining the relative worth of each—a shortnovel, a two-hour movie, a three-minute song.Third, there is no apparent means for resolv-ing international theft; the U.S. Congressclearly cannot levy a fee on computers or ISPsubscriptions of foreign citizens. Fourth,administrative costs are daunting; as con-sumers download increasing amounts of con-tent, copyright administrators and legislatorswill need to reconvene hearings annually justto adjust the tax instrument in order to keepup with revenue requirements.

Finally, in the foreseeable event that con-tent downloading outgrows anticipated levydollars, compensation per individual workwould necessarily diminish. Content ownerswould then fight for a revenue pot that boreno direct relation to the value of underlyingcontent. The uncertain nexus between indi-vidual effort and anticipated reward evident-ly harms the incentive of a content providerto invest the resources needed to produceand bring its commercial wares to market.

Conclusion

Peer-to-peer file sharing is a useful tech-nology that may greatly empower consumers,musicians, and record labels. But support forP2P must not become support for unautho-

rized downloading and related copyright vio-lations. If unchecked, unauthorized down-loading can continue to take standingground from competitive services that vie forsurvival in the same market.

Property rights on P2P networks can beprotected through DRM technologies thatstop unauthorized reproduction and distri-bution. Effective DRM makes possible anumber of different business models, includ-ing those with P2P features, which may thencompete with one another for market share.

Competing technologies and businessmodels make possible the market battles thatcontribute to “creative destruction.” In anenvironment that is imperfectly understoodbut learnable, economic efficiency must beproperly gauged by the capacity to test infor-mation and adapt accordingly; which con-trasts with static welfare measures commonin economic textbooks. With so important arole for competition among different tech-nologies, and so much clearly left to learn inthe digital content paradigm, governmentshould be in the position of protecting prop-erty rights, including copyright.

Government should act to protect proper-ty rights, including copyrights, but it shouldnot pick winners or discourage any technolo-gy from competing in this new marketplace.In other words, P2P and DRM technologiesshould be left free to evolve together to meetthe also-evolving needs of the market forcopyrighted works.

Notes1. A&M Records, Inc. v. Napster, Inc., 114 F. Supp.2d 896 (N.D. Cal. 2000); 239 F.3d 1004 (9th Cir.2000).

2. David Lange, “Recognizing the PublicDomain,” Law and Contemporary Problems 44, no. 4(1981): 147; Yochai Benkler, “The Battle over theInstitutional Ecosystem in the Digital Environ-ment,” Communications of the ACM 44, no. 2 (2001)84; and Lawrence Lessig, The Future of Ideas: The Fateof the Commons in a Connected World (New York:Vantage Books, 2002), pp. 249–61.

3. Benny Evangelista, “Scour Expands Napster’s

15

Governmentshould act to protect propertyrights, includingcopyrights, but itshould not pickwinners or discourage anytechnology fromcompeting in thisnew marketplace.

Concept beyond Swapping Music,” San FranciscoChronicle, May 18, 2000, http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/05/18/BU84030.DTL&type=tech_article(retrieved August 22, 2004). Scour filed for bank-ruptcy after the record and movie industry filedsuit against it.

4. Relevant papers can be viewed at http://www.riaa.com/news/filings/aimster.asp (retrieved August22, 2004).

5. Metro-Goldwyn-Mayer Studios et al., v. Grokster, Ltd.,et al., 259 F. Supp. 2d 1029 (C.D. Cal. 2003); 2004 WL1853717; —-F.3d—— C.A.9 (Cal.), 2004, http://tech-lawadvisor.com/docs/mgm-grok ster.html.

6. Sony Corp. v. Universal City Studios Inc ., 464 U.S.417, 453 (1983).

7. The district court in Universal City Studios v.Reimerdes held that users may not break accessprotection even to enable fair use protected in theCopyright Act. “Defendants are not here sued forcopyright infringement. They are sued for provid-ing a technology designed to circumvent techno-logical measures that control access to copyright-ed works. . . . If Congress had meant the fair usedefense to apply to such actions, it would havesaid so. Indeed, as the legislative history demon-strates, the decision not to make fair use a defenseto a claim under Section 1201(a) was quite delib-erate.” 82 F. Supp. 2d 211 (S.D. N.Y. 2000).

8. Joseph A. Schumpeter, Capitalism, Socialism andDemocracy (New York: HarperCollins, 1947).

9. See, for example, Mike Godwin, What EveryCitizen Should Know about DRM (Washington:Public Knowledge and New America Foundation,2004), http://www.publicknowledge.org/content/overviews/citizens-guide-to-drm/attachment(retrieved August 13, 2004).

10. David Friedman, “In Defense of PrivateOrderings: Comments on Julie Cohen’s ‘Copy-rights and the Jurisprudence of Self-Help,’”Berkeley Technology Law Journal 13 (1998): 1151.

11. Wendy Gordon, “Intellectual Property asPrice Discrimination: Implications for Contract,”Chicago-Kent Law Review 73 (1998): 1367.

12. Carl Shapiro and Hal R. Varian, InformationRules (Boston: Harvard Business School Press,1999), pp. 53–82.

13. MusicNet was originally owned by WarnerBrothers, EMI, BMG, and RealNetworks, andPressplay was owned by Universal and Sony.MusicNet made available to service retailers

wholesale service, including content packaging,distribution, and e-commerce services, andPressplay provided both the latter services and theuser interface.

14. For example, Pressplay users chose amongBasic ($9.95 for 300 streams and 30 downloads),Silver ($14.95 for 500 streams, 50 downloads, and10 burns), Gold ($19.95 for 750 streams, 75 down-loads, and 15 burns), and Platinum services($24.95 for 1,000 streams, 100 downloads, and 20burns). John Borland, “Pressplay to OfferUnlimited Downloads,” CNet News.com, July 31,2002. Basic listeners of MusicNet services pur-chased through RealNetworks paid a monthly feeof $4.95 to stream 100 songs and download 100more, $9.95 for a combined package with addi-tional Net radio services, and $19.95 for a GoldPasssubscription with sports, entertainment, and newsprogramming. By contrast, AOL offered basicMusicNet service (20 streams, 20 downloads) for$3.95 per month, unlimited streams and down-loads for $8.95, and 10 additional burns for $17.95.John Borland, “NetMusic Gets AOL Audition,”CNet News.com, February 26, 2003.

15. John Borland, “Apple Unveils Music Store,”CNet News.com, April 28, 2003; and “iTunes Sells1.5 Million Songs during Past Week: Five TimesNapster’s First Week Downloads,” Yahoo!Finance,November 6, 2003.

16. Ibid.

17. Ibid.

18. John Borland, “How Much Is Digital MusicWorth?” CNet News.com, December 8, 2003.

19. John Borland, “Apple’s Music: Evolution, NotRevolution,” CNET News.com, April 29, 2003.

20. Forrester Research, “Commentary: Facing theMusic,” CNet News.com, October 20, 2003; and“MusicMatch 8.1,” Tech News, CNet Reviews.

21. Ibid.

22. Ibid.

23. Ibid.

24. John Borland and Jim Hu, “Yahoo’s Long andWinding Music Road,” CNet News.com, September14, 2004.

25. John Borland, “Napster Launches: Minus theRevolution,” CNet News.com, October 9, 2003.

26. John Borland, “Napster: 5 Million SongsSold,” CNet News.com, February 23. 2004.

16

27. Ibid.

28. Roxio, which purchased the Napster brandassets in 2003, divested itself of its legacy CDburning and editing software products in order tofocus entirely on the online music service. JohnBorland, “Betting It All on Napster,” Tech News,CNet News.com, September 1, 2004.

29. Peter Cohen, “Apple and RealNetworks—TheReal Story,” Yahoo!News, April 16, 2004 (retrievedApril 29, 2004). Real Networks purchasedRhapsody in 2003 from Listen.com, which origi-nally conceived the service as an all-streamingsubscription service.

30. “Real Pushes Harmony with Aggressive PriceCut,” Digital Music News, August 17, 2004, http://www.digitalmusicnews.com/yesterday/august2004(retrieved August 17, 2004).

31. Ibid.

32. Cohen.

33. Pew Internet and Daily Life Project, http://www.pewinternet.org/reports (retrieved April 29,2004); see also Frank Barnako, “CNET LaunchesFree Music Downloads,” CBS MarketWatch.com,April 26, 2004 (retrieved April 29, 2004).

34. http://www.ipsos-na.com/news/pressrelease.cfm?Id=2100 (retrieved April 10, 2004).

35. “Independent Record Labels Eye New Group,”MSNBC.com, http://msnbc.msn.com/id4631891(retrieved April 10, 2004).

36. Richard Shim, “Sony Unveils Music Store:Gadgets at CES,” CNet News.com, January 7,2004.

37. Ibid.

38. “Sony Corporation of America Will LaunchOnline Music Service in Spring 2004,” http://www.connect.com/press_releases/01.07.2004.Launch.html (retrieved April 10, 2004).

39. Bill Rosenblatt, “Sony and BeepScience PowerAdvanced European Mobile Music Service,” DRMWatch, September 23, 2004, http://www.drmwatch.com/ocr/article.php/3412081.

40. John Borland, “Virgin Launches Online MusicService,” CNet News.com, September 26, 2004.

41. Dinesh C. Sharma, “Version Takes on iPod,”CNet News.com, October 12, 2004.

42. http://music.msn.com/default.aspx (re-trieved October 13, 2004).

43. Ian Austen, “Big Stores Make Exclusive MusicDeals to Bring in Music Buyers,” New York Times,December 29, 2003, p. C1.

44. http://musicdownloads.walmart.com (re-trieved January 13, 2004).

45. “Circuit City Stores, Inc., to Purchase Assets ofMusicNow, Inc.,” http://biz.yahoo.com/prnews/040331/nyw057a_1.html (retrieved April 10, 2004).

46. Brian Garrity, “Main Street Goes Digital,”Billboard, April 17, 2004.

47. “Big Brands Use ‘Free Music’ to Draw TeenConsumers” and “Coke to Launch Music Down-load Service in U.K.,” Grammy.com NewsWatch,http://www.grammy.com/news/newswatch/2004/0107.aspx (retrieved April 10, 2004); see alsoReuters, “Want Some Springsteen with That BigMac?” CNet News.com, March 22, 2004, http://news.com.com/2100-1023-5177324.html.

48. “Loudeye, Microsoft Offer Digital MusicService,” http://www.grammy.com/news/newswatch/2004/0107.aspx (retrieved April 10, 2004). Radiostations are now owned by AT&T Wireless andGibson Audio.

49. “Music Bundled with Cable: The RightChoice?” Digital Music News, August 30, 2004, http://www.digitalmusicnews.com/yesterday/august2004 (retrieved August 30, 2004).

50. “Are Indies Spurring the iTunes Catalog Lead?”Digital Music News, August 12, 2004, http://www.digitalmusicnews.com/yesterday/august2004 (retrievedAugust 12, 2004).

51. “Microsoft Announced MSN Music Store, ManyPlayers,” Digital Music News, October 12, 2004, http://www.digitalmusicnews.com/yesterday/august2004(retrieved October 12, 2004).

52. “AudioLunchbox Serves Massive Indie Catalog,”Digital Music News, October 4, 2004, http: //www.digitalmusicnews.com/yesterday/october2004(retrieved October 4, 2004).

53. “INgrooves and the Emerging Digital RecordLabel,” Digital Music News, September 14, 2004,http://www.digitalmusicnews.com/yesterday/august2004 (retrieved September 14, 2004).

54. Lynne Margolis, “Independent’s Day,” ChristianScience Monitor, April 11, 2003, http://www.csmonitor.com/2003/0411/p13s02 (retrieved September27, 2004).

55. See, for example, http://www.narip.com/index.php?page=article/Shrinking (retrieved October 5,2004).

17

56. The RIAA reported in 2003 an average store CDprice of $15.05 (dividing annual revenues by salesunit volume, on year-end statistics available on theirwebsite). Recording Industry Association ofAmerica, Yearend Statistics: 2003, http://www.riaa.com/news/newsletter/pdf/2003yearEnd.pdf(retrieved October 14, 2004) Based on availablenumbers in 2001, 53 percent of collected retail rev-enue went to the recording label; the remainder tothe store and intermediate distributor. WilliamFisher, Promises to Keep: Technology, Law, and the Futureof Entertainment (Stanford, CA: Stanford UniversityPress, 2004), chaps. 6, 11, http://cyber.law.harvard.edu/people/tfisher/PTKChapter6.pdf (retrievedOctober 5, 2004). Multiplying $15 by 53 percent, alabel then receives $8.00 wholesale. Deducting $1 to$1.50 for manufacturing and packaging of the diskand box gives $6.50–$7.00.

57. Borland, “How Much Is Digital Music Worth?”

58. May Wong, “Napster Receives New Life asPublic Firm,” Yahoo! News, September 17, 2004.

59. Rosemont Enterprises Inc. v. Random House Inc.,366 F.2d 303, 306 (2d Cir. 1966), cert. denied, 385U.S. 1009, 87 S.Ct. 714, 17 L. Ed. 2d 546 (1967).

60. 17 U.S.C. § 107 (2000).

61. Sony at 441.

62. 17 U.S.C. § 109 (2000).

63. 17 U.S.C. § 1008 (2000). See also RIAA v.Diamond Multimedia Sys., 180 F.3d 1072 (9th Cir.1999), at 32.

64. In the same respect, CD tracks, once batteneddown with strict anti-copying protections, nowaccommodate (through extra files packaged inMicrosoft Windows Media Audio Format withWindows Media DRM) limited burning, tempo-rary sharing, and additional uploadable contentthat provide an enhanced listener experience onthe PC. John Borland, “Copy Protected CDs TakeStep Forward,” CNet News.com, September 12,2003.

65. Ann Okerson, associate director of the YaleUniversity Library, continues to stand by com-ments that she made in 1997 concerning librariesand fair use: “The market has brought librariansand publishers together; the parties are discoveringwhere their interests mesh; and they are beginningto build a new set of arrangements that meet needsboth for access (on the part of the institution) andremuneration (on the part of the producer). . . .[Price issues notwithstanding], libraries are able tosecure crucial and significant use terms via sitelicenses, terms that often allow the customer’s stu-

dents, faculty, and scholars significant copying lat-itude for their work . . . , at times more than what is per-mitted via the fair use and library provisions of theCopyright Act of the U.S. [emphasis ours]. AnnOkerson, “The Transition to Electronic ContentLicensing: The Institutional Context in 1997,”Paper presented at Scholarly Communication andTechnology Conference of the Andrew W. MellonFoundation, Emory University, April 24–25, 1997,p. 1, http://www.library.yale.edu/~okerson/mellon.html.

66. Currently, there are two primary “competing”rights expression languages (RELs). One is OpenDigital Rights Language (ODRL), which theOpen Mobile Alliance has adapted for use in itsset of standards for wireless devices; the other iseXtensible Rights Markup Language (XrML),which Microsoft uses in its DRM technologiesand which the Moving Picture Experts Groupadapted for its MPEG REL standard, which isnow an ISO standard as well.

67. Bill Rosenblatt, “RealNetworks and MotorolaOpen iTunes/iPod Stack,” DRM Watch, July 28,2004, http://www.drmwatch.com/drmtech/article.php/3387481.

68. “Interoperability Nightmare Spells Entrepe-neurial Opportunity,” Digital Music News, September13, 2004, http://www.digitalmusicnews.com/yes-terday/september2004 (retrieved September 13,2004).

69. Governing American law appears in 17 U.S.C.1201(a); copyright law in most European Unioncountries permits such copies to be made for pri-vate use by consumers and their family members.

70. It is too early in the market for digital videostreaming to predict winners , as PCs, the Internet,digital cable, and mobile telecommunicationsnetworks begin to converge and boundariesbetween them begin to blur.

71. For example, the number of popular physicalaudio formats has averaged two, such as the CDand cassette in recent times, the LP and 8-tracktape in the late 1960s, and the VHS videocassettein the 1980s and most of the 1990s.

72. For example, Oracle, Microsoft, and IBM indatabase software; Microsoft, Sun Microsystems,and Linux in server operating systems; Sun, IBM,and BEA in Internet application server software.

73. At the time of this writing, a new standardsinitiative is beginning that is attempting toachieve DRM standardization through serviceprovision instead of by standardizing content for-mats or individual DRM technologies. The Coral

18

Consortium’s initial members include Sony,Philips, InterTrust, HP, Toshiba, Samsung, andTwentieth Century Fox film studios. BillRosenblatt, “Coral Consortium Aims to MakeDRM Interoperable,” DRM Watch, October 7,2004, http://www.drmwatch.com/standards/article.php/3418741.

74. Bill Rosenblatt, “Consumer Broadband andDigital Television Promotion Act (CBDTPA),”DRM Watch, March 22, 2002, http://www.drmwatch.com/special/article.php/3095121.

75. Lange; Benkler; and Lessig.

76. For example, Project Gutenberg, which “. . . isthe oldest producer of free electronic books(eBooks or etexts) on the Internet. Our collectionof more than 12,000 eBooks was produced byhundreds of volunteers. Most of the ProjectGutenberg eBooks are older literary works thatare in the public domain in the United States. Allmay be freely downloaded and read, and redis-tributed for non-commercial use.” http://www.gutenberg.net (retrieved August 23, 2004).

77. For example, the Prelinger Archives, whichwas founded in 1983 by Rick Prelinger in NewYork City. Over the next 20 years, it grew into acollection of more than 48,000 “ephemeral”(advertising, educational, industrial, and ama-teur) films. In 2002 the film collection wasacquired by the Library of Congress, MotionPicture, Broadcasting and Recorded SoundDivision. Prelinger Archives remains in existence,holding approximately 4,000 titles on videotapeand a smaller collection of film materialsacquired subsequent to the Library of Congresstransaction. http://www.archive.org/movies/prelinger.php (retrieved August 23, 2004).

78. Dawn C. Chmielewski, “Music Labels UseFile-Sharing Data to Boost Sales,” San JoseMercury News, March 31, 2004, http://www.mercurynews.com/mld/mercurynews/news/8318571.htm?1c.

79. “Jam Bands Redefining Economics of MusicIndustry,” Glide Magazine, July 18, 2003, http://music.press-world.com/v/1448.html (retrievedJune 12, 2004).

80. Metro-Goldwyn-Mayer.

81. Ibid.

82. “Online Music’s Winners and Losers,” CNetNews.com, December 27, 2003, http://news.com.com/2030-1027_3-5133561.html.

83. See generally Brad Cox, Superdistribution:

Objects as Property on the Electronic Frontier (NewYork: Addison-Wesley, 1995).

84. Note that this capability appears to contra-vene the first sale doctrine in copyright law, 17U.S.C. §109, which holds that once a consumerhas purchased a work from its owner, the ownermay not derive benefit from any further transac-tions in that work that the purchaser might careto make. This law engenders the existence of pub-lic libraries, video rental stores, used bookstores,and so on. Case precedent for first sale’s applica-bility to digital (as opposed to physical) contenthas not been established; therefore the mediaindustry holds it to be inapplicable, thereby clear-ing the way for Superdistribution schemes of thetype discussed.

85. An important example was IBM’s infoMarketsystem of the mid-1990s, which used one of theearliest full-fledged encryption-based DRMschemes, the Cryptolope. InfoMarket was highlycomplex and expensive to implement, in partbecause it had to include a number of e-com-merce software components that today would becommonplace.

86. For example, if a user legitimately purchases afile and sends a copy of it to someone else, therecipient will not be able to access the content.Services that claim to support Superdistributiontoday will typically present the recipient with aURL, which he or she can click to purchase rightsto that file. That is a shallow approximation of truemultitier Superdistribution, which allows for dif-ferent commerce models at each distribution step.

87. http://www.wippit.com (retrieved August 31,2004).

88. Bill Rosenblatt, “Two Major Labels Wippit,”DRMWatch.com, March 18, 2004, http://www.drmwatch.com/ocr/article.php/3327821.

89. In so doing, the filtering technology identifiesboth the song and its copyright owner. The tech-nology is not dependent on the designated namesof the songs and therefore can be trumped nei-ther by the use of reconfigured titles (a commontactic in the original Napster system) nor by triv-ial changes in the data, which would fool a systembased on simpler analysis techniques such as hashcalculations.

90. Bill Rosenblatt, “Qtrax to Launch BMI-Licensed File Sharing Network,” DRMWatch.com,May 20, 2004, http://www.drmwatch.com/ocr/article.php/3356861.

91. “Alternative Distribution Methods GainGround,” Digital Music News, August 30, 2004,

19

http://www.digitalmusicnews.com/yesterday/august2004 (retrieved October 14, 2004).

92. “Streaming P2P App Confuses Piracy Picture,”Digital Music News, September 12, 2004, http://www.digitalmusicnews.com/yesterday/september2004 (retrieved September 12, 2004).

93. Jack M. Germain, “Beyond File Sharing: P2PRadio Arrives,” TechNewsWorld, September 18,2004, http://www.technewworld.com/story/36728.html (retrieved October 13, 2004).

94. 17 U.S.C. 115 (2001).

95. Sony at 453.

96. A&M Records v. Napster, Inc., 239 F.3d 1004,1020 (9th Cir. 2001).

97. In Re Aimster Copyright Litigation, 334 F.3d643 (7th Cir. June 30, 2003). Aimster (a.k.a.,Madster) was a file-sharing service built on AOL’sinstant messenger service and a central mecha-nism that helped users locate files on one anoth-er’s systems.


99. Ibid.

100. John Borland, “Hollywood Takes P2P Case toSupreme Court,” CNet News.com, October 8, 2004,http://news.com/Hollywood+takes+P2P+case+to+Supreme+Court/2100-1027_3-5403915.html.

101. Ibid. The district court issued a revised pre-liminary injunction that enjoined Napster fromcopying, downloading, uploading, transmitting, ordistributing copyrighted sound recordings. A&MRecords, Inc. v. Napster, Inc., No. C 99-05183 MHP,2001 U.S. Dist. LEXIS 2186 (N.D. Cal. March 5,2001). When Napster was unable to comply withthe requirements, the court temporarily shut downthe service, which led to its bankruptcy.

102. The process of locating information on theGrokster system was made possible by concentrat-ing information at nodal points located on usermachines that accumulated and passed on infor-mation from nodes on surrounding computers.Streamcast used a Gnutella system that simplypassed information requests from machine tomachine. By contrast, Napster used a centralizeddirectory to which all requests were routed.

103. Sony at 453.


105. Ibid., IV.B.c. Vicarious liability can be

imposed where a defendant has the right and abil-ity to supervise the infringing activity and a directfinancial interest in it. Fonovisa Inc. v. CherryAuction, Inc. 76 F.3d 259, 262 (9th Cir. 1996);Napster, 239 F.3d at 1022. In making its conclu-sion, the Grokster court acknowledged that it was“not blind to the possibility that defendants mayhave intentionally structured their businesses toavoid secondary liability for copyright infring-ment, while benefiting financially from the illicitdraw of their wares.” Grokster, 259 F. Supp. at1046. This contrasts with Casella v. Morris, 820F.2d 362, 365 (11th Cir. 1987), where the courtheld that willful blindness was knowledge. Seealso, Napster, 239 F.3d at 1023; and Aimster, 2003U.S. App. LEXIS 13229, at *17.

106. Napster, 239 F.2d at 1020 and n. 5.

107. Neil Boorstyn et al., Brief in Support ofReversal by Amici Curiae Law Professors andTreatise Authors Neil Boorstyn, Jay Dougherty,James Gibson, Robert Gorman, Hugh Hansen,Douglas Lichtman, Roger Milgrim, Arthur Millerand Eric Schwartz, http://www.eff.org/IP/P2P/MGM_v_Grokster/LawProfessor_amicus.pdf.

108. In Re Aimster Copyright Litigation, 334 F.3d643 (7th Cir. June 30, 2003).

109. John Borland, “Landmark p2p Ruling Backin Court,” CNet News.com, February 2, 2004.

110. Amicus Brief of Entertainment IndustryGroups, Appeal No. 03-55894, U.S. circuit court ofthe Ninth Circuit, Section II.B, http://www.eff.org/IP/P2P/MGM_v_Grokster (retrieved May11, 2004).

111. John Borland, “File Swap Killer GrabsAttention,” CNet News.com, March 3, 2004; andJohn Borland, “New Tool Designed to Block SongSwaps,” CNet News.com, April 21, 2004. Indeed,Napster was eventually required to apply Relatabletechnology to filter infringing tracks on the basisof 34 distinct audio characteristics. “Napster,Bertelsmann’s Digital World Services Working onSecure Service,” Digital Media Wire, February 16,2001, http://www.digitalmediawire.com/archives_021601.html.

112. Bill Rosenblatt, “Universal Music LicensesCatalog to Snocap,” DRM Watch, November 18,2004, http://www.drmwatch.com/drmtech/arti-cle.php/3438001 (retrieved November 23, 2004).

113. Bill Rosenblatt, “Sony BMG and Grokster toUse Fingerprint Filtering in New Service,” DRMWatch, November 4, 2004, http://www.drmwatch.com/ocr/article.php/3431351 (retrieved November23, 2004).

20

114. John Borland, “Start-ups Try to Dupe File-swappers,” CNet News.com, July 15, 2002.

115. Peter D. Hart Research Associates confirmedthat 64 percent of consumers now understand thatit is illegal to “make music from the computeravailable for others to download for free over theInternet,” up from 37 percent in the previous year.John Borland, “RIAA Launches New File-Swapping Suits,” CNet News.com, December 3,2003. The Pew Internet and American Life Projectfound that the percentage of Americans whoadmitted downloading music fell from 29 percentin May 2003 to 14 percent in December. JohnBorland, “Building Bridges between P2PNetworks,” CNet News.com, January 16, 2004. A ver-bal survey of 5,000 voluntary respondents by NPDMusic Watch reported 20 percent activity in May,18 percent in July, 11 percent in September, and 12percent in November. Counting downloads, NPDMusicWatch Digital, which directly monitors thecomputers of 40,000 consenting households,found a dropoff in reported downloads from 18million in May to 13 million in October, a 14 per-cent increase in November, and another 21 percentdrop in December. “The NPD Group Notes RecentIncrease in Peer to Peer Digital Music File Sharing,”January 16, 2004, http://ndp.com/press/releases(retrieved April 25, 2004).

116. Thomas Karagiannis et al., “Is P2P Dying orJust Hiding?” Cooperative Association for InternetData Analysis, San Diego Supercomputer Center,University of California, San Diego, http://www.caida.org/outreach/papers/2004/p2p-dying(retrieved November 22, 2004).

117. “Mobile P2P May Present Safe Option,”Digital Music News, November 2004, http://www.digitalmusicnews.com/results?title=P2P(retrieved November 22, 2004).

118. “More P2P: BitTorrent Devours More InternetBandwidth,” Digital Music News, November 2004,http://www.digitalmusicnews.com/results?title=P2P (retrieved November 22, 2004).

119. “P2P Watch: Limewire Upgrades, TrafficSurges,” Digital Music News, November 2004,http://www.digitalmusicnews.com/results?title=P2P (retrieved November 22, 2004).

120. http://www.pcworld.com/news/article/0,aid,18166,00.asp (retrieved April 26, 2004).

121. Based on a user base of 42 million swappers.First, swappers exchange files that are downloadedto hard drives and burned to blank CDs; the aver-age downloader takes about 60 songs per month.“RIAA Lawsuits Appear to Reduce Music FileSharing according to the NPD Group,” August 21,2003, http://www.npd.com/press/releases (re-trieved April 24, 2004). By simple arithmetic, theestimated monthly total is 2.5 billion.

122. http://www.publicknowledge.org/content/legislation/legislation-induce-act/attachment(retrieved August 13, 2004).

123. Bill Rosenblatt, “Induce Act Dead for ThisYear,” DRM Watch, October 14, 2004, http://www.drmwatch.com/legal/article.php/3421731.

124. A circuit court decision in December 2003reversed a lower court decision that would haverequired Verizon to turn over subpoened names.The Supreme Court declined review in October2004. Reuters, “Justice Won’t Weight Net MusicLawsuit Tactics,” CNet News.com, October 12, 2004.

125. 17 U.S.C. § 512.

126. For a kind review, see Joe Gratz, “Reform in the‘Brave Kingdom’; Alternative Compensation Systemsfor Peer-to-Peer File Sharing,” http://www.joegratz.net/files/JosephGratz-ReformInTheBraveKingdom-Dec19.pdf (retrieved October 5, 2004). Seealso Neil W. Netanel, “Impose a Noncommercial UseLevy to Allow Free Peer-to-Peer File Sharing,” HarvardJournal of Law and Technology 17 (December 2003);Fisher, chap. 6; and Jessica D. Litman, “Sharing andStealing,” http://ssrn.com/abstract=472141, Section5 (retrieved October 5, 2004).

21

OTHER STUDIES IN THE POLICY ANALYSIS SERIES

533. Who Killed Telecom? Why the Official Story is Wrong by Lawrence Gasman (February 7, 2005)

532. Health Care in a Free Society: Rebutting the Myths of National HealthInsurance by John C. Goodman (January 27, 2005)

531. Making College More Expensive: The Unintended Consequences ofFederal Tuition Aid by Gary Wolfram (January 25, 2005)

530. Rethinking Electricity Restructuring by Peter Van Doren and Jerry Taylor(November 30, 2004)

529. Implementing Welfare Reform: A State Report Card by Jenifer Zeigler (October 19, 2004)

528. Fannie Mae, Freddie Mac, and Housing Finance: Why True Privatization Is Good Public Policy by Lawrence J. White (October 7, 2004)

527. Health Care Regulation: A $169 Billion Hidden Tax by Christopher J. Conover (October 4, 2004)

526. Iraq’s Odious Debts by Patricia Adams (September 28, 2004)

525. When Ignorance Isn’t Bliss: How Political Ignorance Threatens Democracy by Ilya Somin (September 22, 2004)

524. Three Myths about Voter Turnout in the United States by John Samples (September 14, 2004)

523. How to Reduce the Cost of Federal Pension Insurance by Richard A. Ippolito (August 24, 2004)

522. Budget Reforms to Solve New York City’s High-Tax Crisis by Raymond J. Keating (August 17, 2004)

521. Drug Reimportation: The Free Market Solution by Roger Pilon (August 4, 2004)

520. Understanding Privacy—And the Real Threats to It by Jim Harper (August 4, 2004)

519. Nuclear Deterrence, Preventive War, and Counterproliferation by Jeffrey Record (July 8, 2004)

518. A Lesson in Waste: Where Does All the Federal Education Money Go?by Neal McCluskey (July 7, 2004)

517. Deficits, Interest Rates, and Taxes: Myths and Realities by Alan Reynolds (June 29, 2004)

516. European Union Defense Policy: An American Perspective by Leslie S. Lebl (June 24, 2004)

515. Downsizing the Federal Government by Chris Edwards (June 2, 2004)

514. Can Tort Reform and Federalism Coexist? by Michael I. Krauss and RobertA. Levy (April 14, 2004)

513. South Africa’s War against Malaria: Lessons for the Developing Worldby Richard Tren and Roger Bate (March 25, 2004)

512. The Syria Accountability Act: Taking the Wrong Road to Damascus by Claude Salhani (March 18, 2004)

511. Education and Indoctrination in the Muslim World: Is There a Problem? What Can We Do about It? by Andrew Coulson (March 11, 2004)

510. Restoring the U.S. House of Representatives: A Skeptical Look at CurrentProposals by Ronald Keith Gaddie (February 17, 2004)

509. Mrs. Clinton Has Entered the Race: The 2004 Democratic Presidential Candidates’ Proposals to Reform Health Insurance by Michael F. Cannon(February 5, 2004)

508. Compulsory Licensing vs. the Three “Golden Oldies”: Property Rights, Contracts, and Markets by Robert P. Merges (January 15, 2004)

507. “Net Neutrality”: Digital Discrimination or Regulatory Gamesmanshipin Cyberspace? by Adam D. Thierer (January 12, 2004)

506. Cleaning Up New York States’s Budget Mess by Raymond J. Keating(January 7, 2004)

505. Can Iraq Be Democratic? by Patrick Basham (January 5, 2004)

504. The High Costs of Federal Energy Efficiency Standards for Residential Appliances by Ronald J. Sutherland (December 23, 2003)

503. Deployed in the U.S.A.: The Creeping Militarization of the Home Frontby Gene Healy (December 17, 2003)

502. Iraq: The Wrong War by Charles V. Peña (December 15, 2003)

501. Back Door to Prohibition: The New War on Social Drinking by Radley Balko (December 5, 2003)

500. The Failures of Taxpayer Financing of Presidential Campaigns by John Samples (November 25, 2003)

499. Mini-Nukes and Preemptive Policy: A Dangerous Combination by Charles V. Peña (November 19, 2003)

498. Public and Private Rule Making in Securities Markets by Paul G. Mahoney (November 13, 2003)

497. The Quality of Corporate Financial Statements and Their Auditors before and after Enron by George J. Benston (November 6, 2003)

496. Bush’s National Security Strategy Is a Misnomer by Charles V. Peña (October 30, 2003)

495. The Struggle for School Choice Policy after Zelman: Regulations vs. the Free Market by H. Lillian Omand (October 29, 2003)

494. The Internet Tax Solution: Tax Competition, Not Tax Collusion by Adam D. Thierer and Veronique de Rugy (October 23, 2003)

493. Keeping the Poor Poor: The Dark Side of the Living Wage by Carl F. Horowitz (October 21, 2003)

492. Our History of Educational Freedom: What It Should Mean for FamiliesToday by Marie Gryphon and Emily A. Meyer (October 8, 2003)

491. Threats to Financial Privacy and Tax Competition by Richard W. Rahn and Veronique de Rugy (October 2, 2003)

490. Defining Democracy Down: Explaining the Campaign to Repeal Term Limits by Patrick Basham (September 24, 2003)

489. EU Enlargement: Costs, Benefits, and Strategies for Central and Eastern European Countries by Marian L. Tupy (September 18, 2003)

488. War between the Generations: Federal Spending on the Elderly Set to Explode by Chris Edwards and Tad DeHaven (September 16, 2003)

487. The Balanced Budget Veto: A New Mechanism to Limit Federal Spendingby Anthony W. Hawks (September 4, 2003)

486. What Does a Voucher Buy? A Closer Look at the Cost of Private Schools by David F. Salisbury (August 28, 2003)

485. Mending the U.S.–European Rift over the Middle East by Leon T. Hadar August 20, 2003)

484. Replacing the Scandal-Plagued Corporate Income Tax with a Cash-FlowTax by Chris Edwards (August 14, 2003)

483. Casualties of War: Transatlantic Relations and the Future of NATO inthe Wake of the Second Gulf War by Christopher Layne (August 13, 2003)

IEEE INTERNET COMPUTING 1089-7801/03/$17.00©2003 IEEE Published by the IEEE Computer Society MAY • JUNE 2003 59

Secu

rity

Tra

ck

L. Jean CampHarvard University

The copyright system’s legal, technological, and economic

foundations define key concepts that have significant

implications for digital rights management system design.

Digital rights management (DRM)systems are explicitly modeled onthe copyright system.1 Just as

engineers fundamentally build on firstprinciples, legal scholarship is built onprecedent and history. Yet this can resultin a myopic focus on legal precedent thatoverlooks the role of technological change,and is thus overly reductionist. Copyrighthas always been a legal regime embeddedin a technological system — particularlythe printing press; advances in analogmedia continue to be its primary drivers.Copyright was one solution of many cre-ated to govern the “information explosion”enabled by the moveable-type press. Noother regulatory innovation for informa-tion has spread as widely and quickly orproven as long-lived because none hasbeen as successful.2

The copyright system serves severalkey functions.

• In the marketplace, it protects theauthor’s reputation (by prohibiting

one person from claiming another’swork) and the work’s monetary value(by requiring remuneration of thecopyright holder).3

• The combination of archiving andcontent integrity ensures that a doc-ument’s content is not changed dur-ing storage.

• Analog mass-produced informationprovides surety through persistence(ensuring that a document survivesunaltered and can be located).

• Together, copyright and mass-pro-duced analog media also facilitate per-sonalization through filtering andannotation. Broadcasting or mass pub-lication requires investment; a wiseinvestment requires careful selectionof the information to be published.When everyone is a publisher, filteringbecomes more valuable.4

To understand and design effectiveDRM technologies, we must expanddesign considerations beyond those dic-

First Principlesof Copyrightfor DRM Design

tated by law. Any such understanding mustinclude the role of technological and economicfactors, not simply imagining that copyright (ascreated to govern the moveable-type press) canbe recreated in a digital network by narrowlyinterpreting the law. Recognizing the reality ofsoft technological determinism5 — the idea thattechnology, by its nature, alters society as it dif-fuses throughout it — in creating copyright leadsus to identify a larger technological, economic,and legal system, which I call copy accuracy.

While free and open source might be optimalfor some forms of software, I conclude that neithercurrent DRM systems nor free software is optimalfor a functional market for general digitally net-worked goods. As now implemented, DRM systemsboth undermine and serve copy accuracy by limit-ing archiving and access while increasing poten-tial remuneration for the creator.

Copyright:A Legal Technical ConstructThe legal construct of copyright was created at atime of dramatic change in the economics and tech-nology of information. In 1710, the movable-typepress facilitated widespread diffusion of mass-pro-duced analog content. Copyright has changed sig-nificantly in the ensuing 300 years, but the incre-mental changes were driven largely by advances inanalog media. The change from custom hand-copied materials or fixed-plate presses to the print-ing press was a revolution of the word. The tech-nology changed the economics, and together theseforces played a part in changing the law.

Technical ChangesBefore the creation of the printing press, to copy awork was to be an agent of the authors, servingtheir greatest interest. Rather than theft, copyingwas the only way to save a manuscript. Archivingwas expensive and documents fragile. The natureof hand copies made referencing and validationextraordinarily difficult because “scribal drift” aseach copier introduced unique human errors thatcaused content decay and made each copy less

accurate than the original.With the printing press came the possibility of

conflict between copier and author. For the firsttime copying became systematically profitable, sothat copiers (now printers) could profit from theauthor’s words. Both for hand copies and theprinting press, copying and filtering were tightlyintegrated. To copy by hand was to carefullyselect content; to print was to examine materialas an investment before selecting and orderingwhat was included.5

The movable-type press intimately tied distrib-ution and reproduction together as the mass cre-ation of identical copies necessitated a distributionmechanism. Unlike hand copying, which focusedon preservation rather than profit, printing turnedcopying into a potentially profitable endeavor —but only if the printed material could be distrib-uted and sold. Increased distribution increasessurety because changing every copy becomesextremely difficult once they are disseminated; noteven the author can alter a document’s contentwithout detection once it is stored in multiplearchives. Moreover, the physical nature of papermakes changes difficult to make.

Personal annotations were possible for hand-copied and printed material. Such annotationsmaintain their integrity when printed content isshared, and individuals can use them to enhancereferencing and personal filtering. Digital annota-tion can be made simpler (as with revision tools)or impossible (as with copy-prevention tools).

Legal ChangesBefore copyright came to Europe, informationbelonged to Crown or Church, with the rare authorreceiving some ownership.6 In the debates of the18th century, however, information rights werehotly and explicitly contested. The Church and dif-ferent nations across Europe tried myriad licens-ing regimes before copyright.

Created as “an Act for the encouragement ofLearning,”7 the Copyright Act

• gave ownership rights to authors rather thanprinters, booksellers, or the Crown;

• established a finite term for ownership rights;• defined violations of the act as civil, rather

than criminal, offenses; and • required content creators to deposit copies of

works to be copyrighted with several designat-ed institutions (Oxford, Cambridge, Sion Col-lege, the royal library, Edinburgh, and fourunnamed Scottish universities).

60 MAY • JUNE 2003 http://computer.org/internet/ IEEE INTERNET COMPUTING

Security Track

The effects of moveable-type

printing are so ubiquitous that

they are now invisible.

To a degree, some of these aspects were continua-tions of existing traditions. Depository laws hadan established history, for example, dating fromcopy requirements enacted by various monarchsseeking to build personal or national libraries. Thedepository requirement for the royal library thusfollowed existing statutes, but the universityrequirements were new.

Thus, in signing the Copyright Act, QueenAnne arguably created the concept of “fair use.”Today, fair use allows educators to use copyright-ed material and creators to build on the work ofothers. The requirements for deposit in the lib-raries actually made educational and creative usefeasible. Other aspects of the new law were moreradical. Prior to this time, for instance, patentsand privileges did not expire because the owner-ship of the Crown was absolute and eternal; theCopyright Act now defined ownership rights fora term of 14 or 21 years. More importantly, thelaw introduced a new market right in the right toown an expression. This was especially significantbecause individual ownership and expression ofideas runs in direct opposition to the power of theabsolute state.

In this article, I ignore two other elements ofcopyright law — the human right of expressionand the moral right of expression — because theydo not provide utilitarian guidance for designingDRM systems. Freedom to access information andprivacy rights are also human rights, confusing thematter further, but I have chosen to maintain autilitarian focus.

Economic ChangesThe effects of moveable-type printing are so ubiq-uitous that they are now invisible.5 Four criticaldistinctions exist between digital and mass print-ed material, however:

• Reputation is bound to content on paper. Be-cause it is difficult to change widely distributedmass-produced content, it is difficult to con-vincingly steal another’s idea after its publica-tion. Information trustworthiness is an ancientproblem. The concept of a trusted third partyis as old as the library or temple, which onceheld canonical documents and provided copiesas needed to institutions lower in the hierar-chy. Now digital publications can changerapidly, unpredictably, and still appear perfect.Servers are not as persistent as cathedrals stor-ing content.

• Distribution is, effectively, archiving for mass-

printed material. Books are distributed in a for-mat that requires conscious decisions to storeor remove. In contrast, distribution via Websites places content into short-lived caches.Altered versions can entirely replace originaldocuments on servers, or they can create con-fusion over which version is to be trusted. Ver-sion control and archiving are promising areasof research, but these remain research areasrather than solved problems.

• Filtering is integrated into publication, distri-bution, and copying in the world of the print-ed page. Filtering’s value is difficult to ascer-tain, particularly in the case of collaborativefiltering. An information economy is truly anattention-span economy insofar as users’attention becomes scarce relative to abundantinformation, making filtering more valuablethan ever.8

• Digital copying is almost costless. Unlike withanalog publications, distribution costs areasymptotically declining toward zero, andaltering and redistributing digital documentsis trivial.9

Copyright law does not address the value of filter-ing or the importance of persistence because theseare embedded in the mass production of analoginformation goods.

Existing DRM SystemsBoth DRM proponents and opponents claim thehigh ground in terms of enhancing education andinformation markets. In this section, I describeDRM technologies that putatively implement thefunctions of copyright, as well some technologiesthat break the DRM protection. To describe AdobeeBook, the Content Scrambling System, and Gio-vanni with respect to copy accuracy, requires anexamination of the Advanced eBook Processor(AeP) and DeCSS.

eBooksAdobe eBook (www.adobe.com/support/ebookrdrfaq.html) claims to directly implement the printedbook in the electronic realm. The AeP (www.elcomsoft.com/aebpr.html) claims to enable usersto implement features available for printed books,like the ability to keep them for the long term.Clearly, both technologies cannot be implementingthe printed book, with all copy accuracy features,given that the latter effectively negates the former.

Adobe eBook offers an excellent starting pointfor examining DRM technologies because it direct-

IEEE INTERNET COMPUTING http://computer.org/internet/ MAY • JUNE 2003 61

Digital Rights Management

ly addresses the core question of which character-istics of paper books are worth preserving in thedigital realm. Indeed, the eBook and the AeP offerfundamentally different answers to this question.

Different providers offer different bundles ofservices associated with eBook, including rights-management services, digital networked distrib-ution, and converting books to digital format. Aswith PDF, Adobe provides users a free eBookreader that is compatible with the eBook DRMsystem. Users can purchase eBook with or with-out server software, so there is no archivalrequirement, but server-based archiving isenabled by design. In contrast with paper books,however, eBooks expire. Unlike other digitalapplications, Adobe also prevents cut and pastefunctions. Moreover, Adobe eBook prohibits theuse of text-to-audio readers.

The AeP is designed to allow users to useeBooks on multiple machines, keep eBooks pastthe expiration of the users’ license, feed eBooksinto text-to-audio readers, and annotate the text. Itbreaks eBook’s encryption by using the encryptionkey stored on the user’s machine. Such an actionis prohibited in the US, but permitted for con-sumers and disabled persons in Russia. A recentUS federal court case initiated by complaints fromAdobe found that US law did not apply.

Content Scrambling System The content scrambling system (CSS; www.elcomsoft.com) is the standard for the content pro-tection system architecture (CSPA) embedded in dig-ital video discs (DVDs) and players. In the case ofCSS, the content is video and the metadata consistsof a region code — digits that identify a marketingregion — that enables geographic price discrimina-tion by content owners and distributors and pre-vents regional arbitrage.

Every DVD player has a small set of player keys(in case one key is compromised) that it can useto extract each DVD’s title key, which CSS uses toencrypt disc content. Each CSS-protected DVDbegins with a hashed disk key (5 bytes). After thehashed value, the full disk key is listed on the discas encrypted in all of the 409 player keys. EveryCSS licensee receives a player key when theyagree with the Motion Picture Association ofAmerica (MPAA) on license terms. Assuming theplayer has a valid key, the player confirms that itis using the correct key for the given disk by hash-ing the decryption of the disk key. The hashed,decrypted key should be equal to the 5 bytes at thebeginning of the CSS block. Once it determines

the disk key, the DVD player uses it to seed apseudorandom number generator and generate thekey that decrypts the video. If a CSS licenseeimplements an unacceptable player, the MPAAcan revoke the license by having its members sim-ply remove the corresponding encrypted disk keyfrom future DVDs.

DeCSS was developed in 1999 by Jon Johansen,in conjunction with a volunteer effort called theLinux Video and DVD project (www.linuxvideo.org),to let users play DVDs under the open-source Linuxoperating system. DeCSS subverts the CSS systemand enables unlicensed DVD players to read DVDs.DeCSS’s legality, under the US Digital MillenniumCopyright Act and under international treaties craft-ed by the World Intellectual Property ProtectionOrganization, is now being hotly contested in thecourts of Europe and the US. See the ElectronicFreedom Foundation (www.eff.org) and HarvardLaw School’s Berkman Center for Internet and Soci-ety (cyber.law.harvard.edu) for extensive documen-tation on the legal questions.

The license associated with the DVD player keylimits the number of times a region code can bealtered, but no provider of open-source players canenforce such a limit because a fundamental ele-ment of open code is the ability for users to alterthe code.

GiovanniBlue Spike’s Giovanni (www.bluespike.com/giovanni/gdigmark.html) is a digital watermark-ing technology, currently marketed for audio con-tent, which provides mechanisms for identifying,authenticating, and auditing digital works. In Gio-vanni, the content owner selects attribute data tobe embedded in the content in a way that it is dif-ficult to extract or alter — much like a notary pub-lic’s seal, which is difficult to separate from a nota-rized document.

Giovanni is initiated by generating two randomnumbers, r0 and r1. The system hashes r1 with theattribution data to create a payload to embed inthe content. It then uses r0 to determine where toplace the watermarked data generated with r1.

When copyright holders decide to use Giovanni,they select the information to be embedded. Eachcopy must embed unique information; otherwisethe auditing function would be useless. The copy-right owner might choose to embed purchaseinformation or simply to embed the random num-ber r1 at bit locations determined by r0. At the timeof purchase or download, the purchaser receiveswhatever attribute information the copyright hold-


Security Track

er has chosen to embed, hashed with r1.Giovanni’s model requires that the author pro-

vide registration information to Blue Spike andselect the attributes for use in the watermark. Inaddition to marking and storing the content, thesystem can manage enforcement, as well, by audit-ing widely available material for the distinctivewatermarks. By tracking the watermark back to theoriginal purchase, Giovanni can determine exactlywho uploaded the information to a P2P system, orwho contributed the original copy used by pirates.

Identifying information might be pseudony-mous for the content producers; yet the customers’information is based on payment information,which means the embedded data are personallyidentifiable and, thus, sensitive. Without person-ally identifiable information, the auditing andenforcement functions are far less useful.

DRM Systems and Copy AccuracyTo begin an examination of how these DRM sys-tems handle the elements of copy accuracy, wemust first assume or reject the assertion that allillegal copying directly substitutes for purchasing.If illegal copying is a direct substitute for legalcopying, then there is only a loss of revenue for theauthor. However, if it functions as free advertise-ment,10 increases network effects,11 or otherwiseencourages future purchases, then illegal copyingleads to increased revenue. For this discussion, Iassume that illegal copying decreases revenue,increases exposure, and increases reputation.

A second critical question is which factor dom-inates when there is an increase in availability anda decrease in security for a document? An increasein security increases the work factor for alteringany specific copy. A more secure copy is harder tobreak and therefore has greater integrity. In con-trast, convincingly violating the integrity of a doc-ument that is available in many archives requiresaltering multiple copies. Therefore, availabilityalso increases the work factor for convincingly

violating the integrity of a document. Table 1 compares the DRM systems described

earlier according to copy accuracy. Each row indi-cates the DRM systems’ ability to fulfill the specif-ic copy-accuracy function listed in the first column.The table also illustrates how the various proposalsfor and against DRM increase or decrease corre-sponding copy-accuracy functions. Technologiesthat increase a given function of copy accuracy —if illegal copies serve as advertisements or createnetwork effects that increase the work’s monetaryvalue, for example — are listed as “complement” inthe table. Illegal copies of software can actuallycause an increase in software purchases due to net-work effects that keep users from seeking open-source or free-code solutions.12 Radio play comple-ments the value of a song, for example, and a P2Psystem might increase awareness.13 The table entrymarked “substitute” reflects the potential for illegalcopies to decrease a work’s monetary value by di-rectly substituting for purchases.

eBook and Advanced eBookAdobe eBook does not exactly recreate the print-ed book in a digital networked form. eBookremoves first sale, personal archival storage, andannotation rights. The AeP removes the tightbinding between author and content, implyingthat reputation might decrease even as distribu-tion increases, yet returns to the user the rightsnegated by eBook. eBook arguably increasesaccess in that it provides a portable format andsupport for creating digital books, but it alsodecreases access by imposing explicit expirationof access rights and the need for upgrades. AePincreases access and availability because it pre-vents expiration and ensures availability afteralterations in the Adobe-owned standard format.For example, later versions of Microsoft Wordcannot read documents created by the same soft-ware two generations earlier. This requires con-tinuous upgrading to maintain access, as a



Table 1. Comparison of digital rights management systems by copy-accuracy functions.

Copy-accuracy functions Adobe eBook Advanced eBook CSS DeCSS Giovanni Free Processor information

Author monetary incentive Substitute Complement Substitute Complement Neutral DecreasesReputation right Decreases Increases Decreases Increases/Decreases Increases NeutralAttribution and integrity Increases Decreases Increases Decreases Increases NeutralPersistence and archiving Decreases/Increases Increases Decreases Increases Increases IncreasesAccess Decreases Increases Decreases Increases Neutral IncreasesPersonal annotation Decreases Increases Decreases Neutral Increases Increases

skipped upgrade can cause loss of access to mate-rials, particularly when older versions do not rununder newer operating systems.

eBook is designed to allow temporary person-al annotations. Because ownership of the annota-tions is a function of licensing, they can be delet-ed with the deletion of the text (as when theeBook license expires). In contrast to other onlinebook formats, such as watermarking, eBook alsoprevents users from cutting and pasting signifi-cant sections, thus making it more difficult to alterthe format of selected elements of the eBook. Ofcourse, the centuries-old tradition of transcriptionremains available (users could retype the contentas they read it), but expensive.

CSS and DeCSSCSS does not prevent bulk reproduction andresale of content. The region code remainsunchanged when content is mass-produced,which means a large-scale commercial producerof illegal copies must purchase an original in thetarget market. CSS increases the DVD’s monetaryvalue by allowing regional price discrimination,but it also limits this value by decreasing the sec-ondary market because first owners cannot resellacross boundaries. CSS prevents annotation byallowing the stream to be read sequentiallythrough an approved reader, but not through avideo editor.

DeCSS increases access and availability. Itdecrypts the content on any player, potentiallyallowing misappropriation, and creates the abili-ty to make derivative works. Unlike with books,direct transcription is not an option for videocontent. Therefore, DeCSS could increase thevalue of the tradable right if it causes a signifi-cant increase in the resale market, increasesawareness of a work in the larger market, orincreases the use of a good for building otherinformation goods. For example, audio samplesused in rap can enhance the career of otherwiseforgotten R&B artists. This reuse also increasesreputation value. By design, DeCSS neither en-hances nor prevents annotation, but it enables

archiving by creating an unprotected bitstreamand increases access by increasing the potentialmarket for any given DVD.

Giovanni and Free ContentGiovanni offers critical functionality that isaligned with copyright’s value to society: archiv-ing, maintenance of author information, andinnately unrestricted access. The system’s basicconcept — to let people view content rather thanto assume they are about to engage in a criminalact — is embedded in traditions of analog mediause. By archiving customer information, Giovan-ni lets network users browse online content inmuch the say way as flipping through a book in astore before making a purchase.

If we think of watermarking as a way to trackusage history — just as this article embeds refer-ences and quotations from other works — thenGiovanni offers a method for building complexhyperlinked referencing. Giovanni watermarks arerepeated so that a subset, such as an audio sample,contains complete author information. Giovannidoes not provide a tree-like mechanism so that theinterrelationship between documents can betraced, but neither do any of it competitors.

The practice of embedding consumer informa-tion assumes that only the consumer wouldrelease the data; it does not address the possibili-ty of data theft, which would subject the con-sumer to the punishment inherent in the exposureof sensitive information. In the case of embeddinginformation, the producer is allowed to select thelevel of risk for the customer without customerinput. If a producer is careless, consumer infor-mation can be stolen, leaving the consumer norecourse. Moreover, this option precludes the abil-ity to read anonymously.

By linking its server service to its watermark-ing services, Giovanni begins to address the issueof persistent storage or search for archiving. If thesystem were to register content with a publicarchive, it would take this function even further.Of all the systems, Giovanni comes nearest toserving the functions of copy accuracy for digi-tal content.

Free content is a popular solution to the prob-lems in DRM systems such as those discussed here.Yet free information removes the monetary incen-tive for creating content, relying entirely onenhanced reputation for the creator’s reward. Freeinformation also fails to address issues of integri-ty, as illustrated by users’ hesitancy to downloadfree software for fear of malicious code.


Security Track

Of all the systems, Giovanni comes

nearest to serving the functions of

copy accuracy for digital content.

ConclusionsExtracting the technological, legal, and econom-ic functions of copyright helps us identify princi-ples that should be the basis for the design ofDRM systems. However, no system currently sup-ports that set of functions. Neither those who seekto manage authors’ rights nor the defenders ofaccess rights are entirely aligned with copy accu-racy in that no system motivates and rewardsauthoring, filtering, and distribution. In particu-lar, CSS attempts to keep traditional distributionbarriers up. The system’s core goal — to preventopen distribution and a global market for DVDs —is orthogonal to copy accuracy.

With mass-produced analog media, filtering isan inherent part of publishing, particularlybecause distribution is more expensive than con-tent reproduction. In a digital networked envi-ronment, everyone is a publisher and distributioncosts approach zero, so there is an ever-greaterneed for filtering. The New York Times is notvaluable because it offers factual content that isnot otherwise available for free, but ratherbecause it offers filtered content. Similarly, free-software businesses offer the same code that canbe downloaded at no cost, but they provide thefiltering (and integrity checks) that is inherent topublication with mass-produced analog publish-ing. Filtering is also intrinsic to the design ofsome peer-to-peer systems that are decried asassaults on copyright (for example, Gnutella).

The most interesting question is how to designa system that completely fulfills the functionsidentified here as copy accuracy. To respond tothe challenges inherent in the world of digitalproduction and distribution, we face a nontrivialset of design requirements. In addition to the rep-utation market, monetary market, persistence,referencing systems, and binding of content tocreators, copy accuracy would ideally reward fil-tering or explicitly support a filtering market. TheeBook and CSS systems attempt to maintain thetight binding between publication and filteringby privileging a set of traditional publishers. P2Psystems allow for cooperative filtering, but fail toreward creators.

Designing a DRM system that satisfies all therequirements of copy accuracy would requiremore than secure storage. Micro-credit is a crit-ical component, as is archiving. Other importantelements include distributed caching, censor-ship-proof publishing, and reputation systems,which have already been implemented in someP2P systems.

AcknowledgmentsMy thanks to Ron Rivest, Wendy Gordon, the participants of

Financial Cryptography (2002), the Boston Intellectual Prop-

erty ad-hoc discussion group and the participants of the

Design for Values workshop in Bellagio for valuable com-

ments. This work was supported by the US National Science

Foundation under grant number (9985)433. The opinions in

this article are the author’s and do not necessarily reflect the

views of the NSF. An extended version of this article is avail-

able elsewhere.14

References

1. J. Litman, Digital Copyright, Prometheus Books, 2001.

2. A. Branscomb, Who Owns Information, Basic Books, 1995.

3. L. Lessig, The Future of Ideas, Basic Books, 2001.

4. M. Castells, The Information Age: Economy, Society, Cul-

ture, Blackwell Publishers, 1997.

5. E. Eisenstein, The Printing Press as an Agent of Change,

Cambridge Univ. Press, 1979

6. L. Febvre and H. Martin, The Coming of the Book, Verso,

2000.

7. J. Holdsworth, A History of English Law, Methuen & Co.

Ltd., 1938.

8. US Nat’l Academy of Science, The Digital Dilemma: Intel-

lectual Property in the Information Age, Nat’l Academy

Press, 2000.

9. A.B. Whinston, D.O. Stahl, and S-Y Choi, The Economics

of Electronic Commerce, Macmillan Technical Publish-

ing, 1997.

10. M. Pahfl, “Giving Music Away to Make Money,” First Mon-

day, vol. 6, no. 8, 2001; www.firstmonday.org/issues/issue6

_8/pfahl/.

11. C. Osorio, “Primary Income Loss and Secondary Network

Effects in Illegal Copying of Software,” white paper, Infor-

mation Technology Group, Center for Int’l Development,

Harvard Univ., 2001.

12. C. DeBona, S. Ockman and M. Stone (eds), Open codes:

Voices from the Open Code Revolution, O'Reilly, 1999.

13. Oram, ed., Peer-to-Peer Harnessing the Power of Disrup-

tive Technologies, O'Reilly and Associates, Cambridge, MA,

2001.

14. L.J. Camp, “DRM Doesn’t Really Mean Digital Copyright

Management,” Proc. 9th ACM Conf. Computer and Comm.

Security, ACM Press, Nov. 2002.

L. Jean Camp is an associate professor in the Kennedy School

of Government at Harvard University. Her research inter-

ests include digital network trust and design for values.

She received a PhD in engineering and public policy from

Carnegie Mellon University. Camp is a member of the IEEE

and the ACM, and she is on the board of Computing Pro-

fessionals for Social Responsibility (CPSR). Contact her at

[email protected].



Documents

Some Preliminary Thoughts