Texas A&M electrical engineer works to protect digital booty from illegal use
COLLEGE STATION -- Dr. Deepa Kundur wants to see pirates walk the plank. No, not the swashbuckling, dastardly villains who pillage and loot on the high seas. Today's pirates are more likely to be found sitting at a computer, and Kundur, an assistant professor of electrical engineering at Texas A&M University, aims to keep them from illegally obtaining and using multimedia, such as music and video files. With one of the first Ph.D.s in the field, Kundur is a pioneer in the area of multimedia security for digital rights management, which combines principles of engineering, business and law to manage user rights to multimedia content such as music or video. Engineers work to provide security measures to enforce usage rules devised, in part, by the business and legal sectors while protecting the content's commercial viability. Unlike computer security that protects data on individual computers and network security that protects the information channel, this type of multimedia security protects intellectual property. "A content provider, such as a streaming-video provider or a DVD vendor, needs guarantees that users won't misuse or pirate the content," Kundur said. "But if the security mechanisms are too obtrusive or the high cost of protection is passed on to the customer, the user may quickly become frustrated, finding other, sometimes illegal means, to download content. So digital rights management design is a balance between security, commercial viability and legal policy, promoting fair information exchange for all parties." Kundur develops the security algorithms to try to find this appropriate balance for digital content. She said her work is a combination of traditional cryptography, signal processing, information theory and, interestingly enough, psychology. "In general, in a security application, you have an adversary -- a hacker or pirate," she said. "You're trying to protect the content from misuse by this adversary. One way to do this is to make the cost of applying a successful attack by the opponent greater than the value gained from the attack. Thus, you want to discourage unwanted behavior, but use just enough technological complexity to keep the cost down and avoid frustrating legitimate users who actually paid for fair use of the content." Kundur said that two classes of security are used. Active security approaches, such as encryption, aim to prevent a particular act, such as piracy, by sending scrambled data to the user, whose computer or DVD player decrypts the content before playing. With passive security methods, such as digital watermarking, or fingerprinting, hidden security tags are embedded in the document. And because the tags always travel with the content, illegal distribution or tampering of the information can later be identified and traced back to the source. Although an attack is not prevented, it is discouraged because the opponent's action can be detected and, ideally, traced back to the source. Kundur said that the current research trend is to combine both encryption and fingerprinting technologies in a digital rights management system, so that the information is protected throughout the overall distribution chain. "Because a security process is only as strong as the weakest link, it is necessary to make use of these complementary protection measures," she said. "There is a need to for solutions that provide a better compromise between security and complexity, and we're using more advanced analytical models to look at the problem on a semantic level, not on a bit-by-bit level. Perfect security may be unattainable in a practical context, but we hope that further research in this area will result in more effective yet efficient designs."