[itu-sg16] Q22 Question - SATC

zourong 52447 zou.rong at huawei.com
Wed Sep 10 04:05:09 EDT 2008

really thanks your's comments, here is the clarification.
1)	As to the circumventing problem, I really could not say their is a perfect way that could not be circumvented. But I don’t think it is easy to do so. This scenario is attempted to provide a tool for content provider to prevent their “specially processed” content, i.e. copy-righted content from being pirated. It is assumed the “specially processed” content have some characteristic information that would be destroyed by any piratical actio
n such as using a different decoding method, and these characteristic information or “signature” would be provided to SATC system by content provider. As to the compress scheme to circumvent, I think the SATC could handle most of the common compress schemes such as winzar, winzip, tar etc., but I also think it is impossible the SATC could handle all compress schemes.
2)	The method mentioned in AVD-3541 is not attempted to create a database of all  pirated media, it’s a database that store the signature of good media especially those most popular video or audio recently, so the database will keep in a state of acceptable size. The periodical updating of the database is necessary just like the IDS do to update the anti-virus database.
3)	The pirated media database could exist as an subsidiary database. This was not mentioned in the AVD-3541 because I think it maybe too detail to describe it in a scenario. The file transmitted will be suspected as pirated file when satisfied following two points: (1) There is a item in the “good media database” that means the file is a target of protecting. (2)the signature of the file transmitted do not match with that stored in the data
base. Then the suspected file could be blocked directly, or in a more prudent way, it could be just marked as suspicious and search in a subsidiary “pirated media database” to make sure it is a existing pirated version or it maybe a new pirated version and need more manual analytical works of content provider. 
4)	As to the performance problem, I think this kind of inspection may have some negative impact on the packet transmission but may not as terrible as thought, in fact, many DPI product in market can achieve 10G to 40G, even 80G throughput, their process capability is remarkable.
> 发件人: Paul E. Jones
> 发送时间: 2008-09-05 10:59:38
> 收件人: itu-sg16 at lists.packetizer.com
> 抄送: 
> 主题: [itu-sg16] Q22 Question - SATC
> Q22 Experts,
> While reviewing the Q22 meeting report, I was intrigued by a 
> comment related to AVD-3541.  This contribution proposes that SATC 
> can be used to block illegal content from being transmitted over 
> the Internet by examining the media flow and comparing that media 
> flow (or some signature thereof) against a database.  SATC would 
> then block content as appropriate.
> I would like to comment:
> 1)      I could easily circumvent any such measure, so any such 
> system would prove to work only temporarily; and
> 2)      While a given copy of a digital copy of some content, such 
> as music or a movie, will have a clearly recognizable signature, 
> the same media can be “substantially” altered by merely using a 
> different encoding method (e.g., a different video codec or 
> compression scheme); and
> 3)      Actually attempting to create a database of all known 
> pirated media, including all variations, would result in the 
> creation of a massively huge database; and
> 4)      Maintenance of such a database would be a never-ending 
> chore; and
> 5)      Notwithstanding the foregoing, while such a database could 
> be constructed and flows could be examined, inspecting flows in 
> real-time and trying to positively identify a given flow is a 
> monumental task that will result in significantly negative impact 
> on packet transmission performance, even if a bank of specialized 
> network processors were employed per router or switch
> In short: do we really want to attempt this?  While it’s all 
> technically possible (at the risk of turning a 1Gbps pipe into a 
> 1Kbps pipe), I would argue that it’s not going to work.  I would 
> be happy to be first in line to write the software necessary to 
> circumvent such a system.  And I would do it just because I can ;-)
> Having said that, the meeting report said that, the meeting report 
> said that “if SATC finds a data stream carrying content failing to 
> match a known signature, it will block the stream or mark it as 
> being suspicious.”
> I underlined the text of significance.  This suggests that the 
> database would only be populated with signatures of known good 
> media flows and would only block unrecognized flows.  This seems 
> different than what I read and understood from AVD-3541.  What the 
> meeting report suggests would be a simpler problem with a 
> substantially smaller database.  So, what was actually discussed 
> and decided for SATC?  A system that blocks unrecognized flows or 
> a system that blocks recognized flows?
> Thanks,
> Paul

More information about the sg16-avd mailing list