Audible Magic — No Silver Bullet for P2P Infringement
By Chris Palmer, Staff Technologist
12 July 2004

[Please note: Audible Magic has responded to this analysis. See Debunking Audible Magic -- Again for our response.]

The Recording Industry Association of America (RIAA) has been touting technologies offered by Audible Magic as the cure for peer-to-peer (P2P) file sharing on university (and high school!) campuses. The company has also been making the rounds of congressional offices in Washington, DC, talking up its technologies as a silver bullet for P2P infringement.

While we at EFF support universities taking steps to educate staff and students about copyright law and to control excessive bandwidth usage, it is important that universities are not sold expensive, ineffective solutions simply to appease the public relations needs of the RIAA. It is also important that policymakers not be misled by the bullish pronouncements of the RIAA and Audible Magic regarding the effectiveness of "acoustic filtering" technologies.

Information from public sources suggests that Audible Magic's filtering technology is trivial to defeat. For universities, this means an investment today may well be worthless tomorrow. Policymakers, meanwhile, would do well to examine all filtering technologies closely before putting faith in the promises of vendors. A close look at Audible Magic's technology suggests that its filtering is no silver bullet.

Acoustic Fingerprinting — How It Works

Audible Magic's CopySense™, a network appliance product, examines network traffic at the content layer -— that is, it analyzes the actual file transferred in an application-layer transaction. In order to determine whether the content is a copyrighted song, CopySense treats the content as audio and analyzes its acoustic properties. It examines only a small portion of the content, extracting an "acoustic fingerprint." This fingerprint is then matched against the fingerprints of copyrighted musical works in a pre-compiled database. Audible Magic boasts a database of more than 3.7 million fingerprints, growing continually.

This method is a clear improvement over earlier "hash"-based filtering approaches. With those earlier approaches, changing even a single bit in a file would frustrate efforts to match the file to a pre-calculated hash. Audible Magic's approach should be more robust against this kind of subterfuge. As detailed below, however, Audible Magic's technology can easily be defeated by using one-time session key encryption (e.g., SSL) or by modifying the behavior of the network stack to ignore RST packets.

Network Topology

An engineering goal of Audible Magic's network appliance is to add no additional latency to the network. Therefore, it cannot be interposed between the client and the server, as it would be in traditional firewall or filtering proxy deployment. The network appliance is installed as a peer to other hosts on a network segment, not as a gateway or bridge. The segment is configured such that the appliance can sniff all traffic going over the link layer fabric.

Application of Policy

To block transmission of content the Audible Magic network appliance deems copyright-protected, it issues spoofed TCP RST packets to disrupt the data transfer between client and server. CopySense™ sends spoofed RSTs to both client and server; if either client or server is successfully attacked, the file transfer will stop.

Thus, it is not capable of implementing more nuanced policies such as traffic shaping -- in particular, it can only:

(Enough content must pass over the wire for the Audible Magic network appliance to make a determination of the identity and copyright status of the content before it can implement a policy. For more information, see Audible Magic's White Paper: Managing Peer-to-Peer Traffic with the CopySense™ Network Appliance. [PDF])

Defeating Audible Magic

There are two obvious ways to defeat Audible Magic's CopySense™ network appliance.

  1. Encrypt the data transfer with a one-time session key. This can be accomplished easily by employing SSL for file transfers. Because SSL is widely used for a variety of e-commerce applications, blocking or otherwise interfering with SSL communications would be problematic for most network administrators.
  2. Change the TCP/IP stack to better defend against spoofed TCP RST packets. It is not possible to perfectly defend against this attack, and most users will have to wait for an upgrade from their operating system vendor to get any defense at all. Over time, however, it is likely that many systems will incorporate such defense, limiting the effectiveness of CopySense's mechanism.

Session encryption for file transfers based on ephemeral keys represents a cheap, easily implemented countermeasure that would effectively frustrate Audible Magic's filtering technology. Based on publicly available information, it does not appear that this vulnerability can be easily remedied. Should Audible Magic's technology be widely adopted, it is likely that P2P file-sharing applications would be revised to implement encryption. Accordingly, network administrators will want to ask Audible Magic tough questions before investing in the company's technology, lest the investment be rendered worthless by the next P2P "upgrade."

Sources