Upload
geoffrey-sims
View
224
Download
0
Tags:
Embed Size (px)
Citation preview
The Digital Media Quandary
Digitization of Mass Entertainment Content +
Ubiquitous Internet
=
Giant Opportunity : Distribution Revenue+
Giant Challenge: Content Piracy
The Wishful Protectionist’s Syllogism
• Must have provable content security• Cryptography is provably secure,
therefore…..
• The core technology for content protection is encryption.
Grim Reality
• Cryptography can’t provide persistent protection of content in open platforms. Key discovery and cleartext capture are not provably preventable.
• Most digital content is easily accessible by the “openest” platform of all : the PC.
• Free “Demo” software is ideal input for hackers.
• Using the Net’s low-friction redistribution, one gifted hacker can do significant damage.
• As broadband expands, redistribution of entire applications (not just cracks) is more feasible.
The Body Count Grows...
• DeCSS – captures cleartext MPEG2 video to PC hard-drives from encrypted DVDs.
• Microsoft’s MSAudio 4 security crack posted the same day it was released.
• The “Kinko crack”: a time-limited Microsoft Office available for $5 at Kinko’s which was made unlimited by replacing a single instruction.
• The “Quake Crack”: an encrypted distribution scheme that used locally computable keys.
• Cryptolopes: software-based secure container; IBM gave up on this before releasing it.
What to Do ?
• Go Home. Don’t distribute valuable digital content over the Net.
• Hide. Limit your distribution to closed platforms or PCs with security add-ons.
• Be a centralized VCR/console. Stream in real-time. Too bad the Net has no QOS !
• Spam ‘em. Give away content and rely on
secondary revenue e.g. advertising.
• Build the best security you can to support business in an imperfect world.
Audio/Video Protection – A Tough Nut
• Valuable cleartext output (e.g. .wav, MPEG-1) can always be captured on a PC due to insecure driver paths. It doesn’t matter how the original material is protected or what format it was in.
• You can try to protect output paths… or hope that the captured output is too awkward for widespread redistribution.
Example: PC Audio Piracy Setup
“Secure” Player
Software
Rights
SoundCard
Clear Audio PCM
Drivers(3rd-party
S/W)
Protected
Audio
Spy Program
Cleartext Audio PCM
Software Protection, Take 1: The Program as a Secret
• Start with a standard, unprotected program.• Encrypt it.• Deliver it to a PC.• Decrypt it, via Rights Management transaction,
sometime between when it’s delivered and when it’s running memory-resident.
• This makes the binary program a desirable and easy target for cleartext capture !
Software Cracking, Take 1: “In the Clear”
• For a pirate, “in the clear” means he has a runnable program with protection transactions removed.
• For almost all existing S/W protection schemes, this is easily done with a free “demo” and one of:
- capture of exposed cleartext code in a system using cryptographic encapsulation,
- removal of simple internal code modifications which directly enforce the protection, or - reversion of PC state (e.g. registry, clock, filesys) to an earlier configuration to “reset” restrictions.
Software Protection, Take 2: The Program as Enforcer
• Software’s run-time output is not inherently interesting I.e. not a valuable cleartext. It is the interactive behavior that the user values.
• By never having an unprotected form of the program present, the software itself is never a usefully capturable cleartext either.
• The hacker then has to find and attack internal program code to remove licensing transactions without crippling the program - which can be made extremely difficult.
Software Protection, Take 2: Specific Attacks & Countermeasures
• Cleartext binary program capture: - protect the program at all stages.
• Internal “protection” code removal: - distribute protection widely in space & time. - make code an inherent part of the app. - implicit (irreversible) self-protection failures.
• Set-back of PC state - use a server as a reliable state memory aid !
• Server “snip-out”, spoofing,replay: - incomplete clients, no repeated msg content, client/server PKI.
General PC Piracy Countermeasures
• Client – server dependencies.
• Cryptographic authentication of client and server (integrity, identity).
• Don’t make explicit security decisions in the PC.
• Irreversible algorithms.
• Separation of security effects from (suspected hacking) causes.
• Spread protection in space and time.
• “Suprise” code.
The Future
• The few H/W security features deployed today (e.g. Pentium III unique IDs) are inadequate.
• “Secure” PCs are coming… maybe in 2003 ? ?
• Alternative “closed” platforms e.g. Playstation II are promising, but are also too far out.
• Streaming continues to improve but will never cover all content – and has its own security holes.
• Unofficial” distribution channels continue to grow.
• Content owners cannot wait for perfect solutions.
Recommendations
• Assume digital media will wind up in a PC whether it was intended to or not. (e.g. Bleem.)
• Use crypto as appropriate– but know content pirates won’t likely have to attack the crypto itself.
• If you want to protect linear media, recognize the cleartext capture problem.
• Pirates use the Net against you –use it against them e.g. client/server, no “unprotected” versions.
• If you’re in the mass content business, start finding “good enough” solutions now.