Trusted Computing, Peer-To-Peer Distribution, and the Economics of Pirated Entertainment

Peter ScottBased on paper by S. E. Schechter, R.

A. Greenstadt, and M. D. Smith

Digital Rights Management

• One of the big reasons for pushing trusted computing is preventing piracy.

• Remote attestation: only play media on trusted player hardware/software.

• Sealed storage: prevent other programs from reading media.

• Secure memory: hide player memory from OS• Secure output: create trusted path from

computer to monitor, speakers, etc.

The Analog Hole

• Problem: video cameras, audio recorders.• Trusted computing can’t secure sound waves,

or the light coming from a computer screen.

• Upper bound: DRM can never make piracy harder than making an analog recording.– It’s not hard to make good-quality analog

recordings, and the cost keeps falling.

Cost of piracy (to pirates)

• Two components of the cost:– One-time extraction cost e– Per-copy distribution cost d

• Cost per copy (for n copies total):

Costs depend on technology

• Before high-speed Internet: per-copy distribution costs dominated.

• Currently: per-copy costs almost 0, extraction cost very low.

• DRM raises extraction cost, with upper bound imposed by analog hole.

• Attacking file-sharing raises distribution costs, with no upper bound.

Attacks on P2P file-sharing

• Gather IP addresses and log their activity. Sue the top uploaders. (“The nuclear option”)

• Share fake files. Drown out signal with noise.• Pretend to be other users, to mess up

reputation mechanisms (e.g. share ratio)• Denial of service attacks, e.g.– Flood network with search requests– Mess up network topology information.

Trusted clients only!

• Remote attestation to ensure trusted client/OS combination.

• Encrypt all connections with securely-stored session keys, and sign data with keyed hash.– Prevents snooping, spoofing.

• Use reputation system to prevent DoS attacks and sharing fake files.

How to stay anonymous?

• How can P2P networks protect against their uploaders getting sued?1. Encrypt all data end-to-end.2. Re-route traffic through intermediate nodes, like

The Onion Router, to foil network analysis.3. Keep as much of the routing data in secure

memory as possible.• This all works better with trusted clients.

Example: BitTorrent

• Malicious client connects to central tracker, gets list of peers. Then:1. Connect to peers, request download of

copyrighted files.2. Store all information – filename, IP address, time,

etc., in a database.3. Do DNS WHOIS search, notify ISP and/or file

lawsuits.• To prevent: use relay nodes, and trusted client

to prevent network topology discovery.

Relay nodes

• Don’t have Alice send a message to Bob.• Instead:– Alice sends message to Tom,– Tom sends message to Ulysses,– Ulysses sends message to Veronica,– Veronica sends message to Bob.

• Encrypt the message so that nobody knows who’s sending what to whom except for Alice and Bob. (How?)

Untrusted clients: Onion routing

• Alice comes up with a sequence of node hops,

• She sends the first relay an “Onion” data structure:– Next node info– Onion for the rest of the

relays• Each relay knows only

part of the path.• Uses layered encryption

Trusted clients: known relay topology

• Route packets in a randomized way.• Load balance dynamically, for speed.• Don’t worry about keeping relays in the dark;

they have curtained memory and trusted software!

• Increases resistance to traffic analysis.• (Problem: adversaries who can break the TPM.)

Back to the economics

• Trusted computing raises e, to a point.• It can also lower d, a lot, by making

distribution easier and safer.

• Trusted Computing for DRM may backfire spectacularly!

Back to the economics

• Trusted computing raises e, to a point.• It can also lower d, a lot, by making

distribution easier and safer.

• Trusted Computing for DRM may backfire spectacularly!

Questions?