The role of cryptography
Download
1 / 9

The Role of Cryptography - PowerPoint PPT Presentation


  • 140 Views
  • Uploaded on

The Role of Cryptography. in Combating Software Piracy. Introduction. Rationale for anti-piracy measures: economics Early anti-piracy schemes Obfuscation (simple XORing) Copy protection (unformatted sectors) Checksums Result? We’ll cover Why crypto is well suited

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The Role of Cryptography' - justise


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The role of cryptography

The Role of Cryptography

in Combating Software Piracy

Jeff Bilger - CSE P 590TU - Winter 2006


Introduction
Introduction

  • Rationale for anti-piracy measures: economics

  • Early anti-piracy schemes

    • Obfuscation (simple XORing)

    • Copy protection (unformatted sectors)

    • Checksums

    • Result?

  • We’ll cover

    • Why crypto is well suited

    • What can cause crypto to fail

    • Examples

Jeff Bilger - CSE P 590TU - Winter 2006


Why cryptography
Why Cryptography?

  • Premise (if cost exceeds benefit..)

    • Crypto can significantly increase the cost..

  • Digital Signatures

    • Authenticity (source verification – both ways)

    • Execution control (proprietary HW)

  • Encryption

    • Obfuscation

    • Transmit sensitive information over insecure channels

  • One Way Hashes

    • Integrity (tamper detection)

  • Key Exchange

    • Allows distributed security

Jeff Bilger - CSE P 590TU - Winter 2006


What can cause crypto to fail
What can cause crypto to fail?

  • Brute force attacks?

    • infeasible

  • Bugs

  • Engineering trade-offs

    • Cost

    • Capabilities of target platform (CPU, RAM, ROM)

  • Poor Engineering decisions

    • Poor choices in crypto primitives (SHA-1)

  • Poor key management

    • PRFs that are not very random

    • Key value (dictionary attack)

    • Insecure key storage / transfer

  • Secure vs. insecure systems

    • Debuggers/monitors

Jeff Bilger - CSE P 590TU - Winter 2006


Example alternate reality
Example: Alternate Reality

  • 1985

  • BC multi-encryption cipher

    • Leventhall/Seville crypto (Dr. Carl Meyer of Lucifer and DES fame)

  • 1.8MHz CPU / 48K bytes RAM

  • Poor key storage

  • Bug in key seed generation algorithm

  • Considered one of the toughest anti-piracy measures to crack of its time

Jeff Bilger - CSE P 590TU - Winter 2006


Example xbox
Example: Xbox

  • 2001

  • Conical case

  • The MS business model

  • Same secret key on all Xbox devices

  • Secret boot code located on custom chip, not CPU. Communication required over a bus

  • Bus was not encrypted

  • ROM size limitation on custom chip required implementation trade offs

    • Utilized constant checksum instead of a hash!

  • Hacker captured keys and boot code over the bus

  • Since boot code was not hashed, it could be modified

Jeff Bilger - CSE P 590TU - Winter 2006


Example xbox improvements
Example: Xbox improvements

  • MS changed RC4 secret key

  • Fixed some bugs

  • Constant checksum replaced with hash using TEA

    • Oops

  • Other non-cryptographic attacks as well (Visor & MIST)

Jeff Bilger - CSE P 590TU - Winter 2006


Example valve s steam platform
Example: Valve’s Steam Platform

  • 2004

  • Content delivery/DRM platform

  • Combines cryptography and online registration

  • Among other things, allows Valve to quickly detect and address incidents of piracy

Jeff Bilger - CSE P 590TU - Winter 2006


Conclusions
Conclusions

  • Can’t stop piracy

  • Cryptography can make it more costly to crack software

  • Secure vs. insecure systems

  • Engineering trade offs/poor decisions

  • Distributed solutions are a good model

Jeff Bilger - CSE P 590TU - Winter 2006


ad