The role of cryptography
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

The Role of Cryptography PowerPoint PPT Presentation


  • 123 Views
  • Uploaded on
  • Presentation posted in: General

The Role of Cryptography. in Combating Software Piracy. Introduction. Rationale for anti-piracy measures: economics Early anti-piracy schemes Obfuscation (simple XORing) Copy protection (unformatted sectors) Checksums Result? We’ll cover Why crypto is well suited

Download Presentation

The Role of Cryptography

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The role of cryptography

The Role of Cryptography

in Combating Software Piracy

Jeff Bilger - CSE P 590TU - Winter 2006


Introduction

Introduction

  • Rationale for anti-piracy measures: economics

  • Early anti-piracy schemes

    • Obfuscation (simple XORing)

    • Copy protection (unformatted sectors)

    • Checksums

    • Result?

  • We’ll cover

    • Why crypto is well suited

    • What can cause crypto to fail

    • Examples

Jeff Bilger - CSE P 590TU - Winter 2006


Why cryptography

Why Cryptography?

  • Premise (if cost exceeds benefit..)

    • Crypto can significantly increase the cost..

  • Digital Signatures

    • Authenticity (source verification – both ways)

    • Execution control (proprietary HW)

  • Encryption

    • Obfuscation

    • Transmit sensitive information over insecure channels

  • One Way Hashes

    • Integrity (tamper detection)

  • Key Exchange

    • Allows distributed security

Jeff Bilger - CSE P 590TU - Winter 2006


What can cause crypto to fail

What can cause crypto to fail?

  • Brute force attacks?

    • infeasible

  • Bugs

  • Engineering trade-offs

    • Cost

    • Capabilities of target platform (CPU, RAM, ROM)

  • Poor Engineering decisions

    • Poor choices in crypto primitives (SHA-1)

  • Poor key management

    • PRFs that are not very random

    • Key value (dictionary attack)

    • Insecure key storage / transfer

  • Secure vs. insecure systems

    • Debuggers/monitors

Jeff Bilger - CSE P 590TU - Winter 2006


Example alternate reality

Example: Alternate Reality

  • 1985

  • BC multi-encryption cipher

    • Leventhall/Seville crypto (Dr. Carl Meyer of Lucifer and DES fame)

  • 1.8MHz CPU / 48K bytes RAM

  • Poor key storage

  • Bug in key seed generation algorithm

  • Considered one of the toughest anti-piracy measures to crack of its time

Jeff Bilger - CSE P 590TU - Winter 2006


Example xbox

Example: Xbox

  • 2001

  • Conical case

  • The MS business model

  • Same secret key on all Xbox devices

  • Secret boot code located on custom chip, not CPU. Communication required over a bus

  • Bus was not encrypted

  • ROM size limitation on custom chip required implementation trade offs

    • Utilized constant checksum instead of a hash!

  • Hacker captured keys and boot code over the bus

  • Since boot code was not hashed, it could be modified

Jeff Bilger - CSE P 590TU - Winter 2006


Example xbox improvements

Example: Xbox improvements

  • MS changed RC4 secret key

  • Fixed some bugs

  • Constant checksum replaced with hash using TEA

    • Oops

  • Other non-cryptographic attacks as well (Visor & MIST)

Jeff Bilger - CSE P 590TU - Winter 2006


Example valve s steam platform

Example: Valve’s Steam Platform

  • 2004

  • Content delivery/DRM platform

  • Combines cryptography and online registration

  • Among other things, allows Valve to quickly detect and address incidents of piracy

Jeff Bilger - CSE P 590TU - Winter 2006


Conclusions

Conclusions

  • Can’t stop piracy

  • Cryptography can make it more costly to crack software

  • Secure vs. insecure systems

  • Engineering trade offs/poor decisions

  • Distributed solutions are a good model

Jeff Bilger - CSE P 590TU - Winter 2006


  • Login