1 / 9

The Role of Cryptography

The Role of Cryptography. in Combating Software Piracy. Introduction. Rationale for anti-piracy measures: economics Early anti-piracy schemes Obfuscation (simple XORing) Copy protection (unformatted sectors) Checksums Result? We’ll cover Why crypto is well suited

justise
Download Presentation

The Role of Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Role of Cryptography in Combating Software Piracy Jeff Bilger - CSE P 590TU - Winter 2006

  2. Introduction • Rationale for anti-piracy measures: economics • Early anti-piracy schemes • Obfuscation (simple XORing) • Copy protection (unformatted sectors) • Checksums • Result? • We’ll cover • Why crypto is well suited • What can cause crypto to fail • Examples Jeff Bilger - CSE P 590TU - Winter 2006

  3. Why Cryptography? • Premise (if cost exceeds benefit..) • Crypto can significantly increase the cost.. • Digital Signatures • Authenticity (source verification – both ways) • Execution control (proprietary HW) • Encryption • Obfuscation • Transmit sensitive information over insecure channels • One Way Hashes • Integrity (tamper detection) • Key Exchange • Allows distributed security Jeff Bilger - CSE P 590TU - Winter 2006

  4. What can cause crypto to fail? • Brute force attacks? • infeasible • Bugs • Engineering trade-offs • Cost • Capabilities of target platform (CPU, RAM, ROM) • Poor Engineering decisions • Poor choices in crypto primitives (SHA-1) • Poor key management • PRFs that are not very random • Key value (dictionary attack) • Insecure key storage / transfer • Secure vs. insecure systems • Debuggers/monitors Jeff Bilger - CSE P 590TU - Winter 2006

  5. Example: Alternate Reality • 1985 • BC multi-encryption cipher • Leventhall/Seville crypto (Dr. Carl Meyer of Lucifer and DES fame) • 1.8MHz CPU / 48K bytes RAM • Poor key storage • Bug in key seed generation algorithm • Considered one of the toughest anti-piracy measures to crack of its time Jeff Bilger - CSE P 590TU - Winter 2006

  6. Example: Xbox • 2001 • Conical case • The MS business model • Same secret key on all Xbox devices • Secret boot code located on custom chip, not CPU. Communication required over a bus • Bus was not encrypted • ROM size limitation on custom chip required implementation trade offs • Utilized constant checksum instead of a hash! • Hacker captured keys and boot code over the bus • Since boot code was not hashed, it could be modified Jeff Bilger - CSE P 590TU - Winter 2006

  7. Example: Xbox improvements • MS changed RC4 secret key • Fixed some bugs • Constant checksum replaced with hash using TEA • Oops • Other non-cryptographic attacks as well (Visor & MIST) Jeff Bilger - CSE P 590TU - Winter 2006

  8. Example: Valve’s Steam Platform • 2004 • Content delivery/DRM platform • Combines cryptography and online registration • Among other things, allows Valve to quickly detect and address incidents of piracy Jeff Bilger - CSE P 590TU - Winter 2006

  9. Conclusions • Can’t stop piracy • Cryptography can make it more costly to crack software • Secure vs. insecure systems • Engineering trade offs/poor decisions • Distributed solutions are a good model Jeff Bilger - CSE P 590TU - Winter 2006

More Related