1 / 15

The Unbearable Lightness of Content

The Unbearable Lightness of Content. Gord Larose Chief Engineer,Channelware.com glarose@channelware.com. The Digital Media Quandary . Digitization of Mass Entertainment Content + Ubiquitous Internet = Giant Opportunity : Distribution Revenue + Giant Challenge: Content Piracy.

lida
Download Presentation

The Unbearable Lightness of Content

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Unbearable Lightnessof Content • Gord LaroseChief Engineer,Channelware.com • glarose@channelware.com

  2. The Digital Media Quandary Digitization of Mass Entertainment Content +Ubiquitous Internet = Giant Opportunity : Distribution Revenue+ Giant Challenge: Content Piracy

  3. The Wishful Protectionist’s Syllogism • Must have provable content security • Cryptography is provably secure, therefore….. • The core technology for content protection is encryption.

  4. Grim Reality • Cryptography can’t provide persistent protection of content in open platforms. Key discovery and cleartext capture are not provably preventable. • Most digital content is easily accessible by the “openest” platform of all : the PC. • Free “Demo” software is ideal input for hackers. • Using the Net’s low-friction redistribution, one gifted hacker can do significant damage. • As broadband expands, redistribution of entire applications (not just cracks) is more feasible.

  5. The Body Count Grows... • DeCSS – captures cleartext MPEG2 video to PC hard-drives from encrypted DVDs. • Microsoft’s MSAudio 4 security crack posted the same day it was released. • The “Kinko crack”: a time-limited Microsoft Office available for $5 at Kinko’s which was made unlimited by replacing a single instruction. • The “Quake Crack”: an encrypted distribution scheme that used locally computable keys. • Cryptolopes: software-based secure container; IBM gave up on this before releasing it.

  6. What to Do ? • Go Home. Don’t distribute valuable digital content over the Net. • Hide. Limit your distribution to closed platforms or PCs with security add-ons. • Be a centralized VCR/console. Stream in real-time. Too bad the Net has no QOS ! • Spam ‘em. Give away content and rely on secondary revenue e.g. advertising. • Build the best security you can to support business in an imperfect world.

  7. Audio/Video Protection – A Tough Nut • Valuable cleartext output (e.g. .wav, MPEG-1) can always be captured on a PC due to insecure driver paths. It doesn’t matter how the original material is protected or what format it was in. • You can try to protect output paths… or hope that the captured output is too awkward for widespread redistribution.

  8. Example: PC Audio Piracy Setup Protected Audio Clear Audio PCM “Secure” Player Software Rights Drivers(3rd-partyS/W) SoundCard Spy Program Cleartext Audio PCM

  9. Software Protection, Take 1: The Program as a Secret • Start with a standard, unprotected program. • Encrypt it. • Deliver it to a PC. • Decrypt it, via Rights Management transaction, sometime between when it’s delivered and when it’s running memory-resident. • This makes the binary program a desirable and easy target for cleartext capture !

  10. Software Cracking, Take 1: “In the Clear” • For a pirate, “in the clear” means he has a runnable program with protection transactions removed. • For almost all existing S/W protection schemes, this is easily done with a free “demo” and one of: - capture of exposed cleartext code in a system using cryptographic encapsulation, - removal of simple internal code modifications which directly enforce the protection, or - reversion of PC state (e.g. registry, clock, filesys) to an earlier configuration to “reset” restrictions.

  11. Software Protection, Take 2: The Program as Enforcer • Software’s run-time output is not inherently interesting I.e. not a valuable cleartext. It is the interactive behavior that the user values. • By never having an unprotected form of the program present, the software itself is never a usefully capturable cleartext either. • The hacker then has to find and attack internal program code to remove licensing transactions without crippling the program - which can be made extremely difficult.

  12. Software Protection, Take 2: Specific Attacks & Countermeasures • Cleartext binary program capture: - protect the program at all stages. • Internal “protection” code removal: - distribute protection widely in space & time. - make code an inherent part of the app. - implicit (irreversible) self-protection failures. • Set-back of PC state - use a server as a reliable state memory aid ! • Server “snip-out”, spoofing,replay: - incomplete clients, no repeated msg content, client/server PKI.

  13. General PC Piracy Countermeasures • Client – server dependencies. • Cryptographic authentication of client and server (integrity, identity). • Don’t make explicit security decisions in the PC. • Irreversible algorithms. • Separation of security effects from (suspected hacking) causes. • Spread protection in space and time. • “Suprise” code.

  14. The Future • The few H/W security features deployed today (e.g. Pentium III unique IDs) are inadequate. • “Secure” PCs are coming… maybe in 2003 ? ? • Alternative “closed” platforms e.g. Playstation II are promising, but are also too far out. • Streaming continues to improve but will never cover all content – and has its own security holes. • Unofficial” distribution channels continue to grow. • Content owners cannot wait for perfect solutions.

  15. Assume digital media will wind up in a PC whether it was intended to or not. (e.g. Bleem.) • Use crypto as appropriate– but know content pirates won’t likely have to attack the crypto itself. • If you want to protect linear media, recognize the cleartext capture problem. • Pirates use the Net against you –use it against them e.g. client/server, no “unprotected” versions. • If you’re in the mass content business, start finding “good enough” solutions now. Recommendations

More Related