The Unbearable Lightnessof Content • Gord LaroseChief Engineer,Channelware.com • firstname.lastname@example.org
The Digital Media Quandary Digitization of Mass Entertainment Content +Ubiquitous Internet = Giant Opportunity : Distribution Revenue+ Giant Challenge: Content Piracy
The Wishful Protectionist’s Syllogism • Must have provable content security • Cryptography is provably secure, therefore….. • The core technology for content protection is encryption.
Grim Reality • Cryptography can’t provide persistent protection of content in open platforms. Key discovery and cleartext capture are not provably preventable. • Most digital content is easily accessible by the “openest” platform of all : the PC. • Free “Demo” software is ideal input for hackers. • Using the Net’s low-friction redistribution, one gifted hacker can do significant damage. • As broadband expands, redistribution of entire applications (not just cracks) is more feasible.
The Body Count Grows... • DeCSS – captures cleartext MPEG2 video to PC hard-drives from encrypted DVDs. • Microsoft’s MSAudio 4 security crack posted the same day it was released. • The “Kinko crack”: a time-limited Microsoft Office available for $5 at Kinko’s which was made unlimited by replacing a single instruction. • The “Quake Crack”: an encrypted distribution scheme that used locally computable keys. • Cryptolopes: software-based secure container; IBM gave up on this before releasing it.
What to Do ? • Go Home. Don’t distribute valuable digital content over the Net. • Hide. Limit your distribution to closed platforms or PCs with security add-ons. • Be a centralized VCR/console. Stream in real-time. Too bad the Net has no QOS ! • Spam ‘em. Give away content and rely on secondary revenue e.g. advertising. • Build the best security you can to support business in an imperfect world.
Audio/Video Protection – A Tough Nut • Valuable cleartext output (e.g. .wav, MPEG-1) can always be captured on a PC due to insecure driver paths. It doesn’t matter how the original material is protected or what format it was in. • You can try to protect output paths… or hope that the captured output is too awkward for widespread redistribution.
Example: PC Audio Piracy Setup Protected Audio Clear Audio PCM “Secure” Player Software Rights Drivers(3rd-partyS/W) SoundCard Spy Program Cleartext Audio PCM
Software Protection, Take 1: The Program as a Secret • Start with a standard, unprotected program. • Encrypt it. • Deliver it to a PC. • Decrypt it, via Rights Management transaction, sometime between when it’s delivered and when it’s running memory-resident. • This makes the binary program a desirable and easy target for cleartext capture !
Software Cracking, Take 1: “In the Clear” • For a pirate, “in the clear” means he has a runnable program with protection transactions removed. • For almost all existing S/W protection schemes, this is easily done with a free “demo” and one of: - capture of exposed cleartext code in a system using cryptographic encapsulation, - removal of simple internal code modifications which directly enforce the protection, or - reversion of PC state (e.g. registry, clock, filesys) to an earlier configuration to “reset” restrictions.
Software Protection, Take 2: The Program as Enforcer • Software’s run-time output is not inherently interesting I.e. not a valuable cleartext. It is the interactive behavior that the user values. • By never having an unprotected form of the program present, the software itself is never a usefully capturable cleartext either. • The hacker then has to find and attack internal program code to remove licensing transactions without crippling the program - which can be made extremely difficult.
Software Protection, Take 2: Specific Attacks & Countermeasures • Cleartext binary program capture: - protect the program at all stages. • Internal “protection” code removal: - distribute protection widely in space & time. - make code an inherent part of the app. - implicit (irreversible) self-protection failures. • Set-back of PC state - use a server as a reliable state memory aid ! • Server “snip-out”, spoofing,replay: - incomplete clients, no repeated msg content, client/server PKI.
General PC Piracy Countermeasures • Client – server dependencies. • Cryptographic authentication of client and server (integrity, identity). • Don’t make explicit security decisions in the PC. • Irreversible algorithms. • Separation of security effects from (suspected hacking) causes. • Spread protection in space and time. • “Suprise” code.
The Future • The few H/W security features deployed today (e.g. Pentium III unique IDs) are inadequate. • “Secure” PCs are coming… maybe in 2003 ? ? • Alternative “closed” platforms e.g. Playstation II are promising, but are also too far out. • Streaming continues to improve but will never cover all content – and has its own security holes. • Unofficial” distribution channels continue to grow. • Content owners cannot wait for perfect solutions.
Assume digital media will wind up in a PC whether it was intended to or not. (e.g. Bleem.) • Use crypto as appropriate– but know content pirates won’t likely have to attack the crypto itself. • If you want to protect linear media, recognize the cleartext capture problem. • Pirates use the Net against you –use it against them e.g. client/server, no “unprotected” versions. • If you’re in the mass content business, start finding “good enough” solutions now. Recommendations