Gord LaroseChief Engineer,Channelware.com

glarose@channelware.com

The Unbearable

Lightness of Content

The Digital Media Quandary

Digitization of Mass Entertainment Content +

Ubiquitous Internet

=

Giant Opportunity : Distribution Revenue+

Giant Challenge: Content Piracy

The Wishful Protectionist’s Syllogism

• Must have provable content security• Cryptography is provably secure,

therefore…..

• The core technology for content protection is encryption.

Grim Reality

• Cryptography can’t provide persistent protection of content in open platforms. Key discovery and cleartext capture are not provably preventable.

• Most digital content is easily accessible by the “openest” platform of all : the PC.

• Free “Demo” software is ideal input for hackers.

• Using the Net’s low-friction redistribution, one gifted hacker can do significant damage.

• As broadband expands, redistribution of entire applications (not just cracks) is more feasible.

The Body Count Grows...

• DeCSS – captures cleartext MPEG2 video to PC hard-drives from encrypted DVDs.

• Microsoft’s MSAudio 4 security crack posted the same day it was released.

• The “Kinko crack”: a time-limited Microsoft Office available for $5 at Kinko’s which was made unlimited by replacing a single instruction.

• The “Quake Crack”: an encrypted distribution scheme that used locally computable keys.

• Cryptolopes: software-based secure container; IBM gave up on this before releasing it.

What to Do ?

• Go Home. Don’t distribute valuable digital content over the Net.

• Hide. Limit your distribution to closed platforms or PCs with security add-ons.

• Be a centralized VCR/console. Stream in real-time. Too bad the Net has no QOS !

• Spam ‘em. Give away content and rely on

secondary revenue e.g. advertising.

• Build the best security you can to support business in an imperfect world.

Audio/Video Protection – A Tough Nut

• Valuable cleartext output (e.g. .wav, MPEG-1) can always be captured on a PC due to insecure driver paths. It doesn’t matter how the original material is protected or what format it was in.

• You can try to protect output paths… or hope that the captured output is too awkward for widespread redistribution.

Example: PC Audio Piracy Setup

“Secure” Player

Software

Rights

SoundCard

Clear Audio PCM

Drivers(3rd-party

S/W)

Protected

Audio

Spy Program

Cleartext Audio PCM

Software Protection, Take 1: The Program as a Secret

• Start with a standard, unprotected program.• Encrypt it.• Deliver it to a PC.• Decrypt it, via Rights Management transaction,

sometime between when it’s delivered and when it’s running memory-resident.

• This makes the binary program a desirable and easy target for cleartext capture !

Software Cracking, Take 1: “In the Clear”

• For a pirate, “in the clear” means he has a runnable program with protection transactions removed.

• For almost all existing S/W protection schemes, this is easily done with a free “demo” and one of:

- capture of exposed cleartext code in a system using cryptographic encapsulation,

- removal of simple internal code modifications which directly enforce the protection, or - reversion of PC state (e.g. registry, clock, filesys) to an earlier configuration to “reset” restrictions.

Software Protection, Take 2: The Program as Enforcer

• Software’s run-time output is not inherently interesting I.e. not a valuable cleartext. It is the interactive behavior that the user values.

• By never having an unprotected form of the program present, the software itself is never a usefully capturable cleartext either.

• The hacker then has to find and attack internal program code to remove licensing transactions without crippling the program - which can be made extremely difficult.

Software Protection, Take 2: Specific Attacks & Countermeasures

• Cleartext binary program capture: - protect the program at all stages.

• Internal “protection” code removal: - distribute protection widely in space & time. - make code an inherent part of the app. - implicit (irreversible) self-protection failures.

• Set-back of PC state - use a server as a reliable state memory aid !

• Server “snip-out”, spoofing,replay: - incomplete clients, no repeated msg content, client/server PKI.

General PC Piracy Countermeasures

• Client – server dependencies.

• Cryptographic authentication of client and server (integrity, identity).

• Don’t make explicit security decisions in the PC.

• Irreversible algorithms.

• Separation of security effects from (suspected hacking) causes.

• Spread protection in space and time.

• “Suprise” code.

The Future

• The few H/W security features deployed today (e.g. Pentium III unique IDs) are inadequate.

• “Secure” PCs are coming… maybe in 2003 ? ?

• Alternative “closed” platforms e.g. Playstation II are promising, but are also too far out.

• Streaming continues to improve but will never cover all content – and has its own security holes.

• Unofficial” distribution channels continue to grow.

• Content owners cannot wait for perfect solutions.

Recommendations

• Assume digital media will wind up in a PC whether it was intended to or not. (e.g. Bleem.)

• Use crypto as appropriate– but know content pirates won’t likely have to attack the crypto itself.

• If you want to protect linear media, recognize the cleartext capture problem.

• Pirates use the Net against you –use it against them e.g. client/server, no “unprotected” versions.

• If you’re in the mass content business, start finding “good enough” solutions now.