Docstoc

Microsoft PowerPoint - Lect7_slides

Document Sample
Microsoft PowerPoint - Lect7_slides Powered By Docstoc
					IP Topics

IP protection

Is there such thing as “Intellectual Property” Information Reproduction Technology Through the ages. Solutions for Copyright Protection (Law, Technology, Economics). Specific Technologies
DVD, SCMS, etc. ). Apple OMA DRM Windows DRM

Controlling/Protecting Information in Enemy Territory
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot 1

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

2

IP = Intellectual Property and copyright
Where does the notion of copyrights come from? The notion came about only after the invention of the printing press. Why do we have copyrights? What does the law say?

Information Reproduction
In the “Good Ol’ Days” information (books, music, theatre, etc. . .) was very difficult to reproduce. The introduction of the printing press in 1452 (the first mass digital reproduction technology) changed what was practical.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

3

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

4

Analog Music
With Edison’s recording cylinders, in 1877 music for the first time could be recorded. The quality was poor, and the reproductions costly. And each only played a limited number of times.

Some Wax Recordings
Johannes Brahms 1889 Peerless Orchestra: Dance on Friday Night 1900 Edward M. Favor: Overalls 1901 Edison Symphony Orchestra: Down on the Old Plantation 1904 Ada Jones: When Grandma Was a Girl 1908 Roy Turk and Lou Hardman: Are You Lonesome Tonight 1927
brahms1-1889.mp3
Edward_M_Favor_-_Overalls-1901.mp3

Peerless_Orchestra_-_Dance_On_Friday_Night-1900.

Edison_Symphony_Orchestra_-_Down_On_The_Old_Plantation-1904.wav

Ada_Jones_-_When_Grandma_was_a_Girl-1908.mp3

Roy_Turk_and_Lou_Handman_-_Are_you_lonesome_tonight_1927.mp3

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

5

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

6

Analog Video
By taking photographs in rapid succession, in 1891 Edison brought reproductions the genre of theatre. His movie camera was called a kinetoscope. Technology improved but no fundamental changes happened until the 1970’s.

Digital Audio
The Compact Disc (Philips and Sony) standard was made in the late 70’s and the first CD players appeared in 1981. The (so called Red Book) standard is stereo audio recorded with 16 bit samples, at a rate of 44.1 kHz, which was essentially master quality. Until the introduction of DAT in 1986, no digital reproduction technology was available for consumers. Even then, it was not until the mid 90’s with Minidisc and CD-R that digital recording became popular.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

7

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

8

Analog vs. Digital
The main difference between an analog signal and a digital signal is that the digital signal can be reproduced exactly, whereas quality falls exponentially with analog reproductions. A single digital recording could be reproduced to an infinite number of people, or stored exactly indefinitely into the future.

Digital Reproduction Technology
The microcomputer was gaining acceptance in the early 1980’s and it was the first practical digital reproduction and storage technology available to the public. By the early 90’s computers were coming equipped with CDROM drives, enabling for the first time a user to make digital copies of CD’s. The low storage space (~600 MB < CDROM), and lack of compression technologies limited the amount this was done.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

9

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

10

Compression
In 1992 MPEG (Motion Picture Experts Group) standardized MPEG 1. This allowed for the first time nearly CD quality at 1/5 the size of a CD recording. By 1996 MPEG 1 layer 3 was becoming a popular format on Internet Newsgroups for posting MP3 files. This allowed CD quality at 10x compression.

Storage
Like processing power, hard drive space grows exponentially in time making storing larger and larger amounts of data practical. Hard disk size doubles approximately every year.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

11

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

12

Bandwidth
In 1995 early adopters began using the Internet in significant numbers. The maximum dial-up connection was 28.8 kbps. 56k modems came on the scene in 1997 which allows one to download a song in about 10 minutes.

The Explosion
Over the last years hard drive sizes have gotten large enough to hold tremendous amounts of songs using, for example, MP3 compression. Over the past years, high speed connections, by cable or DSL, have allowed home users 1-5 Mbps connections.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

13

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

14

The Inevitable Present
Storage is practically infinite today, as far as audio is concerned. A 300 GB hard drive costs 800Kr and can store ~100,000 songs, or 10,000 CD’s. Internet searching technologies, make finding MP3’s easy for users.

The Problem
The music industry wants to allow the user to play audio from a CD (which is digital) but not copy this information. In order to play the CD, the data must be read, at that point it may be digitally copied. In the worst case, as the audio goes to the speakers, a user may make an analog recording. (and the same for Video)

What Can Possibly Be Done????
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

15

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

16

Solution 1: the Law
One solution to the reproduction problem is to use the very search engines that make it easy to find (in case of audio, for example) MP3’s to find those distributing them. At that point they can be brought to trial for violating copyright law. Big time offenders can be found more easily, and made example of. The industry did this to some success with MP3.com and Napster.

What About Cryptography?
The problem of intellectual property protection is not one that can be solved in the usual cryptographic settings. In the usual cryptographic case, Alice wants to send Information to Bob without Eve learning it. In the IP protection case, Alice wants to send information to Bob without him being able to copy it.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

17

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

18

Solution 2: Technology, Take 1
If we assume that we can give Bob a trusted box that will obey the rules, and Bob cannot open this box, then we can make a solution. This is called “Trusted Perimeter”. The solution is simple: the box has a public key known to the content providers. In this way, the box and the content provider can communicate securely without Bob learning anything. Bob can register all of his boxes with the content provider, and all content he buys will be encrypted for these boxes.

The Problem With the Box
In the previous solution we assumed that the box could be trusted. This is impossible in software. Software can be decompiled and reverse engineered. Bob can always learn the private key of his “box”. In hardware, it is easier to assume the user cannot read the inner workings of the box, but it is still possible. Hardware only solutions are more expensive and less versatile than software solutions.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

19

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

20

Solution 2: Technology, Take 2
A separate technique is the Traitor Tracing schemes. This involves using technology to attempt to trace who breaks the rules. Watermarking is often invoked in this context. Watermarking is the idea of putting a signal into a digital media file that includes some identifiable information. This information could then be used to trace the original purchaser of the media file.

How Does Watermarking Work?
Bitmap images give a simple example of watermarking: Suppose each pixel has 16 bits of color information associated with it. Suppose the last bit of each pixel is thrown away leaving 15 bits per pixel. The quality is not significantly worse. Now, a digital signature of the file is made. This information is inserted at a rate of one bit per pixel into the file. The resulting image will have an imperceptible signal embedded.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

21

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

22

General Watermarking Strategies
In any media file, some bits will be more significant than others. Replacing insignificant bits with digital signatures is a general technique. A powerful attack on the above strategies is to randomize the least significant bits in a file.

Example Watermarked File
The image on the right contains a watermark inserted by software “White Noise Storm”

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

23

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

24

Problems with Watermarking
The trouble with Watermarking is that it must be difficult to remove, and yet not negatively affect the quality of the media file. So far, no schemes have been presented that are truly practical, which give impossible to remove watermarks and retain high fidelity.

Solution 3: Economics
Some have suggested that digital media will require a total reworking of business models associated with copyrighted material. Subscription models are an attempt at this solution. Consumers never store music, it is delivered to special devices which play the music as it is received. This is like cable TV with no VCR’s. This solution also relies on the Trusted Perimeter model to a degree.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

25

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

26

The Street Performer
Bruce Schneier, suggests a somewhat radical solution: like street performers, content providers would collect money for their next project. When the money is sufficient, they release the content into the public domain. This solution by-passes the problem by the copyrights issue by making it irrelevant. This solution is currently being implemented by several open source software companies to some success. It remains to be seen if it will be used for digital media.

Examples of Technology
SCMS: Serial Copy Management System. DVD CSS: Content Scrambling System. DIVX Video Discs. Macrovision: Analog video copy protection on DVD’s. SDMI: Secure Digital Music Initiative. DVD Audio/SDMI: Watermarking by Verance. Trusted Perimeter: Intertrust.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

27

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

28

SCMS
Audio Home Recording Act stated that as long as digital audio recorders incorporated a copy management system, then consumers using them were immune to lawsuits involving copying using this equipment. Digital Audio Tape (DAT) and Minidisc implement this.

SCMS: How It Works
SCMS inserts some bits in a digital stream that indicate how many times the data can be copied. Copyrighted material can be copied zero times, analog recording made by the device can be copied one time, and special digital recordings made by professional equipment could be set to be copied an infinite number of times. There is no real security as the bit stream could be easily modified by a simple device. The web is full of techniques to defeat SCMS and anyone who was interested in doing so could probably accomplish it.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

29

30

DVD CSS
CSS, the content scrambling system, is a trusted perimeter solution for DVD. Video on a DVD is encrypted with one 40 bit session key. Each DVD manufacturer gets a manufacturer key. The session key is encrypted with 409 manufacturer keys, which allows any player made by a trusted manufacturer able to view DVD’s. The CSS algorithm was obtained (how?) Frank Stevenson (and others) have cryptanalyzed the “cipher”.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

Content Scrambling System (CSS)
• This is a draft document. Please report errors, omissions, or ambiguities. •This is a teaching tool, not a specification or technical document. It is overly simplified, incomplete, and likely inaccurate (see above). •It is not warranted for any purpose. Use at your own risk.

Gregory Kesden, Carnegie Mellon University, 15-412/Fall 2000
31 29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

32

CSS – system overview
DVD

System Overview - continued
DVD Player Computer/Host “Secret Key”
Philips DVD Player
Read

EPhilipsPlayerKey (DiskKey) ... Hash(DiskKey) EDiskKey (TitleKey)

1) DPhilipsPlayerKey (DiskKey) 2) Verify Hash(DiskKey)

DVD Hidden Area

Player Keys “Secret” Key Region Code &c Per title Title Key Table of Encrypted Disk Keys Disk Key Hash Region Code
Bus Key

Bus

Bus Key

Read

3) DDiskKey (TitleKey) 4) DTitleKey (Content)

Read

Philips Player Key (tamper resistant) ETitleKey(Content)
Read

40 bit special purpose stream cipher based on 2 LFSRs Hash(DiskKey) truncated to 5 bytes
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

33

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

34

Overview of Keys
Authentication Key This “secret” is used as part of the mutual authentication process. Session Key (Bus Key) This key is negotiated during authentication and is used to encrypt the title and disk keys before sending them over the unprotected bus. The encryption is necessary to prevent eavesdropping. Player Key This key is Licensed by the “DVD Copy Control Association” to the manufacturer of a DVD player. It is stored within the player. It is used to establish the trustworthiness of the player. It is used to decrypt the disk key. Disk Key This key is used to encrypt title key. It is decrypted using the player key. Sector Key Each sector has a 128-byte plain-text header. Bytes 80 - 84 of each sector’s header contain an additional key used to encode the data within the sector. Title Key This key is XORed with a per-sector key to encrypt the data within a sector
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

CSS Key - recap
Each DVD has the following information:
A 5 byte hash of the key (kdisk) The disk key encrypted for each player key: Ek1(kdisk), Ek2(kdisk),…, Ek409(kdisk) Title key: ktitle

The following information is decrypted:
Disk Key: (kdisk) Content Key: (kcontent)

35

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

36

Overview of Process
Step 1: Mutual Authentication The host and the drive use a challenge-response system to establish their trustworthiness to each other. In the process, they negotiate a session key. Step 2: Decoding disk The DVD player tries each of several player keys until it can decode the disk key. The disk key is a disk-wide secret. Step 3: Send disk and title keys The title and bus keys are sent from the player to the host. The session key is used to encrypt the title and disk keys in transit to prevent a man-in-the-middle attack. Step 4: The DVD player sends a sector to the host. Step 5: The host decodes the title key using the disk key. Step 6: The host decodes the sector using the title key, and a the sector key in the sector’s header.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

Linear Feedback Shift Register (LFSR)
Pseudo-random bit stream
One technique used to encode a stream is to XOR it with a pseudo-random bit stream. If this random-looking bit stream can be regenerated by the receiver of the message, the receiver will be able to decode the message by repeating the XOR operation.

Linear Feedback Shift Register (LFSR)
The LFSR is one popular technique for generating a pseudo-random bit stream. After the LFSR is seeded with a value, it can be clocked to generate a stream of bits. Unfortunately, LFSRs aren’t truly random – they are periodic and will eventually repeat. In general, the larger the LFSR, the greater its period. There period also depends on the particular configuration of the LFSR. If the initial value of an LFSR is 0, it will produce only 0’s, this is sometimes called null cycling LFSRs are often combined through addition, multiplexers, or logic gates, to generate less predictable bit streams.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

37

38

Generic LFSR
output

CSS: LFSR-17
garbage feedback path taps
17 15 4 1

taps

feedback path

Feedback Function

Exclusive Or (XOR) output
•This register is initialized, or salted with two bytes of or derived from the key •During the salting, a 1-bit is injected at bit 4, to ensure that the register doesn’t start out with all 0s and null-cycle. •The value being shifted in is used as the output, not the typical output bit, which in the case of CSS goes off into the ether.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

• The register is seeded with an initial value. • At each clock tick, the feedback function is evaluated using the input from the tapped bits. The result is shifted into the leftmost bit of the register. The rightmost bit is shifted into the output. •Depending on the configuration (taps and feedback function), the period can be less than optimal.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

39

40

CSS: LFSR-25
garbage
25

CSS: LFSR Addition
LFSR-17 8 ticks 1 byte Optional bit-wise inverter + 8-bit add key LFSR-25 8 ticks 1 byte carry-out Optional bit-wise inverter Output byte

key
15 5 4 1

feedback path

taps

Exclusive Or (XOR) output
•This register is initialized, or salted with three bytes of or derived from the key •During the salting, a 1-bit is injected a bit 4, to ensure that the register doesn’t start out with all 0s and null-cycle. •The value being shifted in is used as the output, not the typical output bit, which in the case of CSS goes off into the ether.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

carry-out from prior addition
41
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

42

LFSR Output Inversion

CSS: Data Decryption
Output byte from LFSRs Exclusive Or (XOR) Input data byte Table-based substitution

Bit-wise Invert Output Of LFSR LFSR-17 Authentication Yes Session key Title Key Data
29/9/2006- B. Smeets

Output data byte

LFSR-25 Yes No Yes No

No No Yes

• Sector LFSR-17 is seeded with bytes 0 and 1 of the title key XORed with byte 80 and 81 of the sector header. A 1 is injected at bit 4, shifting everything right by one bit.
• LFSR-25 is seeded with bytes 2, 3, and 4 of title key XORed with bytes 82, 83, and 84 of the sector header. A 1 is injected at bit 4, shifting everything right by one bit. • The output of LFSR-17 is bit-wise inverted before adding to LFSR-25. • A table-based substitution is performed on the input data.

IT - Secure Sys & Applic - IPprot

43

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

44

CSS: Key Decryption
Bytes of Ciphertext 0
Table lookup Lk

Disk and Player Keys
1 2
Table lookup Lk Lk

3
Table lookup Lk

4
Table lookup

Each disk
is encoded using a disk key. contains a hidden sector. This sector is pre-written to all 0’s on writable DVDs. This sector holds a table containing the disk key encrypted with all 409 possible player keys. It also holds the disk key encrypted with the disk key.

Table lookup

+
Table lookup Lk

+
Table lookup

+
Table lookup Lk Lk

+
Table lookup Lk

+
Table lookup

Lk

Each player
Lk

+ Bytes of Plaintext 1

+ 2

+ 3

+ 4

+ 5

has a small number of keys decrypts the appropriate entry in the table and then verifies that it has correctly decoding the disk key, by decoding the encrypted disk key.

Note: Lk is the input byte decrypted using the same scheme as shown for data bytes, with the inverters set for the key type.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

(The encryption mechanism is the same as we discussed earlier for other keys)
45
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

46

Mutual Authentication
Host Initialization done ChallengeH (nonce) Encrypted ChallengeH Decrypt and verify ChallengeH EncryptedD Encrypt ChallengeD Success or Failure Decrypt and verify ChallengeD ChallengeD (nonce) Request AGID AGID Initialization done Encrypt ChallengeH Drive

Weakness #1: LFSR Cipher
Brainless:
240 isn’t really very big – just brute-force search through the keys

With 6 Output Bytes:
Guess the initial state of LFSR-17 (16 bits are unknown, so you get lucky with p=2-16). Clock out 4 bytes. Use those 4 bytes to determine the corresponding 4 bytes of output from LFSR-25. Use the LFSR-25 output to determine LFSR-25’s state. Clock out 2 bytes on both LFSRs. Verify these two bytes. Celebrate or guess again.
• This is a 216 attack.

Session key is encrypted Session key is encrypted ChallengeH + ChallengeH ChallengeH + ChallengeH •Encryption here is similar to data encryption, but a permutation is done before the LFSR cipher. •A different permutation box is used for each of the three keys. •The “secret key” is used for the encryption.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

47

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

48

Weakness #1: LFSR Cipher (cont)
With 5 Output Bytes:
Guess the initial state of LFSR-17 Clock out 3 bytes Determine the corresponding output bytes from LFSR-25 This reveals all but the highest-order bit of LFSR-25 Try both possibilities: Clock back 3 bytes Select the setting where bit 4 is 1 (remember this is the initial case). It is possible that both satisfy this – try both. Verify as before This is a 217 attack
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

Weakness #2: Mangled Output
With Known ciphertext and plainttext
Guess Lk4 Work backward and verify input byte This is a 28 attack. Repeat for all 5 bytes – this gives you the 5 bytes of known output for prior weakness.

49

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

50

References
Axboe, Jens, dvd-2.2.13-5 Linux patch, 1999. Fawcus, D. and Roberts, Mark, css-auth package, December, 1999. Schneider, Bruce, Applied Cryptography, 2ed, Wiley, 1996, p. 372-379. Stevenson, Frank A., “Cryptanalysis of Content Scrambling System”, 8 Nov. 1999, as updated 13 Nov. 1999. Please note:
Applying above information and software to circumvent copyright protection is illegal in Sweden (and the US) It is my understanding that the recent decisions do not incriminate presentations of CSS, such as this one, in detail and form insufficient to constitute a working implementation.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

CSS Is Not Copy Protection
CSS does not prevent bit-wise copying of a DVD at a pirate plant, or on a home computer with a DVD writer. CSS does prevent unauthorized players from playing DVD content, or ripping of DVD’s into other formats. DVD’s are regionalized. To prevent one region from viewing DVD’s for another region, CSS licensees must regionalize their players. DVD’s include commercials and other content that must be viewed before the DVD may be viewed. This is accomplished by trusting the player.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

51

52

Software Killed CSS (DeCSS)
Starting in 1997, companies were given license to make software only DVD players for personal computers. One licensee did not encrypt their player key. The developers of DeCSS, a Norwegian group called MoRE (Masters of Reverse Engineering) got a key by reverse-engineering the XingDVD player, from Xing Technologies, a subsidiary of RealNetworks. "We found that one of the companies had not encrypted their CSS decryption code, which made it very easy for us," said Jon Johansen, a founder of MoRE, in Norway. "We didn't think it would be that easy, in fact.“ All of the 400 manufacturer keys are now public.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

DVD Piracy Without DeCSS
Before CSS was reverse engineered, DVD’s were pirated using programs to capture video after it was decrypted by a software player. Since the video is viewed on the enemy’s computer, this attack can always be done. DeCSS allows a more efficient attack.

53

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

54

The DeCSS Whipping Boy
Jan Johansen of Norway was the first to publish the DeCSS algorithm publicly, but was probably not the person that reverse engineered it. The real “culprits” are likely still anonymous.

DIVX: A Failed Experiment
Shortly after DVD players were made available a new format called DIVX was announced. DIVX movies were released on DVD’s but required a special player. DIVX discs could only be purchased (~$5) and once placed in the DIVX player they could be viewed for a 48 hour period. Additional viewings could be purchased with a credit card and using the DIVX player’s integrated modem.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

55

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

56

DIVX Cont.
Many were angry that the DIVX group had announced this standard before products or content was available. Consumers feared a Beta/VHS style standards fight. DIVX players could play DVD but not the other way around. As Content slowed for DIVX and increased for DVD, and consumers failed to adopt the players. In June 1999, DIVX ceased operations and officially lost the format fight.

DIVX Security
As a technological solution to digital media, DIVX seemed like a smart solution. Despite the fact that DIVX players had modems, keys were stored on the disc like DVD. Hence, DIVX took no advantage of this network access in the security model. The network access did provide a method to pay for more viewings, and to supply the DIVX corporation with marketing information about their consumers.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

57

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

58

Remember Solution 1?

(Law)

Macrovision
To thwart analog piracy of DVD’s, DVD players incorporate a system developed by Macrovision. This system electrically determines whether a DVD is connected to a TV or VCR. When it is connected to a VCR, the video signal is modulated in which results in a serious loss of quality. This, like all systems, may be circumvented by using the certain DVD players, or certain VCRs.

In the US the publishers of the DeCSS code (which allows Windows and Linux computers to decrypt DVD’s) were sued in New York and California courts.
The DMCA (Digital Millennium Copyright Act) was being invoked to argue that the DeCSS code is illegal.

At present, in many countries breaking/bypassing the copyright protection is illegal

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

59

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

60

SDMI: Secure Digital Music Intiative
In December of 1998, as a response to the MP3 epidemic on the internet, the major content providers formed a group to develop a standard for secure digital audio. The group, which works on consensus, consists of audio equipment manufacturers and record labels. So far, it has failed to produce a standard for encrypted audio. The equipment manufacturers and the content providers have very different goals, and the standard is seen as increasingly irrelevant.

Break of SDMI Watermarking
In September of 2000, SDMI issued a challenge to see if anyone could break their watermarking. (Of course) at least one group did: Prof. Felten from Princeton’s CS department and his colleagues, found a way to remove all the watermarks. Their paper was just published (8/15/2001) at the USENIX security conference.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

61

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

62

E-book’s “Security”
Perhaps the worst example of copyright protection technology comes from e-books. In the US Dmitry Sklyarov was arrested for giving the following information at the Defcon conference.
Dmitry Sklyarov is a 26-year-old Russian citizen and Ph.D. student who studies cryptography.

Dmitry Sklyarov – the story
Dmitry Sklyarov (Дмитрий Скляров) (1974-12-18) Sklyarov was a PhD student researching cryptanalysis and an employee of the Russian software company ElcomSoft, where he created The Advanced eBook Processor software, also known as AEBPR. On July 16, 2001, after giving a presentation called "eBook's Security — Theory and Practice" at the DEF CON convention in Las Vegas, he was arrested by the FBI as he was about to return to Moscow and charged with distributing a product designed to circumvent copyright protection measures, under the terms of the Digital Millennium Copyright Act. The day after his arrest several web sites and mailing lists were started to organize protests against his arrest, many of them under the slogan "Free Dmitry" or "Free Sklyarov". On August 6, 2001, Sklyarov was released on a US$50,000 bail and was not allowed to leave Northern California. The charges against Sklyarov were later dropped in exchange for his testimony. He was allowed to return to Russia on December 13, 2001.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

63

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

64

Dmitry’s Slides

Dmitry Slides 2

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

65

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

66

Video Piracy
A movie is about 1 GB when compressed. Hard disk space to store them is available today. In 2006, 1 Terabyte disk drives will be available which will store about 1000 movies. To download a movie in real-time you need ~1 Mbps, which is available with DSL and Cable modems today. To download a movie in ~10 minutes, you need 10 Mbps, which will likely be available for the home user in the years to come.

Apple OMA
Stefan Andersson’s slides

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

67

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

68

Windows Media DRM 10

License Acquisition
Direct License Acquisition In direct license acquisition, a Web-enabled device requests a license directly from a Windows Media license server by sending a license challenge. The device presents its device certificate to the license server, which then binds the content's license to the public key in the device certificate and downloads the license to the device in a license response. The device uses its private key to decrypt the license. Indirect License Acquisition In indirect license acquisition, the portable device get a license from an application (typically a media player) on a computer that already has content licensed to that user. The license must include an AllowCopy right to allow it to be transferred to the device.

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

69

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

70

Windows Media broken (2006)
FairUse4WM is a GUI version of drmdbg that supports individualization version .3930 and some WM11 versions. Basic requirements 1. Does not work with Win98 or similar. 2. Works with both individualized content and some DRMv1 files 3. Supports WM9, WM10 and WM11beta1 and 2 The program's functioning can be verified with "Demo" DRM files from fairuse4wm.com and ezdrm.com, as well as those from other Microsoft Solution partners. This program is ONLY designed and intended to enable fair-use rights to PURCHASED media. - While I haven't been able to support license expiration/rental detection, please don't use this to abuse rental license - This code does NOT allow import of KID/SID pairs to preclude its use for piracy Note that some WM installations will have multiple ECC key-pairs, so you will likely have to "Extract Keys" using multiple licensed files. If you find a file that doesn't convert, try extracting keys wth it. Once your whole set of keys is extracted, you will no longer need to run WM per file. Finally, I'd like to thank the people who helped me test this program. Thanks for the suggestions, and yes, even the problems. With your help, I hope I am able to release a stable tool for Wm conversion.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

Windows Media broken

71

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

72

Hardware Requirements/Properties (portable devices)
Approximately 45 KB RAM for Windows Media DRM 10 for Portable Devices. Approximately 200 KB storage space for the Windows Media DRM 10 for Portable Devices binaries. If the device will support time-bound licenses, it needs a tamperproof real-time clock. Time-bound licenses have expiration dates or validity periods. A secure clock must
be set through an Internet connection, either directly or by using a computer as a proxy. As an alternative, developers may implement anti-rollback clock functionality
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

Hardware Requirements/Properties (portable devices)
Additional storage space to hold content licenses and secure store information. A license is typically 2–5 KB. For greater security, a device should be able to securely store a unique device serial number.

73

29/9/2006- B. Smeets

IT - Secure Sys & Applic - IPprot

74

Software Requirements/Properties (portable device)
The device OS must implement functions to perform the following standard file I/O calls: open file, close file, read file, write file, set file pointer, lock file, unlock file, set end of file, and get file size. If the device supports time-bound licenses, the operating system must be able to get the system time, as well as convert between file time and system time. If the device acquires licenses directly over the Internet, it must support HTTP 1.0 or later. If the device obtains licenses indirectly, by docking to a personal computer, it must support Microsoft Media Transfer Protocol (MMTP) to communicate with the computer. The device must have an XML certificate to identify itself, (MS=CA). The device must be able to parse the ASF file format. All protected files are contained by an ASF file.
29/9/2006- B. Smeets IT - Secure Sys & Applic - IPprot

75


				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:45
posted:11/3/2009
language:English
pages:19