[extropy-chat] FWD (SK) RFC: copy protection report

[Acy Stapp]

Any content protection system can be hacked if there is sufficient
motivation to do so. That motivation can be fame, curiosity, money, or
any other human motivator.

If a product costs $200K then the purchaser has several options:
1) Pony up the cash and be done with it
2) Borrow usage from a legitimate licensee
3) Try to get the product at a lower price, perhaps on a service
instead of purchase basis
4) Find and pay an attacker to break the security of the system

I'm sure there are more. Now let's approach this as a security
problem. There are several attack vectors for this hypothetical $200K
application.
3A) Hardware attack - figure out how to emulate the smartcard. This is
expensive, and probably not worth it unless you intend to resell the
application on the black market. Such is the case with satellite
decoders etc.
3B) Software attack - Figure out how to bypass the smart card.
Challenge depends on the skill of the original developers and can
range from trivial to devilish
3C) Human attack - con or bribe someone into procuring a smart card
for you. Perhaps a disgruntled employee at the developers firm or at
the firm making the smartcards. This is probalby the least expensive
attack but has the most criminal risk.

You guys are wasting your time discussing how difficult a physical
attack is. As the most difficult and most expensive attack, it's the
last thing your attacker will try.  The fact is, your client will pay
what he percieves is a fair and just price for the product. If he
believes the product is only worth $50K, and he needs your product,
and there is no competing product, then he will assess the risk and
viability of stealing it and then spend up to $50K to do so. If he
thinks it's worth $200K then he'll just buy it.

Acy
--
The power of accurate observation is commonly called cynicism by those
who have not got it.

George Bernard Shaw