[extropy-chat] FWD (SK) RFC: copy protection report

Eugen Leitl eugen at leitl.org
Sat Dec 3 21:58:32 UTC 2005 

On Fri, Dec 02, 2005 at 05:05:58PM -0600, Acy Stapp wrote:
> Any content protection system can be hacked if there is sufficient
> motivation to do so. That motivation can be fame, curiosity, money, or

The major difference with individually keyed DRM that the attack
is expensive (it has to be physical, always), and is not an attack against a 
device class as a whole but against the single member of a class
(the individual device, always).

If you break DVD encryption, you have broken all of them,
in eternity, amen. BluRay and similiar is almost the same, only
here you have more device classes, and revokable keys take out
an entire product line. I don't expect BluRay & Co to last.

In comparision, if you've broken one individually keyed DRM, you've broken
one invididually keyed DRM. And the next time you want to break
another instance, you have to go through the whole physical 
attack process, again. You don't get any shortcuts.

The point is that if you raise the cost of the attack sufficiently
high it is no longer worth trying. It will no longer hurt your 
sales. And this is what all the content protection folks care about.

> I'm sure there are more. Now let's approach this as a security
> problem. There are several attack vectors for this hypothetical $200K
> application.
> 3A) Hardware attack - figure out how to emulate the smartcard. This is

In Soviet Russia, the DRM runs you. (The entire system is your dongle.
The encrypted application is decrypted within the system during execution).

Your only chance is to physically extract the secret and put it into 
an emulator. That trojan can be use for purchasing protected systems
and trivially breaking them (why, you can see decrypted code execute
in the virtual jail). Individual watermarking (the blob is crypted to your
system's key already, so extra watermarking is just another pass) allows
you to trace the source of the leak, and revoke the key.

User authentication can be made mandatory to government smartcard ID
(yes, Virginia, they're coming to a country near you), so that watermark
can be tracked back to a particular warm body (a pretty unhappy warm
body, soon, even if it's an unwitting dupe). 

Notice that individual system keys and content keyeing to such, and watermarking
of said content is not yet in any use in a commercial system, to the
best of my knowledge. You can be damn certain you will see this fielded
in less than a decade, probably in half that.

> expensive, and probably not worth it unless you intend to resell the
> application on the black market. Such is the case with satellite
> decoders etc.
> 3B) Software attack - Figure out how to bypass the smart card.
> Challenge depends on the skill of the original developers and can
> range from trivial to devilish

Your app is an encrypted blob. Your only chance to bring
execution under your control is an exploit. While there are
ways to run a tight ship it's a complex, consumer application
in the first place, so you've got a food in the door there. 

Notice that if the hardware is proprietary, having the running
cleartext code does you jack, if you have to port it to an undongled
system first. It would be easier to write it from scratch.

> 3C) Human attack - con or bribe someone into procuring a smart card
> for you. Perhaps a disgruntled employee at the developers firm or at
> the firm making the smartcards. This is probalby the least expensive
> attack but has the most criminal risk.

You already own the smartcard. It's been keyed during production,
or to your national ID after the purchase.
 
> You guys are wasting your time discussing how difficult a physical
> attack is. As the most difficult and most expensive attack, it's the

I'm sorry if I'm unable to make myself clear. The individually keyed
DRM systems are deliberately designed to require physical attacks.
This is why it's so hard to clone a GSM smartcard. It's never been done
by crooks in the wild, as far as I know (which is not much). 
Cloning GMS cards is certainly an event sufficiently rare to not cut
into sales.

> last thing your attacker will try.  The fact is, your client will pay
> what he percieves is a fair and just price for the product. If he
> believes the product is only worth $50K, and he needs your product,
> and there is no competing product, then he will assess the risk and
> viability of stealing it and then spend up to $50K to do so. If he
> thinks it's worth $200K then he'll just buy it.

The whole point of DRM is not to make attacks impossible (nothing
human-made is ever impossible) but to sufficiently costly to be not
worth the effort.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20051203/dd144c63/attachment.bin>

More information about the extropy-chat mailing list