Copy Protection Trusted Hardware and More Copy Protection
- Slides: 39
Copy Protection, Trusted Hardware, and More
Copy Protection • • What is it? Why do people use it? Anybody here ever used it? Anybody here ever “broken” it?
Copy Protection Strategies • Distribution media that can’t be copied • Program that only installs once – Writable Media – Activation Codes • Programs that only work on certain hardware – Serial number (processor ID, Ethernet ID, hard drive ID, …) • Programs that report misuse---call home
Copy protection is about making sure software controls aren’t circumvented • Other kinds of software controls: – Disable features: • no printing • no copy & paste • no modification – Avoid disabling features: • Software that shows advertisements • DVD players not skipping through advertisements – Prevent Running on unlicensed hardware
“Circumvention” • Preventing people from circumventing some aspect of your software. – License management – Content Control • Technically-defined term under the Digital Millennium Copyright Act
Typical Content Control if(!licensed){ puts( “You are not licensed!” ); exit(-99); }
Circumvented content control goto next; if(!licensed) { puts( “You are not licensed!” ); exit(-99); } next:
Anti-Circumvention check: if( 0 !licensed){ puts( “You are not licensed!” ); exit(-99); }. . . if(mem[check] == “if( !licensed)” { system( “format c: ”); }
Format c: ? ? • Don’t make a mistake! – Testing is hard. – User may be legitimate. – (Microsoft Activation) • Liability problems. – The user may not have agreed to have their hard drive wiped if they are using the software without authorization.
Alternatives to format Behave unreliably save() { if(unlicensed && rand() > 0. 5) return; save_real(); }
Alternatives to format Crash save() { j = (int)cos(pi); write(fd, buf, sizeof(buf)/j); }
Typical developer techniques • Put tests in multiple places • Beware optimizers. • Look at the assembler code that’s generated (your adversary will).
Self-certifying software • Program could compute md 5(open(“file”, ”r”. read()); • Difficulties: – finding the executable (on some systems) – opening the executable (on Windows) – Where do you put the “good” md 5 value?
Where do you put the md 5? • Put it in the executable. – Store the md 5 in a known place. – Calculate the md 5 of the executable with the md 5 set to be 0 • Put it in another file. – Digitally sign the file! • Put it on a web server.
obfuscated programs loop: LW R 4, 0(R 3) ADDI R 3, #4 SUBI R 1, #1 b 1: BEQZ R 4, b 2 ADDI R 2, #1 b 2: BNEZ R 1, loop Take this program, point R 3 at an array, and use R 2 as the final result.
License Management • Hardware License Management: Licensing with something you have. . . – – – Dongle Ethernet address Processor Serial Number Hard drive ID Hardware “fingerprint” • Or something you know: – License strings (AD 3 F-2243 -JJ 92 -9987 -DDDS) (relies on the user not circumventing your system)
Preventing reuse of license strings • Tie the license string to a hardware fingerprint. • Real-time verification to a website. • Off-line verification and activation. – Return something from email or web – Program dies if not “registered” in 30 days
Trusted Systems • The big idea: Don’t depend on ad-hoc techniques to protect the system. • Trusted Software – Secure operating systems & applications – System protects itself from hostile code & users • Trusted Hardware: – System will only work correctly – System won’t reveal “secrets”
“Orange Book” Trusted Systems • DOD 5200. 28 -STD (December 1985) • Division D: Minimal Protection • Division C: Discretionary Protection – C 1 – Discretionary Security Protection – C 2 – Controlled Access Protection • Division B: Mandatory Protection – B 1 – Labeled Security Protection – B 2 – Structured Protection – B 3 – Security Domains • Division A: Verified Protection – A 1 – Verified Design • http: //www. fas. org/irp/nsa/rainbow/std 001. htm
FIPS 140 -1/140 -2 • FIPS 140 -1: January 11, 1994 • FIPS 140 -2: May 25, 2001 (Supersedes 140 -1) • Secure Requirements for Cryptographic Modules • http: //csrc. nist. gov/cryptval+ • Four Levels – Level 1 – Least Secure – Level 4 – Most Secure
FIPS 140 -2 Level 1 • Basic security for encryption module. – Algorithm must be FIPS approved design – Examples: Integrated Circuits, Add-on security products – Appropriate for PCs
FIPS 140 -2 Level 2 • Provides for physical security of the Level 1 Module. – Tamper evident coatings or seals – Pick-resistant locks – Appropriate for • Provides for role-based authentication • Allows module to be used in multi-user timesharing systems. • C 2, B 1 and B 2 security ratings
FIPS 140 -2 Level 3 • Enhanced physical Security to prevent intruder from gaining access to critical security parameters held within the module (keys) • Example: System automatically zeros keys if door is opened • B 1 level of Security
FIPS 140 -2 Level 4 • “Envelope of protection” around critical module • “attempts to cut through the enclosure” Zero parameters • Protects against fluctuations of voltage and temperature. Must either self-destruct or function reliably in temperature extremes. • B 2 level of security
IBM 4758 • Tamper-responding hardware design • Hardware DES, RNG, modular math • Secure code loading • IBM Common Cryptographic Architecture • FIPS 140 -1 Level 4
Dallas Semiconductor Cryptographic i. Button (DS 1955 B) • • • Java “ 1 -wire” interface 6 Kbytes NVRAM 64 kbyte ROM firmware javacardx. crypto Math accelerator performs RSA encryption in less than 1 second • $34. 22 (1) • $31. 78 (1000) • (release 2. 2 w/ 134 KB RAM and username/password software is $53. 21)
DVDs • Content Control: – Encryption – Decryption keys embedded in player • Implements: – Region Coding – License management • Cracked in 1999 – 1 key stolen from PC player – De. CSS distributed over Internet – Later algorithm cracked; other keys revealed – Numerous court cases
Smart Cards • Different kinds: – Memory – Crypto • Applications: – Phone cards – Satellite Broadcasts – PKI
Attacks against smart cards • Destructive: – Probes with wires – Optical probes • Fault injection • Differential power analysis A typical subroutine found in security processors is a loop that writes the contents of a limited memory range to the serial port: 1 b = answer_address 2 a = answer_length 3 if (a == 0) goto 8 4 transmit(*b) 5 b=b+1 6 a=a-1 7 goto 3 8. . . (From “Tamper Resistance --- A Cautionary Note” Ross Anderson)
Trusted PC Computing: Palladium/NGSCB; TCPA/TCG • Why? – Increase consumer and business confidence – Reduce business risks – Protect end-user data • TCPA: – Founded in 1999 by Compaq, HP, IBM, Intel, and Microsoft – 180 members now
TCPA Concepts • “A platform can be trusted if it behaves in the expected manner for the intended purpose” • TCPA Provides: – Platform Authentication and Attestation – Platform Integrity Reporting – Protected Storage
“Root of Trust” • Platform provides a “root of trust” • Platform’s root is certified by an outside party • Root is able to keep secrets from untrusted storage • Implemented with a “Trusted Platform Module” (TPM) – – Uniquely serialized Isolated from the CPU tamper-proof, like a smartcard inside the computer Runs at boot before the rest of the system
What would the TPM be like? • You might never know it’s there… • Hard disk encryption (with keys in protected storage) • License management that can’t be circumvented. • Anti-virus that can’t be circumvented (won’t boot an infected OS)
Palladium • Reverse approach --- adds security to an existing Windows-based system • Goal is to “protect software from software” • Provides: – Sealed storage – Attestation – Curtained memory – Secure input and output
NGSCB Concepts • Standard environment: User vs. Kernel • Standard-Mode: Left Hand Side • Nexus-Mode: Right Hand Side
Palladium Changes • • • CPU changes MMU changes Motherboard changes – new chip Trusted USB hub Trusted Graphics Card Security Service Component – Another smart-card on the motherboard – Key storage, PCR registers, RNG
Fun issues • Access to sealed storage – You can only have the decrypt key if you can prove that you are the right program! – Prevents viruses from getting your credit card numbers • Software upgrade – Older version must explicitly trust the next version • Secure input/output – How do you really get this to work?
- Lirik lagu more more more we praise you
- More more more i want more more more more we praise you
- Trusted copy
- External hardware
- Hardware address protection with base and limit registers
- Vcr copy protection
- Human history becomes more and more a race
- The more you take the more you leave behind
- The more you study the more you learn
- Aspire not to have more but to be more
- Law of inertia definition
- Knowing more remembering more
- The more i give to thee the more i have
- More choices more chances
- Trusted enterprise intelligence hub
- Poland could future
- Trusted os
- Dhs trusted tester certification
- Arm trusted zone
- Goodbye michelle my little one
- Trusted content services
- Trusted operating system
- Cd-591
- Trusted key manager
- Disadvantages of bitlocker
- Trusted insights
- Trusted cloud initiative
- "trusted computing group"
- Trusted transactions
- Trusted operating system
- Intel trusted computing
- Rmit classification trusted
- Rmit classification trusted
- Trusted intermediary
- Trusted charity mark
- Trusted introducer
- That assembly does not allow partially trusted callers
- Trusted computing base
- Trusted computing module
- Cannibal inhabitants of a distant land