Beruflich Dokumente
Kultur Dokumente
Content
Content Copyright protection Case of CSS Case of Broadcast encryption technique in CPRM Case of HDCP Software Copyright Protection (Method 1) Software Watermarking ( ) g (Method 2) Registration Key (Method 3) Tamper-proof Hardware Token (Method 4) Obfuscation Final Remarks
Dr Lucas Hui (CYC307, 28592190 hui@cs hku hk) (CYC307 28592190, hui@cs.hku.hk)
1 2
Content IP Protection
Merchants wish: the machine will refuse presenting the content in case of access right violation Digital Content + access right (e.g. DVD region code) i d ) info
CSS Story y
CSS : Content Scrambling System
M i goal: stop piracy Main l t i Apply encryption technology Other goals: region coding, non-skippable FBI warnings, avoid second generation copying, other artificial restrictions DVD manufacturers, player manufacturers, have to sign obtain a license (to use the encryption technology)
Pledged not to produce non-complaint machine Not to reveal copy protection scheme
5
LSDVD: working on a licensed DVD player LiViD : working on creating a f ki ti free opensource version of DVD for Linux DeCSS (released on LiViD at 1999):
a software published by Jon Johansen which decrypts the CSS d t th Johansen (a 16-year old youngster in Norway), who later (2006) hacked Fairplay the Apple Fairplay, iTunes closed system not the only one being sued not the first one to publish CSS decryption tools on Web
6
Info about security on some published claimed to behave like CSS scheme is as follows. 2 kinds of keys: Player key P1, P2, , Pn (n is around 400), each brand f l b d of player h a unique k has i key Disk key D (each DVD disk has a unique key) There is a disk key data block on the DVD which contains 40-bit A 40 bit hash (H) of D (looks like not a popular hash algorithm like SHA-1 or MD5) D encrypted with P1 (denoted as EnP1(D) ) D encrypted with P2 ( EnP2(D) ) D encrypted with Pn ( EnPn(D) )
EnP99 (D)
EnD (T)
If the key length of D is small (40 bit) with H (40-bit), being known, exhaustive search on D using the verification formula is possible The decryption algorithm is badly designed, enabling a disk key to be found in 18 seconds with a Pentium III (with more elaborated cryptanalysis techniques) yp y q ) If one player key is cracked, advanced cryptanalysis is possible to crack another player key Actually, if one player key is cracked, all DVDs can be read 10
Some early potential alternatives to CSS to achieve DVD copy protection CGMS CPPM CPRM DTCP AACS
the equipment making the copy has to recognize and respect the CGMS
13
15
16
2006 2007
Key is K 2 i exposed d
2005 DVD Player 1 Old Player 2 New Player 2 ??? Player
Key 1
Key 2
Key 2
Key 2
2007 DVD
(one solution: use a key which is used in every commercial DVD reader)
Some entries can be voided (if the device key is cracked) Note: there are a lot of different device keys !!!
19
20
...
E5
Operation of CPRM p
Each device knows
The 16 device keys (one in each column) The position of that 16 device keys in the CPRM matrix
E4 E1 E3 E6 E8 E2 E7 E9
E10
...
E5
E15
HDCP Scheme(Encryption)
Transmitter (A) Public Key (40-bit KSV): Apub Receiver (B) Public Key (40-bit KSV): Bpub
Bpub
Apub
Km
HDCP Cipher Ci h
Data (Encrypted)
Km
HDCP Cipher Ci h
Data
By design: Km = Km
Data
Using HDCP Cipher, with input Km , data are encrypted & sent
I. I Authentication
Purposes
Before sending data, a transmitting device checks that th th t the receiver is authorized t receive it i i th i d to i it. Stop HDCP-encrypted content from being played on non-licensed devices devices. Prevent the HDCP content from being copied by the modified devices.
Function
Establishes shared values between the two HDCP Devices if both devices have a valid Device Key Set from the Digital Content Protection LLC.
If either device has an invalid set of secret device keys or corresponding KSV, then Km will not be equal to Km'.
II. II Encryption
Purposes
If authenticated, t e t a s tte e c ypts t e data aut e t cated, the transmitter encrypts the to prevent eavesdropping as it flows to the receiver. Defense against man-in-the-middle attacks.
The cipher initialization values for this calculation are Km (or Km'), ), and the 65-bit concatenation of REPEATER with An. The session key Ks is a 56-bit secret key for the HDCP Cipher. M0 is a 64-bit secret value used in the second part of the 64 bit authentication protocol (for repeater), and as a supplemental HDCP Cipher initialization value. R0' is a 16-bit response value that the video receiver returns to the HDCP Transmitter to provide an indication as to the success of the authentication exchange.
Function
Each pixel is encrypted by applying an XOR operation with a 24-bit number produced by a generator. The HDCP specifications ensure t Th ifi ti constant updating of keys after each encoded frame. frame
If authentication was successful, then R0' will be equal to R0. If authentication was unsuccessful, th R0 and R0''will, i most th ti ti f l then d ill in t cases, differ.
The flaw
HDCP uses a linear system for generating the shared secret. ApubBpri=Km=Km=BpubApri The flaw is that any device whose public key is a linear combination of public keys of other devices will, when assigned a p private key that's a similar linear y combination of the other devices private keys, successfully authenticate.
Idea to break
If we know:
Bpub & Bprii and Cpub &Cprii are legal device, device b b
Break
Assume:
We have the public and private keys from 40 devices B(i). We have enough p g private keys Bpri(i), whose public keys y ( ), p y span M (Z/256Z)40, the module generated by all public keys assigned by the central authority. All of these devices will successfully authenticate with A.
then
(Bpub + Cpub ) & (Bpri + Cpri ) are also valid k l lid keys
Proof: For any other valid device A, we have ApubBpri = BpubApri ApubCpri = CpubApri p p p p Therefore Apub(Bpri + Cpri ) = (Bpub + Cpub )Apri We can generate many other legal keys When we have 40 independent valid key pairs, we can generate ALL valid keys in the scheme!!!
As the subspace is 40 dimensional, a set of at most 40 keys will be enough. C Consider any d i C with Cpub M whose public k id device ith M, h bli key and private key are any non-zero linear combination of B(i)'s public and p () p private keys. y
Cpub = 40i=1(aiBpub(i)) Cpri = 40i=1(aiBpri(i))
Authenticate
Let A and C authenticate
Decryption
Thus, for any device C with Cpub M, we can decrypt any stream in O(402) work by rewriting Cpub as a linear combination of Bpub(i) (i).
WeknowKshared(i)=Kshared(i) foralli becauseby assumption,B(i) ssuccessfullyauthenticatewithA. assumption B(i)'s successfully authenticate with A Therefore,Kshared =Kshared andthisauthentication succeeds.
Some of the 376 lines of HDCP master key code posted anonymously to the Internet.
References
HDCP, LLC., High-bandwidth Digital Content Protection (HDCP) System Revision 1.4, July 8, 2009 S Crosby, etc A Cryptanalysis of the High Bandwidth S. Crosby etc. A High-Bandwidth Digital Content Protection System, Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management, DRM '01 pp: 192 200 Management 01, 192-200, 2001. Wikipedia, http://en.wikipedia.org/wiki/Highbandwidth_Digital_Content_Protection
Discussion Question
Are those content protection solutions useful for a company to protect the inhouse digital assets? Company product design diagrams Web documents etc
54
Software IP Protection
Merchants wish: the software will refuse to run when detecting access right violation
Customers C t machine
Use legal framework to protect: E R i t ti of software, serial nos., etc E.g Registration f ft i l t Sending of user information from execution platform (may or may not be legal) This is just a monitoring process. It has to combine with some other techniques
55 56
Framework
A malicious software code running on a normal host <Hacking>
The host has to perform monitoring, intrusion detection, and other security measures t d t ti d th it to minimize the damage by the malicious code
Dynamic watermarking y g
Relatively new, not very common The watermark only appear after the program is executed (e.g. appear in the execution trace log)
Mainly to scare off piracy intention of the users Aims: fast, high data rate, hard to detect (normal steganography properties)
58
The software will perform checking of this key (at the first ti fi t time to use the software, at start time of every use, t th ft t t t ti f or continuously) Cannot avoid the problem of a user releasing the registration key to others In some cases the tool to generate the key from cases, the serial number are known to hackers, and the hackers can generate as many as as they like g y y
60
59
Mainly used to defense tampering Also used to defense dynamic analysis (analysis about the execution) of the program for reverse engineering purposes
62
61
Token authentication
Code listing of s/w
Attack illustration
Machine instruction:
65
Call hardware authentication test If (result is ok) goto code_execute Quit the program /* due to fail in h/w authentication */ p g No-op (no operation) If (1 == 1) goto code_execute t d t
66
Change to:
Antidebugging gg g
The software search for the execution environment, if signature of some debugger or monitoring tools debugger monitoring tools exist, the software will kill itself Similar to the concept that the software is a hacking tool, and search for the signature of certain processes (e.g. check for active API calls/memory locations) [So this is hacking!!] If the software reports this situation by sending Internet messages, it is more lik stealing th i f i like t li the information f ti from the execution environment!!! [may not be legal in some cases] Another similar setting: the s/w tries to test whether it is running on a virtual machine simulator virtual simulator
68
Attack (more complicate) : replacing the encrypted codes with the decrypted codes.
This needs the decrypted codes to be discovered by tedious monitoring of the software execution
Obfuscation (2) ( )
Normal Practice Develop the software with normal Software Engineering practice (produce easily readable code) Use Obfuscation tools to modify different part of code systematically Example tool: SandMark (a long list of software Ob uscat o tools Obfuscation too s & watermarking too s) ate a g tools)
(www.cs.arizona.edu/sandmark/)
70
Obfuscation Illustration
Original code
Obfuscated code
Source: Fig. 4 in Watermarking, Tamper-Proofing, and Obfuscation Tools for Software Protection, Collberg & g Thomborson, IEEE Transactions on Software Engineering, 28(8), p.735-746, August 2002
72
Software birthmarks
A software birthmark is a unique characteristic of a program that can be used to identify the program A relatively new th ft detection approach l ti l theft d t ti h
Dynamic birthmarks
Still in research Existing approahes Mainly based on sequence of API calls i.e. try to match the API calls of two programs, to see h how similar th are i il they Research in CISC, Dept of CS, HKU S Study the objects in the dynamic heap i.e. try to match the objects created by two programs, t see how similar th are to h i il they Lets see the concrete results some time later
76
References
Disappearing Cryptography Information Hiding: Steganography & g y y g Watermarking, 2nd Edition, by P. Wayner, Morgan Kaufmann Publisher, 2002. To DVD or Not to DVD, by B. Simons, Communications of the ACM 42(5), p.31-32, May 1999 Broadcast Encryptions Bright Future, by Lotspiech, Nusser, & Pestoni, IEEE Computer, p.57-63, August 2002 Protecting Cryptographic Keys: The Trace and Revoke Approach, by Dalit Naor and Moni Naor IEEE Comp ter (J l 2003) 47 53 Naor, Computer (July 2003): 47-53 A set theoretic approach to broadcast encryption, by Thomas Martin, Technical Report RHULMA20055, Royal Holloway, University of London, London April 2005 (http://www rhul ac uk/mathematics/techreports) 2005. (http://www.rhul.ac.uk/mathematics/techreports) DVD Copy Protection: Take 2, by Tekla S. Perry, IEEE Spectrum, p. 38-39, Jan 2005. Watermarking, Tamper-Proofing, Watermarking Tamper-Proofing and Obfuscation Tools for Software Protection, by Collberg & Thomborson, IEEE Transactions on Software Engineering, 28(8), p.735-746, August 2002
77