Yet another attack against Windows Media DRM
Message # 1
Date: Sat, 26 Aug 2006
To: practicalsecurity at hbarel.com
From: Hagai Bar-El
Subject: [PracticalSecurity] Yet another attack against Windows Media DRM
List,
This was just published yesterday:
http://www.engadget.com/2006/08/25/fairuse4wm-strips-windows-media-drm/
Actually, I am not even sure why I am sending this out. After all, this should not come by a surprise to anyone.
A DRM system that relies on obscurity of code and on software-based key hiding on an open platform can never be truly resistant to attacks.
Okay, I shall not say "never" because there is no proof for that.
However, history shows that such software-based protection has never been done properly before; not just in the context of DRM but also in the context of a close cousin --- software piracy prevention.
Even with software systems, it will always be orders of magnitude more difficult to rip off content that was never legally obtained by the circumvented device, but the problem is bad enough even without this capability.
Hagai.
Message # 2
Date: Sun, 27 Aug 2006
From: "Jeff K"
To: "Hagai Bar-El"
Cc: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hagai, List,
Is it *impossible* to hide a secret key in program code? Many apps rely on this. :(
/JK
On 8/26/06, Hagai Bar-El
List,
This was just published yesterday:
http://www.engadget.com/2006/08/25/fairuse4wm-strips-windows-media-drm/
Actually, I am not even sure why I am sending this out. After all,
this should not come by a surprise to anyone.
A DRM system that relies on obscurity of code and on software-based
key hiding on an open platform can never be truly resistant to attacks.
Okay, I shall not say "never" because there is no proof for that.
However, history shows that such software-based protection has never
(snip)
Message # 3
Date: Sun, 27 Aug 2006
From: Ian G
To: Jeff K
Cc: practicalsecurity at hbarel.com, Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Jeff K wrote:
Hagai, List,It is possible to hide a secret key in code.
Is it *impossible* to hide a secret key in program code?
But if the code needs the secret key, then it is possible for any attacker to single step the program and extract the secret key.
Many apps rely on this. :(Well, as long as they don't expect the key to be secret in 100% of circumstances that is fine, no?
On 8/26/06, Hagai Bar-ElNope.wrote:
List,
This was just published yesterday:
http://www.engadget.com/2006/08/25/fairuse4wm-strips-windows-media-drm/
Actually, I am not even sure why I am sending this out. After all,
this should not come by a surprise to anyone.
Exactly.A DRM system that relies on obscurity of code and on software-based
key hiding on an open platform can never be truly resistant to attacks.
Well, as long as the CPU runs the software, and the owner of the machine controls the CPU, and the software has to extract the secret key, then I'd say that is proof enough?Okay, I shall not say "never" because there is no proof for that.
However, history shows that such software-based protection has never
been done properly before; not just in the context of DRM but also in
the context of a close cousin --- software piracy prevention.
It all depends on what you are trying to achieve. If you are trying to achieve "never cracked" then that's impossible. Futile even.Even with software systems, it will always be orders of magnitude
more difficult to rip off content that was never legally obtained by
the circumvented device, but the problem is bad enough even without
this capability.
However, if you are trying to do business, then it is ok to have some exceptions.
The essence of the business model is to create a barrier that is sufficient to create the revenue stream. If you think of a song track, all we have to do is to raise the barrier to the next alternative price plus some delta, and people will buy instead. So assume that the cost of a track is 99cents. Therefore the barrier should be $1 per track.
The circumvention software creates cost X in the usage.
The legal risk creates cost Y. The hassle factor of dealing with downloads creates cost Z.
If X + Y + Z are greater than $1 for a significant group of people, you will generate a revenue stream.
iang
Message # 4
Date: Mon, 28 Aug 2006
From: Dave Howe
To: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Jeff K wrote:
Hagai, List,In general terms, yes.
Is it *impossible* to hide a secret key in program code? Many apps
rely on this. :(
However, with "trusted computing" you can force the machine to hide the keys from the user, even if the user owns the machine.... I suspect that if/when those chips become common, emulation layers to hide the existence of the "trusted" keystore from windows will become very valuable..
Message # 5
Date: Tue, 29 Aug 2006
To: Ian G
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hi Ian,
At 27/08/06 13:33, Ian G wrote:
It is a rational proof, but what it proves is that the software code cannot be hidden. It does not prove anything about the ability to use this information (all instructions going through the processor) to recover the key. It is easy to write code that will make it fairly hard to trace the key generation process, although this will always be possible in theory (and in all cases we've seen so far -- is eventually done in practice). There is no proof that there is no way to make this reverse-engineering process _practically_ too complex to carry out, especially when the code makes use of functions running on external components.Well, as long as the CPU runs the software, and theOkay, I shall not say "never" because there is no proof for that.
However, history shows that such software-based protection has never
been done properly before; not just in the context of DRM but also in
the context of a close cousin --- software piracy prevention.
owner of the machine controls the CPU, and the software
has to extract the secret key, then I'd say that is
proof enough?
Software can be made very complex when this is its purpose (and also when this is not), and reverse-engineering, such as reverse-compilation, is always more complex than coding.
History shows that hiding keys in code never succeeded in the long-run, and it can be proven that _complete_ obfuscation cannot occur, but nothing proves that obfuscation is not possible to the _practical_ extent.
I think we're mixing two types of compromise here, but one leads to the other. I will elaborate:It all depends on what you are trying to achieve. IfEven with software systems, it will always be orders of magnitude
more difficult to rip off content that was never legally obtained by
the circumvented device, but the problem is bad enough even without
this capability.
you are trying to achieve "never cracked" then that's
impossible. Futile even.
However, if you are trying to do business, then it is
ok to have some exceptions.
The essence of the business model is to create a barrier
that is sufficient to create the revenue stream. If you
think of a song track, all we have to do is to raise the
barrier to the next alternative price plus some delta,
and people will buy instead. So assume that the cost of
(snip)
The attack in question is one that allows the ripping of content that was purchased, not of any content, so the $1 model does not apply.
The opponent in our case has to pay this $1 anyway and the circumvention utility will only let him obtain an unrestricted copy in return for this $1.
However, I still do not feel comfortable with the applicability of your model to some attacks on DRM, although I agree with the statement in general.
Indeed, if the attack costs more than the price of the content (or equals) then no circumvention is worth it. However, a circumvention activity that results in unprotected content (such as this one) adds another factor which is the fact that the cost of circumvention is not paid by most consumers.
When one guy uses the circumvention device, paying X+Y+Z for whatever reason, he spills a free piece of content that is circulated by the same means used to circulate pirated content today. So, after COST>$1 is paid _once_, by someone with any motive beyond personal consumption (such as someone who wants to give the title to all his friends and family, or just to enjoy it on a non-supported platform), the content is available on the same infrastructure for file sharing today.
Of course, getting a file over a P2P network has its own X+Y+Z cost, but apparently today this cost is less than the spoken $1; otherwise DRM would not have been necessary in the first place...
Hagai.
Message # 6
Date: Thu, 31 Aug 2006
From: Dave Howe
To: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hagai Bar-El wrote:
It is a rational proof, but what it proves is that the software codeThere is only one circumstance where it is *not* possible to recover the key, and that is when you do not have full control over the machine running the software; under the Trusted Computing platform, it would be trivial to ask the protected ring0 code to authenticate and decode certain portions of a stream, in realtime, without revealing to the program requesting it how or with what key the process took place; similarly, if you sent the stream to a tamperproof external entity - a device/dongle or internet site - and got decoded data back, you could not determine the key from the input and output streams (unless the encryption was vulnerable to a known-plaintext attack of course)
cannot be hidden. It does not prove anything about the ability to use
this information (all instructions going through the processor) to
recover the key. It is easy to write code that will make it fairly
hard to trace the key generation process, although this will always
be possible in theory (and in all cases we've seen so far -- is
eventually done in practice). There is no proof that there is no way
(snip)
If a program itself has the key, however briefly, than a skilled programmer can tap into the code in multiple places and extract the key; experience has shown that for every day a skilled programmer spends obscuring the decryption and authentication process, it delays the time taken by a cracker to analyse and bypass the protection by about one hour..... and there is a finite limit to how much work the processor can do during the load process before the owner gets tired of waiting for the program to run and returns it to the source as "broken". I leave aside debugging execution environments which can allow you to single-step the processor if required
Software can be made very complex when this is its purpose (and alsopurchase key systems for protecting games, business packages and so forth rely on people being insufficiently skilled and sufficiently honest; however, it is common for "nocd" patches to be installed and used by bona fide purchasers of the software simply to avoid tying up a cd drive and causing wear and tear to their valuable media (and the drive, of course)
when this is not), and reverse-engineering, such as
reverse-compilation, is always more complex than coding.
At one point, dongles for software were common; their use was discontinued due to the USG directing that no such software would be purchased in future, but until then a dongle chain of ten or more devices (which may or may not conflict) being propped up behind a designer's pc on books to prevent the printer port being pulled loose from the system board was not rare, and getting them all to work without pulling them apart and putting them back in a different order was an art rather than a science.
History shows that hiding keys in code never succeeded in theThe finite limit is system resources. if a processor could execute an infinite (or effectively so) number of processes in a practical time, and there was infinite storage available to hold this massively obscured code, then maybe...
long-run, and it can be proven that _complete_ obfuscation cannot
occur, but nothing proves that obfuscation is not possible to the
_practical_ extent.
anyhow, my time is finite this morning too, so I will finish this reply when I return :)
Message # 7
Date: Thu, 31 Aug 2006
From: Ian G
To: Hagai Bar-El
Cc: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hagai Bar-El wrote:
...There is no proof that there is no way to make thisHagai, "proof" and "practically" don't go well together in the same sentence! "Practically" is an economic question.
reverse-engineering process _practically_ too complex to carry out,
especially when the code makes use of functions running on external
components.
Software can be made very complex when this is its purpose (and alsoHistory shows that obfuscation can create a barrier.
when this is not), and reverse-engineering, such as reverse-compilation,
is always more complex than coding.
History shows that hiding keys in code never succeeded in the long-run,
and it can be proven that _complete_ obfuscation cannot occur, but
nothing proves that obfuscation is not possible to the _practical_ extent.
It is up to the details as to whether it is enough of a barrier. Using obfuscation *alone* doesn't seem to work. Using obfuscation along with legal and contract provisions, and selling to a business community might work.
(But, I think we are agreeing?!)
I think we're mixing two types of compromise here, but one leads to theRight, there was a serious degree of handwaving. I did not catalogue the costs of different parties, and I didn't do any NPV or risk calculations...
other. I will elaborate:
However, I still do not feel comfortable with the applicability of yourIt's probably best to assume that the content is available for $0 somewhere. We can after all buy a CD and rip that. The question then becomes, what is the cost for the ordinary user to get the content?
model to some attacks on DRM, although I agree with the statement in
general.
Indeed, if the attack costs more than the price of the content (or
equals) then no circumvention is worth it. However, a circumvention
activity that results in unprotected content (such as this one) adds
another factor which is the fact that the cost of circumvention is not
paid by most consumers.
That's what iPod succeeded in doing -- lowering that cost, while keeping the cost of the $0 rip at some cost above what was delivered to iPod customers.
It, famously, works for Apple's iPod, creating significant revenue streams. The goal is *not* 100% protection, but a revenue stream.
Of course, getting a file over a P2P network has its own X+Y+Z cost, butThat's more the cost that drives the business -- the cost to get a $0 file to a user.
apparently today this cost is less than the spoken $1; otherwise DRM
would not have been necessary in the first place...
iang
PS: yesterday's news moves us along some:
Financial Cryptography Update: Universal Music throws in the towel, price of music drops to $0.00 >
August 30, 2006 >
Universal Music has announced it is moving its catalogue to a "free > with adverts" model.
Message # 8
Date: Thu, 31 Aug 2006
From: Ian G
To: Dave Howe
Cc: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Dave Howe wrote:
... experience hasNice metric! Is there a reference or research or quote on that?
shown that for every day a skilled programmer spends obscuring the decryption
and authentication process, it delays the time taken by a cracker to analyse and
bypass the protection by about one hour.....
At one point, dongles for software were common; their use was discontinued dueYowsa! I didn't know that. What was their reason?
to the USG directing that no such software would be purchased in future, but
until then a dongle chain of ten or more devices (which may or may not conflict)LOL... so the DRM system called the dongle *raised* the costs of the software for both bone fide users as well as for others.
being propped up behind a designer's pc on books to prevent the printer port
being pulled loose from the system board was not rare, and getting them all to
work without pulling them apart and putting them back in a different order was
an art rather than a science.
Has to be taken into account.
iang
Message # 9
Date: Thu, 31 Aug 2006
From: Dave Howe
To: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
to continue....
Hagai Bar-El wrote:
Indeed. where the good protected is worth less than the cost of bypassing the protection, the protection is "good enough".The essence of the business model is to create a barrier
that is sufficient to create the revenue stream. If you
think of a song track, all we have to do is to raise the
barrier to the next alternative price plus some delta,
and people will buy instead. So assume that the cost of
a track is 99cents. Therefore the barrier should be $1
per track.
However, it is seldom true that it is worthwhile to come up with a new and novel form of protection for each and every media item - and also somehow distribute the unique protection method with the media item so that they are inseparable; in practice, a scheme is used until the availability of "cracking" or "unlocking" tools makes the perceived loss of revenue greater than the cost of changing the system.
Most schemes are meant to keep honest people honest - unfortunately, often deployed systems are so inconvenient they are bypassed even by honest people simply to recover previous functionality (a nocd patchout restores the ability to install software to your HD without having to run your original CD constantly in order to use it; there are speed, load, endurance and financial reasons why an honest person would use such a thing - so in this case, its making honest people dishonest, in order to protect a revenue stream that would probably have gone unchallenged anyhow - I buy every commercial software product I use; I would still have done so even if copying the software was as easy as putting the original in one drive and a blank cd in the other (which in some cases it is)If X + Y + Z are greater than $1 for a significant group
of people, you will generate a revenue stream.
The attack in question is one that allows the ripping of content thatOf course, in a lot of cases the functionality being "restored" is legally protected (at least in the US) under "fair use". however, the removal of the DRM is itself a crime, even if the intended uses are not (thankyou, DMCA)
was purchased, not of any content, so the $1 model does not apply.
The opponent in our case has to pay this $1 anyway and the
circumvention utility will only let him obtain an unrestricted copy
in return for this $1.
Indeed, if the attack costs more than the price of the content (orAn attack could add value above and beyond the purchase price of the content - adding convenience value, for instance. a song that can only be played on one machine is less convenient than one you can load into your mp3 player or burn onto a CD for use in your car.
equals) then no circumvention is worth it.
When one guy uses the circumvention device, paying X+Y+Z for whateverOr just retains for his own, unrestricted use. opening the copyright infringement can of worms isn't required - there is substantial non-infringing use that DRM prevents.
reason, he spills a free piece of content that is circulated by the
same means used to circulate pirated content today.
Message # 10
Date: Thu, 31 Aug 2006
From: Dave Howe
To: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Ian G wrote:
Dave Howe wrote:There is/was - it related to the pc videogame "cracker" underground in the 90's; I saw it in print rather than online though, so don't know if there is an online reference - I will google later.
... experience has shown that for every day a skilled programmer spendsNice metric! Is there a reference or research or quote on that?
obscuring the decryption and authentication process, it delays the time
taken by a cracker to analyse and bypass the protection by about one
hour.....
IIRC, that the USG (or more specifically, those branches of it relating to defence) could find themselves without vital software because a keydisk, dongle or similar was unavailable, even though a proper backup regime had been followed.At one point, dongles for software were common; their use was discontinuedYowsa! I didn't know that. What was their reason?
due to the USG directing that no such software would be purchased in
future, but
Lotus and their keydisk/token scheme were one of the early victims of this policy - although most people here probably aren't old enough to know what I am talking about :)
Yes. most of these systems used the printer port, and were of course tested in isolation (without all the dongles of competitor's software installed) and only rarely with more than one brand of printer for the though-connect.until then a dongle chain of ten or more devices (which may or may notLOL... so the DRM system called the dongle *raised* the costs of the software
conflict) being propped up behind a designer's pc on books to prevent the
printer port being pulled loose from the system board was not rare, and
getting them all to work without pulling them apart and putting them back
in a different order was an art rather than a science.
for both bone fide users as well as for others. Has to be taken into account.
From a support POV it could be a nightmare - not to mention $6K of software refusing to run due to insufficient Art in the arrangement of dongles, or (shudder) actual physical damage to the printer port rendering the whole chain unusable.
Message # 11
Date: Fri, 01 Sep 2006
To: Ian G
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hi,
At 31/08/06 12:57, Ian G wrote:
Hagai Bar-El wrote:
> ...There is no proof that there is no way to make this
> reverse-engineering process _practically_ too complex to carry out,
> especially when the code makes use of functions running on external
> components.
Hagai, "proof" and "practically" don't go well together in
the same sentence! "Practically" is an economic question.
Why not? As long as practicality can be quantified, a proof can be formed based on this quantification. You do not prove impossibility, in this case, but that succeeding is at least as hard as doing X, where X is your impracticality threshold.
Whereas there is a proof that hiding code in software ultimately is impossible, there is no proof that hiding cannot be done in a way that will require at least X amount of effort.
> Software can be made very complex when this is its purpose (and also
> when this is not), and reverse-engineering, such as reverse-compilation,
> is always more complex than coding.
>
> History shows that hiding keys in code never succeeded in the long-run,
> and it can be proven that _complete_ obfuscation cannot occur, but
> nothing proves that obfuscation is not possible to the _practical_ extent.
History shows that obfuscation can create a barrier.
It is up to the details as to whether it is enough of
a barrier. Using obfuscation *alone* doesn't seem to
work. Using obfuscation along with legal and contract
provisions, and selling to a business community might
work.
(But, I think we are agreeing?!)
We are...
> However, I still do not feel comfortable with the applicability of your
> model to some attacks on DRM, although I agree with the statement in
> general.
>
> Indeed, if the attack costs more than the price of the content (or
> equals) then no circumvention is worth it. However, a circumvention
> activity that results in unprotected content (such as this one) adds
> another factor which is the fact that the cost of circumvention is not
> paid by most consumers.
It's probably best to assume that the content is
available for $0 somewhere. We can after all buy a
CD and rip that. The question then becomes, what is
the cost for the ordinary user to get the content?
Okay, we're making some progress. ;)
In the typical DRM world - you will not be able to rip a song off a CD. The DRM proponents do not admit that the content will be available for $0 somewhere, as naive as it may be to believe so.
If you assume that the content is available for $0 somewhere even after we have DRM in place then what you're actually saying is that DRM made no difference. The situation today is that the "bad guys" have built an effective network that makes "available for $0 somewhere" = "available for 0$ everywhere" for some cost of download + searching + handling fakes, etc. per title per location. This infrastructure was achieved and is here to stay.
So, if the content is "available for $0 somewhere" then we're back in square 1.
You may say that content duplication costs (download + searching + handling fakes, etc.), and this is true, but apparently today this cost is bearable and is lower than the cost of the title, otherwise we do not need DRM at all!
That's what iPod succeeded in doing -- lowering that
cost, while keeping the cost of the $0 rip at some
cost above what was delivered to iPod customers.
It, famously, works for Apple's iPod, creating
significant revenue streams. The goal is *not* 100%
protection, but a revenue stream.
iPod sells convenience.
ow much money are they making in comparison to the size of the industry? They have their loyal customers, but most people just get pirated stolen copies of their MP3's over the P2P networks and upload them on their cheap MP3 players...
iPod sells to people who are willing to pay for extra convenience. I may be one, but they are not the majority.
...And, looking at the future, P2P clients will get easier to use - not harder, making the delta in convenience diminish.
Hagai.
Message # 12
Date: Fri, 01 Sep 2006
From: Ian G
To: Hagai Bar-El
Cc: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hagai Bar-El wrote:
Hi,Well, practicality cannot be quantified. It's a marketing or economics question, what is practical for one person is not practical for another.
At 31/08/06 12:57, Ian G wrote:
Hagai Bar-El wrote:Why not? As long as practicality can be quantified, a proof can be
...There is no proof that there is no way to make thisHagai, "proof" and "practically" don't go well together in
reverse-engineering process _practically_ too complex to carry out,
especially when the code makes use of functions running on external
components.
the same sentence! "Practically" is an economic question.
formed based on this quantification. You do not prove impossibility, in
this case, but that succeeding is at least as hard as doing X, where X
is your impracticality threshold.
Whereas there is a proof that hiding code in software ultimately isCertainly you can make a stab at saying X is the amount we are measuring. And you can ignore that X is only an estimate on both sides of the equation.
impossible, there is no proof that hiding cannot be done in a way that
will require at least X amount of effort.
:-)(But, I think we are agreeing?!)We are...
Right. That's their belief. I submit that this is simply a belief that we do not need to adopt ourselves, as it seems to be ludicrous on the face of it. Unless they are paying for us to pretend that belief, that is ;)Okay, we're making some progress. ;)However, I still do not feel comfortable with the applicability of yourIt's probably best to assume that the content is
model to some attacks on DRM, although I agree with the statement in
general.
Indeed, if the attack costs more than the price of the content (or
equals) then no circumvention is worth it. However, a circumvention
activity that results in unprotected content (such as this one) adds
another factor which is the fact that the cost of circumvention is not
paid by most consumers.
available for $0 somewhere. We can after all buy a
CD and rip that. The question then becomes, what is
the cost for the ordinary user to get the content?
In the typical DRM world - you will not be able to rip a song off a CD.
The DRM proponents do not admit that the content will be available for
$0 somewhere, as naive as it may be to believe so.
If you assume that the content is available for $0 somewhere even afterI think that's where we are.
we have DRM in place then what you're actually saying is that DRM made
no difference. The situation today is that the "bad guys" have built an
effective network that makes "available for $0 somewhere" = "available
for 0$ everywhere" for some cost of download + searching + handling
fakes, etc. per title per location. This infrastructure was achieved and
is here to stay.
(snip)
You may say that content duplication costs (download + searching +Well, it is bearable for some part of the population, being those who a) struggle to get file sharing to work, and b) accept the legal risks, etc etc.
handling fakes, etc.), and this is true, but apparently today this cost
is bearable and is lower than the cost of the title, otherwise we do not
need DRM at all!
It is not bearable for some other part of the popn., who prefer to a) buy an iPod, b) plug in to some big network like iTunes, and c) click-to-pay when told to do so.
The marketing question is whether group 2 can survive and generate sufficient revenue, even in the presence of group 1.
(Which is the same question that has always existed.
In the days of vinyl, we made cassete copies. In the days of sheet music, we printed copies ...)
Building DRM is not about making it impossible to copy, but is about creating group 2. Very different question.
iPod is actually making *significant* amounts of money compared to the rest of the industry ... within the context that they are growing like a dotcom success.That's what iPod succeeded in doing -- lowering thatiPod sells convenience. How much money are they making in comparison to
cost, while keeping the cost of the $0 rip at some
cost above what was delivered to iPod customers.
It, famously, works for Apple's iPod, creating
significant revenue streams. The goal is *not* 100%
protection, but a revenue stream.
the size of the industry?
It is already selling as many singles as some other channels sell (I don't recall the stats though) and it has until yesterday held the line at the ridiculously outrageous price of $0.99.
They have their loyal customers, but most40:1 was the ratio reported yesterday. Yes.
people just get pirated stolen copies of their MP3's over the P2P
networks and upload them on their cheap MP3 players...
iPod sells to people who are willing to pay for extra convenience. I may
be one, but they are not the majority.
I also wonder what iPod will do as the rest of the industry moves to $0. Probably move to a subscription model, and the other $0 players will do the same.
...And, looking at the future, P2P clients will get easier to use - notYep.
harder, making the delta in convenience diminish.
iang
Message # 13
Date: Sat, 02 Sep 2006
From: Dave Howe
To: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hagai Bar-El wrote:
Unfortunately, what is "practical" has so many variables that cannot be determined that you can only at best make a guess at what reasonable values would be.Hagai, "proof" and "practically" don't go well together in the sameWhy not? As long as practicality can be quantified, a proof can be formed
sentence! "Practically" is an economic question.
based on this quantification. You do not prove impossibility, in this case,
but that succeeding is at least as hard as doing X, where X is your
impracticality threshold.
Examples are:
* Computing power, patience and skill level of attacker;
* How determined the attacker is to bypass the protection (when a hacker
perceives something as a challenge, he is motivated to meet that challenge,
even if the perceived value of the result is less than the cost of the attack;
in many cases, the social value or personal value of having "beaten" that
system is enough. I am given to believe that in the cracker underground, the
first person to break a new protection scheme gets considerable kudos,
particularly if it is a "zero day" crack - i.e., broken on the day of release)
* QA level of the produced system
* Range of hardware the system must execute on.
Whereas there is a proof that hiding code in software ultimately isThere is no guarantee that X amount of effort is required for a given protection scheme; consider any number of encryption schemes that were considered uncrackable, until cryptanalysis advanced to the point that a standard method sufficed to break that scheme. In programming, a novel approach to a problem may well allow an attacker to breeze though your protection as though it wasn't there, and examine the state of a unprotected, running system for patchout purposes.
impossible, there is no proof that hiding cannot be done in a way that will
require at least X amount of effort.
At any given moment, a protected executable has two pieces
1. A protected and non-executable protected block 2. An unprotected and executable block to remove the protection as needed
of the two, the latter is almost invariably the target of the "hack", not the former.
Okay, we're making some progress. ;) In the typical DRM world - you will notThat has been true for some time - I am minded particularly of an aerosmith album that a friend of mine had purchased, but was unable to play anywhere - his in-car cd player was pc-drive based, as was his home audio system. He ended up having to use a DRM protection removal tool to digitally access his *legally purchased* audio before he could listen to it....
be able to rip a song off a CD. The DRM proponents do not admit that the
content will be available for $0 somewhere, as naive as it may be to believe
so.
If you assume that the content is available for $0 somewhere even after weThere are two aspects of this.
have DRM in place then what you're actually saying is that DRM made no
difference. The situation today is that the "bad guys" have built an
effective network that makes "available for $0 somewhere" = "available for 0$
everywhere" for some cost of download + searching + handling fakes, etc. per
title per location. This infrastructure was achieved and is here to stay.
First is that infringing internet audio files are almost always mp3s; mp3s are a lossy compression format (giving amazing sound quality for the size, but not original CD quality) so there *is* a premium to be had from purchasing an original CD product.
Second, this isn't true of "pirate" copies cloned from such an original CD and sold as physical media "from the back of a van" but then, many of those are just internet mp3's reconverted to CD these days. Their purchasers are hardly likely to complain to trading standards about it...
Labels could make good arguments that the latter market is the one they are trying to reduce (or at least confine to using downloaded tracks) but in practice, the cracking tools for the DRM are as freely available as the tracks themselves, so DRM only serves to inconvenience legitimate users.
You may say that content duplication costs (download + searching + handlingAlmost all the price of a CD or other legally produced media is profit, although not entirely for the record label - each step in the chain adds a markup.
fakes, etc.), and this is true, but apparently today this cost is bearable
and is lower than the cost of the title, otherwise we do not need DRM at all!
However for a popular album, the fixed production costs (studio time if any, mixing time plus mastering the cd) contribute less than a penny per cd, and the pressing cost is less than two pennies (say, five cents overall for bare-disk production). add artist royalty at a modest 5-10% of the cover price, and the amount of overhead from record label, middleman, end store sales, plus marketing and the design/printing of pretty packaging mark that from a "value" of around $4 to the current cover prices of more than $15 (in the uk, CDs run at about £12-£15, which would be somewhere above $20)
Assuming a per-track value of 40 cents (10 tracks at $4) I would be overjoyed to give that directly to the performer in return for an mp3 of each track of his I download from him. That is obviously the record label's worst nightmare though - they are parasites on the artists they "sign" and as soon as technology advances enough to allow the internet to bypass them entirely, I expect them to fade away; unfortunately, I also expect them to kick and scream on the way out, demanding tough protection laws from their respective governments to protect their "free market" - by which they mean a legal right to continue to get a share of every musical track sold, even if they played no part in its design, performance, recording or distribution.
iPod was far from the first mp3 player out there - apple let others take the expense of fighting lawsuits from the record labels and once it was established that there was a non infringing "betamax" use for the devices, cornered the market based on design style and functionality, not originality.That's what iPod succeeded in doing -- lowering that cost, while keeping
the cost of the $0 rip at some cost above what was delivered to iPod
customers. It, famously, works for Apple's iPod, creating significant
revenue streams. The goal is *not* 100% protection, but a revenue stream.
...And, looking at the future, P2P clients will get easier to use - notAssuming there are significantly large groups of people left who can't use them now....
harder, making the delta in convenience diminish.
Message # 14
Date: Sun, 03 Sep 2006
To: Ian G
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hi,
At 31/08/06 12:57, Ian G wrote:
Hagai Bar-El wrote:Why not? As long as practicality can be quantified, a proof can be formed based on this quantification. You do not prove impossibility, in this case, but that succeeding is at least as hard as doing X, where X is your impracticality threshold.
...There is no proof that there is no way to make thisHagai, "proof" and "practically" don't go well together in
reverse-engineering process _practically_ too complex to carry out,
especially when the code makes use of functions running on external
components.
the same sentence! "Practically" is an economic question.
Whereas there is a proof that hiding code in software ultimately is impossible, there is no proof that hiding cannot be done in a way that will require at least X amount of effort.
We are...Software can be made very complex when this is its purpose (and alsoHistory shows that obfuscation can create a barrier.
when this is not), and reverse-engineering, such as reverse-compilation,
is always more complex than coding.
History shows that hiding keys in code never succeeded in the long-run,
and it can be proven that _complete_ obfuscation cannot occur, but
nothing proves that obfuscation is not possible to the _practical_ extent.
It is up to the details as to whether it is enough of
a barrier. Using obfuscation *alone* doesn't seem to
work. Using obfuscation along with legal and contract
provisions, and selling to a business community might
work.
(But, I think we are agreeing?!)
Okay, we're making some progress. ;)However, I still do not feel comfortable with the applicability of yourIt's probably best to assume that the content is
model to some attacks on DRM, although I agree with the statement in
general.
Indeed, if the attack costs more than the price of the content (or
equals) then no circumvention is worth it. However, a circumvention
activity that results in unprotected content (such as this one) adds
another factor which is the fact that the cost of circumvention is not
paid by most consumers.
available for $0 somewhere. We can after all buy a
CD and rip that. The question then becomes, what is
the cost for the ordinary user to get the content?
In the typical DRM world - you will not be able to rip a song off a CD. The DRM proponents do not admit that the content will be available for $0 somewhere, as naive as it may be to believe so.
If you assume that the content is available for $0 somewhere even after we have DRM in place then what you're actually saying is that DRM made no difference. The situation today is that the "bad guys" have built an effective network that makes "available for $0 somewhere" = "available for 0$ everywhere" for some cost of download + searching + handling fakes, etc. per title per location. This infrastructure was achieved and is here to stay.
So, if the content is "available for $0 somewhere" then we're back in square 1.
You may say that content duplication costs (download + searching + handling fakes, etc.), and this is true, but apparently today this cost is bearable and is lower than the cost of the title, otherwise we do not need DRM at all!
That's what iPod succeeded in doing -- lowering thatiPod sells convenience. How much money are they making in comparison to the size of the industry? They have their loyal customers, but most people just get pirated stolen copies of their MP3's over the P2P networks and upload them on their cheap MP3 players...
cost, while keeping the cost of the $0 rip at some
cost above what was delivered to iPod customers.
It, famously, works for Apple's iPod, creating
significant revenue streams. The goal is *not* 100%
protection, but a revenue stream.
iPod sells to people who are willing to pay for extra convenience. I may be one, but they are not the majority.
...And, looking at the future, P2P clients will get easier to use - not harder, making the delta in convenience diminish.
Hagai.
Message # 15
Date: Mon, 04 Sep 2006
To: Ian G
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hi,
At 01/09/06 15:14, Ian G wrote:
> Why not? As long as practicality can be quantified, a proof can be
> formed based on this quantification. You do not prove impossibility, in
> this case, but that succeeding is at least as hard as doing X, where X
> is your impracticality threshold.
Well, practicality cannot be quantified. It's
a marketing or economics question, what is
practical for one person is not practical for
another.
Marketing and economics play a role when you're determining the least significant bits of this value. You can easily avoid these parameters using extra margins.
When you analyze the specifications of a new commerce application, do you analyze all factors to see if the brute-force ability of the opponent is of 67 bits of entropy or 70 bits of entropy, or do you simply put 128 bits and call it a day?
You know that for a typical opponent of a low-end commerce system 128 bits is more than enough and that's all you care about.
> Okay, we're making some progress. ;)
> In the typical DRM world - you will not be able to rip a song off a CD.
> The DRM proponents do not admit that the content will be available for
> $0 somewhere, as naive as it may be to believe so.
Right. That's their belief. I submit that this is
simply a belief that we do not need to adopt ourselves,
as it seems to be ludicrous on the face of it. Unless
they are paying for us to pretend that belief, that
is ;)
Right. :)
All facts are known to anyone who wants to know them, and everyone is free to make his own interpretation of these facts.
If they want and they pay then I give. period.
> If you assume that the content is available for $0 somewhere even after
> we have DRM in place then what you're actually saying is that DRM made
> no difference. The situation today is that the "bad guys" have built an
> effective network that makes "available for $0 somewhere" = "available
> for 0$ everywhere" for some cost of download + searching + handling
> fakes, etc. per title per location. This infrastructure was achieved and
> is here to stay.
>
> So, if the content is "available for $0 somewhere" then we're back in
> square 1.
I think that's where we are.
Right, and that's where we do not want to be, and moving us away is the hope of DRM.
> You may say that content duplication costs (download + searching +
> handling fakes, etc.), and this is true, but apparently today this cost
> is bearable and is lower than the cost of the title, otherwise we do not
> need DRM at all!
Well, it is bearable for some part of the population,
being those who a) struggle to get file sharing to
work, and b) accept the legal risks, etc etc.
It is not bearable for some other part of the popn.,
who prefer to a) buy an iPod, b) plug in to some big
network like iTunes, and c) click-to-pay when told to
do so.
The marketing question is whether group 2 can survive
and generate sufficient revenue, even in the presence
of group 1.
Right, but so far no DRM is mentioned. I agree this is the purpose -- generating revenue streams by having a large-enough group 2. However, I do not see how DRM can change this balance in our favor. If content is always available somewhere for $0 as it is today, no costs will change in comparison to the cost of an illegal copy today and the sizes of these groups will not change.
You may say that the situation today is good enough, but if it is, then what do we need DRM for? On the other hand, if it isn't, then it's too bad because (I think) DRM is not likely to change it.
Building DRM is not about making it impossible to copy,
but is about creating group 2. Very different question.
As long as a $0 copy is somewhere, and as long as the infrastructure is there and useful to distribute this $0 copy (as the mere existence of the problem of pirated content proves), then DRM will not change the size of group 2.
> iPod sells convenience.
ow much money are they making in comparison to
> the size of the industry?
iPod is actually making *significant* amounts of money
compared to the rest of the industry ... within the
context that they are growing like a dotcom success.
It is already selling as many singles as some other
channels sell (I don't recall the stats though) and
it has until yesterday held the line at the ridiculously
outrageous price of $0.99.
I can't argue with this, as I do not have the numbers.
> They have their loyal customers, but most
> people just get pirated stolen copies of their MP3's over the P2P
> networks and upload them on their cheap MP3 players...
> iPod sells to people who are willing to pay for extra convenience. I may
> be one, but they are not the majority.
40:1 was the ratio reported yesterday. Yes.
40:1 for whom? I believe it's 40 non-iPod users, stealing content over the net against each 1 law-abiding iPod user -- please don't tell me it's the other way around. If content infringers were 1/40 of the consuming population then DRM was not worth the efforts...
If I am guessing right that 1/40 is paying and 39/40 are stealing then it will prove that the content industry is loosing too much money and apparently the group 2 is not large enough as it is.
Regards,
Hagai.
Message # 16
Date: Mon, 04 Sep 2006
To: Dave Howe
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hello Dave,
At 02/09/06 11:03, Dave Howe wrote:
Hagai Bar-El wrote:
>> Hagai, "proof" and "practically" don't go well together in the same
>> sentence! "Practically" is an economic question.
> Why not? As long as practicality can be quantified, a proof can be formed
> based on this quantification. You do not prove impossibility, in this case,
> but that succeeding is at least as hard as doing X, where X is your
> impracticality threshold.
Unfortunately, what is "practical" has so many variables that cannot be
determined that you can only at best make a guess at what reasonable values
would be.
Examples are: . . .
I will repeat what I wrote Ian:
There are indeed many parameters, maybe even more than the ones you listed, but you do not need to consult all these because you can afford a large safety margin, just as you do with ciphers.
When you use AES-128 you do not get into such complex computation on the exact ability of the attacker, the model of his home PC, his motivation, and his assembly skills - you just figure that all these parameters make a difference of, say, +/- 20 bits of entropy, and mark your safe area somewhere way above it. You just know that for an average opponent of a typical commerce (for example) system, A
S-128 should be enough. If you're extra-paranoid, AES-256...
Can you prove that the system is as strong as AES-128 just because you use AES-128? Of course not. But you can set your bar and inspect that, to the level you can inspect, you cannot prove something from which it is implied that you dropped to a point below your bar. Still, you can set the bar, even though you don't know all about the environment in which your system will be deployed.
A lot of the "art" in security is involved in the process of defining where you should put the bar, in the absence of accurate data and models that allow you to determine how much power (skills, equipment and time) will be put into breaking your system. You have some info, but you place the bar more or less intuitively, based on common beliefs ("128 should be fine!").
After you set this bar you have the other part of your job to do right, which is to make sure you do not drop of this bar. This is something you can seldom prove. You have your analysis methodology, and this is what is supposed to make you feel good with the design. You cannot prove that A
S-128 is as strong as what you think AES-128 is, let alone that your implementation retains this strength.
> Whereas there is a proof that hiding code in software ultimately is
> impossible, there is no proof that hiding cannot be done in a way that will
> require at least X amount of effort.
There is no guarantee that X amount of effort is required for a given
protection scheme; consider any number of encryption schemes that were
considered uncrackable, until cryptanalysis advanced to the point that a
standard method sufficed to break that scheme. In programming, a novel approach
to a problem may well allow an attacker to breeze though your protection as
though it wasn't there, and examine the state of a unprotected, running system
for patchout purposes.
I agree. There is seldom any proof for the security of an overall system. Still, we do it, and we use primitives that we believe provide as specified without having proof for this either (such as A
S or DES or other ciphers).
What I wrote above is that there is _no_ proof that obfuscation _cannot_ be done to some strength X ... So _maybe_ it can be done, even though no one has succeeded yet.
When speaking of a proof for a scheme that provides "obfuscation of strength X", I refer to the process of obfuscation by that scheme as a primitive, that _when implemented properly_ (by that particular scheme for which the proof was formed), provides the promised strength of X (e.g. X operations needed to crack).
This is kind of the proof we imagine that A
S-128 has when we use it (although it hasn't): that if you do AES properly, breaking it will not be easier in average than brute-forcing 2^128 bit keys.
We have no such proof for any obfuscation scheme, but we do not have a proof of the non-existence of such a scheme either. So, even though no one has succeeded in making a scheme that messes the code enough to be practically untraceable, it is _formally_ not a lost case.
At any given moment, a protected executable has two pieces
1. A protected and non-executable protected block
2. An unprotected and executable block to remove the protection as needed
of the two, the latter is almost invariably the target of the "hack", not the
former.
Right. So far all efforts were focused on making this second part too complex to reverse engineer, and all failed, after this or that amount of effort put into breaking them.
> If you assume that the content is available for $0 somewhere even after we
> have DRM in place then what you're actually saying is that DRM made no
> difference. The situation today is that the "bad guys" have built an
> effective network that makes "available for $0 somewhere" = "available for 0$
> everywhere" for some cost of download + searching + handling fakes, etc. per
> title per location. This infrastructure was achieved and is here to stay.
There are two aspects of this.
First is that infringing internet audio files are almost always mp3s; mp3s are
a lossy compression format (giving amazing sound quality for the size, but not
original CD quality) so there *is* a premium to be had from purchasing an
original CD product.
Please note that the "original CD format" is also digital, which means that the same infrastructure can be used to traffic it as well. The only reason you don't see native CD files on the P2P networks (but only MP3's) is not technical but rather lack of demand... The masses don't care, apparently, about the extra quality. The masses feel okay with MP3, and these masses are what the content industry cares about -- they cause most of the damage.
Labels could make good arguments that the latter market is the one they are
trying to reduce (or at least confine to using downloaded tracks) but in
practice, the cracking tools for the DRM are as freely available as the tracks
themselves, so DRM only serves to inconvenience legitimate users.
I agree.
Hagai.
Message # 17
Date: Mon, 04 Sep 2006
From: Ariel Waissbein
To: Ian G
Cc: practicalsecurity at hbarel.com, Jeff K
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hi all,
Ian G wrote:
Jeff K wrote:Actually, no. This is true assuming that the program will go through all its possible traces when you "single step it". But in fact an arbitrary program will be run with many different inputs, and may thus execute many different traces. Imagine a program executing the following algorithm
Hagai, List,It is possible to hide a secret key in code.
Is it *impossible* to hide a secret key in program code?
But if the code needs the secret key, then it
is possible for any attacker to single step
the program and extract the secret key.
if Hash(input)=hardcoded-value then {
c:=Decrypt(input,encrypted-code)
execute c };
else abort;
here hardcoded-value=hash(K), encrypted-code=Encrypt(K,code), ENcrypt and Decrypt are symmetric encryption algorithms, and K is a random key generated for this cipher.
A paper on software protection I coauthored a few years back "Software protection now"
(http://www.coresecurity.com/corelabs/projects/software_protection.php) exploits the above fact by providing a framework for encrypting the different braches of a program under keys that are computed over extraordinary reasons.
So there is a possibility to inlude "licensing functions" that over a seemingly arbitrary input will follow different traces and generate new cryptographic keys that decrypt unused code.
You also need to take into account that "dead code" is difficult to identify (the computational problem is intractable), and therefore someone analysing a pices of code that haven't been executed so far might not be able to guess if the code is ever going to execute (or it is dead code inserted on purpose by the licensee).
Of course, I am not claiming that this solves the software protection problem nor that the problem of breaking our scheme in a practical setting is impossible. But in some contexts, reversing the code will yield nothing new.
Cheers,
Ariel
Message # 18
Date: Mon, 04 Sep 2006
To: Ian G
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hi,
At 01/09/06 15:14, Ian G wrote:
Marketing and economics play a role when you're determining the least significant bits of this value. You can easily avoid these parameters using extra margins.Why not? As long as practicality can be quantified, a proof can beWell, practicality cannot be quantified. It's
formed based on this quantification. You do not prove impossibility, in
this case, but that succeeding is at least as hard as doing X, where X
is your impracticality threshold.
a marketing or economics question, what is
practical for one person is not practical for
another.
When you analyze the specifications of a new commerce application, do you analyze all factors to see if the brute-force ability of the opponent is of 67 bits of entropy or 70 bits of entropy, or do you simply put 128 bits and call it a day?
You know that for a typical opponent of a low-end commerce system 128 bits is more than enough and that's all you care about.
Right. :)Okay, we're making some progress. ;)Right. That's their belief. I submit that this is
In the typical DRM world - you will not be able to rip a song off a CD.
The DRM proponents do not admit that the content will be available for
$0 somewhere, as naive as it may be to believe so.
simply a belief that we do not need to adopt ourselves,
as it seems to be ludicrous on the face of it. Unless
they are paying for us to pretend that belief, that
is ;)
All facts are known to anyone who wants to know them, and everyone is free to make his own interpretation of these facts.
If they want and they pay then I give. period.
Right, and that's where we do not want to be, and moving us away is the hope of DRM.If you assume that the content is available for $0 somewhere even afterI think that's where we are.
we have DRM in place then what you're actually saying is that DRM made
no difference. The situation today is that the "bad guys" have built an
effective network that makes "available for $0 somewhere" = "available
for 0$ everywhere" for some cost of download + searching + handling
fakes, etc. per title per location. This infrastructure was achieved and
is here to stay.
So, if the content is "available for $0 somewhere" then we're back in
square 1.
Right, but so far no DRM is mentioned. I agree this is the purpose -- generating revenue streams by having a large-enough group 2. However, I do not see how DRM can change this balance in our favor. If content is always available somewhere for $0 as it is today, no costs will change in comparison to the cost of an illegal copy today and the sizes of these groups will not change.You may say that content duplication costs (download + searching +Well, it is bearable for some part of the population,
handling fakes, etc.), and this is true, but apparently today this cost
is bearable and is lower than the cost of the title, otherwise we do not
need DRM at all!
being those who a) struggle to get file sharing to
work, and b) accept the legal risks, etc etc.
It is not bearable for some other part of the popn.,
who prefer to a) buy an iPod, b) plug in to some big
network like iTunes, and c) click-to-pay when told to
do so.
The marketing question is whether group 2 can survive
and generate sufficient revenue, even in the presence
of group 1.
You may say that the situation today is good enough, but if it is, then what do we need DRM for? On the other hand, if it isn't, then it's too bad because (I think) DRM is not likely to change it.
Building DRM is not about making it impossible to copy,As long as a $0 copy is somewhere, and as long as the infrastructure is there and useful to distribute this $0 copy (as the mere existence of the problem of pirated content proves), then DRM will not change the size of group 2.
but is about creating group 2. Very different question.
I can't argue with this, as I do not have the numbers.iPod sells convenience. How much money are they making in comparison toiPod is actually making *significant* amounts of money
the size of the industry?
compared to the rest of the industry ... within the
context that they are growing like a dotcom success.
It is already selling as many singles as some other
channels sell (I don't recall the stats though) and
it has until yesterday held the line at the ridiculously
outrageous price of $0.99.
40:1 for whom? I believe it's 40 non-iPod users, stealing content over the net against each 1 law-abiding iPod user -- please don't tell me it's the other way around. If content infringers were 1/40 of the consuming population then DRM was not worth the efforts...They have their loyal customers, but most40:1 was the ratio reported yesterday. Yes.
people just get pirated stolen copies of their MP3's over the P2P
networks and upload them on their cheap MP3 players...
iPod sells to people who are willing to pay for extra convenience. I may
be one, but they are not the majority.
If I am guessing right that 1/40 is paying and 39/40 are stealing then it will prove that the content industry is loosing too much money and apparently the group 2 is not large enough as it is.
Regards,
Hagai.
Message # 19
Date: Mon, 04 Sep 2006
To: Dave Howe
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hello Dave,
At 02/09/06 11:03, Dave Howe wrote:
Hagai Bar-El wrote:I will repeat what I wrote Ian:
Unfortunately, what is "practical" has so many variables that cannot beHagai, "proof" and "practically" don't go well together in the sameWhy not? As long as practicality can be quantified, a proof can be formed
sentence! "Practically" is an economic question.
based on this quantification. You do not prove impossibility, in this case,
but that succeeding is at least as hard as doing X, where X is your
impracticality threshold.
determined that you can only at best make a guess at what reasonable values
would be.
Examples are: . . .
There are indeed many parameters, maybe even more than the ones you listed, but you do not need to consult all these because you can afford a large safety margin, just as you do with ciphers.
When you use AES-128 you do not get into such complex computation on the exact ability of the attacker, the model of his home PC, his motivation, and his assembly skills - you just figure that all these parameters make a difference of, say, +/- 20 bits of entropy, and mark your safe area somewhere way above it. You just know that for an average opponent of a typical commerce (for example) system, AES-128 should be enough. If you're extra-paranoid, AES-256...
Can you prove that the system is as strong as AES-128 just because you use AES-128? Of course not. But you can set your bar and inspect that, to the level you can inspect, you cannot prove something from which it is implied that you dropped to a point below your bar.
Still, you can set the bar, even though you don't know all about the environment in which your system will be deployed.
A lot of the "art" in security is involved in the process of defining where you should put the bar, in the absence of accurate data and models that allow you to determine how much power (skills, equipment and time) will be put into breaking your system. You have some info, but you place the bar more or less intuitively, based on common beliefs ("128 should be fine!").
After you set this bar you have the other part of your job to do right, which is to make sure you do not drop of this bar. This is something you can seldom prove. You have your analysis methodology, and this is what is supposed to make you feel good with the design.
You cannot prove that AES-128 is as strong as what you think AES-128 is, let alone that your implementation retains this strength.
I agree. There is seldom any proof for the security of an overall system. Still, we do it, and we use primitives that we believe provide as specified without having proof for this either (such as AES or DES or other ciphers).Whereas there is a proof that hiding code in software ultimately isThere is no guarantee that X amount of effort is required for a given
impossible, there is no proof that hiding cannot be done in a way that will
require at least X amount of effort.
protection scheme; consider any number of encryption schemes that were
considered uncrackable, until cryptanalysis advanced to the point that a
standard method sufficed to break that scheme. In programming, a
novel approach
to a problem may well allow an attacker to breeze though your protection as
though it wasn't there, and examine the state of a unprotected, running system
for patchout purposes.
What I wrote above is that there is _no_ proof that obfuscation _cannot_ be done to some strength X ... So _maybe_ it can be done, even though no one has succeeded yet.
When speaking of a proof for a scheme that provides "obfuscation of strength X", I refer to the process of obfuscation by that scheme as a primitive, that _when implemented properly_ (by that particular scheme for which the proof was formed), provides the promised strength of X (e.g. X operations needed to crack).
This is kind of the proof we imagine that AES-128 has when we use it (although it hasn't): that if you do AES properly, breaking it will not be easier in average than brute-forcing 2^128 bit keys.
We have no such proof for any obfuscation scheme, but we do not have a proof of the non-existence of such a scheme either. So, even though no one has succeeded in making a scheme that messes the code enough to be practically untraceable, it is _formally_ not a lost case.
At any given moment, a protected executable has two piecesRight. So far all efforts were focused on making this second part too complex to reverse engineer, and all failed, after this or that amount of effort put into breaking them.
1. A protected and non-executable protected block
2. An unprotected and executable block to remove the protection as needed
of the two, the latter is almost invariably the target of the "hack", not the
former.
Please note that the "original CD format" is also digital, which means that the same infrastructure can be used to traffic it as well.If you assume that the content is available for $0 somewhere even after we"available for 0$
have DRM in place then what you're actually saying is that DRM made no
difference. The situation today is that the "bad guys" have built an
effective network that makes "available for $0 somewhere" =
everywhere" for some cost of download + searching + handlingfakes, etc. per
title per location. This infrastructure was achieved and is here to stay.There are two aspects of this.
First is that infringing internet audio files are almost always
mp3s; mp3s are
a lossy compression format (giving amazing sound quality for the size, but not
original CD quality) so there *is* a premium to be had from purchasing an
original CD product.
The only reason you don't see native CD files on the P2P networks (but only MP3's) is not technical but rather lack of demand... The masses don't care, apparently, about the extra quality. The masses feel okay with MP3, and these masses are what the content industry cares about -- they cause most of the damage.
Labels could make good arguments that the latter market is the one they areI agree.
trying to reduce (or at least confine to using downloaded tracks) but in
practice, the cracking tools for the DRM are as freely available as the tracks
themselves, so DRM only serves to inconvenience legitimate users.
Hagai.
Message # 20
Date: Mon, 04 Sep 2006
To: Ariel Waissbein
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hi Ariel,
At 04/09/06 18:21, Ariel Waissbein wrote:
> It is possible to hide a secret key in code.
> But if the code needs the secret key, then it
> is possible for any attacker to single step
> the program and extract the secret key.
Actually, no. This is true assuming that the program will go through all
its possible traces when you "single step it". But in fact an arbitrary
program will be run with many different inputs, and may thus execute
many different traces. Imagine a program executing the following algorithm
if
ash(input)=hardcoded-value then {
c:=Decrypt(input,encrypted-code)
execute c };
else abort;
. . .
This seems as an interesting approach, and I can see how it helps against static analysis of the code (by making the code readable only in runtime). However, the typical attack we have in mind is of an attacker tracing program execution step by step during an execution that requires the program making use of the key.
When this is the case, the program will inevitably decrypt itself in front of the attacker's eyes and establish the key. The fact that the code was once encrypted has no significance (it's already decrypted when it's traced). Also, the fact that the program runs slightly differently each time does not seem to help, because in each run that requires the key the program needs to establish this key, in this way or the other. As far as the attack is concerned, only the result, that is, the key that the program ends up computing, really matters -- not understanding the entire flow or all possible flows.
Am I missing something? I haven't read your paper yet, but I sure will. I apologize if this question is addressed there...
Regards,
Hagai.
Message # 21
Date: Mon, 04 Sep 2006
From: Ian G
To: Hagai Bar-El
Cc: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hagai Bar-El wrote:
Hi,Oh, you mean crypto-view of impracticality. OK, at least I understand your term now.
At 01/09/06 15:14, Ian G wrote:
Marketing and economics play a role when you're determining the leastWhy not? As long as practicality can be quantified, a proof can beWell, practicality cannot be quantified. It's
formed based on this quantification. You do not prove impossibility, in
this case, but that succeeding is at least as hard as doing X, where X
is your impracticality threshold.
a marketing or economics question, what is
practical for one person is not practical for
another.
significant bits of this value. You can easily avoid these parameters
using extra margins.
Cryptographers extend that meaning too far. They tend to blithely assume that because we have a bunch of components which achieve pareto-security (to use some jargon) then other components should also be usefully judged by the same metrics.
Unfortunately, the number of components that pareto security / economics applies to is quite small, just the crypto algorithms, basically. It does not extend to protocols, and definately does not reach into the domain of whole systems such as DRM.
When you analyze the specifications of a new commerce application, doYou see, the above para assumes that "bits" logic of an encryption algorithm applies to "a new commerce application." Unfortunately, it doesn't; it's like saying that 128 bit SSL is better than 40 bit SSL / worse than 256 bit SSL for ecommerce; in practice these are completely meaningless numbers within the context of the application known as ecommerce.
you analyze all factors to see if the brute-force ability of the
opponent is of 67 bits of entropy or 70 bits of entropy, or do you
simply put 128 bits and call it a day?
For more on this, read my paper on Pareto-secure:
http://iang.org/papers/pareto-secure.html
Unlike most of my rantings, this is almost short and sweet :)
If they want and they pay then I give. period.Yup.
DRM cannot change the balance because it is classically targetted in the wrong direction. E.g., stopping kids from listening to songs. If it was targetted in a different direction then it might help; we could argue that this would require a new term, but skipping that, what would happen if we targetted it to:Right, but so far no DRM is mentioned. I agree this is the purpose --You may say that content duplication costs (download + searching +not
handling fakes, etc.), and this is true, but apparently today this cost
is bearable and is lower than the cost of the title, otherwise we do
need DRM at all!Well, it is bearable for some part of the population,
being those who a) struggle to get file sharing to
work, and b) accept the legal risks, etc etc.
It is not bearable for some other part of the popn.,
who prefer to a) buy an iPod, b) plug in to some big
network like iTunes, and c) click-to-pay when told to
do so.
The marketing question is whether group 2 can survive
and generate sufficient revenue, even in the presence
of group 1.
generating revenue streams by having a large-enough group 2. However, I
do not see how DRM can change this balance in our favor. If content is
always available somewhere for $0 as it is today, no costs will change
in comparison to the cost of an illegal copy today and the sizes of
these groups will not change.
management of digital revenues
and further we said:
collection of revenues from usage of rights
With a nod to slippage, this then becomes
identification of the rights,
reporting on the usage,
provision of means to pay for above.
As long as "enforcement" is left out, the problem is tractable.
The size of group 2 is already large, it is the corporations of the western world. They won't deal in open nets, they will pay for product. We don't need to make them any larger, we just need to make it easy for them to pay.Building DRM is not about making it impossible to copy,As long as a $0 copy is somewhere, and as long as the infrastructure is
but is about creating group 2. Very different question.
there and useful to distribute this $0 copy (as the mere existence of
the problem of pirated content proves), then DRM will not change the
size of group 2.
On my blog I recently posted this paraphrased quote:
"[Group A] generates $20 billion a year in revenue and
they give the product away for free," he said. "[Group B]
generate $12 billion a year and they sell their product."
https://financialcryptography.com/mt/archives/000807.html
Take it as no more than an impression. Even if we had the numbers to hand, they would still be subject to lots of debate, as I describe below :) It's simply my impression that iPod has achieved significant sales that are now moving the market.I can't argue with this, as I do not have the numbers.iPod sells convenience. How much money are they making in comparison toiPod is actually making *significant* amounts of money
the size of the industry?
compared to the rest of the industry ... within the
context that they are growing like a dotcom success.
It is already selling as many singles as some other
channels sell (I don't recall the stats though) and
it has until yesterday held the line at the ridiculously
outrageous price of $0.99.
Yes, 40 on the side of sharing, 1 on the side of purchasing from traditional suppliers (offering paid download).40:1 for whom? I believe it's 40 non-iPod users, stealing content overThey have their loyal customers, but mostmay
people just get pirated stolen copies of their MP3's over the P2P
networks and upload them on their cheap MP3 players...
iPod sells to people who are willing to pay for extra convenience. I
be one, but they are not the majority.40:1 was the ratio reported yesterday. Yes.
the net against each 1 law-abiding iPod user -- please don't tell me
it's the other way around. If content infringers were 1/40 of the
consuming population then DRM was not worth the efforts...
If I am guessing right that 1/40 is paying and 39/40 are stealing thenNo such.
it will prove that the content industry is loosing too much money and
apparently the group 2 is not large enough as it is.
Firstly, they are sharing not stealing. We can show that there is a spectrum from "listening together" to stealing ... and a lot happens in between.
When you play a record at a party you are either a) engaging in reasonable use, or b) sharing, or c) using the content beyond the licence, all depending on who you ask.
Secondly, stealing is only a plausible description when a court case has determined that was the case, which is quite rare. Most use of courts has been force & settlement, and cunningly chosen to maximise this, of course.
Next, many regimes have accepted sharing as reasonable.
For example, many countries have extra taxes on cassette tapes meant to compensate authors. If there is no extra tax on rippers, that is hardly the rippers' fault; why then are we allowed to share on cassette but not on PC?
Lastly, because the content is "unpaid" we now get into the difficult task of comparing the "unpaid" sector with the "full-price-paid" sector. The relationship between these two marketing points is complicated, but some things are clear:
* the "unpaid" sector is not a loss to the "full price"
sector
* the absence or presence of the "unpaid" sector does
not lead to higher or lesser sales in "full price",
a priori or even in correlation
As a matter of some surveys' record, songs which are available on file sharing seem to result in greater sales than songs that are not.... Whether that is a bankable conclusion or not, depends. As a marketing or economics question, this is one that is quite hard to determine in advance; all we can really do is try to make it happen, as per the iPod adventure (which no doubt interested parties predicted as "impossible" before the event) and see what works.
Watch Spiralfrogs for more of this unfolding saga...
iang
Message # 22
Date: Tue, 05 Sep 2006
To: Ariel Waissbein
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hi Ariel,
At 04/09/06 18:21, Ariel Waissbein wrote:
This seems as an interesting approach, and I can see how it helps against static analysis of the code (by making the code readable only in runtime). However, the typical attack we have in mind is of an attacker tracing program execution step by step during an execution that requires the program making use of the key.It is possible to hide a secret key in code.Actually, no. This is true assuming that the program will go through all
But if the code needs the secret key, then it
is possible for any attacker to single step
the program and extract the secret key.
its possible traces when you "single step it". But in fact an arbitrary
program will be run with many different inputs, and may thus execute
many different traces. Imagine a program executing the following algorithm
if Hash(input)=hardcoded-value then {
c:=Decrypt(input,encrypted-code)
execute c };
else abort;
. . .
When this is the case, the program will inevitably decrypt itself in front of the attacker's eyes and establish the key. The fact that the code was once encrypted has no significance (it's already decrypted when it's traced). Also, the fact that the program runs slightly differently each time does not seem to help, because in each run that requires the key the program needs to establish this key, in this way or the other. As far as the attack is concerned, only the result, that is, the key that the program ends up computing, really matters -- not understanding the entire flow or all possible flows.
Am I missing something? I haven't read your paper yet, but I sure will. I apologize if this question is addressed there...
Regards,
Hagai.
Message # 23
Date: Wed, 06 Sep 2006
To: Ian G
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hello Ian,
At 05/09/06 00:33, Ian G wrote:
It's not crypto-view; I just used terminology that we are both familiar with. Each field of security has elements of solutions to which we attribute various levels of strength. It's easy to demonstrate with bit length because it's vivid and gets the point across, but it does not need to be bits. (examples follow later.)Oh, you mean crypto-view of impracticality. OK, atWell, practicality cannot be quantified. It'sMarketing and economics play a role when you're determining the least
a marketing or economics question, what is
practical for one person is not practical for
another.
significant bits of this value. You can easily avoid these parameters
using extra margins.
least I understand your term now.
Cryptographers extend that meaning too far. TheyI am not a cryptographer.
tend to blithely assume that because we have a bunch
of components which achieve pareto-security (to use
some jargon) then other components should also be
usefully judged by the same metrics.
And I never said that everything measures by the same metrics. I used AES-128 as an analogy of something we all like to assume is "too hard" for most breakers without trying to assess their actual skills -- that's it. This is an _example_ from the world of cryptography, but other arts of security have their own such robustness-level yardsticks. For example, in DRM we know that a system in which decrypted digital content is passed on accessible busses is not good, whereas a system in which the content flows unencrypted only on internal lines within the chip is good enough against most opponents.
No bits here. Still, we have our view of what is "impractical" to your opponent and we can try to determine (and seldom prove) that breaking a system is as impractical as this attack (that is -- that there is no simpler attack). Of course, you cannot prove on a system level that the system is as robust, or "as robust as" something, but sometimes you can prove it on the primitive level with a whole set of assumptions.
I will try to make my entire point clearer with an example:
Say we want to build a watermark system that will mark images for copyright information. An attacker shall not be able to remove the watermark from the image. For simplicity when speaking of "proofs" or lack thereof, let us treat the watermark system as a primitive (two actually): a primitive for embedding a watermark and one for detecting a watermark. (We limit the discussion to primitives because for a system as a whole there is never likely to be a proof of anything, as we all agree.)
When designing, we cannot and do not get into details about our opponent and his abilities, but we roughly know that (in our example): he has extreme computation power and time (say even endless), but he cannot break into the implementation of the primitives because we put them in a tamper resistant module (a common assumption in e-commerce and Smartcards -- you can do whatever you want up to a brute force but you cannot get in, bypassing the API).
Let us imagine the watermark system is such that the detection primitive is also sheltered, that is, not available to the opponent, not even as a black box oracle, but only to us.
Under this assumption, we can try to design these primitives, using many possible methods for watermarking.
At the moment, I am personally aware of no such primitive that is "proven" to provide the robustness we seek under the assumptions we presented. It is possible, however, that one day a primitive would be designed and proven, based on some assumptions, as usually.
There are no bits here. We have requirements for a system. We have a specification of the _rough_ capabilities of our opponent, and we try to design a system. We _may_ one day find one that we can prove is secure, and we may not. We keep trying. This is our situation with software obscurity as well. With many assumptions in place, no one has proven that it's impossible.
Now look at a different system for comparison: The same everything as the system above, but the detection primitive is available to the public -- not to examine -- just to challenge, as an oracle.
In this case, not only that there is no primitive (method) for which we have a proof, but we actually have a proof that no such primitive will ever have a proof. In this case we are helpless. No point in trying.
The reason we cannot define a secure such primitive is that if the opponent has endless time then he can simply try various manipulations and keep challenging the detection primitive until the detection primitive indicates he succeeded. The image is finite so, after causing this or that amount of damage to the image, he will succeed.
Software obfuscation is not such a case.
There is a proof that a watermarking system against a powerful opponent cannot be done if the detection primitive is available, but if the detection primitive is not available to the public than some schemes _may_ succeed in gaining such proof.
There is a proof that software obfuscation on an open platform is impossible against an opponent with endless time of skillful engineers, but there is no proof that software obfuscation on an open platform cannot be done against an opponent that only has this or that limited resources.
The fact that there is a proof that something is impossible in one set of assumptions, does not imply that this something is impossible under another set of assumptions. How these assumptions are presented (bits or any other indication) is irrelevant to the point.
Right, but as long as "enforcement" is left out, and given that users have no incentive to use it, and the contrary (it costs them), such a system cannot succeed. Financially.Right, but so far no DRM is mentioned. I agree this is the purpose --DRM cannot change the balance because it is classically
generating revenue streams by having a large-enough group 2. However, I
do not see how DRM can change this balance in our favor. If content is
always available somewhere for $0 as it is today, no costs will change
in comparison to the cost of an illegal copy today and the sizes of
these groups will not change.
targetted in the wrong direction. E.g., stopping kids
from listening to songs. If it was targetted in a
different direction then it might help; we could argue
that this would require a new term, but skipping that,
what would happen if we targetted it to:
management of digital revenues
and further we said:
collection of revenues from usage of rights
With a nod to slippage, this then becomes
identification of the rights,
reporting on the usage,
(snip)
The challenge may be, therefore, to make it worthwhile for the users to use this new system, as a compensation to the fact that you leave "enforcement" out. This is one hell of a challenge...
DRM (other than in the software copy prevention context) is not against corporate. It's against individuals that don't care about legal issues and who know that the legal system has practically nothing to do against them.As long as a $0 copy is somewhere, and as long as the infrastructure isThe size of group 2 is already large, it is the corporations
there and useful to distribute this $0 copy (as the mere existence of
the problem of pirated content proves), then DRM will not change the
size of group 2.
of the western world. They won't deal in open nets, they
will pay for product. We don't need to make them any larger,
we just need to make it easy for them to pay.
As significant sales as 40:1... :)Take it as no more than an impression. Even if weiPod is actually making *significant* amounts of moneyI can't argue with this, as I do not have the numbers.
compared to the rest of the industry ... within the
context that they are growing like a dotcom success.
It is already selling as many singles as some other
channels sell (I don't recall the stats though) and
it has until yesterday held the line at the ridiculously
outrageous price of $0.99.
had the numbers to hand, they would still be subject
to lots of debate, as I describe below :) It's simply
my impression that iPod has achieved significant sales
that are now moving the market.
So now you see why the entertainment industry does not think the iPod model is good enough. One out of forty will pay for convenience and the other 39 will not pay a dime. They look at the empty 39/40 of the glass, not on the full 1/40...Yes, 40 on the side of sharing, 1 on the side of40:1 for whom? I believe it's 40 non-iPod users, stealing content overThey have their loyal customers, but mostmay
people just get pirated stolen copies of their MP3's over the P2P
networks and upload them on their cheap MP3 players...
iPod sells to people who are willing to pay for extra convenience. I
be one, but they are not the majority.40:1 was the ratio reported yesterday. Yes.
the net against each 1 law-abiding iPod user -- please don't tell me
it's the other way around. If content infringers were 1/40 of the
consuming population then DRM was not worth the efforts...
purchasing from traditional suppliers (offering
paid download).
Yes, when you play a record at a party it depends on who you ask, but when you download a copy of a song for your repeated use from fifteen people spread around the world, whom you don't even know, and don't want to know, just so you can save the cost of the CD, then, well...If I am guessing right that 1/40 is paying and 39/40 are stealing thenNo such.
it will prove that the content industry is loosing too much money and
apparently the group 2 is not large enough as it is.
Firstly, they are sharing not stealing. We can show
that there is a spectrum from "listening together"
to stealing ... and a lot happens in between.
When you play a record at a party you are either a)
engaging in reasonable use, or b) sharing, or c) using
the content beyond the licence, all depending on who
you ask.
Not exactly the "listening together" case, is it? :)
Next, many regimes have accepted sharing as reasonable.Yes, this is an alternative to DRM -- not limit distribution of content but put some tax on the media. There are many problems with this approach (e.g. the CD's you use for your own documents or backups). Still, this is not DRM, so the plausibility of this method has nothing to do with whether DRM does or does not change the size of Group 2. This is what people do after they acknowledge that DRM will not increase the size of Group 2... :)
For example, many countries have extra taxes on cassette
tapes meant to compensate authors. If there is no extra
tax on rippers, that is hardly the rippers' fault; why
then are we allowed to share on cassette but not on PC?
Regards,
Hagai.
Message # 24
Date: Wed, 06 Sep 2006
From: Ariel Waissbein
To: Hagai Bar-El
Cc: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hi Hagai,
Hagai Bar-El wrote:
Hi Ariel,I agree with you, whenever the program "computes" and uses a key, then it is lost for security purposes. An analyst/attacker may insert breakpoints in every call to a decryption function and catch all these used keys. However unused keys, that are computed out of unseen imput, cannot be inferred.
At 04/09/06 18:21, Ariel Waissbein wrote:
This seems as an interesting approach, and I can see how it helpsIt is possible to hide a secret key in code.Actually, no. This is true assuming that the program will go through all
But if the code needs the secret key, then it
is possible for any attacker to single step
the program and extract the secret key.
its possible traces when you "single step it". But in fact an arbitrary
program will be run with many different inputs, and may thus execute
many different traces. Imagine a program executing the following
algorithm
if Hash(input)=hardcoded-value then {
c:=Decrypt(input,encrypted-code)
execute c };
else abort;
. . .
against static analysis of the code (by making the code readable only in
runtime). However, the typical attack we have in mind is of an attacker
tracing program execution step by step during an execution that requires
the program making use of the key.
In the scenario I disucss, different from the music protection scenario, the program that is being protected has many branches and many different functions. The code is encrypted not only once, but many times at different portions of code which are either isolated or nested. The "idea" behind this reasoning is that some portions of code will not be executed during the standard usage, and the attacker cannot execute all the possible traces of the program, therefore some encrypted portions will remain (say, because the printing function is changed after May 2007 by a new function that makes new license checks).
When I mentioned dead code, what I meant is that on top of the technique discussed above, the protected program will include some portions of dead code, and that the attacker will have to decide whether they are dead code, or they will be decrypted and executed some time in the future. That is, the technique will resist simple forms of dynamic analysis. Probably, a carefull analysis by a skilled attacker will render all the keys (if no external input -that cannot be guessed by the attacker- is required).
When this is the case, the program will inevitably decrypt itself inCheers,
front of the attacker's eyes and establish the key. The fact that the
code was once encrypted has no significance (it's already decrypted when
it's traced). Also, the fact that the program runs slightly differently
each time does not seem to help, because in each run that requires the
key the program needs to establish this key, in this way or the other.
As far as the attack is concerned, only the result, that is, the key
(snip)
Ariel
PS, sorry I took so long to answer.
Message # 25
Date: Thu, 07 Sep 2006
From: Dave Howe
To: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Ariel Waissbein wrote:
Ian G wrote:It is possible (and in fact, trivial) to write a program which cannot be "hacked" unless you already have a key. it is less easy (but some claim doable) to write a program which, when given a single key, will produce a decrypted binary unique to that key.
It is possible to hide a secret key in code.Actually, no. This is true assuming that the program will go through all
But if the code needs the secret key, then it
is possible for any attacker to single step
the program and extract the secret key.
its possible traces when you "single step it". But in fact an arbitrary
program will be run with many different inputs, and may thus execute
many different traces. Imagine a program executing the following algorithm
if Hash(input)=hardcoded-value then {
c:=Decrypt(input,encrypted-code)
execute c };
else abort;
here hardcoded-value=hash(K), encrypted-code=Encrypt(K,code), ENcrypt
(snip)
It is not possible to produce a binary which, given a set of four or more keys, is uniquely traceable to one or more of those keys unless the hacker was monumentally unlucky. It is (of course) traceable to a subset of the keyspace which may or may not include one of the keys the hacker had, and may or may not actually select a unique key the hacker did not have.
So there is a possibility to inlude "licensing functions" that over athere is also the possibility to decrypt code only on demand; this could mean a potential attacker has to pre-process *every* possible path though the code for every possible menu option (theoretically, this could increase the resulting size of the binary many times; in practice, a multipath obfusc binary is likely to be so much larger than a single path decrypted binary that the difference is barely noticable.
seemingly arbitrary input will follow different traces and generate new
cryptographic keys that decrypt unused code.
You also need to take into account that "dead code" is difficult toIndeed so. the hacker would need to deliberately exercise all options in the code to see how/where they decrypt. This would also reduce instant load - you aren't decrypting everything, all at once, but on demand) so aiding launch speed on slower hardware (at the expense of perceived runspeed once launched)
identify (the computational problem is intractable), and therefore
someone analysing a pices of code that haven't been executed so far
might not be able to guess if the code is ever going to execute (or it
is dead code inserted on purpose by the licensee).
Of course, I am not claiming that this solves the software protectionyou can certainly reduce the hackers to decrypting just the most common options, at least initially. Of course, if traitor-tracking isn't a problem for them (they can buy a key untracably at retail) , or if they can construct a new key out of a set of valid keys by isolating the active subkeys and recalculating the hashes, then they can just supply a straight copy of the code, plus a key. Not sure if this counts as a win or a lose for software protection :)
problem nor that the problem of breaking our scheme in a practical
setting is impossible. But in some contexts, reversing the code will
yield nothing new.
Message # 26
Date: Thu, 07 Sep 2006
From: Dave Howe
To: practicalsecurity at hbarel.com
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Hagai Bar-El wrote:
There are indeed many parameters, maybe even more than the ones youActually, you can't.
listed, but you do not need to consult all these because you can afford
a large safety margin, just as you do with ciphers.
If you put too much protection on it, you inconvenience the legitimate users of your product so much they will go elsewhere (to your competitors) rather than put up with the overheads of your protection scheme. The lowest grade machine you can reasonably use once your protection has been added forms the lower bound of your potential market. if you are a game, then the tradeoff becomes even more vicious - you are trading, not user wait time, but framerate for your protection, leaving you unable to fully exploit your target machines because part of your time is taken up trying to hide and unhide your code.
Your attacker has the luxury of running your code in a debug environment at whatever simulated execution rate he wishes to - if the game is unplayable at that speed, he doesn't care, as he isn't playing - he is hacking.
Message # 27
Date: Fri, 08 Sep 2006
To: Ariel Waissbein
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hi Ariel,
At 06/09/06 18:53, Ariel Waissbein wrote:
Let us distinguish between keys that are "computed out of unseen input" and keys that are "unused".This seems as an interesting approach, and I can see how it helpsI agree with you, whenever the program "computes" and uses a key, then
against static analysis of the code (by making the code readable only in
runtime). However, the typical attack we have in mind is of an attacker
tracing program execution step by step during an execution that requires
the program making use of the key.
it is lost for security purposes. An analyst/attacker may insert
breakpoints in every call to a decryption function and catch all these
used keys. However unused keys, that are computed out of unseen imput,
cannot be inferred.
With regards to keys from unseen inputs: there are no such keys. If an attacker traces the processor of the local machine, all inputs are seen. If they are seen to the processor then they are seen to the attacker...
With regards to "unused" keys: If they are never used, then what are they there for? A program never (I hope I am not being overly determined here) needs to store any key that never makes it into some of its processing routines. Keys that are never used should not get into the code anyway.
In the scenario I disucss, different from the music protection scenario,We must assume that the attacker _knows_ when the program makes use of the data (not the particular time, but the session). If the keys are ever used, the attacker will be there to trace them out on the execution session in which they are used. The method you describe can be useful, however, in cases that the opponent has access to the machine running the code at certain times that are not the times when the secret material needs to be constructed, but this opens a chicken-and-egg problem of enabling the program to determine what session it is in.
the program that is being protected has many branches and many different
functions. The code is encrypted not only once, but many times at
different portions of code which are either isolated or nested. The
"idea" behind this reasoning is that some portions of code will not be
executed during the standard usage, and the attacker cannot execute all
the possible traces of the program, therefore some encrypted portions
(snip)
When I mentioned dead code, what I meant is that on top of the techniqueIt mitigates off-line attacks, of reviewing the code. It has no implication on an opponent that traces the program as it runs. He does not ever see the dead code but only the code that ends up running during the session. Unless I am missing something...
discussed above, the protected program will include some portions of
dead code, and that the attacker will have to decide whether they are
dead code, or they will be decrypted and executed some time in the
future. That is, the technique will resist simple forms of dynamic
analysis. Probably, a carefull analysis by a skilled attacker will
render all the keys (if no external input -that cannot be guessed by the
(snip)
Hagai.
Message # 28
Date: Fri, 08 Sep 2006
To: Dave Howe
From: Hagai Bar-El
Subject: Re: [PracticalSecurity] Yet another attack against Windows Media DRM
Cc: practicalsecurity at hbarel.com
Hello Dave,
At 07/09/06 23:30, Dave Howe wrote:
Hagai Bar-El wrote:For the most part I disagree. I do agree that extra security does _sometimes_ imply inconveniences that may bother the user, or even scare him away. However, please note that:
There are indeed many parameters, maybe even more than the ones youActually, you can't.
listed, but you do not need to consult all these because you can afford
a large safety margin, just as you do with ciphers.
If you put too much protection on it, you inconvenience the
legitimate users
of your product so much they will go elsewhere (to your competitors)
rather than
put up with the overheads of your protection scheme. The lowest grade machine
you can reasonably use once your protection has been added forms the
lower bound
of your potential market. if you are a game, then the tradeoff
becomes even more
vicious - you are trading, not user wait time, but framerate for your
(snip)
1. Can or cannot -- we just have to do it. As you pointed out yourself, assessing the strength of the opponent is not trivial. It's actually too complex and can never be done too accurately. When you design a system you have no _accurate_ idea of how many computers your opponent can put together to break your encryption, or what is the maximum bus speed that he can sniff or exactly how capable he is in reverse engineering. You have some assumption, usually based on other people's sad experiences, and you take some _safety margin_.
You do as much as is financially beneficial for you to do, with security and risk being part of an equation, and hope for the best.
If the minimal protection you know you need is not financially beneficial then you forget it all and do nothing (or you should do nothing). So, not being able to tell _exactly_ how strong the opponent is and using safety margins is all around us.
2. I think you can. More security does not automatically convert into customers running away. Sometimes it does, and this is something you try to avoid, of course. But sometimes it doesn't. Most enhanced-security design decisions imply more work for you, or making better choices (again, more work for you), but do not translate into users being inconvenienced to the extent that they run away. Take Ariel's example: he suggests to encrypt code, and it can be useful in some cases. What is the impact? That code needs to be decrypted in runtime. What is the implication on the user? Nothing. The time is not noticeable, even on embedded processors. Maybe a low-end processor is not capable of doing this decryption, and the decryption requires a heavier processor, but who says that the low end processor was actually a choice in the first place? Maybe the system needs an adequate processor anyway for the other things it does? It's not automatic.
Let us take another example: Look at Skype -- there are some doubts about aspects of its security, due to its being closed-source, but imagine an open-source Skype that you believe is free of backdoors: It is secure to some extent, which is way beyond the minimum that could be done (such as that is provided by other free VoIP solutions). How much does this extra security cost you, the customer?
Nothing. Everything is encrypted and you don't even notice it in the latency because your network is far slower than AES. Of course, if you were using a 8086 PC-XT the encryption would not work as fast, but on a 8086 you wouldn't be able to even bootstrap the environment on which Skype runs, so it's not a practical limitation.
All this is to say that in too many cases the added security does not fall on the critical path.
Hagai.