90 likes | 212 Views
The Role of Cryptography. in Combating Software Piracy. Introduction. Rationale for anti-piracy measures: economics Early anti-piracy schemes Obfuscation (simple XORing) Copy protection (unformatted sectors) Checksums Result? We’ll cover Why crypto is well suited
E N D
The Role of Cryptography in Combating Software Piracy Jeff Bilger - CSE P 590TU - Winter 2006
Introduction • Rationale for anti-piracy measures: economics • Early anti-piracy schemes • Obfuscation (simple XORing) • Copy protection (unformatted sectors) • Checksums • Result? • We’ll cover • Why crypto is well suited • What can cause crypto to fail • Examples Jeff Bilger - CSE P 590TU - Winter 2006
Why Cryptography? • Premise (if cost exceeds benefit..) • Crypto can significantly increase the cost.. • Digital Signatures • Authenticity (source verification – both ways) • Execution control (proprietary HW) • Encryption • Obfuscation • Transmit sensitive information over insecure channels • One Way Hashes • Integrity (tamper detection) • Key Exchange • Allows distributed security Jeff Bilger - CSE P 590TU - Winter 2006
What can cause crypto to fail? • Brute force attacks? • infeasible • Bugs • Engineering trade-offs • Cost • Capabilities of target platform (CPU, RAM, ROM) • Poor Engineering decisions • Poor choices in crypto primitives (SHA-1) • Poor key management • PRFs that are not very random • Key value (dictionary attack) • Insecure key storage / transfer • Secure vs. insecure systems • Debuggers/monitors Jeff Bilger - CSE P 590TU - Winter 2006
Example: Alternate Reality • 1985 • BC multi-encryption cipher • Leventhall/Seville crypto (Dr. Carl Meyer of Lucifer and DES fame) • 1.8MHz CPU / 48K bytes RAM • Poor key storage • Bug in key seed generation algorithm • Considered one of the toughest anti-piracy measures to crack of its time Jeff Bilger - CSE P 590TU - Winter 2006
Example: Xbox • 2001 • Conical case • The MS business model • Same secret key on all Xbox devices • Secret boot code located on custom chip, not CPU. Communication required over a bus • Bus was not encrypted • ROM size limitation on custom chip required implementation trade offs • Utilized constant checksum instead of a hash! • Hacker captured keys and boot code over the bus • Since boot code was not hashed, it could be modified Jeff Bilger - CSE P 590TU - Winter 2006
Example: Xbox improvements • MS changed RC4 secret key • Fixed some bugs • Constant checksum replaced with hash using TEA • Oops • Other non-cryptographic attacks as well (Visor & MIST) Jeff Bilger - CSE P 590TU - Winter 2006
Example: Valve’s Steam Platform • 2004 • Content delivery/DRM platform • Combines cryptography and online registration • Among other things, allows Valve to quickly detect and address incidents of piracy Jeff Bilger - CSE P 590TU - Winter 2006
Conclusions • Can’t stop piracy • Cryptography can make it more costly to crack software • Secure vs. insecure systems • Engineering trade offs/poor decisions • Distributed solutions are a good model Jeff Bilger - CSE P 590TU - Winter 2006