DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t Nguy ễ n Hoàng Nh ậ t Đông Nguy ễ n Duy C ườ ng
C ONTENTS SOFTWARE REVERSE ENGINEERING (SRE) What is SRE ? Tools How to prevent Conclusion DIGITAL RIGHT MANAGEMENT (DRM) What is DRM ? Problems and solutions A real world system Some DRM system designs Conclusion 2
C ONTENTS SOFTWARE REVERSE ENGINEERING (SRE) What is SRE ? Tools How to prevent Conclusion DIGITAL RIGHT MANAGEMENT (DRM) What is DRM ? Problems and solutions A real world system Some DRM system designs Conclusion 3
W HAT IS SRE ? Software reverse engineering (reverse code engineering, or reverse). Purpose: Good: understand malware, legacy code... Not good: cheating, breaking DRM systems : 55 pushl %ebp : 89 e5 movl %esp,%ebp : eb 02 jmp 0x : 06 pushl %es
T OOLS FOR SRE Disassembler Debugger Hex editor DISASSEMBLYDEBUGPATCH 5
D ISASSEMBLER 6
H EX EDITOR 7
C ONTENTS SOFTWARE REVERSE ENGINEERING (SRE) What is SRE ? Tools How to prevent Conclusion DIGITAL RIGHT MANAGEMENT (DRM) What is DRM ? Problems and solutions A real world system Some DRM system designs Conclusion 8
H OW TO PREVENT SRE ? DISASSEMBLYDEBUGPATCH ANTI-DISASSEMBLY ANTI-DEBUGGING TAMPER RESISTANCE 9
H OW TO PREVENT SRE ? A NTI -D ISASSEMBLY Encryption: encrypt before executed. Problem: Code must be decrypted before executed -> attacker can access decryption code. 10
H OW TO PREVENT SRE ? A NTI -D ISASSEMBLY False assembly Make the real code different from the disassemblied one. Problem: attacker studies the technique carefully -> bypass the effects of false assembly. 11
H OW TO PREVENT SRE ? A NTI -D ISASSEMBLY False assembly 12 jmp antidebug1 + 2 antidebug1:.short 0xc606 call reloc reloc: popl %esi jmp antidebug2 antidebug2: addl $(data - reloc),%esi movl 0(%esi),%edi pushl %esi jmp *%edi data:.long 0
H OW TO PREVENT SRE ? A NTI -D ISASSEMBLY Self-modifying code: real time, effective to confuse a disassembler. Problem: Also confuse developers. Difficult to implement and error prone. 13
H OW TO PREVENT SRE ? A NTI -D EBUGGING Monitoring debug registers. Monitoring breakpoints. Multi threads. 14
H OW TO PREVENT SRE ? T AMPER R ESISTANCE Guards: Some sections of code calculate checksum of another section. From “single point of failure” to “area of failure”. Problems: All guards are the same -> easy to detect. Different classes of guards -> still able to be detected. Conclusion: Code has not been altered only if guards themselves have not been altered. 15
H OW TO PREVENT SRE ? T AMPER R ESISTANCE Obfuscation: make the code difficult to understand. Examples: “Spaghetti code” Opaque predicate 16
H OW TO PREVENT SRE ? T AMPER R ESISTANCE Metamorphism Normally: distribute identical copies (clones) of software to each customer. Weakness: can’t prevent break-one-break- everywhere (BOBE) 17
H OW TO PREVENT SRE ? T AMPER R ESISTANCE Metamorphism (cont) Use metamorphic copies: same function, different internal structure. For N copies, it takes N times to break all N instances (best case) Usually use in malware. Note: same flaw still exists in all copies. 18
C ONCLUSION Truly secure software is impossible to achieve in practice. Solution: just provides sufficient protection Confusing. Hard to understand. Increase the time required for an attack. 19
C ONTENTS SOFTWARE REVERSE ENGINEERING (SRE) What is SRE ? Tools How to prevent Conclusion DIGITAL RIGHT MANAGEMENT (DRM) What is DRM ? Problems and solutions A real world example Some DRM system designs Conclusion 20
W HAT IS DRM ? Retain some control over digital content after it has been delivered: “remote control” What happen? 21 PUBLISHED For the Hack of it
W HAT IS DRM ? Persistent protection: the protection stays with the content after it’s delivered. Example: for a digital book: No copying Read once Do not open until Christmas No forwarding
C ONTENTS SOFTWARE REVERSE ENGINEERING (SRE) What is SRE ? Tools How to prevent Conclusion DIGITAL RIGHT MANAGEMENT (DRM) What is DRM ? Problems and solutions A real world system Some DRM system designs Conclusion 23
P ROBLEMS AND S OLUTIONS PROBLEMS From SRE section: can’t prevent SRE -> can’t hide a secret in software. Analog hole: impossible to prevent such attacks 24
P ROBLEMS AND S OLUTIONS SOLUTIONS Options: Honor system Assuming most people are good, honest, decent, and trustworthy Example: shareware Weak software-based DRM Example: DRM for P2P Application Strongest possible DRM system Example: A real world system 25
P ROBLEMS AND S OLUTIONS SOLUTIONS Cryptography: different from standard crypto scenario. Legitimate recipient is a potential attacker. A recipient can access everything in dashed box (including key). How to solve ? 26
P ROBLEMS AND S OLUTIONS SOLUTIONS Security by obscurity: secure when attacker doesn’t understand the software completely. When obscurity gone, security gone It’s preferable not rely on security by obscurity, but need to consider when there is no other option. Closed systems, secret designs 27
C ONTENTS SOFTWARE REVERSE ENGINEERING (SRE) What is SRE ? Tools How to prevent Conclusion DIGITAL RIGHT MANAGEMENT (DRM) What is DRM ? Problems and solutions A real world system Some DRM system designs Conclusion 28
S OME DRM SYSTEM DESIGNS A REALWORLD SYSTEM MediaSnap Inc. DRM system: Use with digital documents that will be distributed via . Components: Secure Document Server (SDS) Client software is a plugin to Adobe PDF reader. 29
S OME DRM SYSTEM DESIGNS A REALWORLD SYSTEM Deliver 30
S OME DRM SYSTEM DESIGNS A REALWORLD SYSTEM Access 31
S OME DRM SYSTEM DESIGNS A REALWORLD SYSTEM Security for system The SDS is relatively secure. The DRM client software is readily available to any attacker. Focus on the client software 32
S OME DRM SYSTEM DESIGNS A REALWORLD SYSTEM Tamper-resistant barrier Anti-disassembly: encryption, false assembly Anti-debugging: monitor debug registers Tamper-resistant techniques: AES, along with “scrambling” algorithm Anti-screen capture, digital watermarking Metamorphism for BOBE resistance 33
C ONTENTS SOFTWARE REVERSE ENGINEERING (SRE) What is SRE ? Tools How to prevent Conclusion DIGITAL RIGHT MANAGEMENT (DRM) What is DRM ? Problems and solutions A real world system Some DRM system designs Conclusion 34
S OME DRM SYSTEM DESIGNS DRM FOR STREAMING DATA Possible attacks on streaming media: Spoofing the stream Man-in-the-middle Replay attack Plaintext captured at the client The proposed design makes use of scrambling algorithms. Achieve significant degree of metamorphism Security by obscurity 35
S OME DRM SYSTEM DESIGNS DRM FOR STREAMING DATA Details: Server has list N scrambling algorithm s 0, s 1, s 2,..., s N-1 Each client has a subset of these algorithms LIST = {s12, s23, s45, s2, s7} This list is store as E(LIST, K server ) Client and server must negotiate a specific scrambling algorithm to be used. 36
S OME DRM SYSTEM DESIGNS DRM FOR STREAMING DATA 37
S OME DRM SYSTEM DESIGNS DRM FOR P 2 P APPLICATION Example 38
S OME DRM SYSTEM DESIGNS DRM FOR P 2 P APPLICATION Peer offering service (POS) Legal provider Apparent to users Significant percentage of responses Use weak DRM 39
S OME DRM SYSTEM DESIGNS DRM IN ENTERPRISE DRM in enterprise is different from DRM in e-commerce: Prevent losing money instead of making money The human dimension is completely different Other issues are more important than the strength of DRM system: Policy management Authentication Relatively easy to solve. 40
C ONCLUSION DRM clearly illustrates the limitations of doing security in software Strong software-based DRM is impossible due to SRE problems DRM is not only a technical problem, so the challenge is to develop something that works in practice. 41
42