Presentation is loading. Please wait.

Presentation is loading. Please wait.

CD DRM & SONY-BMG: a case study Muhammed Afzal Hussain Digital Rights Management Seminar 17 th May, 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CD DRM & SONY-BMG: a case study Muhammed Afzal Hussain Digital Rights Management Seminar 17 th May, 2006."— Presentation transcript:

1 CD DRM & SONY-BMG: a case study Muhammed Afzal Hussain Digital Rights Management Seminar 17 th May, 2006

2 Sony-BMG is the worlds second largest record company. Fall 2005, problems discovered in two Sony-BMG CD copy protection systems: XCP & MediaMax These two systems made the user’s computers more vulnerable to attacks Had other DRM issues

3 As a result… Created public uproar Recall of millions of discs Compensation to the users (both in monetary form and others) Class action lawsuits Severe damage of company goodwill

4 Contents CD DRM overview How XCP and MediaMax work Security threat caused by them Their weaknesses Requirements of a good CD DRM system Conclusion

5 CD DRM A system to protect CD contents from being copied Should protect an audio CD from disc to disc copy, converting to mp3, copying single track etc. Purely economic Goals can be divided in two categories: Record Label Goal and DRM Vendor Goal

6 Record Label Goals CD DRM can not stop P2P file-sharing To stop disc to disc copy and other local copying and use of the music If Alice cannot copy a CD to give to Bob, Bob might buy the CD himself Portable audio player version Show advertisement and other promotional values Increase market power for parent company

7 DRM Vendor Goals Create value for the record label DRM Vendors have higher risk tolerance More aggressive to create a wider user base Record labels have imperfect knowledge about DRM technology used Sometime acts against record labels interest XCP was developed by First4Internet MediaMax was developed by SunnComm

8 CD DRM Requirements CD should be playable in ordinary CD players CD must be unreadable by almost all computer programs to avoid copying CD must be recognizable as a protected disc DRM vendor’s own software must be able to read it and give controlled access

9 CD DRM - How it works Two types of protections: Passive Protection Active Protection Passive measure changes the disc’s contents to confuse computer Active protection uses software for scanning and restrict access to a protected disc

10 Passive Protection Exploits subtle difference in the way computer and ordinary CD Players read CDs The distinctions between these two are imprecise Computer hardware and software has became more robust reading poorly formatted discs Recent CD DRM mainly rely on active protection

11 Passive Protection (cont…) XCP (Extended Copy Protection) deviates from Bluebook specification to create passive protection Bluebook contains one audio session with multiple tracks and another session with one data track XCP has one session with audio tracks and another session with two data tracks Windows assumes it’s a data-only CD Audio tracks become invisible Ordinary CD players do not support multi-session CD and recognizes only the first session

12 XCP Passive Protection Provides limited protection only: Advanced ripping and copying Non-Windows platforms The felt-tip marker trick Felt-tip marker trick: Hide the second session using felt-tip marker or masking tape The second session is near the outer edge of the disc Can be done using trial and error method, or visually analyzing the disc

13 Active Protection Active protection requires a software to be installed Both XCP and MediaMax rely on the autorun feature of Windows. MacOS X and Linux do not have autorun. XCP has only Windows code. MediaMax has MacOS code but the user must execute the installer (intentionally or unintentionally) to install it. Usually users don’t do that

14 Temporary Protection Protection for the time while the installer is running but not yet installed When the EULA is being displayed XCP checks for about 200 ripping and copying application Names are hard coded If any of these application is found running in the system, it asks the user to close it in order to continue the installation If the ripping or copying application is not closed within 30 seconds, the installer ejects the CD and quits

15 XCP Temporary protection – Screen Shot

16 MediaMax Temporary Protection It installs the software and activates it at least temporarily while the EULA is still displayed The software remains installed even if the user explicitly denies consent by declining the EULA In cases the software even remains active while the user denies consent

17 Temporary Protection Installation of software by MediaMax before consent is highly controversial Temporary activation of the DRM software without consent raises ethical questions Most user do not expect the insertion of a music CD to load a software Some discs contained statements about software being on the disk, but were written in tiny font and did not mention anything explicitly

18 Active Protection basics Depends on background process This process checks whether access should be restricted to a disc For any recognized protected disc, monitors CD access and corrupts returned audio data to any other application other than its own player XCP replaces audio with random noise MediaMax adds large random jitter Requires mechanism to recognize protected discs

19 Disc Recognition XCP stores a marker in the data track MediaMax uses more sophisticated method It puts a watermark The watermark is created after about 4 second from the start of an audio track to avoid audible noise in silence Modifies the audio track according to a special algorithm

20 CD DRM Players Provides rudimentary playback interface to the protected discs Allows bonus contents Album arts, lyrics, notes, links to websites Allows integrated burning application to copy the disc three times Subsequent copies can not be made Supports ripping the tracks only in DRM-protected formats so can only be run in the same computer. Uses Windows Media DRM

21 What Went Wrong? Controversial temporary protection schemes XCP infringes copyrights of open source software projects Contains code from the project DRMS, licensed under GPL Uses this code to create FairPlay protected file for playing in iPod Although this functionality is hidden to user Performs phoning home Sends information about listening habit. Allows to log user’s IP, date, time and album name. Receives images or banner ads to display Fits to consensus definition of spyware.

22 Rootkit behavior of XCP XCP shows rootkit behavior Rootkits are software designed to hide processes, files, or system data Used to hide intrusion XCP’s rootkit is used to hide its main installation directory, registry keys, files and processes So they can not be removed, modified or even noticed by the user Conceals any file, process or registry key whose name begins with $Sys$

23 XCP as a Security Threat Any malware can use XCP’s rootkit behavior to hide its existence in the system Modifies Windows kernel Modifies system functions for creating file, list running process etc. Modified kernel is not as stable as the original kernel Can be used to crash the computer

24 MediaMax as a Security Threat MediaMax sets file permission that allows anybody to modify contents of its installation directory Any user can replace its own code with malicious code Next time any other user will insert a MediaMax disc, the malicious code will be executed with his user privileges MediaMax requires Administrator privileges Resets permission every time MediaMax is run Manually correcting the errant permission is not very effective

25 MediaMax as a Security Threat (cont…) Installs MediaMax.dll even if the user denies the EULA Next time a MediaMax disc is inserted, it checks the version of MediaMax by calling the DLL Attacker can place hostile code in this DLL so next time a MediaMax disc is inserted, the malicious code will run with that user’s privilege Sony-BMG released patch to solve this problem Initial patch did not solve the problem

26 Uninstall Initially neither of the DRM systems contained uninstaller After public demand, they provided uninstaller, but was very hard to acquire Had to fill up a sequence of forms and wait few days. The uninstaller was customized for the user Worked only in the PC where the forms were filled. Worked for a limited number of times Later unrestricted uninstaller were published But they had their own vulnerabilities

27 MediaMax Uninstaller Vulnerability Uses proprietary ActiveX control Users had to install it to uninstall MediaMax Has a “Remove” method which takes an URL A HTTP Get to this URL returns a second URL A DLL file is downloaded from the second URL and executed to uninstall MediaMax The ActiveX control itself remains installed Any web page can invoke the “Remove” method of the ActiveX control with an arbitrary first URL to execute a malicious DLL without warning

28 XCP Uninstaller Vulnerability Has the same flaw, only a little harder to exploit Instead of downloading a DLL, it downloads an archive file made using a proprietary algorithm The DLL is extracted from this archive Using reverse engineering, a valid archive can be made

29 As a result… Sony-BMG had to recall all discs containing XCP or MediaMax XCP was deployed on 52 CD titles representing about 4.7 million CD’s MediaMax was deployed on 37 titles representing about 20 million CD’s Compensation to the buyers Lawsuits were filed in New York, California and Texas “It's your intellectual property but it's not your computer” Department of Homeland Security, USA

30 Was it enough? With so many aggressive strategies and controversial methods, are the XCP and MediaMax sufficient to protect the audio CD in all situation? NO We have already discussed the weaknesses of passive protections

31 Weaknesses Autorun can be disabled or avoided Felt-tip marker method can be used XCP’s temporary protection: Uses constant scanning for ripper application Users can kill the application Can use application that locks CD tray The hard coded lists of application will get obsolete and the ripper applications may use randomize process name to avoid such protections.

32 Weaknesses (cont...) XCP disc recognition: Uses a marker in data session: once ripped, it has no effect MediaMax disc recognition: Uses watermark in the audio track: lossy compression removes such watermark Both Players allows limited number of copies to be burned Vulnerable to rollback attacks User can modify the saved states to burn unlimited number of discs

33 Ideal Disc Recognition Requirement Uniqueness: Identify protected discs without accidentally triggering protection on an unprotected disc. Detectability: It should be quickly detectable Indelibility: The feature should be hard to remove Unforgeability: Should be hard to forge.

34 Other requirements of a good CD DRM software Audio CD has longer shelf life Deactivating old software Old software should deactivate themselves Updating the software User cooperate with updates that help them Download and CD delivery Forcing updates Making the non-updated system painful to use

35 Conclusion DRM Vendors goal differs from Label’s goal DRM of even major Label’s can cause security and privacy risks. Efficacy of DRM are sometimes inversely related to user’s ability to defend his system. CD DRM systems are mostly ineffective DRM systems not always focus on copyright law The stakes are high.

36 Questions?

37 Thank You

Download ppt "CD DRM & SONY-BMG: a case study Muhammed Afzal Hussain Digital Rights Management Seminar 17 th May, 2006."

Similar presentations

EBooks and Audiobooks. This class will give you an overview of eBooks and electronic Audiobooks available from the Library. We will also explain the basic.

EBooks and Audiobooks. This class will give you an overview of eBooks and electronic Audiobooks available from the Library. We will also explain the basic.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Digital rights management Audio watermark Jiamian.

Digital rights management Audio watermark Jiamian.
Computer Software 3 Section A Software Basics CHAPTER PARSONS/OJA

Computer Software 3 Section A Software Basics CHAPTER PARSONS/OJA
1 The Sony CD DRM Debacle A case study of digital rights management.

1 The Sony CD DRM Debacle A case study of digital rights management.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Upgrading Software CIT 1100 Chapter4.

Upgrading Software CIT 1100 Chapter4.
Operating System Customization

Operating System Customization
ITIS 1210 Introduction to Web-Based Information Systems Chapter 37 How iPods, iTunes, and Podcasting Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 37 How iPods, iTunes, and Podcasting Work.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
1 J. Alex Halderman Dangerous Tunes Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy.

1 J. Alex Halderman Dangerous Tunes Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy.
1 J. Alex Halderman Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy Department of.

1 J. Alex Halderman Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy Department of.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.

The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.
Software Copyright. Learning Objectives: By the end of this topic you should be able to:

Software Copyright. Learning Objectives: By the end of this topic you should be able to:
Updating an installation with Windows® Embedded Developer Update. Windows and Microsoft are registered trademarks, All rights reversed. KRAK LLC © 2011.

Updating an installation with Windows® Embedded Developer Update. Windows and Microsoft are registered trademarks, All rights reversed. KRAK LLC © 2011.
Building Secure Software Chapter 9 Race Conditions.

Building Secure Software Chapter 9 Race Conditions.

Similar presentations

Ads by Google