On May 9, 2007, at 5:01 PM, Ali, Saqib wrote:

Hi Jon,

Rights management systems work against polite attackers. They are
useless against impolite attackers. Look at the way that
entertainment rights management systems have been attacked.
The rights management system will be secure so long as no one wants
to break them. There is tension between the desire to break it and
the degree to which its users rely on it. At some point, this tension
will snap and it's going to hurt the people who rely on it. A
metaphor involving a rubber band and that smarting is likely apt.

What about DRM/ERM that uses TPM? With TPM the content is pretty much
tied to a machine (barring screen captures etc)

Will ERM/DRM be ineffective even with the use of TPM?

Saqib Ali

Your comment of barring screen captures etc. is a bit like saying that won't a bank be safe from robberies barring someone waving a gun in a teller's face, etc. Yeah, sure, but doesn't that kinda miss the point? DRM works if the attackers are polite. The less polite they are, the less well it works.

DRM systems for media are probably more immune to "analog hole" attacks ERM systems. Imagine that someone ERM protected an email showing things that Gonzales couldn't remember when he was testifying to Congress, or in some stock scandal, etc. A photo of a screen with a cell phone camera would be sufficient. We have not (yet) seen an attack where someone got a pre-release of a movie and then pointed a camera at a laptop screen, but we will.

If you add in a TPM, it depends entirely on how impolite the attackers are, as well as the construction of the TPM. One of the recent attacks against AACS involved the attackers unsoldering the chip and attacking it directly. That's pretty rude, but it worked.

If someone is so impolite that they'll put the TPM chip under a scanning electron microscope, they can probably just read the bits off. Very few smart cards can survive that.

Remember, this is all a trade-off between the cost of the device and the devotion of the attacker. TPM chips have to be very cheap, because the customer is ultimately paying for it. That means its defenses can't be very thorough. Furthermore, while the owner of the device is the attacker, you can't afford very many defenses. If a music player, for example, went DOA because it it was dropped, went over/under temperature, and so on, it would be a financial nightmare, as you probably have to replace them under warranty. People who hate DRM would buy devices, monkeywrench them, and then demand a refund.

ERM systems have the advantage that in general the attackers are more polite. More people want to break AACS than rights-controlled analyst reports. However, once something really juicy happens, like just needing the content registration key for a document that will get a politician in jail -- well, plenty of people can hack that. Now, all of a sudden, the attackers won't be polite, and that metaphor I made about a rubber band snapping will seem modest.

Really, you're much better off with real crypto and personnel policies.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to