Re: consulting question....
Ray Dillinger wrote: > Does anyone feel that I have said anything untrue? > > Can anyone point me at good information uses I can use to help prove > the case to a bunch of skeptics who are considering throwing away > their hard-earned money on a scheme that, in light of security > experience, seems foolish? Security is relative -- you need to evaluate it against a threat model and consider what goals you are trying to achieve. A software solution may succeed in deterring attackers from developing a way to strip the DRM from a $0.99 mp3; if the mp3 only costs $0.99, then may be it isn't worth the trouble of reverse engineering the software. There is some academic work on how to protect crypto in software from reverse engineering. Look-up "white-box cryptography". Disclosure: the company I work for does white-box crypto. -James signature.asc Description: OpenPGP digital signature
Re: consulting question....
If you've already explained to them that what they are trying to do is both impossible and pointless, and they still want your consulting services, take as much of their money as you can and don't feel bad about it! Maybe you can get some more people on this list hired, too :) /ji - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: consulting question.... (DRM)
On Tue, 2009-05-26 at 18:49 -0700, John Gilmore wrote: > It's a little hard to help without knowing more about the situation. > I.e. is this a software company? Hardware? Music? Movies? > Documents? E-Books? It's a software company. > Is it trying to prevent access to something, or > the copying of something? What's the something? What's the threat > model? Why is the company trying to do that? Trying to restrain > customers? Its customers would be other software companies that want to produce "monitored" applications. Their product inserts program code into existing applications to make those applications monitor and report their own usage and enforce the terms of their own licenses, for example disabling themselves if the central database indicates that their licensee's subscription has expired or if they've been used for more hours/keystrokes/clicks/users/machines/whatever in the current month than licensed for. The idea is that software developers could use their product instead of spending time and programming effort developing their own license- enforcement mechanisms, using it to directly transform on the executables as the last stage of the build process. The threat model is that the users and sysadmins of the machines where the "monitored" applications are running have a financial motive to prevent those applications from reporting their usage. > What country or countries does the company > operate in? What jurisdictions hold its main customer bases? They are in the US. Their potential customers are international. And their customers' potential clients (the end users of the "monitored" applications) are of course everywhere. > Why should we bother? Isn't it a great idea for DRM fanatics to > throw away their money? More, more, please! Bankrupt yourselves > and drive your customers away. Please! You're taking a very polarized view. These aren't "DRM fanatics"; they're business people doing due diligence on a new project, and likely never to produce any DRM stuff at all if I can successfully convince them that they are unlikely to profit from it. Bear - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: consulting question.... (DRM)
John Gilmore wrote: It's only the DRM fanatics whose installed bases of customers are mentally locked-in despite the crappy user experience (like the brainwashed hordes of Apple users, or the Microsoft victims) who are troublesome. In such cases, the community should I assume the Apple reference here is aimed at iTunes. You do know that iTunes Music Store no longer uses any DRM right ? -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: consulting question....
Ray Dillinger wrote: > And it turns out that she is an executive in a small company which is > now considering the development of a DRM product. > Does anyone feel that I have said anything untrue? You should be able to confirm all these details with sources, and it sounded like a plausible story. However, it also sounds like they are shifting the burden of proof. Shouldn't they convince "you" (whoever they make the DRM for) that their system is working? Have we really reached a situation where non-experts believe that DRM works until proven otherwise? That seems an extraordinary marketing success of the sellers of DRM technology, because it stands against a mountain of evidence in the history of computing. Maybe also introduce the logic Cory Doctorow gave in his Microsoft talk (not sure who first came up with this "proof"). It's not a decisive argument from a business perspective, as it ignores simple economics (see John Gilmore's remark). But it reverses the logic of DRM and puts burden of proof firmly where it belongs. >From http://craphound.com/msftdrm.txt > In DRM, the attacker is *also the recipient*. It's not Alice and > Bob and Carol, it's just Alice and Bob. Alice sells Bob a DVD. > She sells Bob a DVD player. The DVD has a movie on it -- say, > Pirates of the Caribbean -- and it's enciphered with an algorithm > called CSS -- Content Scrambling System. The DVD player has a CSS > un-scrambler. > > Now, let's take stock of what's a secret here: the cipher is > well-known. The ciphertext is most assuredly in enemy hands, arrr. > So what? As long as the key is secret from the attacker, we're > golden. > > But there's the rub. Alice wants Bob to buy Pirates of the > Caribbean from her. Bob will only buy Pirates of the Caribbean if > he can descramble the CSS-encrypted VOB -- video object -- on his > DVD player. Otherwise, the disc is only useful to Bob as a > drinks-coaster. So Alice has to provide Bob -- the attacker -- > with the key, the cipher and the ciphertext. > > Hilarity ensues. > > DRM systems are usually broken in minutes, sometimes days. Rarely, > months. It's not because the people who think them up are stupid. > It's not because the people who break them are smart. It's not > because there's a flaw in the algorithms. At the end of the day, > all DRM systems share a common vulnerability: they provide their > attackers with ciphertext, the cipher and the key. At this point, > the secret isn't a secret anymore. > - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
white-box crypto Was: consulting question....
On Tue, 26 May 2009, James Muir wrote: > There is some academic work on how to protect crypto in software from > reverse engineering. Look-up "white-box cryptography". > > Disclosure: the company I work for does white-box crypto. Could you explain what is the point of "white-box cryptography" (even if it were possible)? If I understand correctly, the only plausible result is to be able to use the secret key cryptography as if it were the public-key one, for example, to have a program that can do (very slow, btw) AES encryption, but be unable to deduce the key (unable to decrypt). If this is the case, then why not use normal public-key crypto (baksheesh aside)? -- Regards, ASK - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: consulting question.... (DRM)
The introduction of the acronym "DRM" has drawn all the hysteria it always does. The description you've posted much more closely matches license (or sometimse entitlement) management software than DRM. There are many companies active in this field. Many are small, but Microsoft sells some solution and there are moderately large companies around. Some of these have been around for many years. Traditionally, license management software looked at local files or databases rather than out on the Internet. However, I'm sure Internet options exist. The better software of this sort is challenging to crack. Certainly, none of it is *impossible* to crack - though the best dongle-based systems are probably extremely difficult (but also unacceptable for most kinds of software). For the most part, software like this aims to keep reasonably honest people honest. Yes, they can probably hire someone to hack around the licensing software. (There's generally not much motivation for J Random User to break this stuff, since it protects business software with a specialized audience.) But is it (a) worth the cost; (b) worth the risk - if you get caught, there's clear evidence that you broke things deliberately. Probably the greatest use for such software is not in preventing unlicensed users from running it at all but in enforcing contractual limits - e.g., you can only use this to manage up to X machines. Every company that has sold software with that kind of contract will likely find that, unless the software enforces the limitation, its customers will exceed it - often unknowingly, often by large factors. I'd suggest that you, and the company you're consulting to, spend some time understanding the market. What kind of software vendors are you selling to? B2B is a very different marketplace from consumer. Within B2B, "high touch" sales are very different from mass market. If you go international, a great deal depends on where you think you're going to sell. If you are ultimately depending on contractual enforcement, with the licensing software just an encouragement to good behavior, you're fine in the US and Western Europe, but you're not going to have a happy time in, say, Russia and China. A Google search on "license management software" turns up many hits, including an overview article that may be useful: http://software.forbes.com/license-management-software (One thing to be aware of is that this phrase is a bit ambiguous, covering both software a vendor puts in to its code to manage licenses, and software sold to large end users to help them keep track of what licenses they are using. The listing in the article covers both, but is still incomplete - it misses one of the long-established companies, Acresso Software - a new name - that sells the FLEXnet license enforcement software, a business it's been in for at least 10 years or so.) -- Jerry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: consulting question.... (DRM)
On Wed, May 27, 2009 at 2:01 AM, Darren J Moffat wrote: > John Gilmore wrote: >> >> It's only the DRM fanatics whose installed bases of customers >> are mentally locked-in despite the crappy user experience (like >> the brainwashed hordes of Apple users, or the Microsoft victims) >> who are troublesome. In such cases, the community should > > I assume the Apple reference here is aimed at iTunes. You do know that > iTunes Music Store no longer uses any DRM right ? For the music, that's true, but not for the other items sold there (movies, TV shows, and especially not iPhone apps, as any iPhone developer who's jumped through those DRM hoops will tell you). n - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: consulting question....
On 1243421494 seconds since the Beginning of the UNIX epoch "Marcus Brinkmann" wrote: > > However, it also sounds like they are shifting the >burden of proof. Shouldn't they convince "you" (whoever they make the DRM >for) that their system is working? Have we really reached a situation where >non-experts believe that DRM works until proven otherwise? That seems an >extraordinary marketing success of the sellers of DRM technology, because it >stands against a mountain of evidence in the history of computing. I have noticed in my years as a security practitioner, that in my experience non-security people seem to assume that a system is perfectly secure until it is demonstrated that it is not with an example of an exploit. Until an exploit is generated, any discussion of insecurity is filed in their minds as ``academic'', ``theoretical'' or ``not real world''. This of course makes it quite difficult to cause various issues to be fixed in practice as it is generally more time consuming to construct and explain an exploit than to simply fix the bug that has been discovered. The next refrain that one is likely to hear even after demonstrating that a security issue exists is ``How many people know how to do that?'' I've actually heard that in some rather amusing circumstances such as ``Well, how many people actually know how to read or edit XML?'' It is a tricky conversation to explain to people that XML is not in fact an encryption mechanism---especially if they have seen any machine produced XML recently. Of course, this is one of the more amusing examples but others abound. I'm interested in asking people what rhetorical techniques they use to overcome such difficulties in practice? -- Roland Dowdeswell http://Imrryr.ORG/~elric/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: consulting question.... (DRM)
This is getting a bit far afield from cryptography, but proper threat analysis is still relevant. On May 27, 2009, at 4:07 AM, Ray Dillinger wrote: On Tue, 2009-05-26 at 18:49 -0700, John Gilmore wrote: It's a little hard to help without knowing more about the situation. I.e. is this a software company? Hardware? Music? Movies? Documents? E-Books? It's a software company. Is it trying to prevent access to something, or the copying of something? What's the something? What's the threat model? Why is the company trying to do that? Trying to restrain customers? Its customers would be other software companies that want to produce "monitored" applications. Their product inserts program code into existing applications to make those applications monitor and report their own usage and enforce the terms of their own licenses, for example disabling themselves if the central database indicates that their licensee's subscription has expired or if they've been used for more hours/keystrokes/clicks/users/machines/whatever in the current month than licensed for. The idea is that software developers could use their product instead of spending time and programming effort developing their own license- enforcement mechanisms, using it to directly transform on the executables as the last stage of the build process. The threat model is that the users and sysadmins of the machines where the "monitored" applications are running have a financial motive to prevent those applications from reporting their usage. If this is really their threat model, it's ill-considered. First, no reputable company in their right mind would play games with software licensing in an attempt to save a few dollars. In fact, most companies bend over backwards with internal audits and other mechanisms to ensure they are in compliance. The risk is far too great to do otherwise -- both to reputation and to the bottom line. They may counter that they are attempting to nudge into compliance reputable companies that are simply not large enough or savvy enough to ensure their own compliance. In this case, something far less complex than what is traditionally implied by "DRM" can be used. Thus, the users you are now considering are members of _disreputable_ companies. Since DRM is easily circumvented, and the company is disreputable, you have a reasonable expectation that your DRM will be ineffective. Second, sysadmins have no financial motive, unless they are also the owners. It is irrelevant to the sysadmin whether the business pays an appropriate amount for licenses. His salary is still his salary. Finally, large institutions (let's take financial firms as this is my area of expertise) will not install software that has hard expirations or other restrictive licensing mechanisms. The reason is simple. These mechanisms cause outages -- sometimes because of snafus in the renewal of licenses, sometimes because of poor code quality in the enforcement mechanism. At my firm, any such scheme is an immediate non-starter. -wps - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: consulting question....
On Wed, 2009-05-27 at 10:31 -0400, Roland Dowdeswell wrote: > I have noticed in my years as a security practitioner, that in my > experience non-security people seem to assume that a system is > perfectly secure until it is demonstrated that it is not with an > example of an exploit. Until an exploit is generated, any discussion > of insecurity is filed in their minds as ``academic'', ``theoretical'' > or ``not real world''. This matches my experience as well. "Have any exploits of this particular scheme been found in the wild?" is always one of the first three questions, and the answer is one of the best predictors of whether the questioner actually does anything. For best results one must be able to say something like, "Yes, six times in the last year" and start naming companies, products, dates, and independent sources that can be used to verify the incidents. To really make the point one should also be able to cite financial costs and losses incurred. Because companies don't like talking about cracks and exploits involving their own products, nor support third parties who attempt systematic documentation of same, it is frequently very hard to produce sufficient evidence to convince and deter new reinventors of the same technology. This failure to track and document exploits and cracks is a cultural failure that, IMO, is currently one of the biggest nontechnical obstacles to software security. Bear - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com