digital right management

DIGITAL RIGHT MANAGEMENT

Bùi Thành Đạt 50700480Nguyễn Hoàng Nhật Đông 50700542

Nguyễn Duy Cường 50700287

1

CONTENTS

SOFTWARE REVERSE ENGINEERING (SRE)What is SRE ?ToolsHow to preventConclusion

DIGITAL RIGHT MANAGEMENT (DRM)What is DRM ?Problems and solutionsA real world systemSome DRM system designsConclusion 2

CONTENTS

SOFTWARE REVERSE ENGINEERING (SRE)What is SRE ?ToolsHow to preventConclusion

DIGITAL RIGHT MANAGEMENT (DRM)What is DRM ?Problems and solutionsA real world systemSome DRM system designsConclusion 3

WHAT IS SRE ?

Software reverse engineering (reverse code engineering, or reverse).

Purpose:Good: understand malware, legacy code...Not good: cheating, breaking DRM

systems...

8048340: 55 pushl %ebp8048341: 89 e5 movl %esp,%ebp8048343: eb 02 jmp 0x80483478048345: 06 pushl %es ............ 4

TOOLS FOR SRE

DisassemblerDebuggerHex editor

DISASSEMBLY DEBUG PATCH

5

DISASSEMBLER

6

HEX EDITOR

7

CONTENTS

SOFTWARE REVERSE ENGINEERING (SRE) What is SRE ? Tools How to prevent Conclusion

DIGITAL RIGHT MANAGEMENT (DRM) What is DRM ? Problems and solutions A real world system Some DRM system designs Conclusion

8

HOW TO PREVENT SRE ?

DISASSEMBLY DEBUG PATCH

ANTI-DISASSEMBLY

ANTI-DEBUGGING

TAMPER RESISTANCE

9

HOW TO PREVENT SRE ?ANTI-DISASSEMBLY

Encryption: encrypt before executed.Problem: Code must be decrypted before

executed -> attacker can access decryption code.

10

HOW TO PREVENT SRE ?ANTI-DISASSEMBLY

False assemblyMake the real code different from the

disassemblied one.Problem: attacker studies the technique

carefully -> bypass the effects of false assembly.

11

HOW TO PREVENT SRE ?ANTI-DISASSEMBLY

False assembly

12

jmp antidebug1 + 2antidebug1:

.short 0xc606call reloc

reloc:popl %esijmp antidebug2

antidebug2:addl $(data - reloc),%esimovl 0(%esi),%edipushl %esijmp *%edi

data: .long 0http://vxheavens.com/lib/vsc04.html#p2:

HOW TO PREVENT SRE ?ANTI-DISASSEMBLY

Self-modifying code: real time, effective to confuse a disassembler.

Problem:Also confuse developers.Difficult to implement and error prone.

13

HOW TO PREVENT SRE ?ANTI-DEBUGGING

Monitoring debug registers. Monitoring breakpoints. Multi threads.

14

HOW TO PREVENT SRE ?TAMPER RESISTANCE

Guards:Some sections of code calculate checksum of

another section.From “single point of failure” to “area of failure”.

Problems:All guards are the same -> easy to detect.Different classes of guards -> still able to be

detected. Conclusion:

Code has not been altered only if guards themselves have not been altered.

15

HOW TO PREVENT SRE ?TAMPER RESISTANCE

Obfuscation: make the code difficult to understand.

Examples:“Spaghetti code”Opaque predicate

16

HOW TO PREVENT SRE ?TAMPER RESISTANCE

Metamorphism Normally: distribute identical copies

(clones) of software to each customer.Weakness: can’t prevent break-one-

break-everywhere (BOBE)

17

HOW TO PREVENT SRE ?TAMPER RESISTANCE

Metamorphism (cont) Use metamorphic copies: same

function, different internal structure. For N copies, it takes N times to break

all N instances (best case) Usually use in malware. Note: same flaw still exists in all

copies.

18

CONCLUSION

Truly secure software is impossible to achieve in practice.

Solution: just provides sufficient protectionConfusing.Hard to understand. Increase the time required for an attack.

19

CONTENTS

SOFTWARE REVERSE ENGINEERING (SRE)What is SRE ?ToolsHow to preventConclusion

DIGITAL RIGHT MANAGEMENT (DRM)What is DRM ?Problems and solutionsA real world exampleSome DRM system designsConclusion 20

WHAT IS DRM ?

Retain some control over digital content after it has been delivered: “remote control”

What happen?21

PUBLISHED

For the Hack of it

WHAT IS DRM ?

Persistent protection: the protection stays with the content after it’s delivered.

Example: for a digital book:No copyingRead onceDo not open until ChristmasNo forwarding ....

22

CONTENTS

SOFTWARE REVERSE ENGINEERING (SRE)What is SRE ?ToolsHow to preventConclusion

DIGITAL RIGHT MANAGEMENT (DRM)What is DRM ?Problems and solutionsA real world systemSome DRM system designsConclusion 23

PROBLEMS AND SOLUTIONSPROBLEMS

From SRE section: can’t prevent SRE -> can’t hide a secret in software.

Analog hole: impossible to prevent such attacks

24

PROBLEMS AND SOLUTIONSSOLUTIONSOptions:

Honor systemAssuming most people are good, honest, decent, and trustworthy

Example: sharewareWeak software-based DRM

Example: DRM for P2P ApplicationStrongest possible DRM system

Example: A real world system

25

PROBLEMS AND SOLUTIONSSOLUTIONS

Cryptography: different from standard crypto scenario.Legitimate recipient is a potential attacker.

A recipient can access everything in dashed box (including key). How to solve ?

26

PROBLEMS AND SOLUTIONSSOLUTIONS

Security by obscurity: secure when attacker doesn’t understand the software completely.When obscurity gone, security gone It’s preferable not rely on security by

obscurity, but need to consider when there is no other option.

Closed systems, secret designs

27

CONTENTS

SOFTWARE REVERSE ENGINEERING (SRE)What is SRE ?ToolsHow to preventConclusion

DIGITAL RIGHT MANAGEMENT (DRM)What is DRM ?Problems and solutionsA real world systemSome DRM system designsConclusion

28

SOME DRM SYSTEM DESIGNSA REALWORLD SYSTEM

MediaSnap Inc. DRM system:Use with digital documents that will

be distributed via e-mail.Components:

Secure Document Server (SDS)Client software is a plugin to Adobe PDF reader.

29

SOME DRM SYSTEM DESIGNSA REALWORLD SYSTEM

Deliver

30

SOME DRM SYSTEM DESIGNSA REALWORLD SYSTEM

Access

31

SOME DRM SYSTEM DESIGNSA REALWORLD SYSTEM

Security for systemThe SDS is relatively secure.The DRM client software is readily

available to any attacker. Focus on the client software

32

SOME DRM SYSTEM DESIGNSA REALWORLD SYSTEM

Tamper-resistant barrierAnti-disassembly: encryption, false assemblyAnti-debugging: monitor debug registersTamper-resistant techniques: AES, along with

“scrambling” algorithm Anti-screen capture, digital watermarking Metamorphism for BOBE resistance

33

CONTENTS

SOFTWARE REVERSE ENGINEERING (SRE)What is SRE ?ToolsHow to preventConclusion

DIGITAL RIGHT MANAGEMENT (DRM)What is DRM ?Problems and solutionsA real world systemSome DRM system designsConclusion 34

SOME DRM SYSTEM DESIGNSDRM FOR STREAMING DATA

Possible attacks on streaming media:Spoofing the streamMan-in-the-middleReplay attackPlaintext captured at the client

The proposed design makes use of scrambling algorithms.Achieve significant degree of metamorphismSecurity by obscurity

35

SOME DRM SYSTEM DESIGNSDRM FOR STREAMING DATA

Details:Server has list N scrambling algorithm

s0, s1, s2, ..., sN-1

Each client has a subset of these algorithms

LIST = {s12, s23, s45, s2, s7}

This list is store as E(LIST, Kserver)Client and server must negotiate a

specific scrambling algorithm to be used.36

SOME DRM SYSTEM DESIGNSDRM FOR STREAMING DATA

37

SOME DRM SYSTEM DESIGNSDRM FOR P2P APPLICATION

Example

38

SOME DRM SYSTEM DESIGNS DRM FOR P2P APPLICATION

Peer offering service (POS)Legal providerApparent to usersSignificant percentage of responses

Use weak DRM

39

SOME DRM SYSTEM DESIGNS DRM IN ENTERPRISE

DRM in enterprise is different from DRM in e-commerce:Prevent losing money instead of making

moneyThe human dimension is completely

differentOther issues are more important than the

strength of DRM system: Policy management Authentication

Relatively easy to solve. 40

CONCLUSION

DRM clearly illustrates the limitations of doing security in software

Strong software-based DRM is impossible due to SRE problems

DRM is not only a technical problem, so the challenge is to develop something that works in practice.

41

42