fundamentals of ecommerce security
TRANSCRIPT
-
8/6/2019 Fundamentals of eCommerce Security
1/20
ECOM 6031
Fundamentals of e-Commerce
(Dr KP Chow, Dr Lucas Hui)
Lecture 4:
Content and Software Protection
Dr Lucas Hui
1
, , . .
Content
Content Copyright protection
Case of Broadcast encryption technique in CPRM
Case of HDCP
Software Copyright Protection
Method 1 Software Watermarkin
(Method 2) Registration Key
(Method 3) Tamper-proof Hardware Token
(Method 4) Obfuscation
Final Remarks
2
Content IP Protection
Merchants wish: the machine
content in case of access rightviolation
Digital Content +access right (e.g.
reg on co einfo
Customersmachine
Merchant Website
3
DVD copyright protectionCase 1: The CSS story
The encryption system that most commercial
CSS is weak in cryptographic strength:
- ,function (some literature said it contains secret-sharing mechanisms)
Fits the US export restriction for cryptographicproducts
block ciphers Can be cracked in minutes usin modern
4technology
-
8/6/2019 Fundamentals of eCommerce Security
2/20
CSS Stor CSS : Content Scrambling System
Main goal: stop piracy
Apply encryption technology Other goals: region coding, non-skippable FBI
warnings, avoid second generation copying,other artificial restrictions
DVD manufacturers, player manufacturers, haveto sign obtain a license (to use the encryption
technology) Pledged not to produce non-complaint machine
Not to reveal copy protection scheme
5
Two major camps in Linux community
LSDVD: working on a licensed DVD player
: wor ng on crea ng a ree open-
source version of DVD for Linux DeCSS (released on LiViD at 1999):
a software published by Jon Johansen whichdecrypts the CSS
Johansen (a 16-year old youngster in Norway),w o a er ac e a rp ay, e pp eiTunes closed system
not the first one to publish CSS decryption tools
6
Info about security on some published claimed tobehave like CSS scheme is as follows.
2 kinds of keys:
Player key P1, P2, , Pn (n is around 400), each
ran o p ayer as a un que ey Disk key D (each DVD disk has a unique key)
contains
A 40-bit hash H of D looks like not a o ularhash algorithm like SHA-1 or MD5)
D encrypted with P1 (denoted as EnP1(D) )
D encrypted with P2 ( EnP2(D) )
7
D encrypted with Pn ( EnPn(D) )
When Player Brand 99 reads the DVD, it willperform
Decrypting EnP99(D) to retrieve D
Perform a verification D = Decrypt (H, D) (with aproprietary decryption algorithm)
Use D to decrypt title key (a key unique to eachtitle
Use the title key to decrypt the data blocks
8
-
8/6/2019 Fundamentals of eCommerce Security
3/20
Cr to Ob ects in CSS Scheme
EnT (Data) EnP1 (D)
P2
EnP3 (D)
EnP99 (D)
EnD (T) H
9
Potential weakness
being known, exhaustive search on D using the
The decryption algorithm is badly designed,
with a Pentium III (with more elaboratedcr tanal sis techni ues
If one player key is cracked, advanced
cr tanal sis is ossible to crack another la erkey
Actuall if one la er ke is cracked all DVDs
10
can be read
Alternatives to DVD rotection-Watermarking
Addition of watermarks in the DVD content.
e wa ermar s con a n e copyr gnotices.
DVD if
The watermark is supposed to be changed
watermark, which is possible by directly
11
Alternatives to DVD protection a ermar ng
Cannot avoid non-compliant players
integrity control, (2) robustness (error
(Serious Problem) If one player key is,
key, without disabling the old players inplaying new DVDs.
How can we solve this?
12
-
8/6/2019 Fundamentals of eCommerce Security
4/20
Case of Broadcast Encr tion Techni ue in CPRM
Some early potential alternatives to CSS to achieve DVDcopy protection
CGMS
CPPM
CPRM
DTCP AACS
13
CSS (Content Scrambling System) s ra g - orwar so u on
Pre-recorded DVD-Video content is encrypted
Device without the decryption key cannot playback
CGMS (Copy Generation Management System) The Macrovision DVD Copy Protection system
Store two bits in the header of MPEG-2 stream to indicatewhether copying is allowed or not
2 format and 3 states
the equipment making the copy has to recognize andrespect the CGMS
- Replace CSS
Keys are stored in the lead-in (read-only) area of the disc
14
CPRM Content Protection for Recordable Media Proposed by IBM, Intel, Matsushita and Toshiba
supported by all DVD recorders released after 1999
Making use of CGMS Writable DVD drives are prevented from indiscriminately
copying protected content
A general solution to the Broadcast Encryption Problem
DTCP (Digital Transmission Content Protection) ropose y n e , ony, ac , a sus a, an os a
Anti-DVD copying
Making use of CGMS
15
AACS Advanced Access Content S stem Successor of CSS, final specification posted 2010
It is like CSS + a tree-based broadcast encryption structure
Since appearing in devices in 2006, several AACS decryptionkeys have been extracted from weakly protected softwarep ayers an pu s e on e n erne , a ow ng ecryp on yother unlicensed software
16
-
8/6/2019 Fundamentals of eCommerce Security
5/20
DVD Protection Conceptual ScenarioDVD Pla er 1 DVD Pla er 2me
2005
2005 DVD
Ke 1 Ke 2
2007
ey s expose
Old Player 22005 DVD
Player 1 New Player 2 ??? Player
Key 1 Key 2Key 2 Key 2
2007 DVD
17
Q: What key should be contained in a commercial DVD writer machine?
(one solution: use a key which is used in every commercial DVD reader)
Case of Broadcast EncryptionTechnique in CPRM
One potential approach to solve the DVD
co ri ht technical roblem at least artiall
CPRM (Content Protection for Recordable
Using Broadcast encryption technique
Used in DVD, Secure Digital Memory Card orecure ompac as
18
The CPRM scheme Each DVD (or more general, data to be protected) with
contains a ke mana ement block
There is a management key/Master key (k) similar tothe disk key in CSS. That is the information that enable
t e rea ng o t e w o e content There is a CPRM matrix (with 16 columns, and around
Each device (that reads the DVD legally) will have 16different device keys, one key per column
Two devices may have some common device keys
Very unlikely to have 2 or more common device keys
19
The CPRM matrix Each entry contains the encrypted Master Key
y a ev ce ey j Denoted as En(dj, k)
Some entries can be voided (if the device key iscracked)
Note: there are a lot of different device keys !!!
20
-
8/6/2019 Fundamentals of eCommerce Security
6/20
Normal CPRM matrix Assume Ej = En(dj, k), & a device knows E1 E16
E4 E11
E1
E6E3
E10 E14
E12
E8 E16E13
E2
E9
. . .
21
E5
(assume 2500 rows)
Prob of device key in first column the same
Prob of all 16 device keys identical- = -
Prob of all 16 device keys different(1 1/2500) ^ 16 = 0.9936
Prob of exactly 1 device key differentC161 * ( 1/2500 * (1 1/2500)^15 ) =16 * ( 0.004 ) = 0.00636
22
O eration of CPRM Each device knows
The 16 device keys (one in each column)
The position of that 16 device keys in the CPRM
matrix
To extract the mana ement ke ,
read any one of the 16 device key positions inthe matrix
If that position is voided, try another one.
least one device key entry can be read
23
If a device key (say d ) is cracked
Later, produced DVDs will have CPRM matrix
The entries in the device key are voided
keys other than d99
Non-com liant devices usin d can onl read oldDVDs (before the d99 entries are voided)
Will not affect other devices
In the matrix-based scheme (CPRM), if manydevice keys are cracked, the scheme is cracked
More advanced schemes using trees of keys calledLogical Key hierarchy (LKH) can make the scheme
24
stage).
-
8/6/2019 Fundamentals of eCommerce Security
7/20
After some device keys being
Voided entry:Normal entry:
E4 E11
E1
E6E3
E10 E14
E12
E8 E16E13
E2
E9
. . .
25
E5
Content IP Protection Remarks
Steganography is also used in IP right protection
There are techniques to destroy/modify the
Without making some assumptions in the- ,
illegal copying
. .encryption technique) are used to assist the IP
ri ht rotection roblem Against, certain assumptions on client-side
machine are needed
26
Case of Hi h-bandwidth Di italContent Protection (HDCP)
A form of digital copy protection developed by IntelCorporation.
Prevent copying of digital audio and video content as ittravels across DisplayPort, Digital Visual Interface (DVI),
- ,Video Interface (GVIF), or Unified Display Interface (UDI)connections
ReceiverTransmitter
Mutualauthentication
Encrypted datatransmission
Each HDCP-capable device has a unique setof 40 56-bit keys.
Each set of Device Private Keys is associated with aspecial public key called a KSV (Key Selection Vector).
from all other HDCP Transmitters.
Each HDCP Receiver has assi ned to it a uni ue KSVfrom all other HDCP Receivers.
Each KSV consists of 40 bits (one bit for each HDCPey , w s se o an s se o .
-
8/6/2019 Fundamentals of eCommerce Security
8/20
s ev ce eys - samp e Transmitter (A) Receiver (B)
Public Key (40-bit KSV):
Apub
Public Key (40-bit KSV):
Bpub
r va e ey(40 56-bit key):Apri
(40 56-bit key):Bpri
Transmitter (A) Receiver (B)
Public Key (40-bit KSV):Apub
Public Key (40-bit KSV):Bpub
(40 56-bit key):Apri
(40 56-bit key):Bpri
ApubBpub
Km = Apri . Bpub
ompu e:Km = Bpri . Apub
Km = Km
Transmitter (A) Receiver (B)
Public Key (40-bit KSV):Apub
Public Key (40-bit KSV):Bpub
(40 56-bit key):Apri
(40 56-bit key):Bpri
K KmHDCP HDCP
m
Data DataData Encr ted
p er p er
Using HDCP Cipher, with inputKm , data are encrypted & sent
Using HDCP Cipher, with inputKm , data are decrypted
-
8/6/2019 Fundamentals of eCommerce Security
9/20
. u en ca on
Purposes
Before sending data, a transmitting device checksthat the receiver is authorized to receive it.
Stop HDCP-encrypted content from being played-- .
Prevent the HDCP content from being copied bythe modified devices.
Function
Establishes shared values between the twoHDCP Devices if both devices have a validDevice Key Set from the Digital Content
.
. u en ca on con .
KSV (Aksv) and a 64-bit pseudo-random value (An) to the HDCPReceiver (B).
HDCP Receiver responds by sending a response messagecon a n ng e rece ver s sv .
HDCP Transmitter verifies that the HDCP Receivers KSV has notbeen revoked.
. .
If both HDCP Devices have a valid array of secretdevice keys and corresponding KSV from the
,calculate a 56-bit shared secret value, Km (or Km'in the video receiver). Each device calculates Km (or Km) by addinga
selection of its private device keys described by the -, . .
unsigned addition modulo 256). The selection of secret device keys that are added
indexesof all of the 1-bits of the binaryrepresentation of the KSV.
. .
For example: Suppose Bksvequals 0x5A3. For the binary
, , , , , ,10 are ones and all other bit positions are zeros.
Device A will add its own secret device keys at arrayindexes 0 1 5 7 8 and 10 to ether to calculate theshared secret value, Km.
Device B will perform an analogous calculation usingits own rivate ke arra and Device As KSV to etKm'.
keys or corresponding KSV, then Km will not beequalto Km'.
-
8/6/2019 Fundamentals of eCommerce Security
10/20
. u en ca on con .
The HDCP Cipher function hdcpBlkCipheris then used to
calculate three values, Ks, M0, and R0. The ci her initialization values for this calculation are K or K ' ,and the 65-bit concatenation of REPEATERwithAn.
The session keyKs is a 56-bit secret key for the HDCP Cipher. M is a 64-bit secret value used in the second art of the
authentication protocol (for repeater), and as a supplementalHDCP Cipher initialization value.
R0'is a 16-bit response value that the video receiver returns tothe HDCP Transmitter to provide an indication as to the successof the authentication exchange.
If authentication was successful, then R0'will be equal to R0. Ifaut ent cat on was unsuccess u , t en 0 an 0w , n mostcases, differ.
. ncryp on
Purposes If authenticated the transmitter encr ts the data
to prevent eavesdropping as it flows to thereceiver.
Defense against man-in-the-middle attacks.
Function Each pixel is encrypted by applying an XOR
operation with a 24-bit number produced by agenerator. The HDCP specifications ensureconstant updating of keys after each encoded
.
. .
p er pro uces t e - t w e ey-dependent pseudo-random stream during data
encrypted.
. . HDCP Encryption is applied at the input to the
. . . .output of the T.M.D.S. Decoder.
HDCP Encryption consists of a bit-wise exclusive-or
(XOR) of the HDCP Content with a pseudo-randomdata stream produced by the HDCP Cipher.
-
8/6/2019 Fundamentals of eCommerce Security
11/20
. ey revoca on
Purposes
compromised and cloned from receiving data.
ote t at manu acturers w o want to ma e adevice that supports HDCP must obtain acense rom nte su s ary g ta ontent
Protection, pay an annual fee, and submit tovar ous con t ons.
. ey revoca on con .
Through a process de ined in the HD P Adopters License,the Digital Content Protection LLC may determine that a set ofDevice Private Ke s has been com romised.
If so, it places the corresponding KSV on a revocation listthat the HDCP Transmitter checks during authentication. Thelists are signed with a DSA digital signature, which is meant tokeep malicious users from revoking legitimate devices.
revocation because they have different sets of Device Private
keys. The HDCP Transmitter is required to manage system
renewability messages(SRMs) carrying the KSV revocations .
. . . .
The size of the First-Generation HDCP SRM will belimited to a maximum of 5kB.
e ac ua s ze o e rs - enera on sbytes. For scalabilit of the SRM, the SRM format su orts
next-generation extensions.
By supporting generations of SRMs, an HDCP SRM, ,
accommodate more KSVs.
Next-generation extensions are appended to thecurrent-generation SRM in order to ensure backwardcompatibility with devices that support only previouseneration SRMs.
-
8/6/2019 Fundamentals of eCommerce Security
12/20
aws emons ra e y cryp ana ys s
S. Crosby, etc. A Cryptanalysis of the High-Bandwidth DigitalContent Protection System, Revised Papers from the ACM CCS-8
Workshop on Security and Privacy in Digital Rights Management,' -, , .
HDCP's linear key exchange is a fundamentalwea nesses. Attackers can: Eavesdro on an data Clone any device with only their public key Avoid any blacklist on devices
. In aggregate, can usurp the authority completely.
e aw
HDCP uses a linear system for generating
the shared secret. ApubBpri=Km=Km=BpubApri
The flaw is that any device whose public
of other devices will, when assigned a
rivate ke that's a similar linearcombination of the other devices privatekeys, successfully authenticate.
Idea to break
If we know:
ub ri ub ri ,
then
pub + pub pri+ pri are a so va eys Proof: For any other valid device A, we have
ApubBpri= BpubApri ApubCpri= CpubApri
Therefore Apub(Bpri+ Cpri) = (Bpub + Cpub)Apri
When we have 40 independent valid key pairs,
we can generate ALL valid keys in the scheme!!!
ssume: We have the public and private keys from 40 devices B(i). We have enou h rivate ke s B i, whose ublic ke s
span M (Z/256Z)40, the module generated by all publickeys assigned by the central authority. All of these devices will successfull authenticate with A.
As the subspace is 40 dimensional, a set of at most 40keys will be enough.
ons er any ev ce w t pub , w ose pu c eyand private key are any non-zero linear combination ofB i 's ublic and rivate ke s. C
pub= 40
i=1(a
iB
pub(i))
Cpri= 40
i=1(aiBpri(i))
-
8/6/2019 Fundamentals of eCommerce Security
13/20
u en ca e
Let A and Cauthenticate
When A and Cauthenticate
WeknowKshared(i)=Kshared(i) forallibecauseby', .
Therefore,Kshared=Ksharedandthisauthenticationsucceeds.
ecryp on
Thus, for any device Cwith Cpub
M, we2
rewriting Cpub as a linear combination of
pub .
. , ,
of a possible genuine HDCP master key which can neutralizethe key revocation feature of HDCP.
they discovered it, though the discovery was announced via aTwitterupdate which linked to a Pastebin snippet containingthe ke and instructions on how to use it.
Engadget said the attacker may have used the methodproposed by Crosby in 2001 to retrieve the master key,
. On Sep. 16, Intel confirmed that the code had been cracked.
Intel has threatened legal action against anyone producing, .
Devices to view HDCP signals are available in market, thoseIntel threatened to sue any illegal devices
Some of the 376 lines of HDCP master
Internet.
-
8/6/2019 Fundamentals of eCommerce Security
14/20
e erences
HDCP, LLC., High-bandwidth Digital Content Protection
(HDCP) System Revision 1.4, July 8, 2009. , . -Digital Content Protection System, Revised Papers fromthe ACM CCS-8 Workshop on Security and Privacy in
' , , - ,2001.
Wikipedia, http://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
Discussion Question
Are those content protection solutions-
house digital assets?
Web documents
e c
54
Merchants wish: the software
detecting access right violation
Software + accessright info (e.g.reg s ra on num er
Cus omers
machine
55
Software Intellectual Propertyprotection
Problem: A normal software code (agent) runningon a malicious host
Software has to protect itself
Against copying (almost impossible) Against re-engineering
ga nst mo cat on tamper ng
Use legal framework to protect:
.g eg strat on o so tware, ser a nos., etc
Sending of user information from executionp a orm may or may no e ega
This is just a monitoring process. It has to
56
-
8/6/2019 Fundamentals of eCommerce Security
15/20
Framework A malicious software code running on a normal
< >
The host has to perform monitoring, intrusione ec on, an o er secur y measures o
minimize the damage by the malicious code
A normal software code (agent) running on amalicious host
Software has to protect itself
A ainst co in Against re-engineering
57
Defense against malicious host attacks:1st method - Software watermarking
Puttin watermarks in the software
Mainly used to defense piracy
Static watermarkin (e.g. constant table, diagrams, logos)
D namic watermarkin
Relatively new, not very common
The watermark only appear after the program isexecuted (e.g. appear in the execution trace log)
Mainly to scare off piracy intention of the users
Aims: fast, high data rate, hard to detect (normalsteganography properties)
58
Attacks to Software watermarking
A.k.a. dewatermarking techniques
Additive attack: the hacker adds anotherwatermark into the pirated software copy
Distortive attack: the hacker transforms thepirated copy (something like obfuscation) tomake the watermark unrecognizable
Collusive Attack: the hacker obtains severalcopies of the software, and by comparing them,anal zin and removin the watermark
59
The 2nd method : Registration Key
Requiring a legal user (buyer) to obtain a key
.
2. Type in some information with the software purchased (e.g.the serial number)
3. Get a key (usually a long number) to use the software The software will perform checking of this key (at the
rs me o use e so ware, a s ar me o every use,or continuously)
registration key to others
,
the serial number are known to hackers, and thehackers can generate as many as as they like
60
-
8/6/2019 Fundamentals of eCommerce Security
16/20
An improvement of Registration Keymet o
A hardware token sold together with the software
The software vendor site via Internet (may be
problematic if Internet connection is not very reliable) Main concern in this improvement
The hacker will re-engineer the software to bypassaut ent cat on c ec s
Therefore: we need tamper-proofing technology
machine to inspect its execution)
61
Defense : the 3rd method -Tamper-Proofing Hardware Token
Tamper-proofing
Many approaches, the core idea is to refuseexecution if the host environment seems hostile
Authentication with Hardware tokens
Antidebugging
Code encryption with decryption by software orhardware tokens
Mainly used to defense tampering
Also used to defense dynamic analysis (analysisabout the execution) of the program for reverse
62engineering purposes
Goals of Tamper-Proofing HardwareToken
As a convenient storage: keep the registration key inhardware
s a e ense oo o ac ers Simply copying the software is not enough to create
The hacker needs to either
Change the executable codes to bypass all
engineering work)
63
Tamper proofing hardware tokens
One common approach: perform copyright checkingI.e. authentication of a valid user in various
execution stages, using hardware tokens:
Dongles: small hardware attached to I/O
ser a para e port o a Smartcards
key disks (special disk with bad sector in specificlocations
Attack to this approach: the hacker will change themachine instruction that perform hardware testing, toan unconditional jump to the code execution
The hacker may duplicate the hardware token (not
64
-
8/6/2019 Fundamentals of eCommerce Security
17/20
Token authenticationCode listing of s/w
Code to test for existence of h/wtoken, online connection, etc
65
Attack illustration Machine instruction:
Call hardware authentication test If (result is ok) goto code_execute
Quit the program/* due to fail in h/w authentication */
Change to:
No-op (no operation)
== go o co e_execu e
66
More com licate rotection Some of the machine codes are encrypted, and
e e ar ware o en o per orm ecryp on
More expensive H/W needed
Attack (more complicate) : replacing theencrypted codes with the decrypted codes.
This needs the decrypted codes to bediscovered by tedious monitoring of the softwareexecution
Note: the IP protection scheme is similar to
the operation of polymorphic viruses!!
67
Antidebu in The software search for the execution environment, if
exist, the software will kill itself
Similar to the conce t that the software is a hackin tool
and search for the signature of certain processes (e.g.check for active API calls/memory locations) [So this ishacking!!]
If the software reports this situation by sending Internetmessages, t s more e stea ng t e n ormat on romthe execution environment!!! [may not be legal in some
Another similar setting: the s/w tries to test whether it isrunnin on a virtual machine simulator
68
-
8/6/2019 Fundamentals of eCommerce Security
18/20
The 4th method: Obfuscation
The make the software harder to read, so as tomaximize the time to perform reverse engineering
E.g. Java byte codes, machine instructions Used to maximize the reverse engineering time
only. Cannot completely avoid reverseengineering
E.g: code encryption with software
The hacker has to trace along the program to
discover where the key is stored (takes a longtime, but still possible)
Can be used together with registration key and/or
69hardware token
Obfuscation 2 Normal Practice
Engineering practice (produce easily readable
code Use Obfuscation tools to modify different part
of code s stematicall
Example tool: SandMark (a long list of softwareObfuscation tools & watermarkin tools(www.cs.arizona.edu/sandmark/)
70
Original code
Obfuscated code
Obfuscation Illustration
Source: Fig. 4 in Watermarking, Tamper-Proofing, andObfuscation Tools for Software Protection, Collberg &Thomborson, IEEE Transactions on Software Engineering, 28(8),
p.735-746, August 2002
72
-
8/6/2019 Fundamentals of eCommerce Security
19/20
One Problem of Obfuscation
Obfuscation can be used by illegal companies to copy. .
One potential Solution :
Software D namic Birthmarks
Software Birthmarks
Static birthmark
one that can be extracted solely from the programsource code
Can be destroyed using obfuscation
Dynamic birthmark
t at s extracte w en t e program s execut ng. trelies on the run-time behavior of the program
73
A software birthmark is a unique characteristic of a
program that can be used to identify the program re a ve y new e e ec on approac
Still in research
Existing approahes
Mainly based on sequence of API calls i.e. try to match the API calls of two programs, to
see ow s m ar t ey are
Research in CISC, Dept of CS, HKU
Study the objects in the dynamic heap
i.e. try to match the objects created by twoprograms, o see ow s m ar ey are
Lets see the concrete results some time later
Software IP Protection Remarks
Software Copyright protection technology involves
. .
Hacking & anti-hacking technologies
ac an e ense ec n ques can e use n aw u orunlawful manner
-engineering, try to lengthen the time for the software tobe re-en ineered if the cracked co is available afterone year, the financial loss is acceptable)
A hot on-going research area
76
-
8/6/2019 Fundamentals of eCommerce Security
20/20
References Disappearing Cryptography Information Hiding: Steganography &
Watermarking, 2nd Edition, by P. Wayner, Morgan Kaufmann Publisher,2002.
To DVD or Not to DVD, by B. Simons, Communications of the ACM
42(5), p.31-32, May 1999 Broadcast Encryptions Bright Future, by Lotspiech, Nusser, & Pestoni,
IEEE Computer, p.57-63, August 2002 Protecting Cryptographic Keys: The Trace and Revoke Approach, by
a aor an on aor, ompu er u y : - A set theoretic approach to broadcast encryption, by Thomas Martin,
Technical Report RHULMA20055, Royal Holloway, University of, . . . .
DVD Copy Protection: Take 2, by Tekla S. Perry, IEEE Spectrum, p.38-39, Jan 2005.
- , - , Protection, by Collberg & Thomborson, IEEE Transactions on SoftwareEngineering, 28(8), p.735-746, August 2002
77