CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a...

77
CSCI E-170 October 31, 2005 L06: Watermarking Copy Protection & DRM Trusted Computing DMCA

Transcript of CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a...

Page 1: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

CSCI E-170

October 31, 2005L06:

WatermarkingCopy Protection & DRMTrusted ComputingDMCA

Page 2: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Administrivia

HW3 - Should be returned by now (or shortly)Midterm ProjectsQuiz

Page 3: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Midterm Projects are due on November 21st!

Please email a one-paragraph synopsis of yourproject to [email protected]

– Subject line: “group <GROUP> midterm synopsis”– CC: all of the members in your group– One email per group!

Caveats:– Don’t use deception in your projects.– If there is no literature in X, discuss why there isn’t

any literature.Additional information on the website.

Page 4: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Quiz will be released on Friday November 4thand due on Tuesday November 8th.

This is a timed quiz.– Download the Quiz.– Write your answers in a word processor.– Paste answers into the browser and upload.– DO NOT WRITE IN THE BROWSER. (It might crash!)

Do not take more than 4 hours.Format:

– Q&A on 4 papers (2 old, 2 new)

Page 5: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

L06: The User as the Adversary

The problem: computers aretoo powerful!

– Copy anything that’s digital– Software can be hacked.

This is a problem for:– Distributing software and

media– Financial applications– Multiplayer games

(“god mode”)

Page 6: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

There are two solutions:Persuasion and coercion

Persuasion: Make the user want to comply withyour desires.

– Financial incentives.– Reputation incentives.– Legal incentives.Watermarking and DRM Systems

Coercion: Make it hard (impossible) for the user todisobey.

Trusted hardware

Page 7: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Watermarking and Steganography placeadditional information in the media.

Watermark — usually visible.Steganography — always invisible.

Uses:– Detect counterfeits (Watermark is absent or wrong.)– Deter copying (Watermark has an identifier.)– Defeat copying (Player won’t work w/o watermark.)

Page 8: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Watermarks

First introduced in Bologna, Italy in 1282Dandy Roll presses pattern into drying paper

– Changes thickness of paper fibersUses:

– By paper makers to identify their product– Security for stamps, official documents.– Stock certificates, money, etc.– Chic

Other “watermarks”– Printing on plastic with a window.

(Australian $10 note)

Page 9: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Dandy Roll

Pressed into paper duringpaper-making process

J. Plank Features•In-house watermark design•Computerized design process•Quick-change sleeves andsections

•Dandy roll•7.25" diameter

•Watermarking possible

http://www.uwsp.edu/papersci/PM/Machine/Dandy.htm

Page 10: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Dandy Roll

Wet pulp sprayed ontomoving beltDandy Roll pressedinto pulpDandy Roll looks likeoversized printer’s rollcovered with pattern

• High grade stainless steel construction• Incorporates internal oscillating shower,internal pan, internal steam shower andexternal saveall pan

• Extended Header Brush for easy cleaningof shower pipe

Page 11: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Laser Printed “Watermarks”

Used on bondpaper, but whouses bondpaper?

– Doesn’t workwell in inkjetsor laserjets

“Watermarks”with most printdrivers…

Page 12: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Printed Watermarks

Looks greatYou can even put it in yourPDF file…which is theproblem!No security

Page 13: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Printed Document Authentication Techniques

Microprinting – Print that is too small to produce or copy withconventional equipment

Intaglio –engraved pattern used to press ink with great force; raisedletters

Letterpress – Ink rolled raised type, leaving depression. Used forprinting numbers.

Simultan press – precise registration of front and back. (see-throughregister). Changing ink colors (rainbowing).

Optically variable inks - change color depending on angleMetal foils & threads - embedded in paperSecurity holograms - can’t be photocopied

Most of these techniques aredesigned to preventphotocopying currency.

Page 14: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Lessons for paper authentication

Security features should convey a messagerelevant to the product.

– Use iridescent ink to print the banknote denominationShould obviously belong where they are

– They become “embedded in the user’s cognitivemodel.”

Should be obviousShould not have competitorsShould be standardized

Source: Security Engineering, Anderson

Page 15: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Photocopiers and color laser printers can addwatermarks of their own

In the US, some color devices print a small matrixof yellow dots with the printer’s serial number.

http://www.eff.org/Privacy/printers/docucolor/

Page 16: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Digital information hiding has many uses.

Copyright Marks and Enforcement:– Copyright policy– Violator tracking

Other applications:– Closed captioning (hidden in first 21 scan lines)

• http://www.robson.org/gary/writing/nv-line21.html

– Audio RDS (Radio Data Service)-like service• “What’s that song?”

Page 17: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Watermarks for Copyright Policy

“never copy”“copy only once”“copy only at low quality”

Page 18: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Example: The DVD Content Scrambling System (CSS)

Content Control:– Movies are Encrypted– Decryption keys embedded in player

Implements:– Region Coding

• code specifies where the content can beplayed.

• Players won’t play if the region doesn’tmatch.

– Control of “features”– Protection against DVD-ROM

Cracked in 1999– 1 key stolen from PC player– DeCSS distributed over Internet– Later algorithm cracked; other keys revealed– Numerous court cases

Page 19: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

The Broadcast Flag

“Advanced Television Systems Committee Flag”Enable/Disable:

– high-quality digital output– Re-transmitting on an “unprotected” channel

In the future:– Time-shifting?– Disallow fast-forward through commercials

Required on all digital TV cards sold after July 2005Only broadcast, not satellite or cable-transmitted.

“Losing Control of Your TV,” Technology Review, March 3, 2004http://www.technologyreview.com/articles/04/03/wo_garfinkel030304.asp?p=1

May 6, 2005: DC Circuit Court of Appeals throws out FCC rule.http://www.eff.org/broadcastflag/

… They’ll be back.

Page 20: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Steganography: Like a watermark, but hidden.

A hidden message that:– can't be found by humans– can't be found by an algorithm.– can be found by an algorithm but not by a human.– can be found by some algorithms but not others.

Dissappearing Cryptography, Wayner 2004

Page 21: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Defining "Hidden" is not easy.

We run into the usual Gödel limits that prevents us frombeing logical about detection.

Humans are very different. Somemusicians have very, very good ears.

Some algorithms leave statistical anomalies. Themessage is often more random than the carriersignal. These statistics can give away the message.

Page 22: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Who wants steganography?

Evil doers. If evil messages can't be seen by good people, evil willtriumph. Osama bin Laden?

Good doers. If the good guys can communicate in secret, then goodwill triumph. U.S. forces

Content owners and copyright czars. Hidden messages can carryinformation about rights to view, copy, share, listen, understand, etc.

Software Developers. "Hidden" channels can be added to datastructures without crashing previous versions. Steganography can fightbit rot.

Page 23: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Models for Steganography

Replace random number generators with the message.– This works if the random numbers are used in a detectable way.– TCP/IP, for instance, uses a random number for connections. Some

grab this for their own purposes.

Replace noise with the message.– Just replace the least-significant bit.– Avoid the noise and tweak the salient features.

Anything not affected by compression.– If you have the freedom to change data without hurting the data, then

you have the freedom to include another message.

Page 24: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Models for Steganography

Structured Models– Run some compression algorithm in reverse

• If the compression models the data accurately, then running it inreverse should spit out something that models the data well.

• Huffman algorithms give common letters short bit strings and rareones long ones.

– Change the structure or the order.• GifEncoder, for instance, changes the order of the colors in the

palette.– Synthesize something new and use the data to guide the

synthesis.• Is the ghoul shooting at you in the game using a revolver or a

machine gun? That's one bit.

Page 25: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

You can hide information in the “least significant bit” of animage or sound.

Encrypt the information and the signal appears as “noise.”

Tweaking the LSB is only a small (<1%) change.– 140=10001100– 141=10001101

LSB modified to hide info

Page 26: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

LSB Modification is not as “invisible” as youmight think.

If the bits didn’t matter, they wouldn’t be there!

Changed bits will not have the same statisticalpattern as the least significant bits being replaced.

The more you add, the worse it gets.

4 LSB modified produces banding

Page 27: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

More LSB Modification

6 bits

7 bits

Page 28: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

8 out of 8 bits

All 8 bits

Bit 8 vs. Bit 1

Page 29: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Try Peter Wayner’s demos yourself!

Information hiding at the bit level:– http://www.wayner.org/books/discrypt2/bitlevel.php

Encoding information through list order:– http://www.wayner.org/books/discrypt2/sorted.php#note2

Page 30: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

JPEG Watermarking: Instead of modifying thebits, you modify the JPEG coeficients.

Figure 2. Embedded information in aJPEG. (a) The unmodifiedoriginal picture; (b) the picture with the firstchapter of The Huntingof the Snark embedded in it.

“Hide and Seek: AnIntroduction to Steganography”IEEE Security & PrivacyMay/June 2003http://niels.xtdnet.nl/papers/practical.pdf

Page 31: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Mesh Watermarking for three-D images

Robust mesh watermarking, Emil Praun, HuguesHoppe, Adam Finkelstein,July 1999Proceedings of the 26th annual conference onComputer graphics and interactive techniques

Page 32: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and
Page 33: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Most people evaluate watermarks soley bytheir capacity. This is a mistake.

Instead, consider the watermark’s “Capability”– Payload carrying ability– Detectability– Robustness

Securing information: Capacity is the wrong paradigm,Ira S. Moskowitz, LiWu Chang, Richard E. Newman,Proceedings of the 2002 Workshop on New SecurityParadigms

Page 34: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

DigiMarc is a popular watermark for digitalimages.

Plug-ins for Windows,PhotoShop(*), etc.

Limited information content:– Copyright ownership– Image ID– Image content – adult, etc.

(*) pre-installed!

Page 35: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

The “Mosaïc attack” can defeat a watermark

Chopping up an image and serving it in pieces <nobr>

<img SRC="kings_chapel_wmk1.jpg’ BORDER="0’ ALT="1/6’ width="116’ height="140"><img SRC="kings_chapel_wmk2.jpg’ BORDER="0’ ALT="2/6’ width="116’ height="140"><img SRC="kings_chapel_wmk3.jpg’ BORDER="0’ ALT="3/6’ width="118’ height="140"></nobr><br><nobr><img SRC="kings_chapel_wmk4.jpg’ BORDER="0’ ALT="4/6’ width="116’ height="140"><img SRC="kings_chapel_wmk5.jpg’ BORDER="0’ ALT="5/6’ width="116’ height="140"><img SRC="kings_chapel_wmk6.jpg’ BORDER="0’ ALT="6/6’ width="118’ height="140"></nobr>

Page 36: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Mosaïc assembled

Other uses of mosaics:– Deter casual copying.– Make images load faster.

Page 37: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

MP3Stego can hide information in MP3 files.

Takes advantage of the fact that MP3 provides high-qualitycompression of 11:1

– Plenty of room for information hiding!– Randomly chooses which parts of the Layer III inner loop to

modify; makes sure modifications don’t exceed threshold definedby the psycho acoustic model.

“Weak but better than the MPEG copyright flag defined inthe standard”

Remove the information by decompressing andrecompressing

Page 38: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

MP3Stego in action

http://www.petitcolas.net/fabien/steganography/mp3stego/index.html

Page 39: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Reverse engineering watermarks can place you in legaljeopardy under the terms of the Digital MillenniumCopyright Act (DMCA) of 1998.

SDMI (200+ companies) published an “OpenLetter to the Digital Community” with an SDMIChallenge.

– Earn up to $10,000 for breaking their “watermarks”– Challenge from September 15, 2000 – October 7,

2000SDMI Systems:

– Designed to prevent “remixing” of privated CDs– Designed to survive MP3 compression

Page 40: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

SDMI & The Academics

The Academics:– Scott Craver, Patrick McGregor, Min Wu, Bede Liu, (Dept. of

Electrical Engineering, Princeton University)– Adam Stubblefield, Ben Swartzlander, Dan S. Wallach (Dept. of

Computer Science, Rice University)– Edward W. Felten (Dept. of Computer Science, Princeton

University)What they did:

– Successfully removed the digital watermark from the challengeaudio samples.

How did they know they did it?– SDMI provided an “Oracle” that told them they did!

Page 41: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

SDMI & Academics: Part 2

Academics couldn’t claim cash prize– Doing so would have required signing a “confidentiality agreement” and prohibit

the academics from sharing results with the public

DMCA didn’t apply…– … because SDMI specifically invited the work– Nevertheless, nasty letters were sent.

Felton &c decided to present their findings at the 4th International InformationHiding Workshop April 25-29, 2001April 9, 2001 RIAA Senior VP for Business and Legal Affairs sent Felton letterwith veiled DMCA threatsApril 26, 2001 Felton declines to present paperMay 3, 2001 – RIAA and SDMI say they never intended to sueJune 6, 2001 – Felton files suit against RIAA asking for a declaratoryjudgment that they would not be infringingNovember 28, 2001 – Case dismissed for mootness

Page 42: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Copy Protection, Trusted Hardware,and More

Page 43: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Copy Protection: turn a watermark from a method ofdetection into a mechanism for control.

You can circumvent a copyprotection scheme.

The DMCA has anti-circumvention provisions.

Page 44: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Copy Protection Strategies

Distribution media that can’t be copied.

Program that only installs once– Writable Media– Activation Codes

Programs that only work on certain hardware– Serial number (processor ID, Ethernet ID, hard drive ID, …)

Programs that report misuse---call home

Page 45: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

There are many “features” that can becontrolled other than copying.

– Disable features:• no printing; no “high-quality” printing• no copy & paste• no modification

– Avoid disabling features:• Software that shows advertisements• DVD players not skipping through advertisements

– Prevent Running on unlicensed hardware

Page 46: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Hardware License Management: Licensing withsomething you have...

– Dongle– Ethernet address– Processor Serial Number– Hard drive ID– Hardware “fingerprint”

Or something you know:– License strings (AD3F-2243-JJ92-9987-DDDS)

(relies on the user not circumventing your system)

The license decision can be made on the basisof hardware or software

Page 47: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Tie the license string to a hardware fingerprint.Real-time verification to a website.Off-line verification and activation.

– Return something from email or web– Program dies if not “registered” in 30 days

Preventing reuse of license strings

Page 48: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

if not licensed:print “You are not licensed!”sys.exit(-99)

Typical Content Control

Page 49: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

if not licensed True:print “You are not licensed!”sys.exit(-99)

Circumvented content control

Page 50: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

These attacks can work against many kinds ofsystems.

Consider smart cards:– Memory– Crypto

Applications:– Phone cards– Satellite Broadcasts– PKI

Page 51: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Attacks against smart cards

Destructive:– Probes with wires– Optical probes

Fault injectionDifferential poweranalysis

A typical subroutine found insecurity processors is a loop thatwrites the contents of a limitedmemory

range to the serial port:1 b = answer_address2 a = answer_length3 if (a == 0) goto 84 transmit(*b)5 b = b + 16 a = a - 17 goto 38 ...

(From “Tamper Resistance --- ACautionary Note” Ross Anderson)

Page 52: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

def enforce():if not licensed:

print “You are not licensed!”sys.exit(-99)

...if mem[enforce] != “if not licensed”:

os.system( “format c:”)

“Anti-Circumvention” are tools and laws fordefeating circumvention.

“Self-help” provisions let you strike backagainst the circumventing user.

Page 53: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

If you do, be sure that your software is neverwrong.

–Testing is hard.

–User may be legitimate.

–Microsoft had to make its Activation less stringent.

You may encounter liability problems:–The user may not have agreed to have their hard drivewiped if they are using the software withoutauthorization.

Should you really format the user’s hard drivefor running unlicensed software??

Page 54: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

The program can behave unreliably:save()

{ if(unlicensed && rand() > 0.5) return;

save_real();}

There are many “safer” alternatives toformatting the user’s hard drive.

Page 55: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

save(){ j = (int)cos(pi); write(fd,buf,sizeof(buf)/j);}

The program can occasionally crash…

Printers could print in low resolution…

Lexmark v. Static Control Components, 387 F.3d 522 (6th Cir. 2005) http://wendy.seltzer.org/brooklaw/week7.html

Page 56: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Put tests in multiple places.

Use self-modifying code.

Beware optimizers—they may optimize away yourtests!

Look at the assembler code that’s generated(your adversary will).

Typical techniques for strengthening your copyprotection and anti-circumvention

Page 57: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Program computes its own encrypiton key:k = md5.md5(open(sys.argv[0],”r”).read())

data = decrypt(msg,k)

Difficulties:– finding the executable (on some systems)– opening the executable (on Windows)– What happens if k is compromised?

This is the basic idea behind TCPA.

Self-certifying software:Instead of checking for correctness, a propertyof the software is used for computing the result

Page 58: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Trusted Systems clearly define what is beingtrusted to act properly.

Don’t depend on ad-hoc techniques to protect thesystem.

Trusted Software– Secure operating systems & applications– System protects itself from hostile code & users

Trusted Hardware:– We “trust” that the system will only work correctly– We “trust” that the system won’t reveal “secrets”

Page 59: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

“Orange Book” Trusted Systems

DOD 5200.28-STD (December 1985)Division D: Minimal ProtectionDivision C: Discretionary Protection

– C1 – Discretionary Security Protection– C2 – Controlled Access Protection

Division B: Mandatory Protection– B1 – Labeled Security Protection– B2 – Structured Protection– B3 – Security Domains

Division A: Verified Protection– A1 – Verified Design

http://www.fas.org/irp/nsa/rainbow/std001.htm

Terminology still used; project has become“common criteria certification.”.

Page 60: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

FIPS 140-1/140-2:Secure Requirements for Cryptographic Modules

FIPS 140-1: January 11, 1994FIPS 140-2: May 25, 2001 (Supersedes 140-1)Four Levels

– Level 1 – Least Secure– Level 4 – Most Secure

http://csrc.nist.gov/cryptval+

Page 61: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

FIPS 140-2 Level 1

Basic security for encryption module.– Algorithm must be FIPS approved design– Examples: Integrated Circuits, Add-on security

products– Appropriate for PCs

Page 62: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

FIPS 140-2 Level 2

Provides for physical security of the Level 1Module.

– Tamper evident coatings or seals– Pick-resistant locks– Appropriate for

Provides for role-based authenticationAllows module to be used in multi-user timesharingsystems.C2, B1 and B2 security ratings

Page 63: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

FIPS 140-2 Level 3

Enhanced physical Security to prevent intruderfrom gaining access to critical security parametersheld within the module (keys)

Example: System automatically zeros keys if dooris opened

c.f. with B1 level of security

Page 64: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

FIPS 140-2 Level 4

“Envelope of protection” aroundcritical module“attempts to cut through theenclosure” Zero parameters

Protects against fluctuations ofvoltage and temperature. Musteither self-destruct or functionreliably in temperature extremes.

B2 level of security

IBM 4758

Tamper-respondinghardware designHardware DES,RNG, modular math

Secure code loading

IBM CommonCryptographicArchitecture

Page 65: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Dallas Semiconductor Cryptographic iButton(DS1955B)

Java“1-wire” interface6 Kbytes NVRAM64 kbyte ROM firmwarejavacardx.cryptoMath accelerator performs RSAencryption in less than 1 second$34.22 (1)$31.78 (1000)(release 2.2 w/ 134KB RAM andusername/password software is$53.21)

Page 66: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Trusted PC Computing: Palladium/NGSCB; TCPA/TCG

Why?– Increase consumer and business confidence– Reduce business risks– Protect end-user data

TCG:– Founded in 1999 by Compaq, HP, IBM, Intel, and

Microsoft– >200 members now

Page 67: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

TCPA Concepts

“A platform can be trusted if it behaves in theexpected manner for the intended purpose”TCPA Provides:

– Platform Authentication and Attestation– Platform Integrity Reporting– Protected Storage

Page 68: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

“Root of Trust”

Platform provides a “root of trust”Platform’s root is certified by an outside partyRoot is able to keep secrets from untrusted storage

Implemented with a “Trusted Platform Module” (TPM)– Uniquely serialized– Isolated from the CPU– tamper-proof, like a smartcard inside the computer– Runs at boot before the rest of the system

Page 69: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

What would the TPM be like?

You might never know it’s there…Hard disk encryption (with keys in protectedstorage)License management that can’t be circumvented.Anti-virus that can’t be circumvented (won’t bootan infected OS)

Page 70: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Key TCG concepts:

TPM - Trusted Platform ModulePCR - Platform Configuration Registers:

PCR = SHA1(PCR,more data)Provides:

– Attestation by the TPM– Attestation to the Platform– Attestation of the platform– Authentication of the platform

Keys can be migratable or non-migratable.

Page 71: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

TPM Block Diagram

Page 72: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

TPM’s Position in the Computer

Page 73: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Booting with a TPM

Page 74: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Microsoft’s Palladium (NGSCB) is the reverseapproach.

Goals:– Add security to existing Windows-based system– “protect software from software”

Would have provided:– Sealed storage– Attestation– Curtained memory– Secure input and output

Page 75: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Palladium Changes

CPU changesMMU changesMotherboard changes – new chipTrusted USB hubTrusted Graphics CardSecurity Service Component

– Another smart-card on the motherboard– Key storage, PCR registers, RNG

Page 76: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Computing in a “trusted environment” is verycomplicated.

Access to sealed storage– You can only have the decrypt key if you can prove that you are the

right program!– Prevents viruses from getting your credit card numbers

Software upgrade– Older version must explicitly trust the next version

Secure input/output– How do you really get this to work?

Page 77: CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a one-paragraph synopsis of your project to csci_e-170-staff@ex.com ... Watermarking and

Other than secure boot, this project is largely on hold.