CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a...
77
CSCI E-170 October 31, 2005 L06: Watermarking Copy Protection & DRM Trusted Computing DMCA
Transcript of CSCI E-170 - Simson Garfinkelsimson.net/ref/2005/csci_e-170/slides/L06.pdf · Please email a...
CSCI E-170
October 31, 2005L06:
WatermarkingCopy Protection & DRMTrusted ComputingDMCA
Administrivia
HW3 - Should be returned by now (or shortly)Midterm ProjectsQuiz
Midterm Projects are due on November 21st!
Please email a one-paragraph synopsis of yourproject to [email protected]
– Subject line: “group <GROUP> midterm synopsis”– CC: all of the members in your group– One email per group!
Caveats:– Don’t use deception in your projects.– If there is no literature in X, discuss why there isn’t
any literature.Additional information on the website.
Quiz will be released on Friday November 4thand due on Tuesday November 8th.
This is a timed quiz.– Download the Quiz.– Write your answers in a word processor.– Paste answers into the browser and upload.– DO NOT WRITE IN THE BROWSER. (It might crash!)
Do not take more than 4 hours.Format:
– Q&A on 4 papers (2 old, 2 new)
L06: The User as the Adversary
The problem: computers aretoo powerful!
– Copy anything that’s digital– Software can be hacked.
This is a problem for:– Distributing software and
media– Financial applications– Multiplayer games
(“god mode”)
There are two solutions:Persuasion and coercion
Persuasion: Make the user want to comply withyour desires.
– Financial incentives.– Reputation incentives.– Legal incentives.Watermarking and DRM Systems
Coercion: Make it hard (impossible) for the user todisobey.
Trusted hardware
Watermarking and Steganography placeadditional information in the media.
Watermark — usually visible.Steganography — always invisible.
Uses:– Detect counterfeits (Watermark is absent or wrong.)– Deter copying (Watermark has an identifier.)– Defeat copying (Player won’t work w/o watermark.)
Watermarks
First introduced in Bologna, Italy in 1282Dandy Roll presses pattern into drying paper
– Changes thickness of paper fibersUses:
– By paper makers to identify their product– Security for stamps, official documents.– Stock certificates, money, etc.– Chic
Other “watermarks”– Printing on plastic with a window.
(Australian $10 note)
Dandy Roll
Pressed into paper duringpaper-making process
J. Plank Features•In-house watermark design•Computerized design process•Quick-change sleeves andsections
•Dandy roll•7.25" diameter
•Watermarking possible
http://www.uwsp.edu/papersci/PM/Machine/Dandy.htm
Dandy Roll
Wet pulp sprayed ontomoving beltDandy Roll pressedinto pulpDandy Roll looks likeoversized printer’s rollcovered with pattern
• High grade stainless steel construction• Incorporates internal oscillating shower,internal pan, internal steam shower andexternal saveall pan
• Extended Header Brush for easy cleaningof shower pipe
Laser Printed “Watermarks”
Used on bondpaper, but whouses bondpaper?
– Doesn’t workwell in inkjetsor laserjets
“Watermarks”with most printdrivers…
Printed Watermarks
Looks greatYou can even put it in yourPDF file…which is theproblem!No security
Printed Document Authentication Techniques
Microprinting – Print that is too small to produce or copy withconventional equipment
Intaglio –engraved pattern used to press ink with great force; raisedletters
Letterpress – Ink rolled raised type, leaving depression. Used forprinting numbers.
Simultan press – precise registration of front and back. (see-throughregister). Changing ink colors (rainbowing).
Optically variable inks - change color depending on angleMetal foils & threads - embedded in paperSecurity holograms - can’t be photocopied
Most of these techniques aredesigned to preventphotocopying currency.
Lessons for paper authentication
Security features should convey a messagerelevant to the product.
– Use iridescent ink to print the banknote denominationShould obviously belong where they are
– They become “embedded in the user’s cognitivemodel.”
Should be obviousShould not have competitorsShould be standardized
Source: Security Engineering, Anderson
Photocopiers and color laser printers can addwatermarks of their own
In the US, some color devices print a small matrixof yellow dots with the printer’s serial number.
http://www.eff.org/Privacy/printers/docucolor/
Digital information hiding has many uses.
Copyright Marks and Enforcement:– Copyright policy– Violator tracking
Other applications:– Closed captioning (hidden in first 21 scan lines)
• http://www.robson.org/gary/writing/nv-line21.html
– Audio RDS (Radio Data Service)-like service• “What’s that song?”
Watermarks for Copyright Policy
“never copy”“copy only once”“copy only at low quality”
Example: The DVD Content Scrambling System (CSS)
Content Control:– Movies are Encrypted– Decryption keys embedded in player
Implements:– Region Coding
• code specifies where the content can beplayed.
• Players won’t play if the region doesn’tmatch.
– Control of “features”– Protection against DVD-ROM
Cracked in 1999– 1 key stolen from PC player– DeCSS distributed over Internet– Later algorithm cracked; other keys revealed– Numerous court cases
The Broadcast Flag
“Advanced Television Systems Committee Flag”Enable/Disable:
– high-quality digital output– Re-transmitting on an “unprotected” channel
In the future:– Time-shifting?– Disallow fast-forward through commercials
Required on all digital TV cards sold after July 2005Only broadcast, not satellite or cable-transmitted.
“Losing Control of Your TV,” Technology Review, March 3, 2004http://www.technologyreview.com/articles/04/03/wo_garfinkel030304.asp?p=1
May 6, 2005: DC Circuit Court of Appeals throws out FCC rule.http://www.eff.org/broadcastflag/
… They’ll be back.
Steganography: Like a watermark, but hidden.
A hidden message that:– can't be found by humans– can't be found by an algorithm.– can be found by an algorithm but not by a human.– can be found by some algorithms but not others.
Dissappearing Cryptography, Wayner 2004
Defining "Hidden" is not easy.
We run into the usual Gödel limits that prevents us frombeing logical about detection.
Humans are very different. Somemusicians have very, very good ears.
Some algorithms leave statistical anomalies. Themessage is often more random than the carriersignal. These statistics can give away the message.
Who wants steganography?
Evil doers. If evil messages can't be seen by good people, evil willtriumph. Osama bin Laden?
Good doers. If the good guys can communicate in secret, then goodwill triumph. U.S. forces
Content owners and copyright czars. Hidden messages can carryinformation about rights to view, copy, share, listen, understand, etc.
Software Developers. "Hidden" channels can be added to datastructures without crashing previous versions. Steganography can fightbit rot.
Models for Steganography
Replace random number generators with the message.– This works if the random numbers are used in a detectable way.– TCP/IP, for instance, uses a random number for connections. Some
grab this for their own purposes.
Replace noise with the message.– Just replace the least-significant bit.– Avoid the noise and tweak the salient features.
Anything not affected by compression.– If you have the freedom to change data without hurting the data, then
you have the freedom to include another message.
Models for Steganography
Structured Models– Run some compression algorithm in reverse
• If the compression models the data accurately, then running it inreverse should spit out something that models the data well.
• Huffman algorithms give common letters short bit strings and rareones long ones.
– Change the structure or the order.• GifEncoder, for instance, changes the order of the colors in the
palette.– Synthesize something new and use the data to guide the
synthesis.• Is the ghoul shooting at you in the game using a revolver or a
machine gun? That's one bit.
You can hide information in the “least significant bit” of animage or sound.
Encrypt the information and the signal appears as “noise.”
Tweaking the LSB is only a small (<1%) change.– 140=10001100– 141=10001101
LSB modified to hide info
LSB Modification is not as “invisible” as youmight think.
If the bits didn’t matter, they wouldn’t be there!
Changed bits will not have the same statisticalpattern as the least significant bits being replaced.
The more you add, the worse it gets.
4 LSB modified produces banding
More LSB Modification
6 bits
7 bits
8 out of 8 bits
All 8 bits
Bit 8 vs. Bit 1
Try Peter Wayner’s demos yourself!
Information hiding at the bit level:– http://www.wayner.org/books/discrypt2/bitlevel.php
Encoding information through list order:– http://www.wayner.org/books/discrypt2/sorted.php#note2
JPEG Watermarking: Instead of modifying thebits, you modify the JPEG coeficients.
Figure 2. Embedded information in aJPEG. (a) The unmodifiedoriginal picture; (b) the picture with the firstchapter of The Huntingof the Snark embedded in it.
“Hide and Seek: AnIntroduction to Steganography”IEEE Security & PrivacyMay/June 2003http://niels.xtdnet.nl/papers/practical.pdf
Mesh Watermarking for three-D images
Robust mesh watermarking, Emil Praun, HuguesHoppe, Adam Finkelstein,July 1999Proceedings of the 26th annual conference onComputer graphics and interactive techniques
Most people evaluate watermarks soley bytheir capacity. This is a mistake.
Instead, consider the watermark’s “Capability”– Payload carrying ability– Detectability– Robustness
Securing information: Capacity is the wrong paradigm,Ira S. Moskowitz, LiWu Chang, Richard E. Newman,Proceedings of the 2002 Workshop on New SecurityParadigms
DigiMarc is a popular watermark for digitalimages.
Plug-ins for Windows,PhotoShop(*), etc.
Limited information content:– Copyright ownership– Image ID– Image content – adult, etc.
(*) pre-installed!
The “Mosaïc attack” can defeat a watermark
Chopping up an image and serving it in pieces <nobr>
<img SRC="kings_chapel_wmk1.jpg’ BORDER="0’ ALT="1/6’ width="116’ height="140"><img SRC="kings_chapel_wmk2.jpg’ BORDER="0’ ALT="2/6’ width="116’ height="140"><img SRC="kings_chapel_wmk3.jpg’ BORDER="0’ ALT="3/6’ width="118’ height="140"></nobr><br><nobr><img SRC="kings_chapel_wmk4.jpg’ BORDER="0’ ALT="4/6’ width="116’ height="140"><img SRC="kings_chapel_wmk5.jpg’ BORDER="0’ ALT="5/6’ width="116’ height="140"><img SRC="kings_chapel_wmk6.jpg’ BORDER="0’ ALT="6/6’ width="118’ height="140"></nobr>
Mosaïc assembled
Other uses of mosaics:– Deter casual copying.– Make images load faster.
MP3Stego can hide information in MP3 files.
Takes advantage of the fact that MP3 provides high-qualitycompression of 11:1
– Plenty of room for information hiding!– Randomly chooses which parts of the Layer III inner loop to
modify; makes sure modifications don’t exceed threshold definedby the psycho acoustic model.
“Weak but better than the MPEG copyright flag defined inthe standard”
Remove the information by decompressing andrecompressing
MP3Stego in action
http://www.petitcolas.net/fabien/steganography/mp3stego/index.html
Reverse engineering watermarks can place you in legaljeopardy under the terms of the Digital MillenniumCopyright Act (DMCA) of 1998.
SDMI (200+ companies) published an “OpenLetter to the Digital Community” with an SDMIChallenge.
– Earn up to $10,000 for breaking their “watermarks”– Challenge from September 15, 2000 – October 7,
2000SDMI Systems:
– Designed to prevent “remixing” of privated CDs– Designed to survive MP3 compression
SDMI & The Academics
The Academics:– Scott Craver, Patrick McGregor, Min Wu, Bede Liu, (Dept. of
Electrical Engineering, Princeton University)– Adam Stubblefield, Ben Swartzlander, Dan S. Wallach (Dept. of
Computer Science, Rice University)– Edward W. Felten (Dept. of Computer Science, Princeton
University)What they did:
– Successfully removed the digital watermark from the challengeaudio samples.
How did they know they did it?– SDMI provided an “Oracle” that told them they did!
SDMI & Academics: Part 2
Academics couldn’t claim cash prize– Doing so would have required signing a “confidentiality agreement” and prohibit
the academics from sharing results with the public
DMCA didn’t apply…– … because SDMI specifically invited the work– Nevertheless, nasty letters were sent.
Felton &c decided to present their findings at the 4th International InformationHiding Workshop April 25-29, 2001April 9, 2001 RIAA Senior VP for Business and Legal Affairs sent Felton letterwith veiled DMCA threatsApril 26, 2001 Felton declines to present paperMay 3, 2001 – RIAA and SDMI say they never intended to sueJune 6, 2001 – Felton files suit against RIAA asking for a declaratoryjudgment that they would not be infringingNovember 28, 2001 – Case dismissed for mootness
Copy Protection, Trusted Hardware,and More
Copy Protection: turn a watermark from a method ofdetection into a mechanism for control.
You can circumvent a copyprotection scheme.
The DMCA has anti-circumvention provisions.
Copy Protection Strategies
Distribution media that can’t be copied.
Program that only installs once– Writable Media– Activation Codes
Programs that only work on certain hardware– Serial number (processor ID, Ethernet ID, hard drive ID, …)
Programs that report misuse---call home
There are many “features” that can becontrolled other than copying.
– Disable features:• no printing; no “high-quality” printing• no copy & paste• no modification
– Avoid disabling features:• Software that shows advertisements• DVD players not skipping through advertisements
– Prevent Running on unlicensed hardware
Hardware License Management: Licensing withsomething you have...
– Dongle– Ethernet address– Processor Serial Number– Hard drive ID– Hardware “fingerprint”
Or something you know:– License strings (AD3F-2243-JJ92-9987-DDDS)
(relies on the user not circumventing your system)
The license decision can be made on the basisof hardware or software
Tie the license string to a hardware fingerprint.Real-time verification to a website.Off-line verification and activation.
– Return something from email or web– Program dies if not “registered” in 30 days
Preventing reuse of license strings
if not licensed:print “You are not licensed!”sys.exit(-99)
Typical Content Control
if not licensed True:print “You are not licensed!”sys.exit(-99)
Circumvented content control
These attacks can work against many kinds ofsystems.
Consider smart cards:– Memory– Crypto
Applications:– Phone cards– Satellite Broadcasts– PKI
Attacks against smart cards
Destructive:– Probes with wires– Optical probes
Fault injectionDifferential poweranalysis
A typical subroutine found insecurity processors is a loop thatwrites the contents of a limitedmemory
range to the serial port:1 b = answer_address2 a = answer_length3 if (a == 0) goto 84 transmit(*b)5 b = b + 16 a = a - 17 goto 38 ...
(From “Tamper Resistance --- ACautionary Note” Ross Anderson)
def enforce():if not licensed:
print “You are not licensed!”sys.exit(-99)
...if mem[enforce] != “if not licensed”:
os.system( “format c:”)
“Anti-Circumvention” are tools and laws fordefeating circumvention.
“Self-help” provisions let you strike backagainst the circumventing user.
If you do, be sure that your software is neverwrong.
–Testing is hard.
–User may be legitimate.
–Microsoft had to make its Activation less stringent.
You may encounter liability problems:–The user may not have agreed to have their hard drivewiped if they are using the software withoutauthorization.
Should you really format the user’s hard drivefor running unlicensed software??
The program can behave unreliably:save()
{ if(unlicensed && rand() > 0.5) return;
save_real();}
There are many “safer” alternatives toformatting the user’s hard drive.
save(){ j = (int)cos(pi); write(fd,buf,sizeof(buf)/j);}
The program can occasionally crash…
Printers could print in low resolution…
Lexmark v. Static Control Components, 387 F.3d 522 (6th Cir. 2005) http://wendy.seltzer.org/brooklaw/week7.html
Put tests in multiple places.
Use self-modifying code.
Beware optimizers—they may optimize away yourtests!
Look at the assembler code that’s generated(your adversary will).
Typical techniques for strengthening your copyprotection and anti-circumvention
Program computes its own encrypiton key:k = md5.md5(open(sys.argv[0],”r”).read())
data = decrypt(msg,k)
Difficulties:– finding the executable (on some systems)– opening the executable (on Windows)– What happens if k is compromised?
This is the basic idea behind TCPA.
Self-certifying software:Instead of checking for correctness, a propertyof the software is used for computing the result
Trusted Systems clearly define what is beingtrusted to act properly.
Don’t depend on ad-hoc techniques to protect thesystem.
Trusted Software– Secure operating systems & applications– System protects itself from hostile code & users
Trusted Hardware:– We “trust” that the system will only work correctly– We “trust” that the system won’t reveal “secrets”
“Orange Book” Trusted Systems
DOD 5200.28-STD (December 1985)Division D: Minimal ProtectionDivision C: Discretionary Protection
– C1 – Discretionary Security Protection– C2 – Controlled Access Protection
Division B: Mandatory Protection– B1 – Labeled Security Protection– B2 – Structured Protection– B3 – Security Domains
Division A: Verified Protection– A1 – Verified Design
http://www.fas.org/irp/nsa/rainbow/std001.htm
Terminology still used; project has become“common criteria certification.”.
FIPS 140-1/140-2:Secure Requirements for Cryptographic Modules
FIPS 140-1: January 11, 1994FIPS 140-2: May 25, 2001 (Supersedes 140-1)Four Levels
– Level 1 – Least Secure– Level 4 – Most Secure
http://csrc.nist.gov/cryptval+
FIPS 140-2 Level 1
Basic security for encryption module.– Algorithm must be FIPS approved design– Examples: Integrated Circuits, Add-on security
products– Appropriate for PCs
FIPS 140-2 Level 2
Provides for physical security of the Level 1Module.
– Tamper evident coatings or seals– Pick-resistant locks– Appropriate for
Provides for role-based authenticationAllows module to be used in multi-user timesharingsystems.C2, B1 and B2 security ratings
FIPS 140-2 Level 3
Enhanced physical Security to prevent intruderfrom gaining access to critical security parametersheld within the module (keys)
Example: System automatically zeros keys if dooris opened
c.f. with B1 level of security
FIPS 140-2 Level 4
“Envelope of protection” aroundcritical module“attempts to cut through theenclosure” Zero parameters
Protects against fluctuations ofvoltage and temperature. Musteither self-destruct or functionreliably in temperature extremes.
B2 level of security
IBM 4758
Tamper-respondinghardware designHardware DES,RNG, modular math
Secure code loading
IBM CommonCryptographicArchitecture
Dallas Semiconductor Cryptographic iButton(DS1955B)
Java“1-wire” interface6 Kbytes NVRAM64 kbyte ROM firmwarejavacardx.cryptoMath accelerator performs RSAencryption in less than 1 second$34.22 (1)$31.78 (1000)(release 2.2 w/ 134KB RAM andusername/password software is$53.21)
Trusted PC Computing: Palladium/NGSCB; TCPA/TCG
Why?– Increase consumer and business confidence– Reduce business risks– Protect end-user data
TCG:– Founded in 1999 by Compaq, HP, IBM, Intel, and
Microsoft– >200 members now
TCPA Concepts
“A platform can be trusted if it behaves in theexpected manner for the intended purpose”TCPA Provides:
– Platform Authentication and Attestation– Platform Integrity Reporting– Protected Storage
“Root of Trust”
Platform provides a “root of trust”Platform’s root is certified by an outside partyRoot is able to keep secrets from untrusted storage
Implemented with a “Trusted Platform Module” (TPM)– Uniquely serialized– Isolated from the CPU– tamper-proof, like a smartcard inside the computer– Runs at boot before the rest of the system
What would the TPM be like?
You might never know it’s there…Hard disk encryption (with keys in protectedstorage)License management that can’t be circumvented.Anti-virus that can’t be circumvented (won’t bootan infected OS)
Key TCG concepts:
TPM - Trusted Platform ModulePCR - Platform Configuration Registers:
PCR = SHA1(PCR,more data)Provides:
– Attestation by the TPM– Attestation to the Platform– Attestation of the platform– Authentication of the platform
Keys can be migratable or non-migratable.
TPM Block Diagram
TPM’s Position in the Computer
Booting with a TPM
Microsoft’s Palladium (NGSCB) is the reverseapproach.
Goals:– Add security to existing Windows-based system– “protect software from software”
Would have provided:– Sealed storage– Attestation– Curtained memory– Secure input and output
Palladium Changes
CPU changesMMU changesMotherboard changes – new chipTrusted USB hubTrusted Graphics CardSecurity Service Component
– Another smart-card on the motherboard– Key storage, PCR registers, RNG
Computing in a “trusted environment” is verycomplicated.
Access to sealed storage– You can only have the decrypt key if you can prove that you are the
right program!– Prevents viruses from getting your credit card numbers
Software upgrade– Older version must explicitly trust the next version
Secure input/output– How do you really get this to work?
Other than secure boot, this project is largely on hold.
