Cryptography in DRM
It's part of the solution...
but beware of 'snake oil'.
Modern cryptographic technology can be essentially uncrackable in a well-implemented system applied to an appropriate problem.
But cryptography can't go far enough in providing security for mass-market DRM.
Suppose the message "Attack Pearl Harbor Dec 7th" was communicated as an encrypted radio message between two Japanese generals on December 6th. This situation involves:
- Specialized, expensive equipment and knowledge.
- A willingness to work with complex procedures.
- The ability to change the equipment and procedures frequently if necessary.
- A small secret (the message) which does not require local storage.
- Only two participants.
- Transient value: two days later, the message isn't a secret any more.
NOTE:There's no intent to be divisive with this example - it is neither more nor less than a piece of history that everyone has heard of, for illustrative purposes.
Unfortunately for spies, it turns out that cryptography is extremely effective in such situations. Certainly with today's strong cryptography, there would be no way for a spy to determine the
message by analyzing the message alone, or even a large bunch of messages. Espionage in such situations relies heavily on "social engineering" i.e. relying on the mistakes and weaknesses of humans in
the chain, precisely because the technology is virtually attack-proof.
Unfortunately for content owners and DRM technology providers, the DRM problem turns all of the above attributes upside-down:
- Common mass-deployed equipment such as commodity PCs must be used. Such equipment does not provide any robust "hiding places" for secret data.
- The users (consumers) will not tolerate complex procedures.
- It is virtually impossible to upgrade consumer hardware en masse, and very difficult to upgrade software and procedures.
- The "Secrets" e.g PC games, MPEG videos, MP3 files etc. - are fairly large, and require local storage.
- Although there may be only one originator (the content source) there are MILLIONS of potential recipients.
- The data has lasting value. A hit game or video decreases in value SLOWLY with time.
Given all of these attributes, it turns out cryptography is PART of the solution, but not THE solution.
For example, let's say you want to protect a PC video game from piracy using cryptography. You could strongly encrypt it before the user gets it, and decrypt it using the right key at the last
possible moment - maybe even inside the PCs RAM at run-time. But that key has to be stored somewhere in the PC.
The wily hacker doesn't bother trying to figure out the key; he just has to find the key. This is the key discovery problem, and it's a
serious problem in open systems.
In fact, the wily hacker probably doesn't even go to that much trouble. If he can get the game to play at all - let's say, as part of a time-limited trial - the DRM software will decrypt it for
him, and all he has to do is capture the decrypted form. This may require a bit of technical ingenuity, but it is far easier than figuring out the decryption key the hard way i.e. by brute force, and probably quite a bit easier than looking at the run-time operation of the program to see the key go by, capture it, and replay it.
At the end of the day there are major lessons here for either producers or consumers of DRM technology:
- Security claims for DRM based on crypto strength are TOTALLY BOGUS.
- Additional techniques above and beyond cryptography are necessary.
- Those additional techniques cannot provide defensible quantitative "security strength" figures.
DRM vendors who claim to be "uncrackable", or who make precise quantitative claims of security strength, are either technically incompetent or deceitful. Either
way, they don't deserve the confidence of those whose content they protect.