4. NCdisk SP-based SoC Architecture 5. NCdisk Security Protocol Architecture for Non-Copyable Disk (NCdisk) Using a Secret-Protection (SP) SoC Solution Michael S. Wang and Ruby B. Lee Department of Electrical Engineering, Princeton University 1. Introduction Problem of study: Digital contents piracy Research: Examined both software and hardware vulnerabilities in existing copy-protection methods. Proposal: Proposed a non-copyable disk (NCdisk) that makes it significantly harder for digital contents to be copied. Any digital content written onto the NCdisk can only be read through a predefined set of NCdisk outputs. 4. NCdisk SP-based SoC Architecture The NCdisk concept ultimately boils down to achieving two goals. The first goal is to protect secret keys inside the NCdisk. The second goal is to protect data output such that the original digital plaintext data is never leaked out. We achieve these two goals by implementing a SoC consisting of existing disk controller components, plus a minimal set of additions. This new SoC can then be connected to the rest of the existing disk components to turn an existing disk into an NCdisk. 5. NCdisk Security Protocol We present a security protocol to use along with the NCdisk for an online movie download application. Manufacturer sends a blank NCdisk to Content Provider (CP), who initializes the NCdisk. NCdisk Architecture Existing Hard Disk Architecture 2. Threat Model Content provider’s software is trusted and is allowed to use the critical secrets but cannot leak these secrets out. Any other software is un-trusted and is not allowed to use the secrets. The attacker is able to mount software attacks. Probing inside a System-on-Chip (SOC) is more difficult without destroying functionality, so it is not in our threat model. We also do not consider side-channel attacks. User buys an NCdisk from store and then connects to CP through Internet. SP Instructions for the NCdisk Processor SP Instruction Description Begin_TSM (on-chip ROM ) Begins execution of TSM (enables access of TSM scratchpad memory) End_TSM (on or off-chip) ends execution of TSM (disables access of TSM scratchpad memory) SecureMem_Set (on or off-chip) Sets StartAddr & EndAddr registers to define TSM scratchpad memory DeviceKey_Read (on or off-chip) Load the Device Key to be used by TSM SW 3. NCdisk Concept The NCdisk is a data storage device, in which any digital content written into the device is automatically encrypted using a key that is generated by the NCdisk that never leaves the NCdisk. All data stored on the NCdisk are encrypted. It can only be read through a set of predefined outputs, such that the digital plaintext form of the data never leaves the NCdisk. CP prepares a movie for the NCdisk NCdisk APIs for Applications API Functions Description TSM_Write Write data into NCdisk TSM_Read_Analog Output to analog channel TSM_Read_Trusted Output to trusted display TSM_Read_Integrated Output to internal display NCdisk stores the downloaded movie Reference Michael Wang and Ruby Lee, “Architecture of Non-Copyable Disk (NCdisk) Using Secret-Protection (SP) SoC Solution”, Forty-First Asilomar Conference on Signals, Systems and Computers, November 4-7, 2007. Jeffrey S Dwoskin, Ruby B. Lee, "Hardware-rooted Trust for Secure Key Management and Transient Trust", ACM Conference on Computer and Communications Security, pp. 389-400, October 2007. Jeffrey Dwoskin, Dahai Xu, Jianwei Huang, Mung Chiang, Ruby Lee, "Secure Key Management Architecture Against Sensor-node Fabrication Attacks", IEEE GlobeCom 2007, November 2007.