DIGITAL RIGHTS MANAGEMENT Hoang Viet Lam Tran Quoc Trieu 1
O UTLINE 1. Introduction 2. Software reverse engineering 3. Software tamper resistance 4. Digital rights management 2
3
S OFTWARE REVERSE ENGINEERING Reverse engineering is the process of analyzing a subject system to identify the system's components and their inter-relationships, and to create representations of the system in another form at higher levels of abstraction(Chikofsky and Cross1990) SRE can be used for good or not so good purposes. 4
S OFTWARE REVERSE ENGINEERING ( CONT ) The essential tools for SRE include a disassembler, a debugger and a hex editor. A disassembler converts an executable into assembly code(IDA Pro, Hackman). A debugger is used to set break points, which allows Trudy to step through the code as it executes(SoftICE, OllyDbg). 5
S OFTWARE REVERSE ENGINEERING ( CONT ) A hex editor is also a necessary SRE tool.The hex editor is the tool Trudy will use to directly modify, or patch, the exe file(UltraEdit, HIEW). Other tools that might sometimes prove useful include( Regmon-monitors all accesses of the Windows registry; Filemon-monitors all accesses of files) VMWare-which allows a user to set up virtual machines 6
S OFTWARE REVERSE ENGINEERING ( CONT ) Why do we need a disassembler and a debugger? For SRE work, boundless patience and optimism are also needed since SRE is extremely tedious and labor intensive. SRE is essentially a manual process The necessary technical skills for SRE include a working knowledge of the target assembly language and experience with the necessary tools 7
S OFTWARE REVERSE ENGINEERING ( CONT ) For our SRE example, we’ll consider code that requires a serial number. 8
S OFTWARE REVERSE ENGINEERING ( CONT ) Trudy disassembled serial.exe using IDA Pro tool 9
S OFTWARE REVERSE ENGINEERING ( CONT ) 10
S OFTWARE REVERSE ENGINEERING ( CONT ) 11
S OFTWARE REVERSE ENGINEERING ( CONT ) The instruction test eax,eax computes a binary AND of register eax with itself. This causes the flag bit—which is tested in the jump instruction at address 0x401032—to be zero only if the eax register contains 0 Replace instruction “ test eax,eax” at address 0x with “xor eax,eax” then the flag bit that is tested in line 0x will always be zero 12
S OFTWARE REVERSE ENGINEERING ( CONT ) Trudy examines the bits at address 0x x33C0 13
14
A NTI -D ISASSEMBLY T ECHNIQUES Encrypt executable file and when the exe file is in encrypted form, it can’t be disassembled correctly. False disassembly 15
A NTI -D ISASSEMBLY T ECHNIQUES (CONT) Another sophisticated anti-disassembly trick that has been used is self-modifying code. Self-modifying code modifies its own executable in real time. This is an effective way to confuse a disassembler, but it may also confuse the developers, since it’s difficult to implement and is error prone 16
A NTI -D EBUGGING T ECHNIQUES Since a debugger uses certain debug registers, a program can monitor the use of these registers and stop (or crash) if these registers are in use. A program can also monitor for inserted breakpoints, which is another telltale sign of a debugger 17
A NTI -D EBUGGING T ECHNIQUES (CONT) A simple anti-debugging technique 18
S OFTWARE T AMPER R ESISTANCE Guards: It’s possible to have the code hash sections of itself as it executes and compare the computed hash values with the known hash values of the original code. If tampering occurs, a hash check will fail and the program can take evasive action. 19
S OFTWARE T AMPER R ESISTANCE ( CONT ) Obfuscation: Another popular form of tamper resistance is code obfuscation. Here, the goal is to make the code difficult to understand “Spaghetti code” “Opaque predicate” 20
S OFTWARE T AMPER R ESISTANCE ( CONT ) Code obfuscation has sometimes been promoted as a powerful security technique.In fact, Diffie and Hellman’s original conception of public key cryptography suggested obfuscation as a likelyway to develop a such a cryptosystem. Recently it has been argued that obfuscation cannot possibly provide strong security in, say, the same sense as cryptography 21
M ETAMORPHISM R EVISITED The usual practice in software development is to distribute identical copies, or clones, of a particular piece of software to each customer Break once, break everywhere or BOBE Suppose we distribute metamorphic copies. That is, each copy of our software differs internally, but all copies are functionally identical. 22
M ETAMORPHISM R EVISITED (CONT) Thanks to open platforms and SRE, we cannot prevent attacks on software. Arguably, the best we can hope for is increased BOBE resistance. Metamorphism is one possible way to achieve a reasonable level of BOBE resistance. 23
DIGITAL RIGHTS MANAGEMENT What is DRM? Describe an actual DRM system designed to protect PDF documents. DRM system designed to protect streaming media Particular peer-to-peer application Use DRM to protect documents distributed within an enterprise 24
W HAT IS DRM? Trudy wants to sell her new book in digital form on the internet. Alice buys Trudy’s digital book and then redistributes it for free online => What happens? Persistent protection is the buzzword for the required level of DRM protection. Examples of the kinds of persistent protection on a digital book: No copying, read once, do not open until Christmas, … 25
W HAT IS DRM? What can be done to enforce persistent protection? One option is to rely on the honor system, whereby we do not actually force users to obey the rules but instead simply expect that they will. Example: horror novel writer Stephen King with a book The Plant. 26
W HAT IS DRM? Give up on enforcing DRM on an open platform such as a PC. Enforce persistent protection through software in a PC => failure Example: DRM system for protecting digital documents might be defeated by user who is knowledgeable enough to operate a screen capture program. 27
W HAT IS DRM? Another option would be to develop the strongest possible DRM system in software. A reasonably high level of DRM protection can be achieved. Example: Closed systems(game systems) 28
W HAT IS DRM? Cryptography is the solution to the DRM problem. 29
W HAT IS DRM? There is a fundamental limit on the effectiveness of any DRM system, since the so called analog hole is present in any DRM. When the content is rendered, it can be captured in analog form. 30
A R EAL -W ORLD DRM S YSTEM MediaSnap DRM systems 31 MediaSnap DRM systems Secure Document Server(SDS) Client software
A R EAL -W ORLD DRM S YSTEM 32
A R EAL -W ORLD DRM S YSTEM 33
A R EAL -W ORLD DRM S YSTEM There are security issues both on the server and on the client side. The SDS must protect keys and authenticate users, and it must apply the required persistent protection to the document. The SDS resides at corporate headquarters and is relatively secure. The client must protect keys, authenticate users, and enforce the persistent protection. The DRM client software, on the other hand, is readily available to any attacker. 34
A R EAL -W ORLD DRM S YSTEM 35
A R EAL -W ORLD DRM S YSTEM To prevent disassembly, the executable code is encrypted, and false disassembly is used to protect the part of the code that performs the decryption. In addition, the executable code is only decrypted in small slices so that it’s more difficult for an attacker to obtain the entire code in decrypted form. The anti-debugging technique. 36
A R EAL -W ORLD DRM S YSTEM The anti-debugging technique. The basic approach is to monitor for the use of the debug registers. One obvious attack on such a scheme is a man-in-the-middle, where the attacker debugs the code but responds to the anti-debugging software in such a way that it appears no debugger is running. The anti- debugging technique includes defenses against such an attack on its monitoring mechanism. 37
A R EAL -W ORLD DRM S YSTEM The obfuscation is applied to the security critical operations, including key management, authentication, and cryptography. Advanced Encryption Standard(AES). Scrambling algorithm. Can be obfuscated. The keys are also obfuscated by splitting them into multiple parts and hiding some parts in data and other parts in code. 38
A R EAL -W ORLD DRM S YSTEM Another security feature implemented by the system is anti-screen capture technique Somewhat analogous to the anti-debugging technique. Digital water marking is also employed. It is designed to provide the ability to trace stolen content. 39
DRM FOR S TREAMING M EDIA Attacks on streaming media include spoofing the stream between the end-points, man-in-the- middle, replay, or redistribution of the data, and the capture of the plaintext at the client. Scrambling algorithms. Each instance of the client software comes equipped with a large number of distinct scrambling included. Each client has a distinct subset of scrambling algorithms chosen from a master set of all scrambling algorithms, and the server knows this master set of algorithms. 40
DRM FOR S TREAMING M EDIA Scrambling algorithms. Suppose the server knows the N different scrambling algorithm, s 0,s 1,…,s N-1. Each client is equipped with a subset of these algorithms, example: LIST = {s 12, s 45, s 2, s 37, s 23, s 31 } 41
DRM FOR A P2P A PPLICATION Peer-to-peer networks 42
DRM FOR A P2P A PPLICATION Peer offering service(POS) 43
DRM IN THE E NTERPRISE Protect certain types of private information. Example The Health Insurance Portability and Accountability Act(HIPAA) requires that companies protect personal medical records. The Sarbanes-Oxley Act(SOA) requires that companies must preserve certain documents, such as information that might be relevant to “insider trading” stock violations. 44
45