Download presentation
Presentation is loading. Please wait.
Published byIvy Gillson Modified over 9 years ago
1
Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy
2
Jeff Bilger - CSE P 590TU - Winter 2006 Introduction Rationale for anti-piracy measures: economics Early anti-piracy schemes –Obfuscation (simple XORing) –Copy protection (unformatted sectors) –Checksums –Result? We’ll cover –Why crypto is well suited –What can cause crypto to fail –Examples
3
Jeff Bilger - CSE P 590TU - Winter 2006 Why Cryptography? Premise (if cost exceeds benefit..) –Crypto can significantly increase the cost.. Digital Signatures –Authenticity (source verification – both ways) –Execution control (proprietary HW) Encryption –Obfuscation –Transmit sensitive information over insecure channels One Way Hashes –Integrity (tamper detection) Key Exchange –Allows distributed security
4
Jeff Bilger - CSE P 590TU - Winter 2006 What can cause crypto to fail? Brute force attacks? –infeasible Bugs Engineering trade-offs –Cost –Capabilities of target platform (CPU, RAM, ROM) Poor Engineering decisions –Poor choices in crypto primitives (SHA-1) Poor key management –PRFs that are not very random –Key value (dictionary attack) –Insecure key storage / transfer Secure vs. insecure systems –Debuggers/monitors
5
Jeff Bilger - CSE P 590TU - Winter 2006 Example: Alternate Reality 1985 BC multi-encryption cipher –Leventhall/Seville crypto (Dr. Carl Meyer of Lucifer and DES fame) 1.8MHz CPU / 48K bytes RAM Poor key storage Bug in key seed generation algorithm Considered one of the toughest anti- piracy measures to crack of its time
6
Jeff Bilger - CSE P 590TU - Winter 2006 Example: Xbox 2001 Conical case The MS business model Same secret key on all Xbox devices Secret boot code located on custom chip, not CPU. Communication required over a bus Bus was not encrypted ROM size limitation on custom chip required implementation trade offs –Utilized constant checksum instead of a hash! Hacker captured keys and boot code over the bus Since boot code was not hashed, it could be modified
7
Jeff Bilger - CSE P 590TU - Winter 2006 Example: Xbox improvements MS changed RC4 secret key Fixed some bugs Constant checksum replaced with hash using TEA –Oops Other non-cryptographic attacks as well (Visor & MIST)
8
Jeff Bilger - CSE P 590TU - Winter 2006 Example: Valve’s Steam Platform 2004 Content delivery/DRM platform Combines cryptography and online registration Among other things, allows Valve to quickly detect and address incidents of piracy
9
Jeff Bilger - CSE P 590TU - Winter 2006 Conclusions Can’t stop piracy Cryptography can make it more costly to crack software Secure vs. insecure systems Engineering trade offs/poor decisions Distributed solutions are a good model
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.