Licensing For tv Applications En

Transcription

PMC Ciphers, Inc.
ultimate encryption technology
(1
PMC-Enhanced License
Management for Pay TV
applications
White Paper
Published: May 2007, first published in March 2004
(1 Arizona Microchip PIC622 microphotograph courtesy by Oliver Koemmerling.
PMC-Enhanced License Management for Pay TV applications
1
PMC Ciphers, Inc.
PMC-Enhanced License Management for
Pay TV applications
White Paper
Published: May 2007
For the latest information, please see http://www.pmc-ciphers.com
PMC’s Enhanced License Management for Pay TV
Applications
Allows for encryption of the entire video stream, rather than just specific bits as is
present in toady’s standard systems.
Compiled crypto code creates minimum lag time, or time delay in the broadcasting
of live events.
The goal of the system is to make every piece of software unique. Attacks, which
would break one system, wouldn’t work on another system.
The Polymorphic Encryption Scheme allows for the creation of millions of unique
ciphers, all with similar properties of strength and speed. Ciphers can be easily
changed on a daily or by event basis.
Introduction
With more illegal viewers than paying customers, the European satellite
broadcasting industry clearly seems to need new ways to protect from fraud.
Although modern cryptographic systems are supposed to be secure, this shows
clearly that this cannot be right.
Surprisingly, our first customer, a German datacast provider with customers
including Reuters Group plc, Consors Discountbroker AG, SEB AG and Citibank,
came up with the idea to use compiled cryptocode to protect their already hacked
software. Within a short time we came up with a solution that has reduced the
fraud to zero since already three years and most probably for much longer.
The goal was to make every piece of software unique. Attacks which would break
one system wouldn’t work on another system.
Oliver Koemmerling from Advanced Digital Security Research, Riedelberg, Germany
and Markus G. Kuhn, University of Cambridge, UK, have shown in their paper
“Design Principles for Tamper-Resistant Smartcard Processors” that commonly used
technology that relies on fixed algorithms have sometimes decisive weaknesses.
2
PMC Ciphers, Inc.
State-of-the-art smart card technology
The following is cited from Oliver Koemmerling and Markus G. Kuhn, “Design
Principles for Tamper-Resistant Smartcard Processors”:
“Since around 1994, almost every type of smartcard processor used in European,
and later also American and Asian, pay-TV conditional-access systems has been
successfully reverse engineered. Compromised secrets have been sold in the form
of illicit clone cards that decrypt TV channels without revenue for the broadcaster.
The industry has had to update the security processor technology several times
already and the race is far from over.”
Etched smart card processor showing
the bit pattern of the microcode
Photo courtesy by Oliver Koemmerling.
The vias in this structure found in a
ST16F48A form a permutation
matrix
between
the
memory
readout column lines and the 16:1
demultiplexer. The applied mapping
remains clearly visible. Photo courtesy by
Oliver Koemmerling.
3
PMC Ciphers, Inc.
The implant-mask layout of a NAND
ROM can be made visible by a
dopant-selective
crystallographic
etch (Dash etchand). This image
shows 16 x 14 bits plus parts of the
row selector of a ROM found on an
MC68HC05SC2x CPU. The threshold
voltage
of
0-bit
p-channel
transistors (stained dark here) was
brought below 0V through ion
implantation. Photo courtesy by Oliver
Koemmerling.
This image shows horizontal bus
lines on a depackaged smartcard
processor. A UV laser (355 nm, 5
ns) was used to remove small
patches of the passivation layer
over the eight data-bus lines to
provide for microprobing access. .
Photo courtesy by Oliver Koemmerling.
View on polysilicon layer of
etched Infineon SLE44 smart
card. Photo courtesy by Oliver
Koemmerling.
4
PMC Ciphers, Inc.
S. Chari, C. Jutla, J.R. Rao and P. Rohatgi have shown in “A cautionary Note
Regarding Evaluation of AES Candidates on Smart-Cards” that it’s possible to crack
straightforward Blowfish, Rijndael and other AES implementations by taking power
samples from only 100 independent block encryptions to fully recover the 128-bit
secret key (Blowfish 6805 code which was implemented on a ST16 smart card).
PMC-Enhanced License Management
The reason why attacks on current smart card crypto implementations are possible
is that the cards share a common code. Consequently they are the target of
attacks.
Our PMC Lincensing Engine implementation for a German datacast company already
used a totally variable concept. The company needed a piece of software which
would fool skilled hackers. The key to that was the personalization of each
individual copy of the data gathering tool of the company. Each user gets a
different key which depends on the user’s name and other known registration data.
The key is actually used to yield a predefined result internal to the software. As all
users receive the same signal from the satellite, consequently all licenses must
finally compute the same data from the ciphertext. The security of the secrecy
system originates from its high degree of uniqueness that is preserved throughout
the whole decryption process and from the multitude of similar-looking objects that
are present on the system during runtime.
In order to fool hackers, the software simply compiles a number of keys into
machine code. As this machine code is pretty long (if necessary, several megabytes
of machine instructions can be compiled), the average hacker gets lost in it.
Professionals go beyond that point. They look at the results which are returned by
the key functions within the software. Deprived of simple results, attackers must
analyze in which way a set of globally used variables is affected and what the
consequences for the entire software are. Faced with a lot of operations which
cannot be classified properly as relevant or irrelevant for data decoding, a big part
of the software is potentially relevant and must be understood in order to have a
chance to find a way to crack it.
The secrecy system as a whole doesn’t only rely on a couple of single yes/no
decisions. It would be too easy to locate the machine instruction which is
responsible for the message “you don’t have a valid license”. Instead, much better
protection is achieved by working the licensensing functionality into the normal
source code and by changing the way the software works in a way that is
unnoticable even for the programmers of the software. Incorrect license keys
simply lead to impaired behaviour of the software.
A pay-per-view smart card application using PMC can work with a virtually infinite
number of inexpensive cards that are in the field. Each card is personalized with a
factory setting that is known to the service provider and that must not necessarily
remain secret. The service provider sends a code via satellite that interacts with
data stored on the card. The card itself generates this crypto algorithm. It is unique
for each card but finally computes the required codes to enable the data stream
decoder to decode the scrambled bits.
Attackers can even open cards, read out all the data, but can do nothing to crack
the protection system because main parts of the encryption algorithm are provided
dynamically for each card by the service provider as a code number that compiles
into crypto code.
For their Disk Encryption product, PMC Ciphers have developed a special set of
polymorphic functions that are extremely fast and they even protect the code from
Differential Power Attack (DPA). In addition to large-scale power variations due to
5
PMC Ciphers, Inc.
the instruction sequence, which can easily be analyzed by measuring the current
consumption of a microchip, there are effects correlated to data values being
manipulated. These variations tend to be smaller and are sometimes overshadowed
by measurement errors and other noise. In such cases, it is still often possible to
break the system using statistical functions tailored to the target algorithm.
Our DPA-resistant polymorphic functions are perfectly suited for smart card
applications. Their speed outperforms conventional encryption algorithms by factor
10. This allows for the encryption of the entire video and audio stream, rather than
just specific bits as is present in toady’s standard systems.
Compiled crypto code creates minimum lag time, or time delay in the broadcasting
of live events.
Many hacked set top boxes have FTP, UDP and HTTP client/server functionality
implemented. Codes that are recorded from an official smart card can be
transmitted via UDP protocol through the internet to thousands or even millions of
illegal “users”. Hacked boxes can thus be provided with the required data to decode
the MPEG-2 stream just in time.
This shows that a variable secrecy system must reach beyond the smart card!
It is difficult to understand why all existing systems today are highly vulnerable to
this kind of attack, because the designers of these systems must have been well
aware of it.
Self-compiling crypto code makes set top boxes
secure
Decoders are much easier to analyze and to reverse-engineer than smart cards as
they consist mostly of standard hardware that is easily accessible and
reprogrammable.
It is very likely that a number of engineers who have developed a box or parts of it
pass their knowledge to people who offer hacked software via internet.
The possibility to program set top boxes and to add decryption software to such a
device probably accounts for the mayority of the fraud.
Set top boxes can be hardened by taking a number of precautions. Making the
decryption algorithm dependent on serial numbers or other specifics of each single
decoder device is decisive:
The decryption system itself must make reverse-engineering a very hard and time
consuming task that has to be performed on each and every set top box. Each
individual copy of the decoding software is personalized with an activation key that
represents constant data of the target computer through Laser-ROM or polysilicon
fuses on the microprocessor or other unchangable information. PMC Ciphers has a
unique solution to the problem of hiding device-specific data that is available to
interested potential customers after signing an NDA or a cooperation agreement.
Card and decoder form a unit that is mutually dependent and highly variable with
changing algorithms as they are transmitted via satellite in form of comparably
short code numbers.
6
PMC Ciphers, Inc.
Technical description of PMC Software License
Management
In 1949 C.E. Shannon describes the principles of data encryption as confusion and
diffusion.
He describes confusion as being “the use of enciphering transformations that
complicate the determination of how the statistics of the ciphertext depend on the
statistics of the plaintext”.
Confusion is vital for a licensing engine as well. A strong concept must be
implemented to prevent experts from generating valid keying information for the
data stream decoder.
Diffusion simply means spreading the influence of individual pieces of software over
the full application. This concept has proved to be underdeveloped in existing Payper-view and Pay TV applications so far.
PMC customizes software for every user or every target machine without the need
to compile the software for each user. Registration data or simply the name of the
user can be compiled into a useful piece of machine code at runtime. Incorrect
input compiles into totally different machine code.
A microprocessor which
executes this machine code at some point of time yields completely different results
leading to impaired function some time later during operation.
Here’s a brief explanation of a simple PMC licensing engine employing the
Polymorphic Cipher:
Passphrase (user info, registration key, etc.)
Crypto Compiler
Compiled Crypto Code
Building block 1
Data Array for the
internal state.
Building block 2
It contains a
number of variables
which are used by
the application that
is to be protected
Building block 3
Building block 4
Building block 5
…
propagated internal state
Structure of a PMC object
for use in a licensing
engine
The Polymorphic Cipher is a combined secrecy system that provides as many
different ciphers as different keys are available in a certain keyspace. This
constructs exponentially many conceptually different ciphering functions which
opponents must engage in order to successfully crack the Polymorphic Cipher.
Being able to choose from 2128 ciphers for a 128 bit encryption algorithm has the
advantage that it renders known attacks, that require a static system, inapplicable.
7
PMC Ciphers, Inc.
In order to provide a significant number of different encryption algorithms for a
Licensing Engine, a highly flexible base design relying on a set of freely stackable
pseudorandom number generators can be chosen. This configuration is described
subsequently.
A passphrase consisting of registration information is compiled into machine code.
The compiler simply assembles standardized pseudo-random number generators,
the so-called building blocks, adjust addresses as well as entry and exit points to
generate a piece of machine code which acts like a huge pseudo-random number
generator that is working on the Internal State. The Internal State is a data array
which is shared with the software application. A powerful implementation will
combine a set of global variables used by the application software (which is to be
protected) in this data array.
After initializing the history data array with part of the passphrase, the instruction
pointer of the microprocessor on the target machine is set to the start of the
Compiled Crypto Code. After finishing the execution of the Compiled Crypto Code,
the bit pattern stored in the history data array consists of near-random data.
Without being noticeable by a hacker, the Internal State array can even be set to
some predefined bit pattern.
The Compiled Crypto Code can be pretty long and can affect a large number of
variables depriving hackers of any chance to apply simple patches.
Considerations for the implementation of PMC
Software License Management
Every copy protection and licensing system
should be different. Otherwise, hackers get
used to a certain class of algorithms and
methods; this is why PMC Software License
Management is defined in a different way
for each application and for each customer.
Even the complete mode of operation can
be adapted.
PMC License Management implemented in
smart cards requires careful design of the
card as well as the base station in order to
prevent any kind of attack. It should be
noted that Pay-per-View and Pay TV can still
be hacked if the secrecy system is ONLY
implemented in the smart card! Hackers
move quickly to attacks based on
distributing keying information via internet if a smart card proves to be resistant
against DPA or more invasive attacks.This has already been a trend for the past
months in Europe and it’s likely that this trend manifests itself as smart card chips
are increasingly hardened.
8
PMC Ciphers, Inc.
PMC Ciphers, Inc. offer to test the PMC Licensing
scheme with their product “TurboCrypt”
The underlying scheme can basically
be
applied
to
digital
rights
management, software licensing and
virtually any other related procedure
designed to control and protect data
distributions.
PMC Ciphers secure their own
software with a basic Polymorphic
Licensing
Engine.
The
Disk
Encryption tool “TurboCrypt” that
has been voted one of the 33 best
tools in the world by the German PC
Magazine, can be enabled to
different grades. The Enterprise
Edition sells for up to $199.95 per
license.
This is the download location of the
evaluation version which can be
enabled up to the highest level
(Enterprise Edition):
http://www.pmc-ciphers.com
Registered users receive a key which
enables the purchased license level.
In order to compute license codes,
we use a little “enabling assistant”
tool, which is as well protected with
this licensing engine
Professional customers that are
interested in testing our Licensing
Engine receive a fully functional
enabling assistant that expires after
several days. Until the software expires, it generates as many valid keys for our
best-selling software product as wanted.
We explicitly invite interested experts who test the “enabling assistant” to crack the
tool or TurboCrypt since 2004 ! We are very confident that this is impossible,
mainly because a number of people have tried in the past to crack less secure
versions without success.
We are very confident that the implemented algorithms are secure.
9
PMC Ciphers, Inc.
Privacy statement
Customer data is kept secret for at least 15 years on our standard non-disclosure
policy procedure. This is especially true for the company name and for the products
which are protected by using some or all of the features of PMC Software License
Management. In return, we expect our customers to keep all information which is
not publically known about PMC Software License Management undisclosed for at
least 15 years after signing a non-disclosure agreement with us. PMC Ciphers, Inc
reserves the right to adopt improvements and new features of PMC Software
License Management, which are being conceived or invented in the course of a
running development for one customer, in PMC Ciphers products including PMC
Software License Management.
For more information: http://www.pmc-ciphers.com
This is a preliminary document and may be changed substantially prior to final commercial release. This document is
provided for informational purposes only and PMC Ciphers, Inc makes no warranties, either express or implied, in this
document. Information in this document is subject to change without notice. The entire risk of the use or the results of
the use of this document remains with the user. The example companies, organizations, products, people and events
depicted herein are fictitious. No association with any real company, organization, product, person or event is intended
or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any
purpose, without the express written permission of PMC Ciphers, Inc.
PMC Ciphers, Inc may have patents, patent applications, trademarks, copyrights, or other intellectual property rights
covering subject matter in this document. Except as expressly provided in any written license agreement from PMC
Ciphers, Inc, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or
other intellectual property.
© 2000 – 2002 ciphers.de, © 2002 – 2007 PMC Ciphers, Inc., All rights reserved.
Company and product names mentioned herein may be the trademarks of their respective owners.
10

Licensing For tv Applications En

Transcription

Similar documents

Giuliana Rancic - Stephanie Stephens

coRcIAL. BaNks

Inventor John Harvey: A 30

WELCOME TO CAESARS PALACE

AutoDCR Application Case Study— Pune Municipal Corporation

How to File Sales Tax Online

port final ing

MouthHealthy.org: Hermey Wants to Be a Dentist

death of a yuppie dream - rosa luxemburg stiftung nyc

Using The Media To Sustain the Earth