Computer Security Digital Rights Management

(1)

I

Computer Security 06 – 17417

Digital Rights Management

Version 0.7

Authors

Christopher Andrews,

Tim Ellis,

Dafyd Jenkins,

Ajay Sailopal,

Eakbal Singh,

Jaspreet Singh.

(2)

II

1 Introduction

Digital Rights Management (DRM) is “a combination of encryption and Internet validation for protecting vendor copyrights to prevent unauthorised copying of digital content (software, music, books, movies, and so on)”1. Commercial organisations have invested heavily in preventing their work from being copied illegally and distributed over file-sharing mechanisms. This has given rise to many DRM technologies which have been put in place, some of them being discussed in the report.

The subject of DRM is three fold. It concerns the social implications of the implementations, the technicalities of these implementations and the legislation put in place to support the development of such technologies.

Although DRM was first coined in the early 90s, it is still very much in its infancy and is always evolving taking advantage of new technologies. This document will detail previous attempts at enforcing DRM, its current state and which direction it could follow in the future. It is also a subject that is steeped in legislative and ethical issues as well as being technical adding to the breadth as well as depth of the field.

1.1 Outline

DRM is a wide field and has vast capabilities and potential, however for this document only a concise and opinionated view is given and much of the copious technical detail has been omitted for the sake of simplicity, whilst retaining the core fundamentals.

Considering this approach, this document will be structured in the various stages as follows. Background of legislations

Previous forms of DRM through optical media DRM through the Internet

The future of DRM through Trusted Computing A general outlook and conclusions

(4)

2

2 Copyright overview and Digital Millennium Copyright Act

As mentioned in the introduction, DRM is a field that is not purely technical but has deep roots in legislative and social issues. It is often these issues that dictate to what extent the various technologies concerning DRM can be developed and used. Henceforth, it is necessary to gain a grounding firstly in the legislative aspect of the subject and in particular to provide an overview of copyright issuances and Digital Millennium Copyright Act regulations.

2.1 What is a Copyright?

A copyright is symbolised by ©, it is different from a trademark in that it is enforceable against anyone, where as the latter is usually only enforceable against competitors. A copyright exists as soon as some work is produced that is original and involves some skill. However it exists only for a number of years, after which the work enters the public domain and becomes available for use free of charge. The owner of the rights also has the right to transfer it to a third party giving them all or some of the associated privileges.

2.2 Overview of Copyright privileges

The privileges of copyright can be broken into two sub-categories namely those privileges provided to the owner and those to the user

Owner’s Privileges

o All rights are exclusive – therefore the owner and only the owner has the right to exercise them

o Owner has rights to make copies

o Owner has the right to distribute these copies o Owner has the right to perform work in public o Owner has right to display work in public o Owner has right to export and import the work

o Owner has rights to sell or assign the rights to others – to corporate companies who have the marketing and financial power to distribute the product.

User Privileges

o User is permitted to carry out some form of copying such as work involving non profit making organisations and various other factors such as marketing implications are also considered

o User is able to resell the product that they have legally purchased 2.3 DMCA – Digital Millennium Copyright Act

This act was brought into action on 28th October 1998 and was later amended in 2002. The act amends the US copyright law and in summary makes it illegal to develop and/or distribute technologies that circumvent copyright protection technologies. There are similar legislations around the world for example the European Union Copyright Directive (EUCD), its Article 62 mirrors some of the controversial aspects of the DMCA.

2.3.1 The DMCA consists of five sections

1. WIPO3 Copyright and Performances and Phonograms Treaties Implementation Act of 1998 – this act requires any country to provide protection and remedies against circumvention technologies.

2. Online Copyright Infringement Liability Limitation Act – provides protection to the service provider as long as they satisfy the conditions mentioned in points 2 and 3 of section 2.4.2.

2_{http://news.zdnet.co.uk/software/developer/0,39020387,39116390,00.htm} 3_{World Intellectual Property Organisation}

(5)

3 3. Computer Maintenance Competition Assurance Act – allows those repairing computers to make

temporary and limited copies.

4. Miscellaneous Provisions – This contains provisions relating to functions of Copyright office distance education, assistance of libraries, allowing the creation of short-term copies for broadcast purposes and for the collective bargaining of movie rights.

5. Vessel Hull Design Protection Act – This section of the act is not applicable for this report. 2.3.2 General discussion of legislations

1. The act makes it a crime to develop technologies that circumvent anti – piracy measures that are built into many digital productions. There are however exemptions to this, including development of technologies for encryption or reverse engineering. Non-profit organisations such as universities are also exempt.

2. In general the act limits the liability of service providers from copyright infringement that may occur if users use their services to access copyrighted material in an illegal manner. An example of such a scenario would be a user that subscribes Telewest Broadband as their ISP and then uses the connection to illegally obtain copyrighted material. However in order to be exempt the service providers must

a. Provide the users information about the copyright property

b. Terminate user accounts if they continuously violate copyright protection c. Not interfere with the copyright measures of the copyright owners.

3. The service providers are also limited in liability if their networks are used to transmit the copyrighted data illegally. Such a scenario could occur in the UK; where BT owns most of the telephone network. If a user on another ISP (e.g. Wanadoo) uses their connection to illegally obtain copyrighted material that is transmitted through BT’s network, BT would not be held liable under this condition. Wanadoo would only be exempt if they satisfy the conditions stated in 2. However in order for BT or any other network provider to be exempt the following must be ensured: -

a. Transmission was initiated by someone other than the service provider b. Transmission of the data is automatic

c. Service provider does not select recipient of the material

d. No copy is made and is not held for longer than necessary and is only accessible by the initiator

e. Material is transmitted without modification.

4. Limits liability of non-profit higher education institutions - when they serve as online service providers and under other circumstances such as copyright infringement by faculty members or students.

5. Requires that "webcasters" i.e. anyone that streams media over the internet, pay licensing fees to record companies.

6. Requires that the Register of Copyrights, after consultation with relevant parties, submit to Congress recommendations regarding how to promote distance education through digital technologies while "maintaining an appropriate balance between the rights of copyright owners and the needs of users."

7. States explicitly that "[n]othing in this section shall affect rights, remedies, limitations, or defences to copyright infringement, including fair use..."4

2.3.3 Conclusions to DMCA

The act has been introduced as a legislative tool to counter the increasing use of technology to circumvent copyright protection mechanisms. However having researched the subject and having

(6)

4 experienced the restrictions of DRM technology it is believed that current DRM implementations violate the DMCA as they fail to satisfy point 7 of section 2.3.2. Certain aspects of copyright legislation such as the first sale doctrine or fair use are prevented. Further, the DMCA is believed to hinder progress in research. Researchers are afraid that if they release their knowledge into the public domain they might enter litigation with companies who hiding behind the DMCA. A classic example of this is the arrest of Dmitri Sklyarov who worked for Elcomsoft and developed a way of avoiding Adobe’s weak e-book protection mechanism.

3 DRM conceptual model

The first generation of DRM was very crude and modelled a broad view of the full capabilities of the mechanism. It used basic security and encryption to stop unauthorised copying. The general idea was to lock content and allow distribution to individuals that have paid for it. This was largely achieved through obscurity.

Second generation DRM technologies, namely Internet-Based DRM are discussed in detail further in this document. These protocols essentially consider a myriad of technologies to protect the usage of content, both tangible and intangible. This type of DRM manages relationships with individuals who have a right to the content. If this were portrayed in a conceptual model one would arrive at the following high-level functional architecture. The following diagram has been adapted from its original version.

Figure 1: Conceptual model of a DRM architecture5

(7)

5 The conceptual model can be divided into three main areas:

Content Initialisation - this is to manage the creation of content so that it can be easily traded and where rights are assigned.

Content Management - how to manage and enable the trade of the content in potentially distributed databases. Also assigns licenses to individuals/groups who have agreements for the rights. These can be issued through payment or some other fulfilment operation. This information is stored in the metadata that accompanies the content.

Content Usage - how to manage the usage of content once it has been traded. This involves assigning permissions; if a person has the right only to view an e-book, he will not be able to make a printout of it. It also tracks how much the content is being used according to agreed license conditions e.g. if the e-book can only be viewed five times, it can only be downloaded five times.

This conceptual model will be used as a basis to evaluate DRM systems. DRM through optical media and the Internet will be discussed through examples and the report will return to the architecture to see where the model is broken.

4 DRM on optical media

Although DRM is a relatively new term, optical media is the prevalent form for distributing content. However, DRM has been in use for several decades, under the guise of copy-protection measures. Developers and publishers of electronic content on CDs and other media have been utilised in a number of different techniques to protect their content from unauthorised users.

Computer games were one of the first forms of digital content which actively utilised DRM. In the mid-1980s developers employed a simple method, users were prompted to answer a question based on the procured material. This was achieved by providing the user with a specific sheet of codes or having the answers inside the manual. However, this simple protection could be broken very easily, by simply copying the manual or code sheet. Other more elaborate ‘cracks' were written by skilled programmers to bypass these mechanisms. Throughout the next two decades, the techniques applied became much more sophisticated. The result was that only specialist programmers could attack the protection used. 4.1 StarForce

One of the most recent copy-control mechanisms employed on software is called StarForce by StarForce Technologies. StarForce uses a series of hardware and software techniques to stop the copying and distribution of content.6 There are many different versions of the StarForce. This report will focus solely on StarForce Professional. StarForce Professional is designed to stop both casual pirates and professional pirates alike. This is achieved using a combination of both hardware and software techniques to protect the content.

4.1.1 StarForce Professional implementation

StarForce protection expands on the currently used copy protection (such as SecuROM and SafeDisc) by allowing any number of files in the software to be encrypted (the exact amount is controlled by the software publisher). These files are then only decrypted at run-time, by the use of a 'Protection Library File'. This is typically in the form of an executable and dynamic link library stored on the CD/DVD or

(8)

6 a device driver, which is installed when the software is initially set up. See Figure 2 for a high-level overview of this process.

Figure 2: Encryption and duplication process of StarForce7

The protection on the media works on several levels.

StarForce can detect if the disk is not genuine. A digital fingerprint is embedded on the disk which can be verified (see Figure 3 for a speculative process).

Software is produced in batches and this is utilised as a security measure.

o Each copy of the software is supplied with a unique CD-key consisting of fourteen alphanumeric digits, which is specific to a master key of a batch.

o Using several physical properties of each batch of disks generates the master key. o The CD-keys are then generated using this master key. The combination of these two

keys allows the authenticity of the disc to be confirmed.

Figure 3: Encryption, authorisation and decryption of software8.

7_{Adapted from: StarForce Software Protection Solutions – Advanced Encryption and Activation Technologies for Disk}

Based CD/DVD and Online Distribution document

Scramble Content Encode Key Unique Key Content ‘Digital Signature’ Loader Scrambled Content Descramble Content (loader) Decode Key Unique Key Loader Encoder Content

(9)

7 Therefore a copied disc will not authenticate, as the master key will differ. This also means that the disc cannot be mounted to a virtual drive using software such as DAEMON Tools9; these programs cannot replicate the master key from the disk.

The files are encrypted using 'product-specific crypto algorithms'. This implies that even if the content is copied from CD to the user’s hard disk or downloaded from the Internet and a valid CD-key obtained (legally or illegally), the software will still be locked and encrypted because the master key is still required. The encryption process is performed on StarForce's secure protection server. However, due to the lack of information supplied from the developer about the encryption algorithms used; it would appear that the developer attempts to provide ‘security through obscurity’, possibly indicating that the algorithms are not very strong.

4.1.2 Effectiveness

StarForce is generally considered to be one of the most effective copy-protection systems in use. Several games released using StarForce have taken several months to crack. When this is compared to the time taken to break other systems such as SecuROM and SafeDisc (which is typically within hours of release, in certain cases even before release), it is very efficient at stopping short-term piracy, which can be argued is most important. This technology is primarily used in the gaming industry where the value of games is likely to depreciate rapidly over time after release; thus StarForce effectively succeeds in providing a useful DRM solution. The system does not rely on any specific hardware, and complies with industry standards.

4.1.3 Circumvention

As with any current DRM or copy-protection system, it can be circumvented in several ways: -

The encrypted software can be attacked by brute force. This is likely to be extremely time consuming, as many gigabytes of data could potentially be encrypted. Each batch of software has a specific cryptographic algorithm; thus it would need to be cracked for each version of the software.

The decryption tools are supplied with the software, the potential cracker has access to the entire decryption process if they reverse-engineer the Protection Library File.

The user could use a memory examining program such as Soft-Ice, to examine the value of specific memory locations whilst the decryption process is in progress. This may allow the cracker to obtain the master key.

The StarForce protection server could be compromised, possibly allowing access to hidden details of the encryption process. With this information attacks could be created.

4.2 Cactus Data Shield

In recent years many record labels have started to produce audio CDs with various kinds of copy-protection. One controversial copy-protection used is Cactus Data Shield by Macrovision. Cactus Data Shield is designed to prevent Internet distribution of copyrighted material and prevent audio files being copied on to the users hard disk.10 There are three different versions of Cactus Data Shield namely CDS100, CDS200 and CDS300. This report will focus on all 3 versions of CDS.

CDS300 is the latest revision. It is an implementation of DRM and it offers, “Portability & Controlled Burning”. This allows the publisher to choose how many backup copies can be created (from zero to

8_{Adapted from}_{http://www.cdmediaworld.com/hardware/cdrom/cd_protections.shtml} 9_{For more information please visit http://www.daemon-tools.cc/dtcc/portal/portal.php} 10_See_{http://www.macrovision.com/products/cds/index.shtml}_{for more information}

(10)

8 infinity). Windows Media Audio files protected by DRM restrictions are also provided on the disk. Other software and hardware modifications to the disk have been incorporated in an attempt to prevent any kind of ‘ripping’ that was possible with CDS200.

4.2.1 Cactus Data Shield Implementation

Cactus Data Shield’s protection for CDS100 works by breaking industrial standards for CDs. Audio CDs typically conform to the Red Book standard developed by Philips and Sony. The standard defines the physical parameters and properties of the CD. The digital audio is encoded as 16-bit PCM (Pulse-Code Modulation) with error correction11. Stand-alone audio CD players are created to support this standard.

The first extension to this standard was the Yellow Book standard for CD-ROM. Disks could contain up to 650MB of data as well as digital audio. Multi-session discs could be created using Mode 112 and Mode 213. Data is written to the disk using Yellow Book Mode 1, ISO 9660 Level 1. Yellow Book Mode 2 allows the combining of the two data modes14. The full CD and CD-ROM specifications can be found here15. Figure 4 depicts this more clearly.

Figure 4: Model of CD with two sessions

Cactus Data Shield works by breaking the Yellow Book standard. The disk is created using two sessions. Mode 2 data is written in the first session and Mode 1 data is written in the second session. A standard audio player can only read the first session of the disk, which is the audio session and will ignore the remainder of the disk. However, a computer optical drive will attempt to read the extra session first, but will fail because it will be detected as corrupt. Several techniques are used to corrupt the data track. The data might be total noise (in the case of CDS100), which prevents any data being retrieved from the disk. Alternatively an illegal table of contents may be provided, with the wrong track numbers, start and stop times; in an attempt to hide the audio session. Due to the compatibility issues with CDS100, CDS200 and CDS300 maintained the CD – standard but used drivers to run the audio

11_{Information paraphrased from}_{http://en.wikipedia.org/wiki/CDDA}_{. For more information visit the URL.} 12_{This mode is error intolerant, meaning that it is suitable for data such as programs.}

13_{This mode is error tolerant, making it suitable for audio and graphics, where minor errors are largely not noticeable.} 14_{Information paraphrased from}_{http://www.mediatechnics.com/yellowbook.htm}_{. For more information visit the URL.} 15_{http://www.disctronics.co.uk/technology/cd-rom/cdrom_spec.htm}

(11)

9 files in a protected environment thus limiting the access audio session. This mechanism utilises the ‘autorun’ feature within the Windows operating system.

4.2.2 Effectiveness

Cactus Data Shield is considered to be less than effective in many cases. As manufacturers crate hardware differently, some hardware can read the corrupt disks with no trouble. In these cases the user would be able to access the audio tracks, and rip them using standard audio ripping software. The user would not even notice any form of copy-protection..

4.2.3 Circumvention

The weakness with the implementation which was discovered allowed the entire copy-protection mechanism on the CDS300 media to be circumvented with embarrassing ease. Upon inserting the CD the user could simply hold the 'shift’ key to prevent the disc from being auto run (this stopped the protection environment drivers from being executed); allowing access to the entire CD. The content could then simply be extracted from the disc. Macrovision claim this flaw has been fixed with the latest version of CDS300 (version 7).

5 Internet Based DRM Implementations

Many Internet Based DRM systems are being put in place by commercial corporations try to counter the ever-growing problem of illegal downloading and distribution. The most common format which is downloaded and where the problem exists is audio and document files. This problem is widespread and is affecting both industries greatly, particularly financially. In this section Apple iTunes and Adobe E-Books are described.

5.1 iTunes

Apple’s iTunes is music jukebox software that provides the ability to organise and play songs as well as purchase music legally from its online store. The software utilises DRM technology to place restrictions on music that is downloaded so that access rights to the content are preserved and maximum royalties are passed on to the creator.

5.1.1 iTunes DRM implementation

iTunes uses a DRM technology called FairPlay, and this functions as follows: • The content, i.e. the music is an MP416

Container File with an AAC17 audio stream.

• The AAC part is encrypted using a combination of the Rjindael algorithm and MD5 hashing. • An encrypted master key that is also stored in the MP4 is used to decrypt the AAC.

• For the previous to take place the master key needs to be decrypted; a user key is needed for this, which is acquired from a server when the content is purchased.

This process is illustrated by Figure 5.

16_{Container for MPEG-4, a standard by MPEG primarily to handle low bit-rate content.}

17_{AAC which stands for Advanced Audio Coding is a data compression method for audio streams. It was initially designed}

(12)

10 FairPlay Initialized Application Server Master Key

Request to decrypt master key

AAC Audio Stream Needed to decrypt and play User Key

Server issues a user key to decrypt master key

MP4 Container File

Figure 5: The FairPlay process18

Apple are able to enforce limitations on rights by authorising the computer from which a purchase is made by sending a unique ID to its servers (it is speculated that a hardware hash from the computer creates this unique ID). In doing so, sharing of the file is prevented to access the content requires the combination of the unique ID and user keys for decryption.

5.1.2 Rjindael & MD5 as encryption techniques

For the purpose of this discussion, a brief overview of the two methods used to encrypt the AAC audio stream (and the master key to unlock this content) will now be given.

The Rjindael encryption method, also known as the Advanced Encryption Standard (AES), is a symmetric key algorithm, i.e. encryption and decryption is performed using the same key. It has been chosen as encryption for the AAC audio stream because it generally executes much faster than an asymmetric key algorithm. It is assumed that the key size will generally be quite small for performance issues.

However it can be prone to many security attacks because the key is shared. A system that relies on a global “secret” is always going to be a risky solution. This was realised when Jon Johansen, a Norwegian ‘hacker’ eluded the DVD copyright protection mechanism (CSS), which also relied on a similar idea. It can be concluded from this that symmetric key algorithms like Rjindael are quite unsuitable for distribution mechanisms like FairPlay.

MD5 (Message-Digest algorithm 5) is a 128-bit cryptographic hash function that is widely used in the commercial world. It is used by DRM systems such as FairPlay to ensure that downloaded content has not been tampered with in any way. MD519 uses a form of redundancy checking whereby the checksum of the downloaded content is compared to a public checksum from a trusted source. This is done verify the integrity of the downloaded content.

It was established this year (2004) that the MD5 algorithm is breakable and its attack took approximately one hour on an IBM P690 computer (because the hash is 128 bits in length a brute force attack could be adopted, as it is small enough to do so). It was actually a collision attack that exposed the weaknesses with the algorithm. A collision attack on MD5 is a reverse engineering process in which, given the cryptographic hash as output, the inputs can be found.

18_{Formulated using the description given at:}_{http://www.asleep.net/blog/Daeken/2004/08/25/316/} 19_{Please refer to}_{http://en.wikipedia.org/wiki/Md5}_{for pseudocode of the MD5 algorithm}

(13)

11

5.1.3 Circumvention of FairPlay (PlayFair)

It was because of the weaknesses within the two encryption methods that spurned a reverse-engineered application named PlayFair which got around the DRM restrictions placed upon tracks by iTunes through FairPlay. An overview of the PlayFair20 process is as follows.

The content can be split into a number of sections.

A combination of these sections will yield a result that will match a global user key.

The MD5 hash of a particular section will result in a byte-pattern, which used in combination with the user key and the Rjindael-128 algorithm will decrypt the file.

The raw information of the audio stream can now be perceived and all DRM restrictions are removed.

5.2 E-books

E-books are, “an electronic edition of a physical book”. They are available in various formats21. This section of the report concentrates on the e-Books distributed by Adobe. Adobe E-books differ from standard pdfs as they are protected using Adobe’s DRM technology employed within the Adobe Content Server, and can only be viewed through Adobe’s freely available Adobe Reader 6.0.

The Adobe Content Server and Adobe Reader are based on the Electronic Book Exchange (EBX) system. This system has been developed by the EBX working group and consists of two models

The Functional Model Trusted Model

5.2.1 The EBX System

This system has been developed to ensure that electronically produced content cannot be use in an unauthorised manner throughout its lifetime. “The EBX system utilises symmetric and asymmetric encryption and certificates in enforcing the rights and protecting the content copyrights. The content is protected with encryption”22

20_{A more detailed algorithm can be found at http://www.asleep.net/blog/Daeken/2004/08/25/316/} 21_{Further Details of Formats can be obtained at:}_{http://www.e-Bookmall.com/choose-format/}

22_Source:_{http://www.tml.hut.fi/Studies/T-110.501/2001/papers/tommi.komulainen.html}_{(majority of the content within this}

(14)

12 5.2.1.1 The Functional Model

Figure 6: EBX Functional Model23

The above diagram provides an overview of the EBX Functional model. It displays the communication that takes place from the publishing stage through to delivery to the consumer. The communication between different elements is authenticated using The Trusted Model. The functional model consists of three main aspects:

Publishing – In this phase, the publisher uses a product from an EBX licensed vendor in order to encrypt the pdf. The outcome of this phase will be an encrypted pdf file known as the content file and an accompanying voucher, details of the encryption techniques employed are provided below. Once the files have been encrypted they are uploaded to the publisher’s EBX server ready to be downloaded by a certified vendor/distributor.

 Encrypted Content File: The original pdf file is encrypted using a symmetric cipher that uses a random key which is itself encrypted using the publisher’s public key. The key used to encrypt the pdf is used to create a template for the voucher and is included within the voucher. At present the EBX standard recommends the use of 56-bit DES for the encryption of the content, however other algorithms such as 40-bit RC4 or 3DES can be used.

 The Voucher: The voucher is the digital object which must accompany the e-Book in order for it to be read. It contains the decryption key and the permissions for the encrypted content file. The decryption key held within the voucher is encrypted using the public key of the voucher’s owner. When it is transferred to an authentic party it is decrypted using the voucher owner’s private key and then re-encrypted using the recipient’s public key.

The EBX standard recommends the use of 1024 bit RSA for encryption of the decryption key.

(15)

13 The voucher is itself protected using a Message Authentication Code (MAC). The MAC value is “calculated using a keyed hash algorithm (HMAC24) over all elements in the voucher. The document decryption key is used as the key for the HMAC algorithm. The HMAC algorithm is currently only used with SHA-1.

User’s Private Key: The security of this model relies on the fact that the user is never aware of their own private key.

Distribution – Once the files are available on the publisher’ server downloaded from a publisher’s server to a distributor’s EBX server using an ‘EBX Server Administrator’ enabled browser. During this process the publisher uses their private key to decrypt the decryption key. A new voucher is then created consisting of the permissions for the distributor including the copy count which determines the number of copies they are allowed to sell. The decryption key is re-encrypted using the public key of the distributor and included within the voucher. The content file remains encrypted in the original manner, both the voucher and content file are transmitted to the distributor server.

Delivery to Consumers – A registered EBX reading system is required to read the encrypted content. When the file is downloaded the decryption key is decrypted using private key of the distributor. A new voucher is created containing the permissions for the consumer and the decryption key is encrypted using the consumer’s public key. The file is then transferred to the consumer. When the user wishes to read the content the private key provided to their registered reader will be used to decrypt the content. This is the fundamental flaw within this system, as private key resides on the user’s computer and could be located by a determined attacker. If the private key is compromised the attacker would able to remove all DRM measures employed on the protected content.

5.2.1.2 The Trust Model

The EBX system consists of several different vendors, distributors and publishers. In order to ensure that they can trust each other and ensure that secret information is not disclosed, an authentication mechanism of trust services known as Public Key Infrastructure (PKI) is used.

PKI is a mechanism for vetting and vouching of third parties. It works in the following way

Users are issued with public and private key pairs. The private key is used to encrypt the certificate and the public key is used to decrypt the certificate.

The above mechanism works on the principle that a reputable organisation issues the public and private key pairs.

PKI mechanism uses the X.509 v3 certificates because these certificates are associated with the X.500 standard which provides a strong hierarchical structure. The diagram below depicts the structure of the overall EBX Certificate Authority (CA) Architecture. These certificates contain the maximum level of security of the vendor or unit, discussion of these security levels is out scope of this document.

24_{HMAC – Has Message Authentication Code – A message authentication code calculated using a cryptographic has}

(16)

14 Figure 7: EBX Trusted Model25

The EBX root authority will issue a certified vendor such as Adobe with certificates containing their allocated public and private key and certify them as a suitable certification authority. Adobe will then be able to issue certificates containing public and private pairs to the Adobe Content Server and Adobe Reader.

5.2.2 Adobe Implementation of EBX Standard 5.2.2.1 Adobe Content Server

This is a web based system that allows providers to protect their electronic content using various services that control the distribution of the e-books from inception to the procurement. Listed below are the components that facilitate the secure deployment, for this report the Book Preparation Service is of most interest.

Book Preparation Service – This is used by the content providers to encrypt and specify the rights available for the user. These are then stored the on the Abode Content Server and are made available for distribution.

Distribution Service – This service is used by the publisher or distributor to vend the e-Books to approved clients.

Fulfilment Service – This facilitates the distribution of the content, only those parties who have entered works into the Adobe Content servers can run this service.

Library Service: Allows e-Books to be borrowed from online libraries.

The diagram below depicts the interactions between the different elements of the Adobe Content Server

(17)

15 Book Preparation Procurment ODCB Complaint Database Fulfilment Distribution Library Customer Content Server Patron Bookstore Library

Figure 8: Adobe Content Server Components26 5.2.2.2 The Book Preparation Process

The process of Book Preparation is the stage where the DRM elements are added to the standard pdf. The process is as follows27

1. Create an entry for the e-book and supply some metadata about the book 2. Upload the unencrypted e-book

3. Specify the rights of the consumer to sell, give, lend, copy and print the e-book

4. Package the e-book consisting of a voucher, the actual content, and upload it to the database ready for distribution.

5.2.2.3 Viewing the Content

The content distributed through the Adobe protection system is only readable through Adobe Reader which must be registered with Adobe (who will issue an X.509 v3 certificate with a public and private key combination), this locks eBooks to the registered software. The reader contains an EBX handler which performs the content decryption internally. This handler provides assurances to the EBX system that the user is authorised to view the content in a specified manner.

5.2.2.3.1 Decrypting Content Key within the Voucher

Interim key calculation from hardware IDs

CPU ID+ Volume ID

CPU ID+

Volume ID SHA1SHA1

mor.dat file mor.dat file son.dat file son.dat file Voucher Voucher RC5 Decrypt RC5

Decrypt _DecryptRSA RSA Decrypt

Private RSA key

Private

RSA key Document_key Document key Interim key Interim key Interim key Interim key _DecryptRC5 RC5 Decrypt Fixed key Fixed

key Interim_key Interim

key Interim key calculation

from hidden copy

Document key calculation

Figure 9: Process of Decrypting Content Key28

26_{Adapted from: Adobe Content Server 3.0.1 User Guide}

27_{The process assumes that the party concerned has already registered with Adobe Content Server} 28_{Source: Dimitri Skylarov’s presentation to DEFCON 9 in 2001}

(18)

16 In order to lock down the Adobe Reader to a specific computer an interim key is calculated using one of two mechanisms shown in the top half of the diagram

CPU ID and Volume ID of hard disk are combined and hashed to obtain a key which is used as the interim key.

Use a fixed key which is allocated at the time of registration to decrypt the contents of the ‘son.dat’ file (included within the reader) using RC5 decryption in order to obtain the interim key.

Once this interim key is obtained it is used to decrypt the contents of the ‘mor.dat’29 file. The outcome of this will be the Private RSA Key. The Private RSA key is then used to decrypt the decryption key of the content file held within the voucher. This decryption key will then decrypt the content.

5.2.2.4 Circumvention

Adobe’s system was beaten by an individual named Dimitri Skylarov who worked for a Russian based company known as Elcomsoft. Adobe’s Reader used Rot13, FileOpen and SoftLock security handlers. Dimtri Skylarov identified that these plug-ins contained fundamental flaws that allowed the security of e-Books to be compromised; he was put in jail for his efforts. Below is a list of the flaws he found

 “The standard security handler uses RC4 stream cipher encrypting file content with a unique encryption key. The encryption key is encrypted and stored in the PDF file’s encryption dictionary. Either the user password or owner password can recover the encryption key and decrypt the file content. The passwords can be found by enumerating all possible combinations.”30

 “Rot13 security handler is very weak. It encrypts all documents with a fixed key. The key is stored in the plug-in and can be found easily.”31

 “FileOpen security handler uses variant keys, but all the keying materials are contained in the encrypted document. Attackers can easily reconstruct the keys.”32

E-Book Pro Compiler inserted constant bytes within bytes of the text33

.

The Engineering Manager for e-Book Development Group at Adobe Systems Incorporated highlighted another recent pitfall. He “advised that it is possible to back up a collection of e-Books from one computer and restore them to a different machine by making use of a back up feature built into the Adobe e-Book Reader”34 This process worked as follows.

1. Make a copy of the 'Data' folder (including 'Vouchers' subfolder) 2. Install Adobe e-Book Reader on another machine

3. Restore the 'Data' folder over the corresponding 'Data' folder in your freshly installed Adobe Acrobat e-Book Reader

4. Open Adobe Acrobat e-Book Reader and attempt to open one of the e-Books. You will receive the following message:

Update Reader

29_{Details of the son.dat and the mor.dat file could not be obtained} 30_{Source: Analysis of eBook Security by Guoyou He}

31_{Source: Analysis of eBook Security by Guoyou He} 32_{Source: Analysis of eBook Security by Guoyou He}

33_{Source of Information: http://news.zdnet.com/2100-9595_22-530420.html?legacy=zdnn} 34_{Process Info and Quote from:}_{http://seclists.org/lists/vuln-dev/2002/Jul/0389.html}

(19)

17 Voucher Update Required (Version 2.2 Build 203)

You will not be able to read your e-Books until you update your installation of Acrobat e-Book Reader.

Please contact Adobe Systems Customer Support at http://www.adobe.com/suport/[...] for assistance in completing this update.

Challenge: E7P6 4K2D 7MU3 VUDT

5. Ring Adobe, quoting the Challenge code, then receive an Activation code. e-Books can now be reopened.

The activation code can be easily obtained for any given Challenge without calling Adobe. Here is how Adobe Acrobat e-Book Reader verifies the Activation code:

1. The 'Challenge' is being encrypted using popular symmetric block cipher; the encryption key (actually, there are two keys: one in Reader 2.1 and older, and another in Reader 2.2) is constant and stored inside the Adobe e-Book Reader executable.

2. Encrypted 'Challenge' is being hashed using another popular algorithm.

3. First 10 bytes of the hash value (converted from binary to text using MIME-like encoding) is the proper Activation code -- the Reader just compares it with the one entered to the Reader. The details (the names of the ciphers, and the encryption keys) are not provided here for security reasons.

There are no known fixes for this at present.

6 DRM through Trusted Computing

If we refer back to the initial conceptual model that encompassed DRM objectives, it can be agreed that the model architecture is based on sound principles, but it is the implementations of the architecture such as FairPlay and Adobe EBX that have proven to be comprised. These weaknesses are mainly being identified in the Content Management area of the model. If the content is not secure enough, and if ‘weak’ security mechanisms (encryption methods) are being employed to maintain integrity then it will be possible for individuals to obtain the content and remove any restrictions placed upon it.

If the content can be retrieved then it can also be distributed freely to other parties over file-sharing mechanisms. It is felt that true integrity can only be achieved through Trusted Computing. This concept could solve the problems related to current methodologies.

6.1 Introduction

This section of the report will focus on the technologies proposed by the TCG (Trusted Computing Group). The TCG is an initiative spearheaded by Microsoft, Intel, AMD, etc. in an attempt to make computers more secure, there are currently two hundred companies involved. This approach utilises both hardware and software technologies. The architecture makes inroads to solve the DRM dilemma. Open source is very different consideration, "Making DRM in Linux secure would be like winning a hand of poker against someone who can change all the playing cards at will,"35 HP are developing a commercial version of Linux that would be trusted computing compliant to the existing Linux platform. This version would however not be strictly Open Source.

This section outlines the failures of the existing models before describing the Trusted Computing architecture. Specifically the NGSCB (Next Generation Secure Computing Base) implementation of TC will be outlined.

(20)

18 6.2 Existing software

There are a number of key flaws in the current state of security when attempting to enforce DRM. These flaws can essentially be narrowed down to the existing operating systems.

Mandatory Access Control (MAC) is not enforced. This is a mechanism that restricts the access of user programs to some predetermined policies, which cannot be altered. These policies are issued by an entity known as a reference monitor. At present hackers are able to execute malicious device drivers at the kernel level, which allows them can access all resources, such as memory locations of other processes. Signed codes and cryptographic solutions based on this current architecture will not work, this has been portrayed in the previous examples.

Current OS do not enforce the ‘least privilege’ security principle, which is essentially where a minimal amount of access rights are required to complete a task. Windows currently issues access rights based on ID of which there are two types of users; super-users and normal-users. Processes that are executed in memory at present are not isolated from others. Hackers currently

exploit this flaw, to compromise cryptographic keys and program data. 6.3 Existing hardware

Currently hardware devices in PCs do not place any restrictions, as regards to restricting access to resources. Hackers exploit this flaw, using methods such as bus mastering36 and buffer overflow attacks37. Applications OS Extensions Kernel 0 Device Drivers 1 2 3

Figure 10: The Ring architecture employed by the Intel 0x86 processor38

From the CPU perspective Intel had designed and implemented their CPU with security in mind. This architecture is MAC enabled, however the previous Windows OS have not utilised this. They only utilise ring 0 and ring 3. As mentioned before this gives rise to two types of user, one which can work on the kernel level and the other on the applications level. As a result Intel is extending their architecture in line with the trusted computing model, which is known as the Lagrande project.

36_{Attackers exploit the bus architecture in which controllers can communicate with devices without using the CPU.} 37_{This is where an attacker exploits program code space in memory to overwrite the memory with arbitrary code.} 38_{Adapted from: eprints.qut.edu.au/archive/00000515/ 01/Reid2005-AISW-DRM-TrustedComputing.pdf}

(21)

19 6.4 Trusted Computing Architecture

A brief outline of the key elements within this architecture is described. The protocols specifically implemented by the NGSCB are then illustrated, to show how the infrastructure works.

6.4.1 Trusted Platform Module (TPM) a.k.a Fritz Chip

Figure 11: A component level diagram of the TPM39

The TPM is hardware that will be attached to each PC, PDA, etc. The TPM is the end point of communication and thus will be designed with security in mind. The TPM will be made tamper-resistant. The primary function of the TPM is to provide cryptographic operations. The TPM holds a unique Endorsement Key which is installed at the time of manufacturing. This key provides a mechanism to identify a particular TPM. There are a number of components within the TPM which will be discussed in this report. These will ensure that DRM will be viable.

The Platform Configuration Register (PCR) generates, ‘a chain of trust’ for any platform. It has been designed to use the secure SHA-1 hashing algorithm. Its workings are as follows:

PCR[i] = PCR[i] + SHA1(measured data)

It takes some arbitrary data measure regarding the systems state, such as program code and extends the hash of its registers. This information is stored in the Stored Measurement Log (SML) and used when the system is challenged for integrity. This will guarantee the integrity of state information for a system.

The RSA Engine is used for signing and performing encryption/decryption. It utilises the Endorsement Key (private key) for decryption. The proposed key size is 2048-bit, this falls in line with current recommendations, rendering brute force attacks with current technology intractable. The TPM will support both symmetric and asymmetric communication.

There are many keys, which are used in this model, (Endorsement Key, Attestation Identity Key, Storage Root Key and more) these are generated using a hardware-based method, conforming to the FIP 186 standard40. This protocol ensures that keys that are generated are pseudo-random and relies on the intractability of the underlying number theory problem.

39_{Adapted from: https://www.trustedcomputinggroup.org/ downloads/TCG_1_0_Architecture_Overview.pdf} 40_{http://www.itl.nist.gov/fipspubs/fip186.htm}

(22)

20 6.4.2 Attestation Protocol

The attestation protocol is a multi-tier process, which involves both hardware and software. The OS, applications etc. are all attested to create a platform of trust.

Figure 12: Sequence Diagram which shows the attestation process41

For the purposes of this report and how the TC model relates to DRM, the high level diagram in Figure 12 will suffice. Essentially the process provides the information which reside in the PCR, the SML and platform credentials to a remote challenger. This information is signed by the TPM to ensure only that particular platform can use it. A private Certificate Authority is used to certify communicating parties as authentic. The remote server can then analyse the information to verify system integrity to allow for any subsequent communications.

6.4.3 Sealed storage

The concept of sealed or protected storage is to provide data confidentiality. This mechanism makes use of the Storage Root Key, which is stored in the TPM. This key is ‘non-migratable’ and locked to each TPM. This key will primarily bind other cryptographic keys (session, signature) to given system state configurations and only releases the keys if configurations remain intact. BLOBs42 are used to ensure keys are bound to a particular TPM. This mechanism is to be used to protect keys which are used by TPM, but not necessarily stored locally.

This mechanism is to be used only to seal keys, due to the slowness and low cost considerations of the TPM. These keys can then be used to protect large files. This would alleviate the TPM from becoming a bottleneck. Also this mechanism can enforce the TPM’s cooperation to access data. This could be utilised to only allow access to data if the system in a certain state as mentioned.

Objects stored using Protected Storage can have authorisation information. Objects can be used and/or migrated. The details of this mechanism were not available at the time of writing. It is the functionality itself, which is of interest to the authors because it has implications for DRM. Application vendors could set data to be usable only effectively stopping content distribution.

41_{Adpated from: https://www.trustedcomputinggroup.org/ downloads/TCG_1_0_Architecture_Overview.pdf} 42_{Binary Large OBject, the keys will be stored in an encrypted database using the TPM private key.}

(23)

21 The descriptions about the various mechanisms given above are rather crude and the reader is encouraged to refer to the references for much more detailed information. As the focus of this report is DRM the remainder of this section will describe the NGSCB platform to see how the underlying

technology will enforce DRM. 6.4.4 NGSCB

A brief outline of this architecture is provided and a dummy example will be used to show that the architecture will provide DRM.

This architecture proposed by Microsoft, exploits the mechanisms explained above. The report will now outline exactly how those mechanisms will be utilised to enable a ‘platform of trust’. The proposal at its present state of evolution will allow users to ‘opt-in’ to TC mode. The user is able to run their existing OS and opt to TC when they require.

6.4.5 Nexus

The Nexus is the new proposed TC kernel which will execute as a separate kernel along with the existing OS kernel. This will entail running at level ‘-1’ on Figure 10. Nexus will contain a security reference monitor which will enforce MAC, in conjunction with sealed storage. It will interact directly with the TPM by calling its functions on behalf of TC software applications. The kernel will also interface with the existing OS kernel and provide access to hardware. All applications, that are written for existing OS will need to be modified to support Nexus.

6.4.6 Hardware Interface

All hardware interfacing with the PC will have a ‘secure path to the user’. This will entail upgrading existing motherboards and chipsets, processors, and other I/O devices. All vulnerable hardware devices will be given validation credentials. A validation credential is measure, which is pre-installed on the device by the manufacturers when it is believed to be functioning correctly, this measure will be used to attest its ‘trust ability’. Typical pieces of information include manufacturer name, component model number etc. All I/O will be encrypted using 3DES (using 168-bit block cipher encryption), when in nexus-enabled mode.

The processor and chipset will support Nexus-enabled/disabled modes. They will provide ‘DMA exclusion’ limiting accesses to certain areas in memory. They will allocate and mark memory pages as ‘trusted’ and only Nexus will have access to them. This will provide strong process isolation, such that any other software running on the system will not have access to the data. Further to this the Nexus kernel will isolate the trusted applications to their own memory space.

To prevent users grabbing the content of the screen, graphics adapter memory will be curtained. Also applications will run in ‘Trusted Windows’ which not be allowed to overlap (as software can be used to grab their content). This can be primarily seen to secure the rights of artistic works and documents. All these measures stop attackers from snooping, spoofing and intercepting data.

Example Software Interface

1. Boot sequence to ensure ‘trust’

2. The PC performs a soft boot, to initialise Nexus

3. The PCR (Platform Configuration Register) stores a hash of the boot information 4. All hardware is set to run in their nexus enabled mode

(24)

22 5. DMA exclusion mechanism initialised

6. Curtained memory 7. Sealed storage activated 8. Secure path to user started

9. The nexus device driver is loaded into curtained memory.

10. Code identification of the Nexus driver is performed, by hashing its memory content. This is appended to the PCR.

11. Nexus then loads atomically to ensure no external entity can modify the process.

12. The system is now ready for applications to be loaded. Every time an application is loaded its information is stored in a log and its hash is taken and the PCR hash value is extended. This information is then used in the attestation protocol to verify integrity.

13. The user loads an application or ‘Nexus Client Agent’. This will have its own memory allocated and this memory is only accessible by that particular agent, ensuring strong process isolation. Each NCA will be code identified and will be marked as ‘trusted’ if verified through attestation. 14. The user attempt to perform some security critical task with the application, for example

purchase online.

15. The user enters any application authentication details, such as a password. This would use the secure path to user protocol, thus deemed safe.

16. Application accesses sensitive details through sealed storage.

17. The client requests attestation measurements from a remote server, to ensure the remote server is genuine. The server could attest user’s measurement too.

18. Content is transferred over a secure channel. 6.5 Implications for DRM

All the current circumvention methods would be rendered obsolete with this architecture. The architecture described will enable content providers to verify the integrity of any PC, through he attestation protocol. Once the provider is happy with the configuration of the computer, only then will content providers release music, documents, etc.

All data sent to a computer will contain restrictions, this will allow the content providers to utilise the TPM to lock the content to that specific platform, thus effectively stopping the distribution of the content. The sealed storage mechanism will ensure to content providers that all the content is securely stored locally.

At present this model has an Opt-In mechanism, if application vendors do not modify their programs to support Nexus, all the existing problems would continue to occur on the existing operating systems unabated. This implies that all the security and DRM mechanisms can only be successful with its widespread use.

6.6 Circumvention

The aim of circumventing this architecture has specific goals: -

1. Copy a piece of content so that it runs on a processor for which it was not intended. 2. Obtain values of instructions, static data or dynamic data of the program.

3. Modify the execution of a program in its compartment without being detected.

In trying to achieve their goals, the adversary may try several different strategies. These include: 1. Obtaining the master secret or private key of TPM.

2. Obtain compartment key of a program.

3. Read some instruction or data values inside a compartment.

(25)

23 5. Randomly alter instruction or data values inside a compartment.

6.6.1 Hardware attacks

Monitor the electric signals on the processor, using techniques such as IBM’s Pica system, power analysis techniques, and differential fault analysis. Most of these attacks would require expensive equipment.

Hackers can utilise scan technology. Scan is used for debugging chips. The chip can be placed in a special mode where the registers on this chain can be observed. It is proposed that the TPM is going to be embedded into the CPU in the future.

Acoustic sampling attack, Adi Shamir and Eran Tromer believe this technology could be used for crypt-analysing the CPU functions.

6.6.2 Software attacks

Possibly reverse engineer and simulating the ‘NexusMgr.sys’, gaining access to content. As a hash of the kernels content is taken it can be verified in the attestation process thus rendering a successful attack highly improbable.

Denial of service attacks could be performed, such as flooding the DMA channel for requests stopping Nexus functioning, these have be acknowledged by Microsoft.

As the TC model is opt-in existing Trojans, viruses, will continue unabated in the existing OS. If the user does not use the TC mode to perform data sensitive processes, then existing attacks will continue as normal.

It can be concluded that both hardware and software attacks are unlikely to be effective. BORE (Break Once Run Everywhere) is not applicable in this model and every system will have to be successfully attacked to break the architecture.

TC security is virtually impregnable, only a weak implementation of the architecture will give rise to these flaws. The authors believe that the NGSCB is a strong implementation. To attack such a system will require a very detailed knowledge of all the technologies used and the cost of ‘hacking’ the system is huge. The authors are of the opinion that TC will eventually be used widespread, it is already used somewhat in the Xbox and some laptops contain TC compliant hardware. The authors are of the similar opinion of Ross Anderson43. There is already legislation, (‘The Hollings Bill’) in place and if passed will ensure the use of TC, which could result in the end of open source.

This report has thus far analysed the effectiveness of existing and proposed mechanisms to enforce DRM. It has discussed the legislation, which has been passed in support of the idea. The document now discusses DRM as a concept.

(26)

24

7 Discussion of the DRM paradigm

DRM is a highly contentious and controversial issue at the moment and is one that needs to be tackled as soon as possible to stop massive bifurcation of DRM techniques. It is important not only for the computing industry, but also for the music, games, software and film industries. DRM has become a very controversial subject for a myriad of reasons.

This section describes the relative advantages and disadvantages from the perspective of the user44 and the producer45. For the purpose of this report it is assumed that a conceptually perfect implementation of DRM is being used (Trusted Computing is deemed the closest approximation to this).

7.1 User advantages

It is possible that content would become cheaper. This is because at the moment, people who buy or download pirated content are not contributing to the cost of production. Therefore, legitimate users have to pay a higher proportion towards the costs than they should have to. It can be argued that if everybody used content legitimately, the costs would be much more evenly distributed, and the price would therefore be lowered.

From the company’s perspective DRM allows them to distribute content without any concerns for piracy; this may encourage more companies to distribute content online which, for a certain segment of consumers, is far more convenient. This would lead to greater choice. This should lead to greater competition, driving down prices.

There can be guarantees to the users that content is of a certain standard. Although with digital media it is not obvious why this should be a problem; digital data cannot suffer from deterioration through copying. It may, for example be music that has been recorded through a microphone or a film has been recorded by a video camera in a cinema.

At the moment, it is possible for pirates to sell copied content to consumers, who may be unaware that it is not genuine. If all content is certified to be direct from the distributor, users can be certain that the content is authentic.

Corporations can utilise this technology to protect their sensitive content, this will hinder disgruntled employees leaking information. Also with the widespread of removable media and the inherent fragility of these devices, companies can easily safeguard their content through encryption and locking these devices to specific workstations/PCs.

7.2 Producer advantages

Producers would receive more of the money from sales, some of which is then passed on to the content creators themselves. This would provide higher incentive for creators to enter the market.

Because everybody would have to pay for the content they use, producers would receive more profit, which would result in higher dividends for shareholders. It is felt by the authors that this is one of the primary reasons DRM initiatives are being driven with ferocious determination by all the big players in the main media industries.

Money is not the only motivation, if for example, some content is created, it is imperative that it should

44_{By the user we mean anyone purchasing or using content provided by a system involving DRM} 45_{the producer is anyone distributing content through a system involving DRM}

(27)

25 keep its integrity. DRM provides a way to ensure content it is not altered in transit between the producer and the final user. It guarantees that users only receive exactly what the provider intended, rather than something that may be of inferior quality or something modified by a third party. Also with a perfect DRM implementation, producers can be satisfied that the rights to their content will be enforced.

7.3 User disadvantages

If DRM were to be implemented on a very large scale, there is a chance that it would actually slow the Internet down. This is because there could be multiple applications installed on every one of millions of computers, all polling servers in order to update access rights for their respective documents, games, applications, e-books, music files etc. The current trend of increased subscription to broadband could alleviate this problem. However, this reliance on the Internet would render a user very vulnerable to downtime.

Some users may feel, although it is somewhat less tangible; the producer still has power over the consumer, even after money has been exchanged and the good has been purchased. Although this may not signify too much in reality, it is a subtle distinction that some users may feel uncomfortable with. It could be argued that the concept of ownership becomes somewhat distorted. If one purchased DRM'ed content, ‘does he/she own the copy of it, or are they only renting it indefinitely?’ or ‘have they purchased the content or simply the rights to use that content?’

A fundamental problem with DRM is that customers will have to either purchase or update existing software such that it is DRM compliant. This would result in high inconvenience for the user. If the user then removes such software from their system they will lose access to content which they paid for. Rather more tangible is the inevitable slow down of data access. This represents an inconvenience for a home user, who would have to wait longer for content to be loaded, due to increased resource consumption to decode encrypted content. It could be rather more serious in the scenario of a business environment; where keys may be required for all documents, all data is encrypted and access rights need to be obtained at all times. This could result in companies becoming less efficient than their competitors.

Another factor is that the people who will end up paying for the implementation of DRM are, of course, the legitimate users. This is because unless a sound and complete form of DRM is realised, determined pirates will always be able to circumvent it, so the added cost of implementing the system will be passed on to the people who already pay for content. Similarly, not only will they have to pay for it financially, but also in terms of the restriction to their freedom. A current example of this is the StarForce CD protection system discussed Section 4.

A fundamental problem with proposed schemes is that existing hardware will be rendered unusable. As DRM implementations alter standards in order to better suit their needs, more and more hardware becomes unable to read new forms of media. If for example, it becomes impossible to burn downloaded audio files to a CD, then existing CD-based MP3 players will become unusable. One can imagine a scenario where you would need five different CD-players in order to play CDs from all the different music labels, all implementing their own DRM systems. A ridiculous notion!

One can imagine the situation, with all these DRM systems around the house; in your TV, DVD player, computer, each one recording all of your social habits and potentially sending them back to a master server. It depicts a ‘big-brother’/surveillance styled society and these issues must be heavily regulated.

(28)

26 7.4 Producer disadvantages

Many people download illegal content from the Internet in order to ‘try before they buy’. Many people will potentially purchase the CD based on their evaluation of the music. In this sense, free downloading of music can be seen as opening new markets, as people have the freedom to experiment with different products before committing themselves to purchasing anything.

Market share could be affected by DRM mechanisms. Microsoft Windows, for example, currently enjoys a very large majority share of the operating system market, despite competing with operating systems such as Linux that are available for free. This will only hold as long as a certain ‘critical’ percentage of the population uses Windows. This is assisted by ‘the Chinese’ who use the Microsoft products but do not pay for them. If Microsoft were to enforce DRM to make everybody pay for it, most of China would probably switch straight to Linux, which would make Linux far more attractive and before long the critical prevalence Windows currently enjoys would deteriorate.

Companies can often gain a bad image due to over-pursuing DRM initiatives, for example the RIAA46, the BPI47 and the MPAA48, have been suing people (including young children in some cases) accused of file-sharing copyrighted material for some time now. This has damaged their image along with the corporations which support them.

There are a myriad other of reasons why the concept of DRM could be viewed in a negative light. Producers will incur extra cost for research and development of DRM systems. Consumers can decide to boycott a product which is deemed to be too intrusive and restrictive. The concept itself is not clearly defined, thus from a legal standpoint is hazy.

7.5 Conclusions

DRM has been developed because both copying and distribution of content without loss in quality has become incredibly easy. This has been due to the proliferation of digital media and the Internet. The old paradigm of repetitive copying being like Chinese Whispers no longer applies.

File sharing systems have resulted in anybody with an Internet connection, being able to distribute vast quantities of illegal content to other users. This has resulted in industries that were previously the sole supplier of such content; finding they having to compete directly with the pirates. A position they consider untenable.

Companies have tried many DRM methods to protect their content from unauthorised use. As the report shows, current solutions are fundamentally not resistant to circumvention thus provided only temporary solutions. Because of these failings companies have resorted to legislation, such as the case with Dmitri Sklyarov.

The authors believe Trusted Computing (TC) to be the only viable solution to the problem. The essential factor that makes TC so much more likely to work than existing solutions is that it employs both hardware and software methods to make systems ‘trustworthy’. TC will however pose many social problems, such as possibly ending the 'open computer'. If industries decide to follow this route, they have to be very careful it does not alienate users.

The report has shown that DRM, as a concept, suffers from many pitfalls. The most damaging is that

46_{Recording Industry Association of America} 47_{British Phonological Institute}