WWW/Internet - Portal do Software Público Brasileiro

ISBN: 978-972-8939-25-0 © 2010 IADISsimple. A fast solution is to revoke the compromised device [Grimen-DRM1], but this may not be verysatisfying to the end user.The software-based protection task touches on many aspects: “intellectual property protection”,preventing a software hacker from extracting sensitive information via reverse engineering or static andbehavior analysis, and controlling the use of digital media. All protection mechanisms provide “short-termprotection” [Maña-Framework].Apple's DRM solution is built on a software-based tamper resistant approach; it depends on hiding arepository key in a secret algorithm embedded in the iTunes application. This repository key is needed todecrypt a user key stored in the user side, the user key is needed to decrypt a master key, which is needed todecrypt the corresponding protected media file. The whole idea of the protection mechanism depends onmaking this secret algorithm hard to expose. This called security via obscurity. This method did not survivebecause an attacker was able to reverse engineer the iTunes application and extract hidden secrets such as thesecret algorithm. For more details see [Grimen-DRM1, WWW-FairPlay].Microsoft DRM is another example of a software-based controller used to control protected media. Itdepends on keeping a blackbox file hidden from the end user. This blackbox contains the client key, which isgenerated in the individualization of the user's blackbox. This key is stored in a scrambled form andtheoretically is hard to extract. This key used to cryptographically bind the license file with the user’s DRMenabledapplication. The license contains the content key that is used to encrypt the content media. Thissolution also did not survive, because it depends on keeping the secret hidden from the end user. The enduser has the ability, with sufficient time and tools such as memory dumping and reverse engineering, toextract this information, for more details see [Grimen-DRM1, Req-DRM].A DRM system works in the customer environment. Thus the customer has full control to analyze andreverse engineer the DRM workflow. One way to make the attacker’s work more difficult is to integratehardware tamper resistance with DRM workflow, such hardware is used to embed some protectioncomponents. An example of hardware tamper resistance is using smart cards for authentication purposes orusing set-top-boxes for protecting electronic media. The main problem with hardware tamper resistance isthat it is expensive to integrate with the majority of end-user laptops and personal computers, which are notprepared for DRM purposes. Another way is to integrate software tamper resistance with a renewabilitymechanism. Renewability is a mechanism used to periodically modify the software protection component. Itis hoped that this will be done before the protection component has been compromised. Software-basedprotection is flexible, inexpensive to transfer within a public network and works on different platforms[Grimen-DRM, Grimen-DRM1, Req-DRM 1].Bar-El claims that no security technology can predict or prevent future attacks. Renewing protectiontechnology prevents an attacker from taking advantage of the defects discovered in current protectiontechnology. Bar-El suggests that for a renewable protection scheme, the scheme at least needs to be dividedinto two pieces: a permanent component such as the viewer application and a modifiable component such asplug-in components [Bar-El]. Renewability in the context of the Motion Picture Experts Group (MPEG-4)Intellectual Property Management and Protection (IPMP) extension is accomplished by renewingcompromised tools that are used for authentication, decryption and watermarking of content media [MPEG-4_IPMP, MPEG-4_IPMP2, MPEG_Eval]. As far as we have been able to discover, MPEG does not preventa reverse engineering attack. Jonker et al. suggests that all security systems need to adapt protection systemmeasures to compensate for any attack [Jonker-CoreSec]. Grimen et al. suggest that changing the viewersoftware that is responsible for rendering the content media is equivalent to reconfiguring that viewer, thiskind of reconfiguring of viewer software may be able to detect and prevent any hacker attacks [Grimen-DRM2].Grimen et al. [Grimen-DRM2] proposed a software solution based on periodic renewal of the protectionscheme that is used to control the access to content media. The software-based solution they proposedappeared to be a promising solution, but we have found two attacks against the protocol that they use tocontrol the access to protected media. We will discuss their solution and the attacks in section 2. In Section3, we will give a formal model of the attack. In Section 4, we give a solution to the attack, and demonstrateits security. In Section 5, we offer our conclusions.66