Cryptogram: Palladium Only for DRM

Thu Sep 19 20:36:50 EDT 2002

Hi Nomen

I am sending to crypto only as I am not on any of the other aliases you sent
to. Feel free to fwd.

How about "hacked" instead of "broken"? Broken implies that a machine
doesn't work; hacked implies it has been changed somehow but that it still
works. Let's say that a hacked Pd machine is a machine whose root keys have
been discovered through any means outside of the security model for that
machine. So a machine designed to give up its keys or to take keys in from
an outisde source isn't hacked. A machine whose security model includes
protecting the keys from everything, but whose keys have become known, is a
hacked machine. I can certainly imagine situations where Pd will be on a
hacked machine and won't know it.

Once the machine has been hacked, a user (or process, or piece of SW, or
whatever) can unlock all secrets which use the local keys as root keys. So
the symmetric keys used to protect a given piece of data would be
compromised, and all data which uses the same symmetric key can now be
unlocked. Rather than having to hand someone data, you could hand them keys
(presuming they have the data already). The "less global" a secret, the less
vulnerable it is to key hand-offs, but if more than one existence of
something is protected by the same key, that key represents an easily
distributed attack.

Even in cases where a given piece of data is secured with a unique key or
keys, once you have hacked those keys (or more likely the root keys used to
gen those keys) you can decrypt the data itself.  If all data in the world
only existed in Pd virtual vaults and was encrypted using different unique
keys, the data itself is still it's own secret. You can still extract
everything in Pd via a HW attack. Now rather than hand off the keys, you
hand off the data.

How is this BORE resistant? The Pd security model is BORE resistant for a
unique secret protected by a unique key on a given machine. Your hack on
your machine won't let you learn the secrets on my machine; to me that's
BORE resistant. Any use of Pd to protect global secrets reduces the BORE
resistance for the information protected by those secrets.

Only the Pd nexus (sorry, new name for the nub, er I mean TOR, er I mean
secure kernel, ...) knows each applications secrets, and it protects those
secrets from everything else absolutely. The nexus won't analyze data and
decide if it should or shouldn't be there; no Pd DRL's. (A DRM scheme on top
of Pd could enforce DRL's for content within its own vault, of course, but
it can't cross the vault boundary to try to enforce a DRL in someone else's
vault.) The goal is to protect data for whomever is asking for protection,
and to keep that data secure for that application. (I must note that we are
basing our design on existing US law. Should the law change and require
different behaviors, or should other countries require different behaviors,
we will need to find a way to comply.)

Palladium systems won't seek out and destroy anything, either locally or
remotely. Additionally the nexus has no understanding of what "legitmate" or
"illicit" means, so Pd really couldn't do this if it wanted to (it doesn't).
Data will be protected by Pd (in memory; on disk). Only applications with
the right hash (or those named by the original hashee) can access any given
piece of data.

P

----- Original Message -----
From: "Nomen Nescio" <nobody at dizum.com>
To: <PeterNBiddle at hotmail.com>; <cryptography at wasabisystems.com>;
<cypherpunks at lne.com>; <DMCA-Activists at gnu.org>;
<DMCA_Discuss at lists.microshaft.org>; <fairuse-discuss at mrbrklyn.com>
Sent: Wednesday, September 18, 2002 5:10 PM
Subject: Re: Cryptogram: Palladium Only for DRM

> Peter Biddle writes:
> > Pd is designed to fail well - failures in SW design shouldn't result in
> > compromised secrets, and compromised secrets shouldn't result in a BORE
> > attack.
>
> Could you say something about the sense in which Palladium achieves
> BORE ("break once run everywhere") resistance?  It seems that although
> Palladium is supposed to be able to provide content security (among
> other things), a broken Palladium implementation would allow extracting
> the content from the "virtual vault" where it is kept sealed.  In that
> case the now-decrypted content can indeed run everywhere.
>
> This seems to present an inconsistency between the claimed strength of the
> system and the description of its security behavior.  This discrepancy
> may be why Palladium critics like Ross Anderson charge that Microsoft
> intends to implement "document revocation lists" which would let Palladium
> systems seek out and destroy illicitly shared documents and even programs.
>
> Some have claimed that Microsoft is talking out of both sides of its
> mouth, promising the content industry that it will be protected against
> BORE attacks, while assuring the security/privacy community that the
> system is limited in its capabilities.  If you could clear up this
> discrepancy that would be helpful.  Thanks...
>

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com