Enterprise Right Management vs. Traditional Encryption Tools

Jon Callas jon at callas.org
Sat May 12 00:50:38 EDT 2007


On May 9, 2007, at 5:01 PM, Ali, Saqib wrote:

> Hi Jon,
>
>> Rights management systems work against polite attackers. They are
>> useless against impolite attackers. Look at the way that
>> entertainment rights management systems have been attacked.
>> The rights management system will be secure so long as no one wants
>> to break them. There is tension between the desire to break it and
>> the degree to which its users rely on it. At some point, this tension
>> will snap and it's going to hurt the people who rely on it. A
>> metaphor involving a rubber band and that smarting is likely apt.
>
> What about DRM/ERM that uses TPM? With TPM the content is pretty much
> tied to a machine (barring screen captures etc)
>
> Will ERM/DRM be ineffective even with the use of TPM?
>
> Thanks
> Saqib Ali

Your comment of barring screen captures etc. is a bit like saying  
that won't a bank be safe from robberies barring someone waving a gun  
in a teller's face, etc. Yeah, sure, but doesn't that kinda miss the  
point? DRM works if the attackers are polite. The less polite they  
are, the less well it works.

DRM systems for media are probably more immune to "analog hole"  
attacks ERM systems. Imagine that someone ERM protected an email  
showing things that Gonzales couldn't remember when he was testifying  
to Congress, or in some stock scandal, etc. A photo of a screen with  
a cell phone camera would be sufficient. We have not (yet) seen an  
attack where someone got a pre-release of a movie and then pointed a  
camera at a laptop screen, but we will.

If you add in a TPM, it depends entirely on how impolite the  
attackers are, as well as the construction of the TPM. One of the  
recent attacks against AACS involved the attackers unsoldering the  
chip and attacking it directly. That's pretty rude, but it worked.

If someone is so impolite that they'll put the TPM chip under a  
scanning electron microscope, they can probably just read the bits  
off. Very few smart cards can survive that.

Remember, this is all a trade-off between the cost of the device and  
the devotion of the attacker. TPM chips have to be very cheap,  
because the customer is ultimately paying for it. That means its  
defenses can't be very thorough. Furthermore, while the owner of the  
device is the attacker, you can't afford very many defenses. If a  
music player, for example, went DOA because it it was dropped, went  
over/under temperature, and so on, it would be a financial nightmare,  
as you probably have to replace them under warranty. People who hate  
DRM would buy devices, monkeywrench them, and then demand a refund.

ERM systems have the advantage that in general the attackers are more  
polite. More people want to break AACS than rights-controlled analyst  
reports. However, once something really juicy happens, like just  
needing the content registration key for a document that will get a  
politician in jail -- well, plenty of people can hack that. Now, all  
of a sudden, the attackers won't be polite, and that metaphor I made  
about a rubber band snapping will seem modest.

Really, you're much better off with real crypto and personnel policies.

	Jon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list