LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A cost analysis of Vista content protection

A cost analysis of Vista content protection

Posted Dec 26, 2006 4:39 UTC (Tue) by csamuel (✭ supporter ✭, #2624)
In reply to: A cost analysis of Vista content protection by i3839
Parent article: A cost analysis of Vista content protection

Ah, but the private key(s) only needs to be in the hardware with its
corresponding public key(s) in the driver. Of course there can be
hardware attacks against the hardware based private key as well, but
that's going to push up the cost of an attack quite dramatically compared
to a software only attack.

This of course assumes that the report about the spec is accurate in that
all that is required is that the driver validate the hardware and not the
other way around.

Attacking the driver to modify its public key will only result in
stopping verification from working, so my guess is that it'd turn into a
DoS attack.

Regarding FLOSS drivers, it would mean that those drivers would have to
be purely reverse engineered if the hardware manufacturers are indeed
contractually bound to not release information about how they work. A
situation that would please Microsoft no end I suspect..

(Log in to post comments)

A cost analysis of Vista content protection

Posted Dec 26, 2006 13:32 UTC (Tue) by i3839 (subscriber, #31386) [Link]

True, but in that case it's the driver checking the hardware, and as we want to replace the driver it's quite easy, as there's nothing stopping us, except some obfuscated binary code.

But if we can so easily replace the MSWindows driver with a Linux one (concerning DRM "protection"), then what would stop people bypassing the DRM from the software side? Nice expensive hardware all for nothing because the software can't keep any key secret... (Even the key on the hardware isn't safe if they aren't very careful.)

Only way to fix the above problem is to pass encrypted data to the hardware with the software not knowing the keys, which is what happens I think. But I don't believe that all those hardware companies and content industry can keep their keys secret. If this is the case, then there's no need at all to be secret about interfaces and drivers information, as all decryption is done by hardware.

Considering the draconian regulations it means they went for a half assed solution which can be broken, and thus will be broken. If the hardware really did all the verification then things would be very simple for the driver, as the only thing that changes would be that the hardware is more expensive and has an extra feature.

Maybe it is a sneaky way to try killing FOSS after all...

A cost analysis of Vista content protection

Posted Dec 27, 2006 23:52 UTC (Wed) by csamuel (✭ supporter ✭, #2624) [Link]

My understanding was that the stated aim of the exercise is to stop
someone writing software that poses as video hardware to an existing
driver because the hardware & driver do a DH key exchange and the driver
encrypts the "premium" content with the exchanged keys.

Thus if your software was able to masquerade as a plug in video card and
did the DH exchange with the driver you would then be able to decrypt
the "premium" content yourself.

A cost analysis of Vista content protection

Posted Dec 28, 2006 15:33 UTC (Thu) by i3839 (subscriber, #31386) [Link]

Diffie-Hellman doesn't protect against man-in-the-middle attacks, so some form of authentication would be still needed. And for that there needs to be keys both in hardware and the driver.

The key in the driver could be replaced with any key the attacker wants, and then the authentication would seem to succeed and unencrypted content would be received by the fake videocard. I don't believe they're so stupid to bet on this...

But maybe they do, as it appears that the driver needs to do checks, and checks can be bypassed, so what the hell are they thinking? If the driver needs to do any checks then the system is broken by design.

A cost analysis of Vista content protection

Posted Jan 23, 2007 10:43 UTC (Tue) by i3839 (subscriber, #31386) [Link]

It seems they were indeed so stupid as this, both Blueray and HD-DVD are cracked because the encryption keys can be fished out of ram. Pathetic.

A cost analysis of Vista content protection

Posted Dec 27, 2006 20:09 UTC (Wed) by allesfresser (subscriber, #216) [Link]

One thing that seems to be missing in all this discussion of how to break this scheme is that in the largest market for PCs (the US), reverse-engineering or 'breaking' it will be completely illegal and very prosecutable, thanks to the DMCA. This will have a significant damper on legitimate free drivers, to say the least.

A cost analysis of Vista content protection

Posted Dec 27, 2006 23:53 UTC (Wed) by csamuel (✭ supporter ✭, #2624) [Link]

Amen.

Very handy for the agendas of both "content" providers and Microsoft.

A cost analysis of Vista content protection

Posted Dec 30, 2006 16:14 UTC (Sat) by i3839 (subscriber, #31386) [Link]

Well, breaking content protection may be illegal, but making a free driver that also honours the DRM surely isn't illegal?

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds