Managing Rights Management

Masabi's Ben Whitaker wrote a most interesting article on Barcode security. Even those readers who don't usually care about such things should have a look; lots of interesting ideas there. Whitaker addresses security and DRM:

Anti-copying using DRM (Digital Rights Management)
However you deliver a barcode, it has to be presented in a scannable format, which means that an adversary can always scan the ticket, and if they want to, change some details on the barcode and create multiple copies without DRM. People that have barcode delivery systems that use or rely on "forward lock" or DRM to prevent the barcode image being sent from one person to another are being blind to the availability of barcode scanners to beat all of their software. Also consider that OMA DRM for forward locking images downloaded to phones places laughably little protection against an assailant armed with such exotic tools as a web-browser and a text editor.

Nate Lawson is a co-creator of the BD+ security layer on Blu-ray. He gave a talk at the recent RSA conference.that covers techniques for attacking DRM. His slides are posted here and are worth reviewing. Lawson writes:

Of course, people in glass houses should not throw rocks. As someone who had a part in developing BD+, I am biased toward thinking a different approach than mere broadcast encryption [e.g. AACS] is the only thing that has a chance of success in this rough world. The first BD+ discs were cracked in mid-March, and it remains to be seen how effective future updates will be. Unfortunately, I can’t comment on any details here. We’ll just have to watch and see how things work out the rest of this year.

2008 will prove whether a widely deployed scheme based on software protection is ultimately better or equivalent to the AACS approach. I have a high degree of confidence it will survive in the long run....

As noted here yesterday, Slysoft claims that it's AnyDVD (HD) 6.4.0.0 software will remove the BD+ security component of Blu-ray HiDef optical discs. When asked for a comment, Eric Rodli, Macrovision's Executive Vice President & General Manager of Entertainment, had this to say via email:

“Macrovision does not comment on specific techniques or procedures that may directly impact the BD+ security technology.  BD+ is a security response system designed to react to security attacks, not prevent them entirely.  As part of this system, updated BD+ security code is continuously developed so that BD+ customers obtain ongoing value from the use of this technology.”

One of the major benefits of BD+ is that it is programmable security. Thus the cat and mouse game between those who apparently encourage piracy and the major studios and their technology partners remains intact.

SlySoft is again claiming that it's AnyDVD (HD) 6.4.0.0 software will remove the BD+ security component of Blu-ray. So far no comment from Sony, Macrovision who acquired the BD+ technology late last year from CRI, or the bdplusllc licensing authority. I've asked Macrovision to comment,  but so far no response.

As I noted back in November, it's entirely possible that the strongest versions of BD+ have not yet been deployed in order to gather information regarding the kinds of attacks that can be successful. This "honey pot" strategy might be a useful defensive tactic against hackers / crackers / pirates.

Wired has a good story on the contribution of BD+ to Blu-ray's besting HD-DVD in the HiDef optical disc format wars.

Sony's victory in the DVD format wars was largely due to its embrace and Toshiba's rejection of a sophisticated anti-copying scheme that promises to be relockable should it be cracked at some point in the future....

Paul Kocher, Cryptography Research's president and chief scientist, thinks HD DVD's decision not to adopt his technology eventually tipped the battle to Blu-ray.

"I don't want to pretend that security was the only thing that drove the content war," Kocher said. "But from a content perspective, I think security is the biggest overhang over the future of the studios and I think they realize that and they are doing what they can to deal with that."

HD-DVD: RIP.

The Register (UK), among others, reports that users who upgrade to QT 7.4 are then unable to edit protected video files using Adobe's Premier and After Effects editing tools.

The error is the result of periodic checks QuickTime carries out on video files for piracy violations. Videos created using Adobe products don't supply the needed headers until the movies are rendered, prompting the overly protective QuickTime to conclude they are contraband that should be barred.

Another example of how not to do DRM. Sigh....

The BD+ licensing authority web site lists three new Asian companies supporting BD+ as adopters. The three were added since last Sunday. This appears to be the single largest addition to the adopter list in several months. The number of movie studios remains one: Fox.

The three new additions are China's Dongguan Contel Electronics Co., Ltd., Hong Kong's Tonic Digital Products Limited, and Japan's VideACE, Inc.  

As has been widely noted, Macrovision is acquiring Gemstar TV Guide. In Friday's conference call to explain the logic of the merger, Macrovision addressed the future role of Self Protecting Digital Content (SPDC) technologies recently acquired from CRI. In the Blu-ray context, SPDC is implemented as BD+.

SPDC is fundamental to empowering our Hollywood studio customers to distribute content securely across a multitude of devices and is complementary to Macrovision's historical businesses. With SPDC we envision the capability of unique security code traveling with each piece of content and interacting with virtual machines on a playback side allowing rightsholders to distribute in various different formats but maintaining economic control and security. While it is applied to Blu-ray today via BD+, we see a future where SPDC is applied to other forms of digitally distributed content, not just physical formats.

However, in response to an analyst question concerning deals in which Macrovision bundles various of its technologies:

As I've said in the past, I'm not particularly interested in bundling BD+ into those bundled relationships because BD+ is such an emerging part of the marketplace for Blu-ray that I don't want to diminish the value proposition and the effectiveness associated with BD+.

Seems like the business situation regarding BD+ is fluid.

[tip o' the hat to Lauren Weinstein's post on the Net Neutrality Squad list]. Nate Anderson writes in Ars Technica that the MPAA expects ISPs to reduce piracy by implementing content filtering technologies (e.g., deep packet inspection and/or fingerprinting-based filtering).

Case in point: AT&T and its publicly-stated plan to implement some sort of filtering system on its network. No technical details of such a system have yet been revealed, but the announcement has warmed the cold cockles of the MPAA's heart and has garnered support from companies like NBC Universal.

Glickman also held out the hope that filtering technology would quickly be adopted by many more ISPs. "The ISP community is going to be at the forefront of this in the future because they have everything to lose and nothing to gain by not seeing that the content is being properly protected," he said, "and I think that's a great opportunity." It's not the first time he's asked ISPs to do more.

So much for net neutrality and privacy.

Adobe's  Security Matters blog is worth following. Two recent articles address Enterprise Rights Management and the history of Adobe's involvement in content protection, including their LiveCycle Rights Management.

In today's conference call regarding the acquisition of BD+ technology from CRI, Macrovision says that BD+ has not been hacked:

"So first of all let me provide a clarifying comment. BD+ has not been hacked. There was a software player that did not have the correct implementation of the specification, and as a result, it did not have the same effectiveness for controlling and understanding the BD+ spec. So it wasn't that BD+ was hacked. BD+ actually wasn't hacked. And since we had heard about that, there were conversations between CRI [the developer of BD+] and the software player manufacturer and developer at which point in time they corrected the specification and the hole was closed. So to the best of our [Macrovision's] knowledge, BD+ has not been hacked yet and its been several months that its already been out there."

As noted earlier, Macrovision is acquiring the BD+ technology from Cryptographic Research Inc. They did a conference call with a brief intro followed by Q/A from Wall Street analysts who follow the Macrovision stock. Some selected (and quasi-random) points made  by Macrovision during the call:

• Annual royalties from CE manufacturers; per disc royalties from content providers (studios);
• High margin business;
• All technologies will be hacked; BD+ is no different;
• The level of royalty from the content provider depends on which BD+ features they want to implement on a title by title basis:
  • Basic BD+ protection
  • forensic watermarking;
  • Added countermeasures to specific hacks;
• Intend to extend BD+ beyond Blu-ray to embed it across Macrovision's DRM middleware solutions;
• Bridges Macrovision to HD, HiDef;
• 4-5 $million revenue in 2008, accelerating in the outyears;
• May be used to compete with OMA2 (mobile DRM standard) given the pricing points Intertrust has requested;

Macrovision says it's acquiring BD+ technology from Cryptographic Research, Inc.

“We are a research organization dedicated to solving difficult cryptography problems,“ commented Paul Kocher, President and Chief Scientist of Cryptography Research Inc. “We developed SPDC to enable consumers to experience content across a broad range of devices while simultaneously providing content owners with the control to manage the security of content in this dynamic environment. Macrovision shares this goal and now that SPDC has entered commercialization, we are confident Macrovision will take it to the next level.”

Unlike previous DVD security technologies, a critical advantage of BD+ is its ability to respond dynamically to security threats. Similar to Macrovision’s ACP technology, BD+ resides both in devices and on the media. Title-specific security code is embedded in each BD+ protected disc. On the device side, BD+ utilizes an embedded virtual machine and APIs that are integrated directly into the media player, which communicate with the code from the discs. As a result, new titles can carry unique security code to address emerging threats, thus providing content producers the ability to respond to security breaches without impacting legitimate consumers.

So the blogosphere is mostly jumping up and down enthusiastically over SlySoft's apparent compromise of BD+, the Blu-ray only virtual machine based security layer on top of AACS encryption key management. A more balanced view is Scott Fulton's blogicle on BetaNews.

The beta of version 6.1.9.6 is apparently not without problems or exceptions, as indicated by a check of manufacturer SlySoft's forums today. Users reported problems copying Fantastic Four, Live Free or Die Hard, Sunshine, The Hills Have Eyes, and Spiderman 3 - which collectively constitute the bulk of all BD+ titles currently available.... Exactly how BD+ equipped content knows it's being decrypted by a validated BD+ VM, though, is a little mystery.

I have no inside knowledge. Period. However, if I were the BD+ licensing folks or the consultants who developed BD+, I might not put my best version of the technology out there immediately. I might hold back some capabilities to see how pirates attack my security system. I might make several small improvements in order to get a better picture. I can then evolve my threat analysis and implement appropriate countermeasures while working my way toward the best implementation.

Then again, BD+ might never work. The Cat and Mouse game continues.

Engadget and numerous other sites confirm that the SlySoft's AnyDVD 6.1.9.6 beta circumvents Blu-ray BD+ security. No comment yet from the BDPlus licensing authority.

The SlySoft claim is here.

The blogosphere is alive with the songs of BD+ being hacked by Slysoft. This noncommital note from Engadget's Darren Murph is an example of reasonable "wait and see." Others are more enthusiastic about Slysoft's comments, for example this posting on CDFreaks.com, which quotes Slysoft as follows:

To prove them right and to take on the challenge, SlySoft has just released the latest AnyDVD version which beats the latest 4th generation HD-DVD and BluRay copy protection MKBv4, which was expected to be unbreakable.

All that AACS-LA has to offer now is BD+, but even that is on the verge of being circumvented and a release is expected by the end of this year.
James Wong, Head of development at SlySoft: "We already found a way to crack BD+ and we have just turned to fine-tuning. I should really think about hiring a bodyguard now, since this product won't please everybody."

There are a couple of things wrong with this. First, if they have cracked the AACS Media Key Block, no one expected this to be unbreakable. Rather, AACS was created as a renewable key management technology. So the MKB will be changed as planned.

More serious, perhaps, is that AACS-LA (the licensing authority) has nothing to do with BD+. Instead, BD+ is made available through its own, distinct licensing authority, BD+ Technologies LLC.

Even if it has been hacked, BD+ was designed to provide programmable security which includes the ability to detect compromised players. So we'll see if Slysoft can deliver on its claims.

So says George Ou:

Just over a year ago when hacker “Viodentia” wrote FairUse4WM and broke Microsoft’s Windows Media DRM scheme wide open, Microsoft responded with record urgency in a mere 3 days.  But when Viodentia came back as “Divine Tao” and wrote a second major revision of FairUse4WM this July and broke Microsoft’s Windows DRM scheme wide open again, Microsoft didn’t seem to be as concerned and spent their usual 3 months to patch the issue. As of the last patch Tuesday, the current version of FairUse4WM no longer works so the ball is in the hacker’s court again to break Microsoft’s latest DRM revision.

The cat and mouse game continues.

Taiwan-based Forworld Electronics Co., Ltd. has been added to the list of companies who have signed the BD+ System Adopter Agreement with the BD+ licensing entity. BD+ is a second security layer (in addition to AACS) for Blu-ray discs.

An article in yesterday's WSJ all but confirmed that that latest Fox releases are protected by BD+, a second, virtual machine based security layer used by Blu-ray and not HD-DVD discs.

The WSJ article also noted that the AACS licensing authority has released a new key for AACS, the renewable encryption and authentication technology on both Blu-ray and HD-DVD discs. However, no press release has yet been posted on the AACS LA web site and neither Google News nor Yahoo could locate it elsewhere.

With respect to BD+, the WSJ article said:

Steve Feldstein, a spokesman for Twentieth Century Fox Home Entertainment, said both HD-DVD and Blu-ray players occasionally have needed updates to play new discs, and urged customers to monitor manufacturer Web sites that distribute the fixes, known as firmware updates. "When these sort of glitches happen, they're resolved in...a week or two, once people realize they do need to use the firmware upgrades," he said.

Mr. Feldstein declined to confirm that BD+ was on the new discs, saying doing so would be an open invitation to hackers. He also said BD+ wasn't the cause of the playback problems.

Wink Wink.

BD+ is a Blu-ray security technology that has been championed especially by Fox.  Now High-Def Digest reports that Fox's 'Fantastic Four: Rise of the Silver Surfer' and 'Day After Tomorrow' have created playback problems on certain players. The most severe problems have been experienced on Samsung's BDP-1200 and LG's BH100 players. According to High-Def Digest, both manufacturers are aware of the problem and will provide firmware updates.

It has been widely speculated that these issues stem from the use of BD+ copy protection on the two discs. We contacted Fox for comment, but so far there's no official word from the studio. 

Apple provided updates to its popular iPhone that frustrates those who have hacked the phone in order to be able to use a network other than AT&T and/or to run unapproved applications. The NYTimes' Saul Hansell writes:

David Pogue, our technology reviewer, received a cautionary message last night from a person familiar with Apple’s plans after he posted a video showing some unofficial, but entertaining, applications that can be installed on the iPhone. Take those applications off your phones now, David was warned, or a software update scheduled for Thursday afternoon could turn your phone into a brick.

On Monday, Apple had issued a press release warning of “irreparable damage” to iPhones that have been modified or unlocked from the AT&T network. It also threatened users that “the permanent inability to use an iPhone due to installing unlocking software is not covered under the iPhone’s warranty.”

I spoke recently with Jan Samzelius, Chairman and CEO of ByteShield, which provides anti-piracy technologies and services to business and game software markets. An earlier blogicle described how the ByteShield solution works.

Here's the Podcast file (7:11 Minutes, MP3):

Download jan_samzelius_ceo_byteshield_podcast_91907.mp3

Index:

0:00 Introductions
0:11 Overview of ByteShield, brief history
0:40 The work factor or effort required to break copy protection
1:19 What's different about the ByteShield technology
2:38 Business model
3:11 Broad range of consumer licensing models supported
3:43 Advantages
4:40 Current customers, partners
5:34 Technology and services provider
6:05 Solving the piracy problem
6:55 Close

Earlier in September, AVN columnist Mark Kernes published a detailed account of an industry meeting called to discuss the adult video business and piracy. According to Kernes, the meeting was attended by "about 65 content producers, attorneys and other interested parties." Attorney Greg Piccionelli, a speaker at the meeting, is quoted by Kernes:

"At the present time, if you were to take all of the content that is produced by the adult business," Piccionelli stated, "the legitimate sales currently account for no more than 15% to 20% of the actual numbers of copies that are out there, and the lack of enforcement over the years has left the pirates and consumers with the impression that copying and stealing adult content is something that has absolutely no punitive consequence associated with it whatsoever, and so the industry has really sort of dug its own grave to this degree."

A PC World article by IDG News' Elizabeth Montalbano gets the story right regarding Microsoft's recently issued watermarking patent.

Forensic digital watermarking technology, like the technology Microsoft has patented, doesn't encrypt files the way DRM technology does or prevent people from unauthorized use. However, it can be used to prove who owns the content of the digital file by encoding a file with a unique digital signature. That means illegally traded songs could be tracked back to the original purchaser, allowing authorities to identify illegal sharers and serving as a deterrent.

The technology could also be used to track files for royalty distribution.

in an Information Week article says that security researcher Ben Edelman has accused online coupon site Coupons.com of deceptive business practices for using digital rights management (DRM) techniques.

The BBC is reporting that Sony has confirmed a security problem reported last week involving three models of its Microvault USB devices with fingerprint readers.

Security company F-secure revealed on Monday that it had detected rootkit like behavior that is reminiscent of the 2005 fiasco. F-Secure says the culprit is the Sony MicroVault USM-F fingerprint reader software that comes with the USB stick that

installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.

On Wedesday, F-Secure qualified its opinion, saying that the USB case is not as bad as the earlier XCP case:

The BD+ licensing authority has added a page with information on which companies have completed the licensing process. At the moment, Fox is the only content company listed. But there is a long list of hardware and software vendors mentioned. In addition to Sony, the list as of yesterday morning included ArcSoft, Broadcom, Cyberlink, D&M Holdings, Inc., ESS Technology, Inc., Hitachi, Ltd., Intervideo, LG Electronics, Inc., MediaTek Inc., Matsushita Electric Industrial Co., Ltd., NEC Electronics Corporation, Nero AG, Philips (Pending), Pioneer, Samsung, Sharp Corporation, Sigma Designs, Sonic Solutions, and STMicroelectronics.

Several outlets including the AP/Boston Globe and the New York Times are reporting that 17 year old "hacker" George Hotz has figured out how to unlock an iPhone. His now runs on T-mobile rather than on ATT. The steps for unlocking can be found here.

San Franciso startup ByteShield has developed software anti-piracy technologies that may be of interest to software and game publishers. Protected software is distributed to consumers minus a small portion that is required to enable execution. A connection with a server is required to pay for use in accordance with the business model established by the publisher. The small missing piece is then downloaded to the computer and effectively integrated with the much larger portion, thereby enabling execution of the game or other software.

Chicago Digital Post (CDP) and Macrovision are partnering to offer DVD copy protection for indie DVDs using Macrovision's RipGuard technologies. CDP and Macrovision deserve an award for truth in marketing by providing information about the degree to which RipGuard can protect DVDs. As pointed out in this NewTeeVee article,  RipGuard was thought to be relatively ineffective a few years ago, but it may have been improved since then. Here's what CDP and Macrovision say:

Peter Gutmann is a researcher in the Computer Science Department, Auckland, NZ. He has published a very long and technically detailed report, A Cost Analysis of Windows Vista Content Protection, that probably will be accessible to only the most technically literate. Nonetheless, the paper is an exemplar of the kind of analysis that many aspire to, but that only few actually produce. It should be required reading for anyone who intends to build a HD video capable system based on a Vista machine and/or who is interested in system security issues.

At the risk of sounding like an apologist for Microsoft, there are real costs to the bleeding edge. I kept Windows XP SP2 rather than upgrading to Vista precisely because MSFT never gets the first release of anything right.

Some nits:

Media Rights Technologies,which has patent pending technologies for securing streaming audio, has initiated another legal challenge. In a letter to the Library of Congress, MRT's outside counsel asks that certain statutory webcasting liceneses be revoked. The targets of this latest MRT initiative include AOL, Clear Channel , iTunes, Live 365, MSN Music, Napster, Pandora, RealNetworks, Rhapsody and Yahoo.

Home Media Magazine has an article in their digital edition quoting consultant Richard Doherty of the Envisioneering Group regarding his views on BD+ security for Blu-ray. BD+ is the added protection layer adopted by the Blu-ray consortium to increase the overall security of Blu-ray distributed content.

Media Rights Technologies put out a press release quoting CEO Hank Risan indicating that Media Rights Technologies will ask for an injunction against Apple, Real, Adobe, and Microsoft because they have failed to implement technologies to prevent recording of streaming audio. The MRT press release holds the vendors responsible for not solving the streaming audio piracy problem with existing, well vetted technologies.