CS 161 Computer Security Spring 2010 Paxson Wagner Notes 4 23 Copy Protection The purpose of this lecture is to take you on a tour through copy protection schemes over the years The purpose of copy protection is to enable the creator of digital content e g software music videos to distribute the content to paying customers so the recipient can make use of the content while preventing the recipient from sharing copies with others who haven t paid for it Let s see what lessons we can learn from history in this area 1 Music CDs are a popular way to distribute music The music is burned on the CD in cleartext using a welldocumented format About 10 15 years ago disk capacity grew enough that it became feasible and cheap enough to rip all of your CDs into digital form and store your entire music collection on your hard disk In the past decade network bandwidth has grown enough that it has become feasible to share your entire music collection with others on the Internet These two facts have combined to enable widespread copying and sharing of music across the Internet essentially any mass market popular music you can imagine and an awful lot of unpopular music can be found somewhere on the Internet for download via BitTorrent or some other means Of course this situation poses a threat to the revenue stream of the music industry if a large fraction of the population stops buying CDs instead downloading all of their music illegally then the industry s revenue stream will take a hit and the industry will have less money to find and market new artists The industry has tried several schemes to prevent people from ripping CDs into digital form and sharing them over the Internet but none of the technical copy protection schemes have had much success Let s look at two early schemes which tried to ensure that CDs could be played on audio CD players stereos car CD players boomboxes etc but that computer CD drives could not be used to rip the CDs One scheme active protection One early attempt was to embed an autorun file on the CD so that when you insert the CD into a Windows machine the Windows autorun functionality would automatically execute some software found on the CD That software would load itself into memory detecting and preventing any attempt to access the CD drive to rip music However this scheme could be defeated in a number of ways Autorun is Windows specific so you can still rip the CD from any non Windows machine e g a Mac a Linux machine and then share the ripped contents It is possible to configure Windows to disable autorun by default Even easier it turns out that if you hold down the SHIFT key while loading a CD autorun will be disabled for that CD As a result this CS 161 Spring 2010 Notes 4 23 1 copy protection scheme could be defeated by something as simple as holding down the SHIFT key when inserting the CD and then ripping the CD using your favorite CD ripping software Even if the goal of copy protection schemes is to make copying incrementally harder instead of providing perfect protection this is still an awfully easy scheme to bypass Another scheme passive protection Another set of schemes attempted to exploit differences in how audio players and CD drives process multi session CDs To understand these schemes you need a little background on the format of modern CDs A CD normally contains a table of contents a data structure that lists where each track starts and its length and audio data for each track In multi session CDs the CD contain multiple sessions each session has a set of tracks and a table of contents Perhaps confusingly the table of contents for the ith session is cumulative it contains information about all of the tracks in the first i sessions This may make more sense when you realize why the multi session feature exists multi session CDs are normally used to let you burn a few tracks at a time A computer CD drives typically reads the table of contents from last session and uses that to find all of the tracks on the disk Someone clever discovered some differences in how audio CD players vs computer CD drives read multisession CDs Apparently most audio CD players are not multi session aware and thus read only the table of contents in the first session while CD drives read the table of contents from the last session In addition audio CD players use only a few fields of the data structure in the table of contents in contrast many software rippers read more of the table of contents Someone discovered that if you introduce invalid data into certain fields of the table of contents then you can cause the firmware of many computer CD drives and ripping software products to treat the CD as invalid attempting to read the CD would fail e g with an assertion violation or the invalid table of contents would trigger some bug in the ripper software or the drive firmware With this background maybe you can see how this can be used for copy protection The CD can be burned as a multi session disk where the first session has a valid table of contents and a second session has an invalid table of contents that will confuse computer CD drives In addition the first session s table of contents can contain invalid entries in fields that are not read by normal audio CD players However it turns out this scheme can be defeated by a simple low tech attack if you use a felt tip marker to carefully ink a ring along the outside of the CD you can cover up the table of contents in the last session This prevents the computer CD drive from seeing the invalid table of contents in the second session it reads only the first session s table of contents which is by design valid In other words this copy protection scheme can be defeated merely with a green marker and a steady hand Discussion The reason these schemes failed is because of backwards compatibility the format for storing music on a CD is fixed and there is a tremendous deployed base of legacy CD players Any copy protection scheme has to ensure that the CD can be played with legacy players yet somehow has to prevent copying by computers that can read every bit of the contents of the CD This is a seemingly insurmountable burden Today the music industry has basically given up on copy protection for CDs and given up on trying to prevent people from ripping their CDs To the extent that it tries to deter widespread copying it focuses mainly on deterring sharing of copyrighted music rather than preventing copying in the first place 2 Video I
View Full Document
Unlocking...