CS 161 Computer SecuritySpring 2010 Paxson/Wagner Notes 4/23Copy ProtectionThe purpose of this lecture is to take you on a tour through copy protection schemes, over the years. Thepurpose of copy protection is to enable the creator of digital content (e.g., software, music, videos) todistribute the content to paying customers, so the recipient can make use of the content, while preventingthe recipient from sharing copies with others who haven’t paid for it. Let’s see what lessons we can learnfrom history in this area.1 MusicCDs are a popular way to distribute music. The music is burned on the CD in cleartext, using a well-documented format. About 10-15 years ago, disk capacity grew enough that it became feasible and cheapenough to rip all of your CDs into digital form and store your entire music collection on your hard disk.In the past decade, network bandwidth has grown enough that it has become feasible to share your entiremusic collection with others on the Internet. These two facts have combined to enable widespread copyingand sharing of music across the Internet: essentially any mass-market popular music you can imagine (andan awful lot of unpopular music) can be found somewhere on the Internet, for download via BitTorrent orsome other means.Of course, this situation poses a threat to the revenue stream of the music industry: if a large fraction of thepopulation stops buying CDs, instead downloading all of their music illegally, then the industry’s revenuestream will take a hit, and the industry will have less money to find and market new artists. The industryhas tried several schemes to prevent people from ripping CDs into digital form and sharing them over theInternet, but none of the technical copy protection schemes have had much success. Let’s look at two earlyschemes, which tried to ensure that CDs could be played on audio CD players (stereos, car CD players,boomboxes, etc.) but that computer CD drives could not be used to rip the CDs.One scheme: active protection. One early attempt was to embed an autorun file on the CD, so that whenyou insert the CD into a Windows machine, the Windows autorun functionality would automatically executesome software found on the CD. That software would load itself into memory, detecting and preventing anyattempt to access the CD drive to rip music.However, this scheme could be defeated in a number of ways:• Autorun is Windows-specific, so you can still rip the CD from any non-Windows machine (e.g., aMac, a Linux machine) and then share the ripped contents.• It is possible to configure Windows to disable autorun by default. Even easier, it turns out that if youhold down the SHIFT key while loading a CD, autorun will be disabled for that CD. As a result, thisCS 161, Spring 2010, Notes 4/23 1copy protection scheme could be defeated by something as simple as holding down the SHIFT keywhen inserting the CD and then ripping the CD using your favorite CD-ripping software.Even if the goal of copy protection schemes is to make copying incrementally harder (instead of providingperfect protection), this is still an awfully easy scheme to bypass.Another scheme: passive protection. Another set of schemes attempted to exploit differences in howaudio players and CD drives process multi-session CDs. To understand these schemes, you need a littlebackground on the format of modern CDs. A CD normally contains a table of contents, a data structurethat lists where each track starts and its length, and audio data for each track. In multi-session CDs, the CDcontain multiple sessions; each session has a set of tracks and a table of contents. Perhaps confusingly, thetable of contents for the ith session is cumulative: it contains information about all of the tracks in the first isessions. This may make more sense, when you realize why the multi-session feature exists: multi-sessionCDs are normally used to let you burn a few tracks at a time. A computer CD drives typically reads the tableof contents from last session and uses that to find all of the tracks on the disk.Someone clever discovered some differences in how audio CD players vs. computer CD drives read multi-session CDs. Apparently, most audio CD players are not multi-session aware and thus read only the tableof contents in the first session, while CD drives read the table of contents from the last session. In addition,audio CD players use only a few fields of the data structure in the table of contents; in contrast, manysoftware rippers read more of the table of contents. Someone discovered that if you introduce invalid datainto certain fields of the table of contents, then you can cause the firmware of many computer CD drivesand ripping software products to treat the CD as invalid: attempting to read the CD would fail, e.g., withan assertion violation, or the invalid table of contents would trigger some bug in the ripper software or thedrive firmware.With this background, maybe you can see how this can be used for copy protection. The CD can be burned asa multi-session disk, where the first session has a valid table of contents and a second session has an invalidtable of contents that will confuse computer CD drives. In addition, the first session’s table of contents cancontain invalid entries in fields that are not read by normal audio CD players.However, it turns out this scheme can be defeated by a simple low-tech attack: if you use a felt-tip markerto carefully ink a ring along the outside of the CD, you can cover up the table of contents in the last session.This prevents the computer CD drive from seeing the invalid table of contents in the second session; it readsonly the first session’s table of contents, which is (by design) valid. In other words, this copy protectionscheme can be defeated merely with a green marker and a steady hand.Discussion. The reason these schemes failed is because of backwards compatibility: the format for storingmusic on a CD is fixed, and there is a tremendous deployed base of legacy CD players. Any copy protectionscheme has to ensure that the CD can be played with legacy players, yet somehow has to prevent copyingby computers that can read every bit of the contents of the CD. This is a seemingly insurmountable burden.Today, the music industry has basically given up on copy protection for CDs and given up on trying toprevent people from ripping their CDs. To the extent that it tries to deter widespread copying, it focusesmainly on deterring sharing
View Full Document
Unlocking...