Slide 1Digital Rights ManagementThe Analog HoleCost of piracy (to pirates)Costs depend on technologyAttacks on P2P file-sharingTrusted clients only!How to stay anonymous?Example: BitTorrentRelay nodesUntrusted clients: Onion routingTrusted clients: known relay topologyBack to the economicsBack to the economicsTrusted Computing, Peer-To-Peer Distribution, and the Economics of Pirated EntertainmentPeter ScotBased on paper by S. E. Schechter, R. A. Greenstadt, and M. D. SmithDigital Rights Management•One of the big reasons for pushing trusted computing is preventing piracy.•Remote atestation: only play media on trusted player hardware/software.•Sealed storage: prevent other programs from reading media.•Secure memory: hide player memory from OS•Secure output: create trusted path from computer to monitor, speakers, etc.The Analog Hole•Problem: video cameras, audio recorders.•Trusted computing can’t secure sound waves, or the light coming from a computer screen.•Upper bound: DRM can never make piracy harder than making an analog recording.–It’s not hard to make good-quality analog recordings, and the cost keeps falling.Cost of piracy (to pirates)•Two components of the cost:–One-time extraction cost e–Per-copy distribution cost d•Cost per copy (for n copies total):Costs depend on technology•Before high-speed Internet: per-copy distribution costs dominated.•Currently: per-copy costs almost 0, extraction cost very low.•DRM raises extraction cost, with upper bound imposed by analog hole.•Atacking file-sharing raises distribution costs, with no upper bound.Atacks on P2P file-sharing•Gather IP addresses and log their activity. Sue the top uploaders. (“The nuclear option”)•Share fake files. Drown out signal with noise.•Pretend to be other users, to mess up reputation mechanisms (e.g. share ratio)•Denial of service atacks, e.g.–Flood network with search requests–Mess up network topology information.Trusted clients only!•Remote atestation to ensure trusted client/OS combination.•Encrypt all connections with securely-stored session keys, and sign data with keyed hash.–Prevents snooping, spoofing.•Use reputation system to prevent DoS atacks and sharing fake files.How to stay anonymous?•How can P2P networks protect against their uploaders getting sued?1. Encrypt all data end-to-end.2. Re-route traffic through intermediate nodes, like The Onion Router, to foil network analysis.3. Keep as much of the routing data in secure memory as possible.•This all works beter with trusted clients.Example: BitTorrent•Malicious client connects to central tracker, gets list of peers. Then:1. Connect to peers, request download of copyrighted files.2. Store all information – filename, IP address, time, etc., in a database.3. Do DNS WHOIS search, notify ISP and/or file lawsuits.•To prevent: use relay nodes, and trusted client to prevent network topology discovery.Relay nodes•Don’t have Alice send a message to Bob.•Instead:–Alice sends message to Tom,–Tom sends message to Ulysses,–Ulysses sends message to Veronica,–Veronica sends message to Bob.•Encrypt the message so that nobody knows who’s sending what to whom except for Alice and Bob. (How?)Untrusted clients: Onion routing•Alice comes up with a sequence of node hops,•She sends the first relay an “Onion” data structure:–Next node info–Onion for the rest of the relays•Each relay knows only part of the path.•Uses layered encryptionTrusted clients: known relay topology•Route packets in a randomized way.•Load balance dynamically, for speed.•Don’t worry about keeping relays in the dark; they have curtained memory and trusted software!•Increases resistance to traffic analysis.•(Problem: adversaries who can break the TPM.)Back to the economics•Trusted computing raises e, to a point.•It can also lower d, a lot, by making distribution easier and safer.•Trusted Computing for DRM may backfire spectacularly!Back to the economics•Trusted computing raises e, to a point.•It can also lower d, a lot, by making distribution easier and safer.•Trusted Computing for DRM may backfire