60

A question on Skeptics.SE asks whether current DRM techniques effectively prevent pirating: Is DRM effective?

The question for IT Security is: Can DRM be made effective, and are there any examples?

One approach that has been discussed here leverages hardware support for Trusted Computing - see Status of Trusted Computing and Remote Attestation deployment

Community
  • 1
MrHen
  • 703
  • 1
  • 5
  • 5
  • 1
    I think having the same question 2 places, without new SE capabilities for sharing of answers, is problematic. The answer on the Skeptics site provides good evidence that DRM has not been effective, and is counterproductive in many cases. I think the question for this site would be "*can* a DRM scheme prevent pirating", which I also think is likely to be "no" unless something like TPM is deployed widely enough. – nealmcb Jun 19 '11 at 14:28
  • Ah, good point. Edit incoming soon. EDIT: Oh, I just saw _your_ edit go through. Thanks! – MrHen Jun 19 '11 at 14:42
  • 4
    For anything the user gets a copy of (eg CD etc) The only people affected by DRM are the legitimate users. It only takes one pirate to get around the DRM and then upload it for other pirates to download, wheres it will annoy every legitmate user and possible "force" them to pirate. – Jonathan. Jun 19 '11 at 20:30
  • 1
    Some interesting debate recently on whether piracy is of benefit to incumbents in achieveng market share: e.g. http://money.cnn.com/magazines/fortune/fortune_archive/2007/07/23/100134488/ – symcbean Jun 20 '11 at 14:48
  • 1
    I'd say in ragards to your question that Steam is an effective DRM example(all other issues aside). It's not super intrusive and it makes the products they're selling easy to aquire and at a fair price. – Greg Nov 06 '14 at 13:44
  • DRM in its present state is, most of the time, just a marketing tool. And world is going into tendency of wasting more and more resources on marketing tools (as they require least new original content per resources spent) instead of producing extra value to products and services (which could make more people buy them or make them pay more for it). There is no successful DRM in its original meaning. – Michael M May 12 '16 at 13:51

4 Answers4

91

Firstly, I think the skeptics answer pretty much covers it: DRM annoys people. Some of us actively avoid purchasing anything with it.

In terms of software, this is pretty much impossible. One DRM scheme might be to use public key encryption with content encrypted with symmetric keys (performance of symmetric ciphers being vastly superior to most pk ones). You encrypt the content key with the private key and the software can then decrypt that key with the public key, and decrypt the content.

Which works, except that I'm just going to step your program through a debugger or disassemble your code until I find your key, decrypt your content and the game's up. Crypto is for transmission over insecure networks, not for decrypting securely and in isolation on hostile systems.

So, you could send lots of different keys over the internet for different parts of the content. Well, your paying customers are likely to experience problems with this, but, I can just automate the debugging process, or hook your receive events, or whatever. Either way, I can grab those keys. It isn't easy, but it can be done.

So the next stage is to prevent me using my debugger or hooking your system calls in some way, which is where you start writing rootkits. As it happens, I can take the disk offline and examine/disable your rootkit, or modify it so your software believes it is secure. In fact, this will make it easier for me to identify what you're protecting.

There is another case, one where the OS is complicit and provides some form of secure container. If it is possible for me to load code into ring 0, this security becomes irrelevant. If not, if I can clone your microkernel core and modify it to allow me to load code into ring 0, this security becomes irrelevant again.

At this point you have to start using hardware controls. Simply put, since I can modify the operating system any way I please, you probably need hardware-implemented DRM that I have no chance of modifying or reading. You'd need your crypto to happen on-hardware such that it is impossible to read the decrypted data from the operating system. You'd need the public key I mentioned above to reside on that hardware, not on the OS.

At this point, you've probably defeated me personally, but I am sure there are people capable of modifying their HDMI cables (or whatever) to split the data out onto the display and to another device such as storage.

Also, how you store your keys securely on your device is going to be an issue. You'd need to encrypt them! Otherwise, I'm just going to attach your storage device to an offline system. And store the keys... wait... see the pattern?

Once you have physical access, the game is up.

I don't think DRM is technically possible. Whatever methods you employ, there will always be someone with sufficient skill to undo it, since at some level that protected content must be decrypted for their viewing. Whether they have the motivation to is another matter.

From a software engineering perspective, getting it right, whilst not disrupting your users, allowing them to easily move their content to authorised devices, supporting new devices... all nightmares. Who's going to buy your content, when you haven't got Windows 8 support ready for launch? Does your content work on my Windows XP box too? What do you mean you don't support it?! If you use hardware, you have a deployment issue.

Finally, DRM is just deeply unpopular.

Yoav Aner
  • 5,299
  • 3
  • 24
  • 37
  • 16
    +1, this is the kind of analytical breakdown of DRM as a security control (or not), that I expected to get here :). One point though, since I have complete control over the client, once we start dealing in debuggering, I don't really need your keys - I'll just grab the content, which must be decrypted *on my client* at some point. Still, you did a great job of showing how the problem can only be pushed down the pipe, and eventually cannot be solved... – AviD Jun 19 '11 at 17:59
  • Is it possible, perhaps, to implement real DRM with TCB? Supposedly that could help solve part of the problem (I don't think so, but I think it's worth some analysis...) – AviD Jun 19 '11 at 18:01
  • 2
    @AviD I don't think you can fix the problem entirely with anything. You can make it very, very difficult to circumvent, but even a hardware solution, if somebody somewhere knows how to tweak it, they will. Have a read of this: http://www.wired.com/politics/security/news/2008/05/tarnovsky –  Jun 19 '11 at 19:05
  • @AviD♦: I suspect it's turtles all the way down: "Once you have physical access, the game is up." - you need to interface between the digital and physical components, *somehow*; therein lies the weak link. Even tamper-resistant hardware security devices have been cracked. When the chips are down, software/firmware *trusts* that it's talking to actual hardware, but it has only more software to verify this. We've all see how well that worked for CSS. – Piskvor left the building Jun 19 '11 at 19:06
  • @Piskvor - [I like turtles](http://www.youtube.com/watch?v=CMNry4PE93Y). Also, I (kinda) meant that comment as a devil's advocate - I think it's worth analyzing what benefits can be gotten in what situation, even if only in order to debunk it (note the OP was directed here from [skeptics.se], and as a (good) rule they don't take anything on faith. Show them the numbers, @Ninefingers! – AviD Jun 19 '11 at 19:11
  • 1
    @AviD♦: I figured you would ;) good points. What I meant was: "**it's an aspect of Plato's cave**". In essence, DRM is asking, "how can we distinguish things which are real from those which are not real?" The answer to that, well ... let's say there isn't even consensus on whether that's even a question, much less whether it's answerable, or even what the possible answers are ;) – Piskvor left the building Jun 19 '11 at 19:18
  • 24
    Exacerbating the problem is that the kind of people who get *really* annoyed at arbitrarily restrictive software telling them what they can or can't do with the stuff they bought tend to be the kind of people who are really good at making software do things the designers hadn't intended... – Shadur Jun 19 '11 at 19:33
  • 6
    Not to mention the "Better" the DRM claims to be or even seems to be the more the talented hackers want in. – Chad Jun 20 '11 at 14:46
  • 3
    Exactly. Even if you manage to somehow embed decryption keys into tamper-proof chips inside every computer monitor and television in the world (a la HDCP), you can still take the monitor apart and extract the data as it goes onto the DAC bus, on its way to the display panel. – Polynomial Jul 30 '12 at 17:35
  • I know this question predates this article but it's interesting that HDCP is beaten by a simple HDMI splitter. http://www.tweaking4all.com/home-theatre/remove-hdcp-hdmi-signal/ – Dean MacGregor Feb 18 '16 at 19:14
  • @DeanMacGregor These boxes which convert HDCP to HDMI all repurpose HDCP decoder chips licensed for other purposes. So they do not really beat HDCP itself, but rather the licensing process. In essence, these devices are not even legal because of licensing issues. (Still they do a really good job at solving the problem) – M.Stramm May 12 '16 at 14:28
  • @M.Stramm Are you saying they basically take the chips out of old TVs (and other devices) to install in their splitter box? – Dean MacGregor May 12 '16 at 14:32
37

DRM works pretty well for anything that you do not hand out to the users. Let's take Second Life as example.

Second life is an 3d online game in which avatars are rather simple on their own in the sense that they cannot do anything beside moving around and using objects. Objects consists of a shape and texture, and they may contain scripts. Those scripts can do all kinds of things, including animating the avatar.

Anything, that is sent to the client, can be copied because the attacker can manipulate the client. Nowadays it is open source, but this already happened using decompilers and debuggers in the past before it was released as open source. Computers are copy machines, copying things from network card to memory, from memory to CPU or GPU are core functionalities.

So the shape and texture of objects, animations applied to avatars cannot be protected. The scripts, however, are only executed on the server. Therefore the client never sees them, unless it got extra permissions. They only way to copy scripts (either on their own or by copying the outer object) is to use the functions provided by the server. And of course they check whether the user has copy permissions for the scripts.

More information on the specific case of Second Life is available in the CopyBot article in their Wiki.

Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
  • 8
    +1 for relating to a core principle of access control (and when it comes down to it, DRM is all about access control) - keep the sensitive functions on the server. (Note that the answer on [skeptics.se] also went into this topic in depth). – AviD Jun 19 '11 at 18:24
  • 1
    Most gaming systems operate under these types of setups. – Fiasco Labs Dec 08 '12 at 22:33
8

Great answer by ninefingers. Referring to one particular point:

I am sure there are people capable of modifying their HDMI cables (or whatever) to split the data out onto the display and to another device such as storage.

It can be even simpler than that! What about putting a camera in front of the screen and recording it? It might not be the best quality defeat of DRM, but it does defeat DRM.

There's always going to be some data (music, film, book) being emitted from a device and perceived by our eyes and brains. Until they plant DRM decoders inside our brains, there's always a chance to intercept that emission and copy it.

Yoav Aner
  • 5,299
  • 3
  • 24
  • 37
  • 5
    While this holds true for Books and movies, it stops at interactive Media. If you have a game/3D interactive movie or something similar, recording it from the screen and reproducing the original experience is close to impossible. So if the internet is fast enough to provide online streamed gaming, there is no chance to copy the original game from this. – Falco Aug 28 '15 at 11:24
  • This is called an _analog hole_. – forest Aug 03 '19 at 10:44
7

It all depends on what you mean by the effectiveness of DRM.

As the other answers have pointed out, DRM ultimately cannot be effective at stopping a determined recipient from copying the data. Thanks to the analog loophole, it is simply impossible: the recipient's machine must at some point access the raw data, in order to present it to the user for consumption. The only perfect DRM is to keep the data private and never distribute it.

However, DRM can be effective at achieving other goals:

  • DRM can effectively provide the illusion of reducing piracy. This is why Apple engineers initially implemented DRM in iTunes: it enabled them to convince record labels to allow them to distribute music online, even though they knew it wouldn't reduce piracy. Steve Jobs openly admitted this in his open letter ( webarchive ), pointing out the futility of DRM in iTunes when audio CDs have no DRM at all.

  • DRM can effectively stop a non-technical recipient from copying data. DRM schemes do take effort and skill to crack, and therefore many users cannot be expected to crack it themselves. Many users may not even have the skills and confidence to download cracked software, preferring to trust the well-marketed status quo.

  • DRM can effectively discourage conscientious users from unauthorised copying. Many people sincerely believe that copyright infringement is morally wrong, and DRM may be the reminder needed to prevent them from copying. If some headlines are to be believed though, the number of such "conscientious" users are shrinking rapidly in number.

  • DRM can effectively delay (but not stop) a determined recipient from unauthorised copying. Some DRM schemes are very advanced and require a lot of skill to crack. Even if they only delay the release of a crack by a few days, that may lead to a big increase in sales, or at least, provide that illusion to decision makers in the business. It should be pointed out that the difficulty of creating such a DRM scheme increases rapidly with the popularity of the protected data and the required amount of delay.

  • DRM can effectively stop users from legally backing up the data. In the United States, backing up DVDs is legal, but breaking copy protection is not. Laws differ from country to country, and they can be quite difficult to interpret, however, this one case proves that DRM was effective as a legal tool at least once.

So does DRM effectively prevent copyright infringement? No, but it does achieve some other related goals.

Addendum:

For completeness, I would like to also mention digital watermarking. Digital watermarking may not prevent a recipient from unauthorised copying, but it may identify recipients who have leaked copies. Watermarking and the legal consequences of copyright infringement may be enough of a deterrent to stop unauthorised copying. The effectiveness of watermarking is out of scope of this question, but it is worth considering.

Community
  • 1
Flimm
  • 1,230
  • 3
  • 13
  • 22