Re: Protection against software crack
- From: "Michael Brown" <see@xxxxxxxxxxxxxxx>
- Date: Fri, 8 Jul 2005 05:35:03 +1000
Arash Partow wrote:
[...]
> The idea is that when you go to buy a piece of software, you provide
> the retailer with your CPU's public key and then they encrypt their
> application etc with the CPU's public key.
>
> The problem here is you could give them any public key with which they
> would encrypt their software with, and then you could use the relevant
> private key to decrypt it. A solution to this could be having a sort
> of verification server, where every processor manufacturer stores the
> public key of every CPU it has generated on this server with an ID.
A better solution, and one proposed by TCPA IIRC, is the typical chained
certificate scheme. Basically, you CPU has
{} A private key
{} A public key
{} A signature from AMD saying that the public key is "good"
{} AMD's public key
{} A signature from TCPA saying that AMD's public key is "good" (ie: AMD is
one of them)
A query to the software writers' licencing server has all but the private
key (obviously). The software manufacturers only have the TCPA public key,
but they can then verify AMD's public key is valid. Then, they can use AMD's
public key to verify that the CPU's public key is valid. This is all done on
the licencing server, at which point it sends back code encrypted with the
CPU's public key (sort of, there's a few tricks used because public key
crypto is sloooowwwww). This code can then only be executed by your
processor.
An alternative, also provided by TCPA, is a so-called protected execution
environment. I can't remember the implementation details so won't try and
make a fool of myself, but essentially you instead produce generic
"protected" code. This code is executed by the CPU using protected memeory;
it cannot be stepped through and cannot have its protected working set
inspected. Again, you can implement quite trivial serial number validation
(such as a truncated MD4 hash) and it will be, for all intents and purposes,
impossible to break. The only way to break such a protected application will
be to inspect inputs and outputs to the protected code and write your own
code that does the same. This could be quite non-trivial if
important/significant parts of the program are inside the protected code
block as well. Basically, with CPU-based TCPA, the software protection
battle is over with the crakers losing. Unfortunately, TCPA and similar
schemes can (and almost certainly will) be abused by majority-market vendors
(*cough*Microsoft*cough*) to prevent competition though tricks like vendor
lock-in.
[...]
> 3.) chosen message attack
>
> The last one is pretty interesting, you basically write a program that
> will alloc memory but store specific data in the alloc'ed memory. ie:
> all 1s or 0s or patterns there of. Encrypt the program with your CPU's
> public key so it gets executed in encrypted mode.
>
> Using this you could in theory implement a much much less than brute
> force attack on the CPU simply by analysing how the CPU encrypts the
> data in memory...
Interesting, but completely useless. Any halfway reasonable cryptographic
system (ie: the systems they will be using in TCPA) can withstand this
attack and far more.
--
Michael Brown
www.emboss.co.nz : OOS/RSI software and more :)
Add michael@ to emboss.co.nz ---+--- My inbox is always open
.
- Follow-Ups:
- Re: Protection against software crack
- From: Arash Partow
- Re: Protection against software crack
- References:
- Re: Protection against software crack
- From: steven
- Re: Protection against software crack
- From: Dodgy
- Re: Protection against software crack
- From: Arash Partow
- Re: Protection against software crack
- Prev by Date: Re: Managing memory across objects and function calls
- Next by Date: Re: How to get the addresses of overloaded functions (D5)?
- Previous by thread: Re: Protection against software crack
- Next by thread: Re: Protection against software crack
- Index(es):
Relevant Pages
|
|
