G53SEC 1 24/04/08 Copyright and Privacy “Most people don’t even know what a rootkit is so why should they care about it?” Thomas Hesse, President, Global.

G53SEC

124/04/08

Copyright and Privacy

“Most people don’t even know what a rootkit is so why should they care about it?”

Thomas Hesse, President, Global digital business, Sony BMG

© Jan Feyereisl

G53SEC

224/04/08

Today’s Lecture:

• Introduction

• Copyright

- Software, Books, Audio, Video

- DVD

- Information Hiding

• Privacy Mechanisms

- Content Hiding, Deniability

- Association Hiding, Deniability

- Other Issues

© Jan Feyereisl

G53SEC

324/04/08

Introduction:

• Control of Information - at forefront of government concerns for centuries

- Press censorship

- Information warfare

• Control of Copyright – Concern for authors of literary, film and music copyright owners (“Holywood”)

- An issue of wealth creation

© Jan Feyereisl

G53SEC

424/04/08

Introduction:

• At system level

- Copyright

- Censorship

- Privacy

© Jan Feyereisl

Access Control Issues

G53SEC

524/04/08

Introduction:

• How is Copyright and Privacy linked?

• Unprotected resources:

- freely distributable

- no payment to creators

- any action to stop dissemination futile

• Protected resources:

- encrypted content

- decrypted using a key obtained from license server

- key bought using private information© Jan Feyereisl

G53SEC

624/04/08

Copyright:

• Obsession of the film, music and publishing industries

• It didn’t start with the internet

- Tax for blank tapes

- Royalties for books in libraries

- Introduction of photography

- fear of book publishers that their trade is doomed

© Jan Feyereisl

G53SEC

724/04/08

Copyright:

• Past

- protected by cost of small scale duplication

- cheaper to buy than duplicate

- large scale duplication traceable

• Then

- cost barrier eroded by photocopiers, recorders

- basic economics not changed

© Jan Feyereisl

G53SEC

824/04/08

Copyright:

• Now

- digital world is changing this

- copyright sometimes based on physical device

- most copyright control moving towards registration

- this however undermines privacy

© Jan Feyereisl

G53SEC

924/04/08

Copyright - Software:

• Early software given away for free with hardware

• IBM setup sharing scheme (1960s)

• Software copyright not an issue

• Introduction of software packages

- Code either stolen or re-implemented

• Software birthmarks – features of how an implementation is done (e.g. Course-marker)

• Hardware identifiers – processor serial number

© Jan Feyereisl

G53SEC

1024/04/08

Copyright - Software:

• Time bomb

• Introduction of microcomputers – start of piracy

• Technological techniques

- dongle – physical device attached to pc

- copying resistant software – e.g. bad sector

- pc identification by hardware (Windows XP)

• Psychological techniques

- embedded company/user name

- stories of failures due to missing patches

- early Microsoft scare example© Jan Feyereisl

G53SEC

1124/04/08

Copyright - Software:

• Games market moved to physical protection

• Software protection became harder

• Protection a nuisance – dongle conflicts, etc..

• Viruses – need for software hygiene

• Certain level of piracy good

• Technical support increasingly important

© Jan Feyereisl

G53SEC

1224/04/08

Copyright - Software:

• Industry moved to legal solutions

- to enforce

- to limit – time bombs illegal

• Industry now moving back to technical mechanisms

• e.g. License servers – like dongles

• Current model

- Combination of technical and legal measures

© Jan Feyereisl

G53SEC

1324/04/08

Copyright - Software:

• Latest development

Online registration:

- Keeps logs of everyone using the software

- Privacy implications

• Increasingly changes of business model apparent

• Free limited version (shareware, demos)

• Free version to universities (Unix)

• Free version to individuals

• Free software, paid service (Linux)© Jan Feyereisl

G53SEC

1424/04/08

Copyright - Books:

• In 1800 around 80,000 frequent readers in England

• Most books philosophical or theological

• After invention of the novel – mass market emerged

• Libraries sprung up to service this demand

• Educated classes appalled

• Printers frightened of libraries

• 1850 – number of readers 5,000,000

• Sales of books soared, partially due to libraries

© Jan Feyereisl

G53SEC

1524/04/08

Copyright - Audio:

• Audio pirated much longer than software

• e.g. Paganini in 17th Century

• Cassettes

- tax, technical measures (spoiler tone)

- not a great problem due to loss of quality

• Digital Audio Tape

- Serial copy management system

- Recorders did not implement it

- Not widespread© Jan Feyereisl

G53SEC

1624/04/08

Copyright - Audio:

• Recently a headline concern due to MP3

- previously digital audio too large

- MP3 compresses this into manageable size

- in 1998 40% of MIT traffic due to MP3 traffic

- no royalties paid to copyright owners

• Initially industry focused on technical fixes

- Alternative audio compression

- copyright protection mechanisms (DRM)

- but unsuccessfully© Jan Feyereisl

G53SEC

1724/04/08

Copyright - Audio:

• Unsuccessful due to

- PC an open platform

- backward compatibility issues with hardware solutions

- Many CD’s already sold – effectively master disks

• Next step was to sue

- Web sites allowing MP3 sharing

- Sharing technologies attacked (Napster etc..)

© Jan Feyereisl

G53SEC

1824/04/08

Copyright - Video:

• Similar situation to audio

- Industry’s fear of home viewing

- Technical solutions created (e.g. Macrovision)

- Easily defeated

- Fear of video rental stores

- Rental stores increased VCR sales

- Business model changed so that Theatre releases only an advertising campaign for later video releases

- Eventually problem reduced to industrial counterfeiting

© Jan Feyereisl

G53SEC

1924/04/08

Copyright - DVD:

• Again Hollywood worried

• DVD must have a suitable copyright protection

• Content Scrambling System (CSS) introduced

• Regions introduced – broken first

• CSS known to be vulnerable at time of release

• Key too short (possibly due to U.S. export restrictions)

• Story - developers had 2 weeks for CSS

• CSS still in court© Jan Feyereisl

G53SEC

2024/04/08

Copyright - DVD:

• CSS depended on algorithm kept secret

• Impossible due to

- CSS design

- Player manufacturing

- PC an open platform (e.g. Linux)

• DeCSS – program to unprotect any DVD

• Law again used to fight this

• But – issues with Fair Use

© Jan Feyereisl

G53SEC

2124/04/08

Copyright – Information Hiding:

• New DVD protection techniques developed

- copyright marking

• Based on information hiding

- a technique that enables data to be hidden in other data

• Copyright marks – marks hidden unobtrusively in digital video, audio and artwork

- Watermarks

- Steganography – message existence undetectable© Jan Feyereisl

G53SEC

2224/04/08

Copyright – Information Hiding:

• Roots in Camouflage

• Greek Persian war - Tattoos on slave’s heads

• Francis Bacon (15th Century)

- binary message in books by alternating font

• Many consider information hiding more important than enciphering it – e.g. military, criminals

© Jan Feyereisl

G53SEC

2324/04/08

Copyright – Information Hiding:

• Embedding schemes

- Hiding message in the least significant bit

- Hide message at locations determined by key

- Modern version – hides message in .gif files

- Using characteristics of a media (e.g. echoes)

- Spread spectrum encoding

• Introduction of noise or distortion causes problems

- e.g. with lossy compression

© Jan Feyereisl

G53SEC

2424/04/08

Copyright – Information Hiding:

• Attacks on marking schemes:

- Many marks additive

- If all video frames carry same mark, averaging them yields the mark

- Steganalysis techniques exist

- Attacks exploit particular media (e.g. browser)

- Suitably chosen distortions

© Jan Feyereisl

G53SEC

2524/04/08

Privacy Mechanisms:

• Not a major issue in non-digital world

• Some communications were deniable

• Very difficult in digital world

• Anonymity in a similar situation

- e.g. Online payments

© Jan Feyereisl

G53SEC

2624/04/08

Privacy:

• Confidentiality

- Keeping information secret due to obligation to a third party

• Privacy

- Ability to control the dissemination of information about oneself

© Jan Feyereisl

G53SEC

2724/04/08

Privacy – Content Hiding:

• Hiding the content of messages

• example – Pretty Good Privacy (PGP)

• encryption only part of the solution

• Governments can request keys

• Rubber Hose Cryptanalysis – police simply beats the key out of you

• Encryption use may mark your message for traffic analysis

© Jan Feyereisl

G53SEC

2824/04/08

Privacy – Content Deniability:

• Destroying keys is not enough

• Existence of protected material sufficiently suspicious

• If message well hidden (steganography), no one knows of its existence

• Steganographic file systems exist

© Jan Feyereisl

G53SEC

2924/04/08

Privacy – Association Hiding:

• The fact that communication between two parties exists is enough to raise suspicion

• Criminals – emphasis on anonymous communication rather than encryption

• Legitimate uses - Anonymous helplines

- abuse victims

- whistleblowers

- police informants

© Jan Feyereisl

G53SEC

3024/04/08

Privacy – Association Hiding:

• Existing technologies

• Anonymous remailers

• Crowds – users group together and do web page forwarding for each other

• Anonymizing proxies – caches keep logs though

• Internet Café’s

• Web based e-mails

• Implementing high-quality anonymity is hard

• Also due to market demands for data

© Jan Feyereisl

G53SEC

3124/04/08

Privacy – Association Deniability:

• Merchants build marketing profiles

• Transactions that you make will be linked to your profile

• Solution:

Electronic equivalent of cash?

- A payment medium that is anonymous, untraceable, and unlinkable

• Digital Cash – customer’s relationship with a merchant only revealed by customers

• Not in the interest of retailers!

© Jan Feyereisl

G53SEC

3224/04/08

Privacy – Other Issues:

• The right to remain ignorant

- the right not to know something

• Location Security

- GSM services

• Peer-to-Peer

- Illegal material distribution

• Subversive Group Computing

• Abuse – Spam, Identity theft, etc…

© Jan Feyereisl

G53SEC

3324/04/08

Summary:

• Copyright

• Privacy

© Jan Feyereisl