G53SEC 1 24/04/08 Copyright and Privacy “Most people don’t even know what a rootkit is so why should they care about it?” Thomas Hesse, President, Global digital business, Sony BMG © Jan Feyereisl
Dec 15, 2015
G53SEC
124/04/08
Copyright and Privacy
“Most people don’t even know what a rootkit is so why should they care about it?”
Thomas Hesse, President, Global digital business, Sony BMG
© Jan Feyereisl
G53SEC
224/04/08
Today’s Lecture:
• Introduction
• Copyright
- Software, Books, Audio, Video
- DVD
- Information Hiding
• Privacy Mechanisms
- Content Hiding, Deniability
- Association Hiding, Deniability
- Other Issues
© Jan Feyereisl
G53SEC
324/04/08
Introduction:
• Control of Information - at forefront of government concerns for centuries
- Press censorship
- Information warfare
• Control of Copyright – Concern for authors of literary, film and music copyright owners (“Holywood”)
- An issue of wealth creation
© Jan Feyereisl
G53SEC
424/04/08
Introduction:
• At system level
- Copyright
- Censorship
- Privacy
© Jan Feyereisl
Access Control Issues
G53SEC
524/04/08
Introduction:
• How is Copyright and Privacy linked?
• Unprotected resources:
- freely distributable
- no payment to creators
- any action to stop dissemination futile
• Protected resources:
- encrypted content
- decrypted using a key obtained from license server
- key bought using private information© Jan Feyereisl
G53SEC
624/04/08
Copyright:
• Obsession of the film, music and publishing industries
• It didn’t start with the internet
- Tax for blank tapes
- Royalties for books in libraries
- Introduction of photography
- fear of book publishers that their trade is doomed
© Jan Feyereisl
G53SEC
724/04/08
Copyright:
• Past
- protected by cost of small scale duplication
- cheaper to buy than duplicate
- large scale duplication traceable
• Then
- cost barrier eroded by photocopiers, recorders
- basic economics not changed
© Jan Feyereisl
G53SEC
824/04/08
Copyright:
• Now
- digital world is changing this
- copyright sometimes based on physical device
- most copyright control moving towards registration
- this however undermines privacy
© Jan Feyereisl
G53SEC
924/04/08
Copyright - Software:
• Early software given away for free with hardware
• IBM setup sharing scheme (1960s)
• Software copyright not an issue
• Introduction of software packages
- Code either stolen or re-implemented
• Software birthmarks – features of how an implementation is done (e.g. Course-marker)
• Hardware identifiers – processor serial number
© Jan Feyereisl
G53SEC
1024/04/08
Copyright - Software:
• Time bomb
• Introduction of microcomputers – start of piracy
• Technological techniques
- dongle – physical device attached to pc
- copying resistant software – e.g. bad sector
- pc identification by hardware (Windows XP)
• Psychological techniques
- embedded company/user name
- stories of failures due to missing patches
- early Microsoft scare example© Jan Feyereisl
G53SEC
1124/04/08
Copyright - Software:
• Games market moved to physical protection
• Software protection became harder
• Protection a nuisance – dongle conflicts, etc..
• Viruses – need for software hygiene
• Certain level of piracy good
• Technical support increasingly important
© Jan Feyereisl
G53SEC
1224/04/08
Copyright - Software:
• Industry moved to legal solutions
- to enforce
- to limit – time bombs illegal
• Industry now moving back to technical mechanisms
• e.g. License servers – like dongles
• Current model
- Combination of technical and legal measures
© Jan Feyereisl
G53SEC
1324/04/08
Copyright - Software:
• Latest development
Online registration:
- Keeps logs of everyone using the software
- Privacy implications
• Increasingly changes of business model apparent
• Free limited version (shareware, demos)
• Free version to universities (Unix)
• Free version to individuals
• Free software, paid service (Linux)© Jan Feyereisl
G53SEC
1424/04/08
Copyright - Books:
• In 1800 around 80,000 frequent readers in England
• Most books philosophical or theological
• After invention of the novel – mass market emerged
• Libraries sprung up to service this demand
• Educated classes appalled
• Printers frightened of libraries
• 1850 – number of readers 5,000,000
• Sales of books soared, partially due to libraries
© Jan Feyereisl
G53SEC
1524/04/08
Copyright - Audio:
• Audio pirated much longer than software
• e.g. Paganini in 17th Century
• Cassettes
- tax, technical measures (spoiler tone)
- not a great problem due to loss of quality
• Digital Audio Tape
- Serial copy management system
- Recorders did not implement it
- Not widespread© Jan Feyereisl
G53SEC
1624/04/08
Copyright - Audio:
• Recently a headline concern due to MP3
- previously digital audio too large
- MP3 compresses this into manageable size
- in 1998 40% of MIT traffic due to MP3 traffic
- no royalties paid to copyright owners
• Initially industry focused on technical fixes
- Alternative audio compression
- copyright protection mechanisms (DRM)
- but unsuccessfully© Jan Feyereisl
G53SEC
1724/04/08
Copyright - Audio:
• Unsuccessful due to
- PC an open platform
- backward compatibility issues with hardware solutions
- Many CD’s already sold – effectively master disks
• Next step was to sue
- Web sites allowing MP3 sharing
- Sharing technologies attacked (Napster etc..)
© Jan Feyereisl
G53SEC
1824/04/08
Copyright - Video:
• Similar situation to audio
- Industry’s fear of home viewing
- Technical solutions created (e.g. Macrovision)
- Easily defeated
- Fear of video rental stores
- Rental stores increased VCR sales
- Business model changed so that Theatre releases only an advertising campaign for later video releases
- Eventually problem reduced to industrial counterfeiting
© Jan Feyereisl
G53SEC
1924/04/08
Copyright - DVD:
• Again Hollywood worried
• DVD must have a suitable copyright protection
• Content Scrambling System (CSS) introduced
• Regions introduced – broken first
• CSS known to be vulnerable at time of release
• Key too short (possibly due to U.S. export restrictions)
• Story - developers had 2 weeks for CSS
• CSS still in court© Jan Feyereisl
G53SEC
2024/04/08
Copyright - DVD:
• CSS depended on algorithm kept secret
• Impossible due to
- CSS design
- Player manufacturing
- PC an open platform (e.g. Linux)
• DeCSS – program to unprotect any DVD
• Law again used to fight this
• But – issues with Fair Use
© Jan Feyereisl
G53SEC
2124/04/08
Copyright – Information Hiding:
• New DVD protection techniques developed
- copyright marking
• Based on information hiding
- a technique that enables data to be hidden in other data
• Copyright marks – marks hidden unobtrusively in digital video, audio and artwork
- Watermarks
- Steganography – message existence undetectable© Jan Feyereisl
G53SEC
2224/04/08
Copyright – Information Hiding:
• Roots in Camouflage
• Greek Persian war - Tattoos on slave’s heads
• Francis Bacon (15th Century)
- binary message in books by alternating font
• Many consider information hiding more important than enciphering it – e.g. military, criminals
© Jan Feyereisl
G53SEC
2324/04/08
Copyright – Information Hiding:
• Embedding schemes
- Hiding message in the least significant bit
- Hide message at locations determined by key
- Modern version – hides message in .gif files
- Using characteristics of a media (e.g. echoes)
- Spread spectrum encoding
• Introduction of noise or distortion causes problems
- e.g. with lossy compression
© Jan Feyereisl
G53SEC
2424/04/08
Copyright – Information Hiding:
• Attacks on marking schemes:
- Many marks additive
- If all video frames carry same mark, averaging them yields the mark
- Steganalysis techniques exist
- Attacks exploit particular media (e.g. browser)
- Suitably chosen distortions
© Jan Feyereisl
G53SEC
2524/04/08
Privacy Mechanisms:
• Not a major issue in non-digital world
• Some communications were deniable
• Very difficult in digital world
• Anonymity in a similar situation
- e.g. Online payments
© Jan Feyereisl
G53SEC
2624/04/08
Privacy:
• Confidentiality
- Keeping information secret due to obligation to a third party
• Privacy
- Ability to control the dissemination of information about oneself
© Jan Feyereisl
G53SEC
2724/04/08
Privacy – Content Hiding:
• Hiding the content of messages
• example – Pretty Good Privacy (PGP)
• encryption only part of the solution
• Governments can request keys
• Rubber Hose Cryptanalysis – police simply beats the key out of you
• Encryption use may mark your message for traffic analysis
© Jan Feyereisl
G53SEC
2824/04/08
Privacy – Content Deniability:
• Destroying keys is not enough
• Existence of protected material sufficiently suspicious
• If message well hidden (steganography), no one knows of its existence
• Steganographic file systems exist
© Jan Feyereisl
G53SEC
2924/04/08
Privacy – Association Hiding:
• The fact that communication between two parties exists is enough to raise suspicion
• Criminals – emphasis on anonymous communication rather than encryption
• Legitimate uses - Anonymous helplines
- abuse victims
- whistleblowers
- police informants
© Jan Feyereisl
G53SEC
3024/04/08
Privacy – Association Hiding:
• Existing technologies
• Anonymous remailers
• Crowds – users group together and do web page forwarding for each other
• Anonymizing proxies – caches keep logs though
• Internet Café’s
• Web based e-mails
• Implementing high-quality anonymity is hard
• Also due to market demands for data
© Jan Feyereisl
G53SEC
3124/04/08
Privacy – Association Deniability:
• Merchants build marketing profiles
• Transactions that you make will be linked to your profile
• Solution:
Electronic equivalent of cash?
- A payment medium that is anonymous, untraceable, and unlinkable
• Digital Cash – customer’s relationship with a merchant only revealed by customers
• Not in the interest of retailers!
© Jan Feyereisl
G53SEC
3224/04/08
Privacy – Other Issues:
• The right to remain ignorant
- the right not to know something
• Location Security
- GSM services
• Peer-to-Peer
- Illegal material distribution
• Subversive Group Computing
• Abuse – Spam, Identity theft, etc…
© Jan Feyereisl
G53SEC
3324/04/08
Summary:
• Copyright
• Privacy
© Jan Feyereisl