Is French HADOPI law dead? (3)

Posted on November 4, 2008 by wunderbarb

The story about HADOPI continues. On 31st October, French Senate, the upper parliamentary chamber, has voted with a huge majority the law “Création et Internet”. This law allows the implementation of the graduated riposte. An amendment has been appended that would restrict the blocking to a given set of services. Mrs ALBANEL, the French minister of Culture, announced that HADOPI would not stop access to phone and TV services (if possible).

Nevertheless, it is still not clear if this law is not overruled by the EU amendment 138 (see Is French HADOPI law dead?)

More information about this law will be available in next next security newsletter (due in less than two weeks).

Civolution

Posted on October 29, 2008 by wunderbarb

Civolution is a new spinoff of Philips. Civolution will manage all the identification solutions from Philips. It encompasses MediaHedge the platform dedicated to content identification on Internet (based on fingerprinting technology) and Teletrax the platform for broadcast metering (based on the watermark technology). Of course all the watermarking activities, for instance DCI, are part of Civolution.

The new company was launched on 20th October 2008. It would be interesting to know if all the corresponding team of Natlabs did follow. In any case, HAITSMA Jaap followed. He is the CTO of the new entity.

Feedback from ACM DRM Workshop

Posted on October 28, 2008 by wunderbarb

On Monday, I attended the 8th ACM DRM workshop. Here are my feedbacks on this workshop.

There were two invited talks.
KAHN Robert (from CNRI) presented The role of identifiers in information access . The talk was about the Digital Object Architecture (DOA). The idea behind that is to redraw Internet from a communication centric system to a digital object centric system. Every digital object would be identified by a unique handle and servers/proxies would resolve it and provide the actual location of repository (reminds you something :Wink:?, Kahn is behind TCP/IP). This is what is used for DOI.
The link with DRM? The message was that it is important to separate the terms and conditions (expressed as metadata) from the actual enforcement. I fully agree. . His attempt to apply it to the Broadcast Flag was more dubious.

The second invited speaker was YACOV Yacobi. He is the lead of Microsoft’s anti-piracy group. He presented Content Identification He tackled three issues: piracy versus counterfeiting, new DRM and economics of fight against counterfeiters. His distinction between pirated goods and counterfeited goods seemed not extremely good to me. A counterfeited good is a physical good that looks like the original and is sold at about the same price. Thus, the sorting is mainly on the price.
His new DRM approach was the use of media hashing (what we currently call fingerprinting or perceptual hash). Clearly, he was not aware of the state of the art in the field, both about existing solutions, and approaches like the one proposed by Philips many years ago.
In the last part, he presented a complex modeling of economics to determine the optimal effort in counterstriking counterfeiters. It would have been more interesting to focus all his presentation only on this topic.

About the other papers:
JIN Hei (IBM) presented Adaptive traitor tracing for anonymous attack. The starting point is the sequence keys traitor tracing scheme of AACS. It was an extensive analysis on how many movies you had to retrieve to safely incriminate one infringer within a non cooperating coalition. The figures are still very high. As we stated many years ago, sequence keys will probably never be useful in AACS. Furthermore, the analysis assumes that the infringer does not collude content with other members. Would I be an attacker, this is what I would do. Nevertheless, nice theoretical work using probability.

YUNG M. (Microsoft) presented Public-key traitor tracing from efficient decoding and unbounded enrollment . A traitor tracing scheme based on El Gamal. I will let Marc JOYE comment :Wink:

JAMKHEDAR Pramod presented Formal Modeling of Rights. He proposed a scheme that should encompass any Rights Expression Language. Compared to the work of GUTH or CHONG, there is the addition of obligations inside the model. Obligations are external conditions that have to be accomplished prior to granted this action.

DOERR (with Ton KALKER) presented Design rules for interoperable domains – Controlling content dilution and content sharing . It was a presentation of two interesting concepts of CORAL: the rights token (a REL that is independent from the DRMs) and management of domains. The most interesting part was the ideas on how to control the size an dilution. He proposed three mechanisms: proximity, cardinals, and time-out. I think that we did not dare to embed time-out for contents within DVB-CPCM. I am not sure that people would appreciate.

Discussions were extremely interesting. Long discussion with the representative of EFF (but that is another story)

And of course, I presented my paper A Four Layer Model for Security of DRM

The Global Anti Piracy day

Posted on October 23, 2008 by wunderbarb

On 21st October, Microsoft launched an initiative called the global anti piracy day. The objective was to launch enforcement actions and education programs in 49 countries. See the Microsoft’s press release. This Global anti piracy day did not attract a lot of interest from media. Nevertheless, The Pirate Bay brought its “contribution” to this day. See Pirate Bay’s doodles.

More seriously, better awareness of the consequences and risks of counterfeiting and piracy is an important tool. It would be perhaps more interesting to have combined initiatives with many industries suffering piracy. It would be interesting to demonstrate the risks people take by using pirated, counterfeited goods (virus, fake devices, litigations, …) At the early day of CPTWG, the motto was “Keep honest people honest”. Increasing awareness is going in this direction.

SMS and spam

Posted on October 22, 2008 by wunderbarb

Yesterday, Luc CHATEL, the French minister of Industry and Consumption announced an initiative to stop spam on SMS. When receiving an alleged spammed SMS, user may forward it to a call center at number 33700.

How it will operate exactly is not extremely clear. The numerous comments from media described a simple method. When entering more in the details (see diagram ), the system is far more complex.
The number of the spam’s emitter will not be transferred with the first transfer. The user just receives an acknowledgment. OPTIONALLY, the user may forward the message a second time, at the same number 33700. Only then, the caller ID of the spam’s emitter will be transmitted. After the second “call”, the system starts to analyze and eventually trigger retaliation against the spammer.

An important information: the call to 33700 is not free. It costs the price of an SMS! When asked why this number was not free, the minister answered (interviewed by Jean Luc Hess on Radio Classique 22 October)that there were three potential entities that could pay for the service: the state, the telco operators, or the consumers. He preferred to put the burden on consumers. He considered it as a good citizen action.

This will simply not work, for at least two reasons:
– The two-step process is a non sense from usability point of view. How do you want the people to make a mental model of this system? Why should the user call twice the same number? I looked for a rationale. the best one I found was to restrict the number of starting analysis, thus reducing cost. Would each call trigger a human action, it would soon become too costly.
– Once more the economic incentives are not aligned. The person who suffers from the threat (spam) is also bearing the cost of the spotting. the entities that indirectly benefits from SMS spams, i.e. telco operators do not bear the cost of the countermeasures. Misaligned incentives generate failed security system.

33700 is probably a nice propaganda tool but will never be an efficient anti-spam tool. :Wink:

Homebrew: deeper and deeper

Posted on October 21, 2008 by wunderbarb

One of the most active hacking communities is the homebrew addict. They attempt to be able to run their own software, so called homebrew, on proprietary game consoles. And they are successful on many platforms: XBOX, Wii, iPhone, … Sony was smart when designing PS3. It allowed to run homebrew linux applications. This may perhaps explain the current resistant to hack. The homebrew community does not need to reverse engineer it.

To run their homebrews, they have to reverse engineer the system of the console. Although their aim is not to hack the games, they provide precious information to the game hacking community.

Latest exploit is for the Wii. Twizzer team is currently designing a hack, so called bootmii, that replaces Nintendo’s boot by their own boot. In other words, it will be the hacked boot that will control the console. Thus, it may come below the radar of Nintendo patches and upgrades. 🙁

They analyzed the chain of trusted boots and detected the first element of the chain that could be replaced (in this case boot2). And due to a bug that allows to illegally sign a piece of code, they replaced boot2 by bootMii. BootMii is not yet finalized. BootMii will be an extraordinary hacking tool for the Wii.

Nintendo may fix the signature bug. But it will only impact the future deployed products. The bug is in the non rewritable part of the deployed consoles.

Conclusion: Examine carefully your business model when eliminating howmebrew applications from the feature list.

Is WIFI still secure

Posted on October 19, 2008 by wunderbarb

This week, several news seemed to shake the basement of WIFI security. The first news was about WPA/WPA2 and the second one about WEP.

ElcomSoft is a company that designs tools to retrieve lost passwords. Their latest product adds two new features. First, it distributes the workload on distributed computers. Second, it may use NVidia Graphical Processing Unit (GPU) to gain a factor 20 in processing time compared to simple CPU. They announced a gain of 100 for cracking WPA/WPA2 passwords.

Of course, immediately the press has “reported” this exploit without often many insights. I have even seen some blogs reporting a gain of 10,000. The “exploit” of ElcomSoft is to use GPU and distributed computing. This is not new. Remember the use of several PS3 with cells to create collisions for SHA1 (See Security Newsletter #9). ElcomSoft still uses brute force against WPA/WPA2. Thus, good luck and a lot of patience.

The second news is that a Japanese researcher, Masakatsu MORII, who succeeded to crack WEP key in less than 1 second. He announced this exploit at CSS2008. The Japanese presentation is available at http://srv.prof-morii.net/~morii/image/CSS2008/CSS081010_WEP_slide.pdf (password WPE2008). We will have to wait some time to get an English version. It will be interesting to analyze the attack to see if it opens new methods to break keys. He drastically accelerated compared to the last exploit at 6 minutes. Nevertheless, WEP is considered for many years as too weak to protect Wifi. This is just nailing once more WEP’s coffin.

Was security of Wifi reduced this week? Clearly not with these announcements. The first one seems to be more a promotional trick to increase awareness of ElcomSoft. The second one hacks an already dead algorithm. By the way, check that you do not use WEP to protect your personal wireless network. I am sure you are already using WPA2

The blog of content protection

A site managed by Eric Diehl

Author Archives: wunderbarb