Transcript presentation -PPT

Trusted Computing, Peer-To-Peer
Distribution, and the Economics of
Pirated Entertainment
Peter Scott
Based on paper by S. E. Schechter, R.
A. Greenstadt, and M. D. Smith
Digital Rights Management
• One of the big reasons for pushing trusted
computing is preventing piracy.
• Remote attestation: only play media on
trusted player hardware/software.
• Sealed storage: prevent other programs from
reading media.
• Secure memory: hide player memory from OS
• Secure output: create trusted path from
computer to monitor, speakers, etc.
The Analog Hole
• Problem: video cameras, audio recorders.
• Trusted computing can’t secure sound waves,
or the light coming from a computer screen.
• Upper bound: DRM can never make piracy
harder than making an analog recording.
– It’s not hard to make good-quality analog
recordings, and the cost keeps falling.
Cost of piracy (to pirates)
• Two components of the cost:
– One-time extraction cost e
– Per-copy distribution cost d
• Cost per copy (for n copies total):
Costs depend on technology
• Before high-speed Internet: per-copy
distribution costs dominated.
• Currently: per-copy costs almost 0, extraction
cost very low.
• DRM raises extraction cost, with upper bound
imposed by analog hole.
• Attacking file-sharing raises distribution costs,
with no upper bound.
Attacks on P2P file-sharing
• Gather IP addresses and log their activity. Sue
the top uploaders. (“The nuclear option”)
• Share fake files. Drown out signal with noise.
• Pretend to be other users, to mess up
reputation mechanisms (e.g. share ratio)
• Denial of service attacks, e.g.
– Flood network with search requests
– Mess up network topology information.
Trusted clients only!
• Remote attestation to ensure trusted
client/OS combination.
• Encrypt all connections with securely-stored
session keys, and sign data with keyed hash.
– Prevents snooping, spoofing.
• Use reputation system to prevent DoS attacks
and sharing fake files.
How to stay anonymous?
• How can P2P networks protect against their
uploaders getting sued?
1. Encrypt all data end-to-end.
2. Re-route traffic through intermediate nodes, like
The Onion Router, to foil network analysis.
3. Keep as much of the routing data in secure
memory as possible.
• This all works better with trusted clients.
Example: BitTorrent
• Malicious client connects to central tracker,
gets list of peers. Then:
1. Connect to peers, request download of
copyrighted files.
2. Store all information – filename, IP address,
time, etc., in a database.
3. Do DNS WHOIS search, notify ISP and/or file
lawsuits.
• To prevent: use relay nodes, and trusted
client to prevent network topology discovery.
Relay nodes
• Don’t have Alice send a message to Bob.
• Instead:
– Alice sends message to Tom,
– Tom sends message to Ulysses,
– Ulysses sends message to Veronica,
– Veronica sends message to Bob.
• Encrypt the message so that nobody knows
who’s sending what to whom except for Alice
and Bob. (How?)
Untrusted clients: Onion routing
• Alice comes up with a
sequence of node hops,
• She sends the first relay
an “Onion” data
structure:
– Next node info
– Onion for the rest of
the relays
• Each relay knows only
part of the path.
• Uses layered encryption
Trusted clients: known relay topology
• Route packets in a randomized way.
• Load balance dynamically, for speed.
• Don’t worry about keeping relays in the dark;
they have curtained memory and trusted
software!
• Increases resistance to traffic analysis.
• (Problem: adversaries who can break the TPM.)
Back to the economics
• Trusted computing raises e, to a point.
• It can also lower d, a lot, by making
distribution easier and safer.
• Trusted Computing for DRM may backfire
spectacularly!
Back to the economics
• Trusted computing raises e, to a point.
• It can also lower d, a lot, by making
distribution easier and safer.
• Trusted Computing for DRM may backfire
spectacularly!
Questions?