Dave's Bit Bucket

Comments on Peter Gutmann's Vista paper

I've been reading Peter Gutmann's thought-provoking paper, "A Cost Analysis of Windows Vista Content Protection". It's startling stuff, and I recommend it to anyone.

It has raised a few questions in my mind which Gutmann doesn't cover, however, and I think they are worth making a note of:

• Many of the security measures discussed - particularly driver revocation - are predicated on the Vista box having an unfiltered connection to the Internet. What happens if the box doesn't have a network connection, or is on a physically isolated network, or is on a network behind a firewall which blocks traffic to or from microsoft.com addresses?
• There's a very interesting piece of breaking news (well, rumour) on the Schneierblog about AACS having been cracked, which also suggests that Internet connectivity is mandated for Blu-Ray player appliances - I think that enforcing this is almost impossible, given the ability to set the player's real-time clock...
• "Tilt bits" and matters of electrical tolerances between motherboards, power supplies and add-on cards will generate lots of false positives, as Gutmann suggests. I can not only say that the idea is basically insane, but I can also see hardware manufacturers refusing to implement tilt bits, or more likely, faking their functionality.
• Hardware Functionality Scans will, similarly, be faked. I don't see it being possible to stop such behaviour being emulated.
• I wonder whether folk who make things with S/PDIF out will be interested in Meridian High-Resolution Interconnect (MHR) smart link, this being (AFAIK) the only consumer digital high-res interconnect approved by the DVD consortium, and used as the interconnect between Meridian's DVD players and surround processors?
• Rather than spin a dedicated design for every card variant in order to meet "hardware robustness rules", I'd expect many manufacturers will instead adopt some of the methods used in Hardware Security Modules intended to meet reasonable levels of FIPS 140-2 certification, and start by covering their production boards in potting compound...
• Does all this "hardware robustness" for cards, as well as motherboards, give the lie to Trusted Computing? Or is the idea that every data-carrying device will have a TPM, eventually? I also hear anecdotally that the new Intel-based Macs don't have a TPM built-in, which makes me wonder...
• "System high" policy can be handled much more elegantly if you have an environment which is able to deal with labelled data. While Solaris 10 Trusted Extensions can do this, what the article describes is effectively that the content of one's label_encodings, user_attr and exec_attr files are dictated by content providers rather than system owners... and this simply can't work.

Overall, I agree with Gutmann that what is being attempted is fundamentally impossible - although I don't agree with all the consequences he draws. Further, I believe that software vendors have no right to dictate what hardware vendors produce. I also must say that Note C made me grin, being Gutmann's view on DRM.

Finally, I can't see any Sun hardware ever being certified to run Vista, since the apparent need (as described in the article) to keep hardware details secret goes against our philosophy (even SPARC is famously open-source, see VHDL for a SPARC v8 implementation and our own Verilog of the T1 SPARC v9). However, as Vista appears to be Desktop-centric (have you seen any whispers of a server version?), this will only hit some of our workstation business - given the nature of the environments in which Sun Rays are used, I don't see a problem there.

Applying reductio ad absurdum, if Sun was to produce a Vista-certifiable desktop box, it might might not be able to run Solaris (and certainly not OpenSolaris) as a consequence of its Vista-certifiability - or maybe killing non-Microsoft operating systems on generic x86 and x64 platforms is, again, Microsoft's real aim here?

Update:

Have just found out rather more about the Blu-Ray and other general HD DVD protection mechanisms courtesy of this fine article at Ars Technica. It turns out that Blu-Ray disks can contain not only media, but also firmware updates which can rework your player's crypto implementation. Internet connectivity therefore isn't required; "all that needs to happen" is for folk to buy new disks regularly. This is cunning, but still far from foolproof - and is, as you'd expect, also subject to potentially unfortunate side-effects.

Further Update:

It would appear that the rumoured AACS crack is true; the HD DVD image of Serenity has made it onto BitTorrent.

Even Further Update: AACS processing keys have been cracked. Therefore, every BluRay and HD-DVD disk can now be copied. Thank you, DRM, and goodnight.

(2006-12-29 07:28:36.0) Permalink Comments [2]

100 Things we Didn't Know This Time Last Year...

The BBC's traditional pick of the year's offbeat news stories, can be found here.

(2006-12-29 03:27:45.0) Permalink Comments [0]

Third-worst journey on public transport ever...

Just before Christmas, I was called up to Blackpool to do some very, very short-notice security work for a customer. This was all arranged at such short notice that I found out at about 11:00 on Tuesday last week that I needed to be on-site first thing Wednesday morning, so as the Aston is currently being serviced, the roads were congested with holidaymakers and Blackpool is a shade over 250 miles from home, it was decided that flying would probably the best idea.

In hindsight, I'm not so sure. Blackpool has a small international airport, but the only flights to it from anywhere near me go from Stansted (100 miles away), twice daily (1 rather early, 1 rather late)... the outbound flight was delayed by 1.75 hours, and so I arrived at my hotel at around midnight.

I managed to get things on-site completed to the customer's satisfaction at about 16:00 on the Thursday, so was left with 6 hours to kick my heels before expecting to be on my way home. Fortunately, I'd brought a good thick book with me (Michael Palin's Diaries, 1969-79, "The Python Years") anticipating this eventuality.

What I didn't anticipate, was the flight being cancelled.

Blackpool airport is, as mentioned, small. In fact, it isn't even open 24 hours a day. The hotel I'd stayed at was closing down for Christmas as I was checking out of it, so there was no chance of trying to get back in, it wasn't possible to curl up on a row of seats in Departures (see 24h note above), and the chances of finding a tourist office or random hotel reception open at 23:30 (when the cancellation was announced, for a flight supposed to depart at 22:00) are slim. RyanAir assumes no responsibility for repercussions associated with delays or cancellations, so wasn't about to put their passengers up anywhere.

If it wasn't for finding that one of the staff at the airport cafe knew the guy who ran the local Travelodge and found me a vacancy, I'd have found myself walking the streets in sub-zero temperatures until the airport opened again at 06:00.

This, however, isn't as bad as two other journeys I've had, so at least there's a bright side. I'm not sure which of the other two was worst. One involved having to spend a night on a bench at King's Cross station and having a rather nice workstation containing the primary copy of my Master's thesis stolen while in transit (the trip from Bristol to Cambridge took 17 hours... I had a week-old backup of the thesis too, so while duplication of effort was needed, all was not lost), and the other involved 3 days stuck at a dingy little sub-Travelodge near Sarajevo's snowed-in airport. The place didn't serve food (at the time, neither did the airport) and the staff and I didn't share a common language, so I didn't get to eat for the duration.

Suddenly, Blackpool doesn't seem so bad...

(2006-12-29 03:12:58.0) Permalink Comments [0]