rdist

October 4, 2007

DRM is passive and active

Filed under: Security,Software protection,Windows — Nate Lawson @ 5:00 am

In a post regarding DRM (based on another post), Alun Jones of Microsoft says:

“Passive DRM protects its content from onlookers who do not have a DRM-enabled client. Encryption is generally used for Passive DRM, so that the content is meaningless garbage unless you have the right bits in your client. I consider this ‘passive’ protection, because the data is inaccessible by default, and only becomes accessible if you have the right kind of client, with the right key.

Active DRM, then, would be a scheme where protection is only provided if the client in use is one that is correctly coded to block access where it has not been specifically granted. This is a scheme in which the data is readily accessible to most normal viewers / players, but has a special code that tells a DRM-enabled viewer/player to hide the content from people who haven’t been approved.”

The whole problem is his two categories are a false distinction. You can’t arbitrarily draw a line through a system and say “this is passive, this is active.” For your CSS example, if you consider a given player’s decryption code along with an arbitrary encrypted DVD, you have a system with both active and passive elements. If you leave out either of those elements, you have a disc that won’t play or a player with no disc, the only perfectly secure system (assuming your cryptography is good.)

When judging the efficiency of new compression schemes, the size of the decoder is added to the size of the compressed data to get a fair assessment of its efficiency. Otherwise you could win contests with a one-byte file and a 10 GB decoder program that simply contains all the actual data.

Whichever way you design a system, complexity is being pushed from one party to another but never eliminated. For DVD, where most of the complexity is in the player, there is a huge variety of player implementations that each have their own bugs. The author of every disc needs to test against many combinations of players because of that problem.

Likewise, if you push the complexity onto the disc by including executable code there, the player gets simpler but the disc could be buggy. However, in that case, the content author will get a bad reputation for the buggy disc (see the Sony rootkit fiasco he mentions).

This doesn’t just apply to DRM. While he might consider a MPEG4-AVC video file as “passive” in his terminology, it is really a complex series of instructions to the decoder. Look at the number of different but valid ways to encode video and you’ll see it’s closer to a program than to “passive” data.

Now in his definition for “Active DRM”, he is not actually describing the general class of software protection techniques. He is describing a system that is poorly-designed, often due to an attempt to retrofit DRM onto an existing system without it. Of course it makes sense that if you have two ways to access the content, one with DRM and the other without, the additional complexity makes no sense to the end-user or mass copiers. It may make economic sense to the content author, but they have to weigh the potential risks to their business also (annoying users vs. stopping some casual copying.)

Even assuming his terminology makes sense, the Windows Media Center system he references is actually a combination of “active” and “passive”. The cable video stream is encrypted (“passive”), and the Windows DRM component is “active”. In particular, it has a “black box” DLL that checks the host environment and hashes various items to derive a key, hence the problem.

All I can distill from what Alun says is “an unprotected system is made more complex by adding DRM.” I agree, but this doesn’t say anything larger about “active” versus “passive” DRM.

Full disclosure: I was previously one of the designers of the Blu-ray protection layer (BD+), a unique approach to disc protection that involves both cryptography and software protection. You can consider me biased, but my analysis should be able to stand on its own.

4 Comments

  1. I’ve obviously failed to communicate a number of things:
    1. I am not “of Microsoft” by any means.
    2. I am fully aware that in any DRM system, there is an ‘active’ and a ‘passive’ component.
    3. My attempt to give names to different types of DRM refer to whether the content is securely protected when it’s just laying there (“passive”), or whether it’s only protected when you’re running the DRM component (“active”).
    So, if you encrypt a file, and hand me the encrypted bits on a disk, that’s what I would call “passive DRM”, because its protection does not require me to be running the DRM client code. Only its unlocking requires me to run the DRM client code (or a reasonable facsimile thereof) and get a key. Killing the DRM client code restores the protection – it has “defence in death”.
    If, on the other hand, you place the file unencrypted on the disk, but expect my file reader to obey a flag in the file’s header to not display it, then that’s what I would call “Active DRM”, because the protection requires that the DRM client code is active. Killing the DRM client code removes the protection.
    That latter kind of DRM can only function in an environment where users can be prevented from _not_ running the DRM client code. This is why you see irritating (and sometimes successful) attempts by various content producers to pass legislation that prevents users from choosing what software to run – or not run – on their own machines.
    Sure, you can say that there’s a continuum between these two extremes – and that the fact that “passive DRM” requires a key to be given to the client certainly makes it possible to hack – but I think the distinction is worth making.
    So, now that I’ve further explained myself, do you agree with me that there is a valid distinction between the two types of protection? Are we simply quibbling about names?

    Comment by Alun Jones — October 15, 2007 @ 7:49 pm

  2. Thanks for the reply. I see you used to work at Microsoft but don’t any more. Sorry for the mistake.

    My main issue is that you picked two arbitrary DRM schemes and then defined a terminology based on them. I’ll call the two approaches “ProtectionX” and “Assassin” instead of “active” and “passive”, respectively.

    1. Encrypted file + DRM client (“ProtectionX”): DRM client attempts to verify environment before decrypting file. Assumes file is encrypted with standard symmetric crypto so that it can’t be retrieved without at least one instance of DRM client.

    2. Unprotected CD + autorun assassin software (“Assassin”): CD is unprotected 16 bit samples readable by standard consumer grade equipment. In one specific environment and configuration (Windows with autorun), the assassin program runs and attempts to interfere with any attempt to copy data.

    What I’m trying to tell you is that your example of a file with a flag that says “do not copy” or a disc with autorun assassin software that is otherwise unprotected is a special case. It’s an attempt to retrofit some kind of client-side control onto a format that doesn’t already have it, not a type of pre-defined DRM.

    No one, especially content producers, asks for an unprotected format and assumes they’ll bolt on something later. All you’re seeing is the fact that some formats made it out of the gate without protection (CD) or were weak and eventually broken (DVD-CSS). In those cases, some people make the effort to add optional “assassin” software, even if it only slows down some small percentage of users.

    You and I both agree that this is ineffective, easily bypassed, and can interfere with legitimate use. But some companies have analyzed the cost/benefit tradeoff and based on that information continue to deploy this approach rather than accept the alternative (do nothing).

    Side note: the reason why this subject is particularly important to me is that some people are already using the concepts “active” and “passive” in terms of DRM. The claim is that crypto-based systems (i.e., AACS) are “passive” and software protection (i.e., BD+) are “active”. This is nonsense since you have to consider the software that decrypts the disc part of the system, and thus there are no true “passive” systems.

    Comment by Nate Lawson — October 18, 2007 @ 7:38 am

  3. Makes sense – type 2 is no DRM at all, in essence. Whether it’s a “broadcast flag” on television, or a CD with an executable root-kit, there are legitimate systems that won’t even see that the content should be protected, and the temptation to deal with that is to somehow outlaw such systems.
    It’s effectively already happened – while multi-region DVD players are common and inexpensive in the UK, in the US, I find it difficult to find a player that is advertised as multi-region. While they’re clearly not illegal, the marketplace here has somehow been coerced into making them unavailable.
    Maybe my proposed two types should be “DRM” and “not DRM” :)

    Comment by Alun Jones — October 18, 2007 @ 10:03 am

  4. Well, it’s some kind of restriction, although it’s certainly not in the same class as something designed to be DRM from the beginning. It’s similar to people saying XOR with a constant is “encrypting the data” — nowhere near accurate. In that case, I call it “masking the data” since it is slightly transformed. So what’s the term for “unprotected, but with a couple speedbumps bolted on the side”?

    Comment by Nate Lawson — October 22, 2007 @ 8:50 am


RSS feed for comments on this post.

Blog at WordPress.com.