Or so Atari founder Nolan Bushnell would have us believe.
“There is a stealth encryption chip called a TPM that is going on the motherboards of most of the computers that are coming out now,” he said.
“What that says is that in the games business we will be able to encrypt with an absolutely verifiable private key in the encryption world – which is uncrackable by people on the internet and by giving away passwords – which will allow for a huge market to develop in some of the areas where piracy has been a real problem,” he continued.
Although the quote is about games, it is easy to see how this could be made to apply to other forms of media, such as ebooks. The chip is all about providing a totally unique identifier to a computer (similar to the identifier that Mobipocket comes up with when you register a computer with it) and encrypting your content against it. That is what Digital Rights Management is.
It is amusing, in a sad way, to see content producers continue to make these grandiose claims about “uncrackable” DRM. They fail to learn one of the fundamental lessons of history: if you make a bigger lock, someone else will make a bigger key. The CSS system on DVDs was cracked almost immediately. Consequently, HD-DVD and BluRay shipped with much stronger encryption systems, AACS and BD+. First AACS fell, and BD+ was cracked only eight months after a BD+ rep confidently proclaimed that BD+’s encryption would stand for ten years.
And computer programs may not even need a crack. As Shamus Young points out in a post on his blog, Twenty-Sided Tales, the most frequent way that computer games are cracked is simply by editing the executable to disable the subroutine that looks for the key. There may not be a direct analogue to this for books, but a large number of cracks for ebook or iTunes DRM involve working through a client that can legitimately open the content (songs or ebooks that you yourself have purchased) and then copying the unlocked content from within that client. It does not matter how “unbreakable” your encryption is if the copying or other use takes place when the encryption is no longer a factor.
In the end, it all comes down to the simple fact that an encryption scheme where the recipient is also the attacker is fatally flawed from the outset. The sooner content providers realize this and stop wasting their and our time and money pouring it into these hair-brained DRM systems, the better off everybody will be.
Chris writes:
> The chip is all about providing a totally unique
> identifier to a computer
It’s quite a bit more than that, actually.
The concept of a “trusted computing module” (TPM) is that it arbitrates access to hardware services. On a platform protected by a TPM scheme, before an application could display a protected e-book, it would have to provide a valid decryption key for the book to the TPM to gain access to the display. Similarly, an MP3 player would have to provide a key for a protected tune before it would be granted access to the MP3 decoder.
TPM platforms typically include a “secure hash” of the system software in ROM, which is essentially a very large number created by feeding the software through an algorithm with an encryption key. The system recalculates this number at boot time, and if it differs from the one stored in ROM, the system won’t boot. This makes it very difficult to subvert the protection provided by the TPM by modifying the system software.
Third party software is usually required to bear a digital signature before it will be allowed to run in a TPM environment. While this feature has some desirable effects, like preventing malware from running on the system, it also enables the DRM schemes that Chris writes about above. But unlike the numerous software-based DRM schemes that have already been cracked, hardware-based TPM systems are likely to withstand attack for far longer.
I agree with Chris that Mr. Bushnell’s use of the term “uncrackable” is good reason to question his credentials to speak out on this topic. The real experts in the field of computer security readily acknowledge that *all* encryption schemes are vulnerable to attack, and none of them would ever consider using this term. In fact, it’s not even in their vocabulary.
There are definitely ways to attack TPM if it should ever be widely deployed. I doubt it will ever be widely deployed…even non-nerds get it when you tell them your computer manufacturer put a secret chip in your computer that controls what you can and cannot do.
So it’s a PR nightmare, hackers will figure out ways to get around it, and again the people who bear the brunt of this idiocy are the people who actually pay for the game rather than download it.
And this is Bushnell’s big plan? LOL
Speaking without the full context of Bushnell’s comments, lets give him the benefit of the doubt.
The trusted computing infrastructure and TPM in particular aren’t about DRM. While the TPM is, indeed, an encryption engine, it cannot directly be applied to content protection – the device can only be accessed in a proscribed manner.
Instead, the capability is all about “attestation” – verifying that a remote machine is running a particular complement of software. The primary target is enterprise space, where you want to prevent the cleaning stuff from booting systems off USB keys and roaming unfettered over your network.
This verification of remote code is important for games, as multiplayer games struggle against both cheating and piracy. Barring hardware compromises, this could indeed be a *practically* uncrackable method of verifying that users are running unmodified, legally purchased copies of the game. Better yet, this can be done without resorting to the trickery that current copyprotection depends on for defense against software attacks.
However, this is only effective in a real-time, query-response environment. There’s little applicability to DRM that needs to work with offline access – The server can verify the software stack when sending protected content — but once the content and the key are both on the lcoal machine, the same old fatal flaws apply.
“However, this is only effective in a real-time, query-response environment. There’s little applicability to DRM that needs to work with offline access – The server can verify the software stack when sending protected content — but once the content and the key are both on the lcoal machine, the same old fatal flaws apply.”
Exactly. Which is why it’s weird to see Bushnell and others count on TPM-style schemes to make piracy impossible.
I think it threw my previus post away as spam but well heres a shorther repost.
What he’s describing was paladium and oridginally scheduled to be implementet with longhorn(the OS that became vista) but got dropped because both outcry’s and the wery real posibility that the antitrust suits against MS would be elevated to whole new levels.
Paladium would give MS better control over what software you could run on your wintel PC then apple have over the iphone.
Today TPM is only used on linux servers as a rootkit protection layer.