Tuesday, August 02, 2005

"Remote Attestation" and content access monopolies

The Trusted Platform Module provides the hardware functionality for digital rights software to provide effective remote attestation and digital key withholding.

Both Microsoft and Apple have plans for media-digital-content-viewers that, at the request of a digital content provider, will not allow the user to view or access specific digital content if the operating system has been modified in certain ways.

Because, for the foreseeable future, it is impossible for the digital rights management software to detect if an individual modification to a particular subsystem is hostile to the goals of the demanded digital rights, all software and subsystems relating to the operating system with storage and input to display will have to be digitally signed by Microsoft or Apple before it can be accepted by the DRM subsystem. Microsoft and Apple are effectively locking the user out from changing parts of the operating environment.

Because it is possible for hackers to read digital keys used to encrypt content direct from the computer's memory, the operating system has to be built with the ability to lock the user from being able to access pages of memory used by the mediaplayer and digital rights management system.

OS based Digital Right Management systems are based on the principle of locking the owner of the computer out of the ability to access sections of memory and disk space used by the DRM mediaplayer systems.

Locking the owner out of parts of the computer has become a major security issue.

Microsoft's Mediaplayer, Active-X ( still used with some DRM ), Real's realplayer, Adobe's PDF viewers, Apple's Quicktime and even Microsoft's and Sun's Java JVMs, have in the past had remotely exploitable vulnerabilities.

OS based DRM combined with TPM based encryption along with enviable future vulnerability holes in media access offers the malware/virus/worm creator the ability to hide a virus from any antivirus tool or live forensic analysis. Existing stealth viruses already have ability to hide the modifications it has made to files, going undetected by antivirus programs. DRM encryption offers the ability for the malware to store content, and without the keys to decode the content, keep it hidden from any forensic analysis.

Crackers and hackers always find ways to exploit the code to access or share protected content. There is not a DRM system that has not been cracked within months of widespread release. The focus on the code use d in such systems also comes to the attention of malware/virus creators. The same holes discovered by those who just want to freely access content may possibly also be abused by those wanting to crack into your computer. Similar holes in other types media viewers, the webbrowser and email programs, are increasingly being used for criminal gain by phishers and spyware makers.

Some vendors reportedly have in the past purposely left backdoors in the source code to allow access by US intelligence agencies. This has not only become a major issue for other countries who fear spying, since discovered backdoors quickly become the criminal's frontdoor into your PC.

Hollywood and the recording industry hold an effective monopoly on a large section of popular content. Both Microsoft and Apple are now offering the ability to content providers to demand that users must use unmodified systems to view said content. It locks you out of parts of your system that will inevitably be abused by third parties wanting to abuse you.