DRM and White-Box Cryptography

Digital Rights Management (DRM) is a termused to refer to the various content protection schemes used by contentproviders to restrict the usage of digital media and devices toauthorized persons. Popular DRM schemes include Apple’s FairPlaysystem, which is used by their online iTunes Store, and Microsoft’sWindows Media DRM. These systems use strong cryptography to protectmedia from being viewed except by hardware or software that have theproper credentials.

For most DRM applications, the trusted media player contains adecryption key that is used to decrypt and play the protected media.This decryption key must be secret and inaccessible to the user.Finding this decryption key would allow someone to decrypt the data andshare it without restriction, defeating the DRM protection. This posesa major problem because the trusted media player is often running on anuntrusted platform: the user’s home computer. Keeping the encryptionkeys used by the trusted media player from being accessible to the useris one of the major challenges faced by DRM. Many so-called secure DRMschemes have failed to live up to expectations by neglecting to keeptheir keys safe. Examples of systems that have been breached includethe CSS copy protection for DVDs and, more recently, the AACS contentprotection scheme that is used on the HDDVD and BluRay optical discformats.

The traditional threat models used for cryptographic applicationsare all black-box attack models. In this type of model, an attacker isassumed to have control over almost everything to do with theencryption; only the secret key and the details of the code’s executionare unknown. With software implementations of DRM, this is not the mostappropriate threat model. For example, the trusted media player forApple’s DRM system, iTunes, can be installed on systems where thepotentially malicious user has complete access to the system as well asa plethora of disassembly and debugging programs that can give themaccess to the inner workings of the program performing thecryptographic operations.

A more appropriate attack model for algorithms used in thesoftware-DRM context is the white-box attack model. In this model, theattacker has full visibility into the software implementation andcontrol over the execution environment. Under such conditions, storingthe private key in memory is not a secure option because the attackerhas access to the entire system during execution.

In recent years, a number of cryptographic implementations haveappeared for symmetric key ciphers such as DES and AES that haveclaimed to be secure in a white-box model. The most common approach isto integrate the key into the encryption algorithm so that thealgorithm performs the encryption properly but the key is never madeexplicit. For a system that protects keys from white-box attackers, thesecret key is inaccessible. In order to use a file protected by such analgorithm, the attacker must either use the authorized program orreverse engineer the entire algorithm. Since reverse engineering anentire algorithm is a much more arduous task than finding a secret key,this makes circumventing copy protection much more difficult.

None of the new techniques have been proven to be secure; however,their initial successes indicate that it may be possible to achieve theseemingly impossible feat of performing an encryption in full view ofan attacker without ever revealing the key. For more information onwhite-box cryptography, see the following papers:

Clarifying Obfuscation: Improving the Security of White-Box Encoding:
http://eprint.iacr.org/2004/025.pdf

White-Box Cryptography and an AES Implementation (2002)
http://citeseer.ist.psu.edu/736207.html