Advanced Protection Concepts
The reality is that software-based solutions can never be made uncrackable. As
long as the protected content must be readable in an unencrypted form on the
target system, a cracker can somehow steal it. Therefore, in order to achieve
unbreakable (or at least nearly unbreakable) solutions there must be dedicated
hardware that assists the protection technology.
The basic foundation for any good protection technology is encryption. We
must find a way to encrypt our protected content using a powerful cipher and
safely decrypt it. It is this step of safe decryption that fails almost every time.
The problem is that computers are inherently open, which means that the plat-
form is not designed to hide any data from the end user. The outcome of this
design is that any protected information that gets into the computer will be
readable to an attacker if at any point it is stored on the system in an unen-
crypted form.
The problem is easily definable: Because it is the CPU that must eventually
perform any decryption operation, the decryption key and the decrypted data
are impossible to hide. The solution to this problem (regardless of what it is
that you’re trying to protect) is to include dedicated decryption hardware on
the end user’s computer. The hardware must include a hidden decryption key
that is impossible (or very difficult) to extract. When the user purchases pro-
tected content the content provider encrypts the content so that the user can
only decrypt it using the built-in hardware decryption engine.Crypto-Processors
A crypto-processor is a well-known software copy protection approach that
was originally proposed by Robert M. Best in his patent Microprocessor for Exe-
cuting Enciphered Programs[Best]. The original design only addressed software
piracy, but modern implementations have enhanced it to make suitable for
both software protection and more generic content protection for digital rights
management applications. The idea is simple: Design a microprocessor that
can directly execute encrypted code by decrypting it on the fly. A copy-pro-
tected application implemented on such a microprocessor would be difficult to
crack because (assuming a proper implementation of the crypto-processor) the
decrypted code would never be accessible to attackers, at least not without
some kind of hardware attack.
The following are the basic steps for protecting a program using a crypto-
processor.- Each individual processor is assigned a pair of encryption keys and a
serial number as part of the manufacturing process. Some trusted
authority (such as the processor manufacturer) maintains a database
that matches serial numbers with public keys.
318 Chapter 9