they did just a few years ago. This means that the average PC can now easily
store, record, and play back copyrighted content such as music recordings and
movies.
This change has really brought new players into the protection game
because it has created a situation in which new kinds of copyrighted content
resides inside personal computers, and copyright owners such as record labels
and movie production studios are trying to control its use. Unfortunately, con-
trolling the flow of media files is even more difficult than controlling the flow
of software, because media files can’t take care of themselves like software can.
It’s up to the playback software to restrict the playing back of protected media
files.
This is where digital rights management technologies come in. Digital rights
management is essentially a generic name for copy protection technologies
that are applied specifically to media content (though the term could apply to
software just as well).DRM Models
The basic implementation for pretty much all DRM technologies is based on
somehow encrypting the protected content. Without encryption, it becomes
frighteningly easy to defeat any kind of DRM mechanism because the data is
just a sitting duck, waiting to be ripped from the file. Hence, most DRM tech-
nologies encrypt their protected content and try their best to hide the decryp-
tion key and to control the path in which content flows after it has been
decrypted.
This brings us to one of the biggest problems with any kind of DRM tech-
nology. In our earlier discussions on software copy protection technologies
we’ve established that current personal computers are completely open. This
means that there is no hardware-level support for hiding or controlling the
flow of code or data. In the context of DRM technologies, this means that the
biggest challenge when designing a robust DRM technology is not in the
encryption algorithm itself but rather in how to protect the unencrypted infor-
mation before it is transmitted to the playback hardware.
Unsurprisingly, it turns out that the weakest point of all DRM technologies
is the same as that of conventional software copy protection technologies. Sim-
ply put, the protected content must always be decrypted at some point during
playback, and protecting it is incredibly difficult, if not impossible. A variety of
solutions have been designed that attempt to address this concern. Not count-
ing platform-level designs such as the various trusted computing architectures
that have been proposed (see section on trusted computing later in this chap-
ter), most solutions are based on creating secure playback components that
reside in the operating system’s kernel. The very act of performing the decryp-
tion in the operating system kernel provides some additional level of security,
but it is nothing that skilled crackers can’t deal with.320 Chapter 9