Button Up

News

18.09.2012

Introduction

Almost every developer and publisher of business software (SW) at least once has thought about using in his product some type of DRM-system (Digital Rights Management system). In such case, the final decision on whether to use DRM was made on the basis of analysis of properties of the system, such as its tamper resistance and support of required software distribution business scheme. The analysis shows that these properties are strongly related. This article is dedicated to the consideration of this relation.

Objectives of DRM-system used for software distribution

Before talking about tamper resistance, let us consider the business objectives of a DRM-system designed for the sale of independently operating software1. The most important of these objectives are listed in Table 1. This list is not exhaustive, but other problems are either specific for a particular system (for example, fight against the unfairness of SW distribution partners), or are not interesting from the point of view of tamper resistance (for example, collection of statistics on sales), so they are not included in the table.

Table 1. Business objectives of the DRM-system

Problem

Threats which DRM-system must resist to solve the problem

Notes

Organization of payments

Theft of payment data

-

Protection from illegal distribution

Removing DRM-system code from the application, emulation of a binding object, key generator

 

Copy protection means here providing technical impossibility of running the application without purchasing a license

 

Time limitation of using the application

 

 

 

Expansion of time, counter reset

The license may restrict the calendar period of the application, number of starts, the total running time of the application

Restriction of the application functionality

 

Expansion of functionality

-

Providing a trial period for the application to a user

 

Expansion of time, counter reset

A trial period refers to the ability to use the application for free for a limited time.

Allowing the user to use the demo mode of an application

 

Expansion of functionality

Demo mode is characterized by limited functionality with unlimited time for usage.

 

Organization of sales of additional content

 

Usage of illegally purchased content

Example of solving this problem - selling items of the virtual world in computer games.

Analysis and modification protection

Code analysis and modification of DRM-system in order to change the logic of its operations

An example of the implementation of the described threat is to overcome the copy protection by making such changes in the code of the DRM- system, which would switch off the appropriate checks

Technical solution of DRM-system problems

Organization of payments

The actions on money transfer in the purchasing process are implemented outside of the DRM-system, using the same methods that are used for ordinary web purchases. The DRM-system, however, often provides opportunities for integration with payment systems and tracking of purchases. Therefore, when using a DRM-system, it is necessary to make sure that the integration is made properly and no “weak spots” were formed as a result.

Protection from illegal distribution

A standard approach to the problem is to imbed a code of the DRM-system in an application that would provide for the non-operation of the application without some external, in relation to the application, object (a binding object) which is hard to copy. The embed code of DRM-system must be well connected with the application, so that it would be difficult to remove or to block it.

The following are ways of organizing such binding:

1. Binding of the applications to a passive external object possessing any unique parameters. The most common passive objects of binding are the final user's computer and a CD-ROM on which the application is provided. Binding is implemented through the issuing of an activation key to the final user that corresponds to the unique parameters of the binding object.
2. Binding of the applications to an active external object, such as an electronic key or smart card. Active binding object contains the computing unit that is implementing the part of the operations necessary for the operation of the application.
3. Binding of the application to an end-user account on a remote server (binding to a server).
A more detailed description of the most common binding objects is shown in Table 2.

Table 2. Typical binding objects.

Binding object

Description

Vulnerability

Computer

Binding is implemented to program available identifiers and parameters of models of components of equipment and software. Typical examples are: the processor model, the memory capacity, MAC-addresses.

The ability to create a key generator, if public key cryptography is not used for its creation. Despite the evidence of the threat, many manufacturers of DRM-systems do not public key cryptography because of the large key length and simplification of the attack by modifying the DRM code (it is difficult to protect standard algorithms from analysis and modification).

Possibility of program emulation of most equipment parameters

Compact Disc

Binding is implemented to the physical geometry of the sectors, to the logical geometry of the sectors, to the presence of man-made unreadable areas.

The ability to create key generators, if not using public key cryptography (similar to the situation with binding to the equipment).

The ability to copy a disc by repetition of unique parameters. This applies particularly to unreadable areas and logical geometry of the sectors.

The ability to create an emulator. This vulnerability is the most serious for this type of binding on the PC platform.

USB-key

A distinctive feature – with a relatively high price of this single key, not allowing the implementation of this solution in inexpensive software.

The possibility of creation of an emulator by hacking and recovery of microcontroller program used in the key. Also includes the ability to change data on the license in the memory of the microcontroller. Cases of this vulnerability being taken advantage of are very rare. Some key manufacturers offer standard tools of emulation for debugging purposes. Analysis using such tools can also help an abuser.

The possibility of creation of an emulator by analyzing the communication protocol between the protected application and the key. In theory, arbitrarily complex code can be implemented in the key that would make this vulnerability insignificant, but poor knowledge of this issue is very common in practice (either by DRM systems developers or programmers integrating DRM system with the application), making this vulnerability the most important.

Remote server

Similar to the binding objects, except for the fact that a remote server acts as a binding target. A distinctive feature - the necessity to connect to the Internet every time you start or throughout the operation of the protected application.

 

The possibility of creation of an emulator by analyzing the protocol (similar to the situation with active binding objects).

In general, it should be noted that at the present time, all of the mentioned binding objects (and with reservations even the CD-ROM) provide satisfactory tamper resistance, but a remote server still is the most reliable.

The second aspect of protection from illegal distribution - creating the relation of the embed DRM-system code with the application which is hard to remove – is implemented by the manufacturers of DRM-systems in different ways. It is important to note the following:

1. There are ways to solve this problem providing good tamper resistance.
2. Very often application developers do not pay sufficient attention to the implementation of all the recommendations of the manufacturer of DRM-system concerning application protection, thus limiting themselves to automated tools of integration of the DRM-system into the application, as a result the problem of removing DRM code from the application is made significantly easier for the abuser.

Usage of Time Limit and trial period

In the case of binding to the server, this problem can be solved easily. The case is similar with active binding objects (here, however, there is a vulnerability associated with the ability to modify the license in the memory of the binding object and disruption of the internal clock of the binding object, but in this case, a high level of tamper resistance is not a problem.)

In the case of usage of a passive binding object, one has to use less reliable solutions:

Table 3. Technical solutions of problems related to the time limitation of the application, using passive binding objects

Problem

Solution

Vulnerability

Storing information on the start of the trial period

Storing hidden information in the computer of the final user (typically on the hard disk).

The ability to detect and to delete hidden information

Saving information on the number of runs and total time of operating of the application

Same as above.

Same as above.

The definition of the current time

Using the system clock of the  final user’s computer

Turn the clock back. Partly the problem of putting the clock on and back can be solved through saving hidden information on the time of the last run, but this information can be removed.

Remote servers are not used to store information on the usage of the license or on the current time, because the main advantage of passive binding objects, before binding to the server, is the ability to work without internet connection - disappears

Limited functionality and demo mode

If the functionality of the protected application, which should be provided optionally (only in the full version, or at an extra charge), is extensive and well localized in separate functions, theoretically it is possible to protect it as well as the main application. Indeed, a vast and separated from the application functionality can be seen as a separate, independent application. The problem of the functional limitation is simply reduced to the protection of another application.

In practice two reasons may prevent the achievement of tamper resistance:

1. Insufficient understanding of the issues of tamper resistance with limited functionality by authors of DRM-system, who consider this as an auxiliary task.
2. Insufficient separation of functionality by developers of the protected application.

Selling additional content

Although the task of limiting the use of the content is similar to the problem of functional limitations considered above, the quality of the solution of this problem, in terms of tamper resistance, usually gets worse. Indeed, the decision to use a particular data file is usually made in one point of the program, whereas in the case of limited functionality the test of the binding of the object can be done in many points. This simplifies the hacking for the abuser by modifying the code of the DRM-system.

Protection from analysis and modification

Any hacking of the DRM-system assumes the analysis by the abuser of the operation of its program code. Modification is not a compulsory element of hacking, because sometimes upon analyzing, the abuser can find a vulnerability of the system with the help of which the security mechanisms can be overcome without modification. A typical example of this kind of hacking is creating key generators.

Solutions of the problems of protection from analysis and modification are usually the basic know-how of DRM-systems, although there has been no perfect solution created thus far: eventually means of penetration are developed for all of the methods of protection. Nevertheless, the timely updating of solutions can provide a good level of DRM tamper resistance.

The main approaches to the protection from analysis are:
1. Obfuscation - transforming algorithms, making them unintelligible (renaming functions, introduction of redundant programming constructions in the code, the embedding of false connections in the code, etc.).
2. Using system specific countermeasures to analysis, such as protection from debugging tools.
Protection against modification usually assumes the calculation of checksums (in the broad sense) of the sections of code and testing of their integrity.

Conclusion

Tamper resistance of any DRM-system is not a fixed parameter and depends on many factors. Here are the most common causes for the deterioration of tamper resistance:

1. Failure to follow the recommendations of the manufacturer of the DRM-system to achieve a high level of tamper resistance, including the integration of the protected application with an active binding object or a remote server.
2. Usage of a trial period in the case of usage of DRM-systems with binding to the hardware or to a CD.
3. Usage of the demo mode with insufficient software isolation of the functionality that must be purchased.

In order for the defence to be solid and consistent it is necessary to start thinking about installing it in advance, 2-3 months before the release of the program. Manufacturers of DRM systems have considerable experience, so good advice for copyright holders, who wish to protect their intellectual property, is to always consult with the manufacturer and not disregard his recommendations.


1 If the software is arranged in such a way that a part of its functionality is performed on remote servers, the problems of copy protection usually do not occur, but instead there are other specific problems, such as, protection from infringement of game balance in multiplayer games using cheater software programs. Consideration of DRM-systems for this type of software is beyond the scope of this article.

About StarForce Technologies

StarForce Technologies (www.star-force.com) is a leading vendor of information protection, copy protection and code obfuscation solutions for software, electronic content and audio/video files. Since 2000, StarForce has been successfully developing and implementing its state-of-the-art security solutions, providing copyright and intellectual property protection worldwide. Two of these solutions were transformed into StarForce cloud services: sfcontent.com protects e-Documents against illegal copying and distribution and sfletter.com secures emails.

StarForce is a reliable and responsible Technological Partner for enterprises potentially incurring losses due to cyber-gangs, hackers, software piracy, unauthorized data access and information leaks. StarForce’s customers are Russian Railways, Corel, 1C, Mail.ru, Aeroflot, SUN InBev Russia, AMD Labs, ATC International, MediaHouse, Russobit M, New Disc, Buka, Snowball, 2Play, GFI, CENEGA, Akella, etc.

Press contacts:
pr@star-force.com

Back to the list

News

16.02.2023
We have released a new version of StarForce Reader for Android
19.01.2023
We have released a new version of StarForce Reader for iOS
13.01.2023
We have released a new version of StarForce Reader for macOS
26.12.2022
We have released a new version of StarForce Reader for Windows
Copy protection of audios and videos for Apple macOS
Data protection on USB