Upload
andra-marsh
View
223
Download
0
Tags:
Embed Size (px)
Citation preview
The Effect of Anti-Circumvention Provisions on Security
Jon Callas & Bruce Schneier
The Effect of Anti-Circumvention Provisions on Security
Jon Callas & Bruce Schneier
Introduction
• The Digital Millennium Copyright Act (DMCA)
• Anti-Circumvention
• Exception Provisions and Defenses
• These exceptions still leave a large problem
Models of Security Design
• Two basic models– The “Closed” Model– The “Open” Model
“Closed” Security Design
• The traditional way to do security
• Design done in a closed group
• Often has external review
• Reputable people claim it is the only way to get good security
“Closed” Security Design
• Advantages– No Committee-itis– It’s harder to break a closed design– Targeted designs– Security through obscurity
“Closed” Security Design
• Disadvantages– Team blindness– It’s easier to yield to temptation– Easier to design the wrong thing– Security through obscurity
“Open” Security Design
• The newer way to do security, perhaps 30 years old
• Design done in public journals, mailing lists, or simply through available specs and designs
• Actually a principle of minimal secrets
“Open” Security Design
• Advantages– More eyes find problems faster– There are fewer surprises
“Open” Security Design
• Disadvantages– Some problems can’t be solved without
obscurity– How do you keep openness from being
design-by-committee– You have fewer advantages over your
opponent
“Open” Security Design
• Open design is not open source
• Historically, all OSes were open-design
• Source-available, listing available, etc. are other options.
It’s Not Either/Or
• Mixing open and closed elements of a design can give you better security than either alone.
• Open designs give armor
• Closed designs give camouflage
Modern Civilian Cryptology
• Perhaps the greatest success of open design
• Question: Can secure systems be built if only keys are secret?
• Answer: Yes.
Protecting Intellectual Property
• Protecting IP with technology is hard
• It may be impossible– An irony here is that the cryptographers
are the ones who are unhappy, the customers seem to like it just fine.
• If it’s impossible, then legal protections are the only available
Backing up -- How Did We Get Here?
• IP exists to benefit society
• The goal of IP laws is that societal benefit
• It’s understandable that IP owners want more protection
• It’s understandable that “society” is skeptical of their desires and claims
IP Threats
• “Digital technology is the universal solvent of intellectual property rights”– Tom Parmenter
• Digital copies are easy to make and easy to distribute, bandwidth willing
• How do the artists get paid?– technological fixes don’t exist, and aren’t
proven
IP Skepticism
• IP owners have a history of wanting much, giving little, and being benefited by changes they claimed would crush them.– Videotapes– Audio Recordings– Clone computer peripherals– Parodies
Anti-Circumvention
• The DMCA makes it a felony to circumvent “a technological measure that effectively controls access to a work protected under this title”
• Note that this does not affect things that can’t be copyrighted
• Penalties include fines and prison
Anti-Circumvention Exceptions
• Encryption Research
• Computer Repair
• Reverse-engineering
• Security Testing
So What’s the Problem?
• Exemptions are defenses, not limitations– You can still end up in court
• Exemptions are torturous– They require notification, asking
permission, etc.
The Larger Issue
• An imbalance between the rights and and responsibilities of makers and breakers– There penalties for bad research– There is protection for bad security
• A lack of definition– “Effective” is never defined
Does This Protect Snake-Oil?
• Case in point: the DVD break– Reverse-Engineered by a minor– Cryptanalytic break of 18 mins compute
time
• Why is this “effective”?– Sure, kids are smart– If it can be broken by a minor, it’s not
effective
One Possible Fix
• Liabilities for bad security– Punish creating systems that can be
broken– Damages are probably enough– Few of us really want this, though
The Larger Issue
• Making and breaking is a dance
• If breaking is punished, makers are lax
• If breaking is punished there is no incentive for quality
Gresham’s Law of Security?
• There are advantages for a customer to use the least effective security– The real crooks may break the strong stuff– The weak stuff is cheaper– Extra opportunities for policing– More cases means more publicity
Fixing the Problem
• It’s actually easy– Tie circumvention to infringement– Circumventing and infringing is an
aggravated form of infringement– Leave the research alone
• This restores the balance– Permits IP holders to have extra penalties– Creates an incentive for good security
Questions?