Risk
2/17/2006
04:19 PM
Andy Dornan
Andy Dornan
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Yes, Trusted Computing Is Used For DRM

Do you trust Microsoft and the TCG more than your own employees and business partners?

Ever since the Trusted Computing Group went public about its plan to put a security chip inside every PC, its members have been denying accusations that the group is really a thinly disguised conspiracy to embed DRM everywhere. IBM and Microsoft have instead stressed genuinely useful applications, like signing programs to be certain they don’t contain a rootkit. But at this week’s RSA show, Lenovo showed off a system that does use the chips for DRM after all.

The system is particularly frightening because it looks so simple. There’s no 20-digit software key to type in, no dongle to attach to the printer port, no XP-style activation. (Is this what Bill Gates was thinking of when he said in his keynote that security needs to be easier to use?) The user interface is just a Thinkpad, albeit one of the new models with an integrated fingerprint sensor.

When someone tries to open a DRM-restricted document (in this case, a PDF file: break that DRM and go to jail), Lenovo software asks the user to swipe a finger across the sensor. My finger results in an access denied message; the Lenovo security guy’s finger opens the document.

If you’ve ever had a laptop stolen, this might sound useful. It is. In fact, encrypting hard disks or individual files is the main use that most vendors are promoting for the chip. Thinkpads have been able to do that since their IBM days, and now most other laptops can too. You can probably try it out by downloading software from your laptop manufacturer’s site, and Microsoft is building similar functionality into Vista as Palladium  NGSCB   Secure Startup  BitLocker.

The fingerprint sensor is also a good thing, if it’s just used for encryption. It’s even good for privacy: It means that network servers can authenticate you based on your fingerprint, without sending any fingerprint data over the network. (How? You authenticate to the chip in your laptop with your fingerprint, then the chip authenticates to the server with a digital certificate.)

But DRM goes beyond encryption. In the system that Lenovo demonstrated, the decision about who can do what with the file is made by whoever generates the PDF, not by the person or organization that owns the laptop. According to Lenovo, the system is also aimed at tracking who reads a document and when, because the chip can report back every access attempt. If you access the file, your fingerprint is recorded.

That might also sound useful, provided of course that you’re the one doing the recording and restricting. (I’d love to be Big Brother! Wouldn’t we all?) The problem is that you won’t be. Even if we forget about media companies for the moment, and assume that DRM is just for businesses that need to protect their sensitive documents from disclosure by employees or outsourcing partners, it’s still a bad tradeoff.

A DRM system may seem to empower whoever is setting the restrictions (in this case, the PDF creator), but that’s just power by proxy. The real control lies with the hardware and software companies. They’re the ones who actually enforce the DRM and have the encryption keys, so they can hold your data to ransom.

DRM customers are already locked into a single vendor: A DRM-restricted Word document can only be read by Word (not OO.org, WordPerfect or Writely), just as a DRM-restricted iTunes download can only be played on an iPod. Present versions of Word and iTunes still let customers escape by using the Windows clipboard or a CD burner, but that capability can be removed at any time.

Relying on DRM means trusting all the vendors involved (in this case, Microsoft, Adobe, Lenovo and its component suppliers) more than you trust the users of the system. You need to trust the vendors both morally and practically: Can Microsoft be trusted not to abuse its power? And can Microsoft be trusted to develop a system that isn’t full of security holes?

If you’re a movie studio or a record label, the users are your customers. You probably do trust Microsoft and the TCG more than your customers, so DRM might make sense. But if you’re an organization seeking to protect sensitive data, the users are your own employees and business partners. Are they really less trustworthy than Microsoft, its employees and its business partners?

Do you trust Microsoft and the TCG more than your own employees and business partners?

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-3828
Published: 2014-10-22
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.