LOGIN | REGISTER NOW | SUBSCRIBE
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 7/1/2009 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
Is the mystery Borland suitor Serena?
Borland software is considering an offer from another company after a preliminary deal with MicroFocus. Is Serena the new company?
06/30/2009 01:55 PM EST

Windows 7 - An eBayer's dream product?
Windows 7 pre-orders can make people money on eBay.
06/29/2009 03:48 PM EST

Know thine cloud provider
Cloud computing require companies to understand compliance and regulation. Third parties will play a big role in regulated industries.
06/29/2009 02:58 PM EST

 

Microsoft Worldwide Partner Conf.
7/13/2009 to 7/16/2009
New Orleans
Microsoft

OSCON (Open Source Convention)
7/20/2009 to 7/24/2009
San Jose
O'Reilly Media

XBRL Technology Workshop & Summit
7/28/2009 to 7/30/2009
Santa Clara
XBRL US

ACM SIGGRAPH
8/3/2009 to 8/7/2009
New Orleans
ACM SIGGRAPH

OpenSource World (formerly LinuxWorld)
8/12/2009 to 8/13/2009
San Francisco
IDG World Expo


 
print Printable version 
Most Read Latest News Blog Resources
Kapow automates website data retrieval
Kapow Technology's Web Data Server 7.0 can be used to create modules that navigate through...

Oracle's Fusion 11g lays groundwork for ERP platform
Fusion's components are standards-based and integrated, but some abilities are lost if non...

COBOL’s future lies in the clouds
After 50 years of use in businesses, COBOL is still lingering around mainframes. But the s...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

Sony Snafu Brings


DRM to the Fore Sun leads the charge with multiple open digital rights management projects

By Alex Handy
January 1, 2006 — 
The debate over digital rights management came to a head in November, thanks to a failed attempt by Sony BMG Music Entertainment to prevent the piracy of the works of several of its recording artists. Now, both the entertainment industry and the software industry are up in arms over just what went wrong, and are seeking ways to stop another DRM debacle.

Sony’s music division had installed the Extended Copy Protection (XCP) package from British company First 4 Internet onto a number of its audio discs during the summer and early autumn of 2005, including the latest releases from Celine Dion, Ricky Martin and Neil Diamond. The XCP DRM package is designed to prevent users from ripping the CD’s audio tracks into MP3 format, and to stop the songs from entering a user’s iTunes library.

Unfortunately, the XCP software is not exactly subtle in its methodology. The software hides all processes beginning with “$sys$,” a bit of obfuscation that was, within a fortnight, exploited by virus writers to hide their own trojans on Windows systems. Sony subsequently recalled its discs, though its newer DRM-enabled releases are now said to also be capable of molesting non-Windows systems.

Sony Baloney
As if this weren’t bad enough, bloggers around the Internet began dissecting the XCP DRM software, and soon discovered that it ran home to Sony’s headquarters with surreptitiously captured information on its users. Others looking at the code also accused Sony and First 4 Internet of infringing on the Lesser GPL by using code from an open-source MP3 encoding tool.

During November, half a million computers around the world were infected with Sony’s DRM software, and security researchers were publishing reports and infection maps that frightened businesses, governments and even the U.S. Department of Justice. The state of Texas went so far as to sue Sony in late November, claiming it secretly embedded CDs with spyware. By the end of the month, even the Pentagon had been infected by the so-called Sony DRM spyware.

Sony managed to make DRM a four-letter word among technophiles. But if Sun Microsystems has its way, it won’t remain so for long.

Glenn Edens, a senior vice president of communications media and entertainment at Sun and director of Sun Labs, has been working on DReaM, an open standards-based DRM implementation. While the idea of an open DRM standard may be strange, it’s nothing compared with the types of applications in which Edens sees DReaM being a factor.

Edens maintains that an open-source DRM implementation is no less secure than a closed one. “The fact is that having the source code or not hasn’t been an obstacle to defeating most systems that are out there. Having your security source code open for view has made the software better,” said Edens.

Edens sees a bright future for DRM, and said that uses range from personalized management to business uses to medical records to Sarbanes-Oxley compliance. Edens hopes that his company’s open DRM initiative, embodied in DReaM, spreads to the entertainment industry at large, replacing outdated and invasive systems like the one Sony used.

But Ted Schadler, a vice president at Forrester Research, said that no matter how DRM is implemented, it’s still taking something away from consumers.

“You used to be able to do anything you wanted with your CD,” said Schadler. He advised that companies should be up-front about DRM, and label their media with information about what consumers can and cannot do.

This, said Edens, means that DRM needs to offer the customers a benefit if it is to become accepted. “There has to be consumer benefits to the content owners and the distribution channels for engaging in a DRM system. Using a network-based system that was up-front and exposed to everyone, and it got you access to special content on the Web site, would be an example of this.”

To this end, Sun has released two new open-source projects to the public, with two more coming: Java Stream Assembly and DRM Opera have just entered the public domain, and early this year Sun hopes to make the

Sun Streaming Server and the DReaM toolkit, used to append its DRM to media, available as well. Sun has also begun to team up with Deutche Telecom, and has had numerous offers from open-source developers looking to contribute to the DReaM toolkit, which should be available next spring.

The Flaw in DRM
But even with an open solution, current concepts of DRM are fundamentally flawed, said Cory Doctorow, a science fiction author who has frequently commented on the subject. Doctorow gave a speech to Microsoft’s Research Group last June, and in it he argued that the fundamentals of cryptography make DRM pointless, useless and doomed to failure.

“Alice wants Bob to buy ‘Pirates of the Caribbean’ from her,” said Doctorow in his speech. “Bob will only buy ‘Pirates of the Caribbean’ if he can descramble the

CSS-encrypted VOB—video object—on his DVD player. Otherwise, the disc is only useful to Bob as a drinks coaster. So Alice has to provide Bob—the attacker—with the key, the cipher and the ciphertext. Hilarity ensues.”

Doctorow asserted, “DRM systems are usually broken in minutes, sometimes days—rarely, months. It’s not because the people who think them up are stupid. It’s not because the people who break them are smart. It’s not because there’s a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: They provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn’t a secret anymore.”

But Edens isn’t so pessimistic about DReaM. He maintains that while DRM isn’t perfectly secure, it can still work, as long as it doesn’t force users to circumvent it in order to use the product normally. “We’ve started a very fruitful dialog with the EFF [Electronic Frontier Foundation]. We have been working on a white paper to describe a possible solution to the fair-use issues. The hard question is: ‘How can you have an access and authentication system that also respects fair use?’”


Share this link: http://www.sdtimes.com/link/29067
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading