|I'll be interested to see how Microsoft's
Palladium pans out. Microsoft doesn't have a great track record when
it comes to security. One of the last anti-piracy systems they came
up with was cracked before the product was released. The Newsweek
article on this attempt focuses on applications of this system, but doesn't
provide much information about the security technique itself. This
is presumably to avoid compromising the system, but it also doesn't encourage
the reader that it will be successful.
My dad has been interested in the Enigma code used by the Germans during WWII, so last xmas I bought him a book about encryption, including sections on that famous code. I managed to read a little more than half of the book during my last visit. The author points out that one of the fundamentals of sending coded information is that there are three elements to the process: the plain text (the original "message"), the cypher (the coded message), and the key (the means by which a coded message is to be decyphered). Ideally, the only people who have the key are the sender and intended recipient of the coded message. The significance of cracking a code is not so much revealing the contents message as possessing the key, thus enabling the possessor to continue to decode messages.
What's puzzling about Microsoft's promise is that supposedly everyone would have the code (it's built into the hardware), they just couldn't access it. That's ridiculous, because eventually a user of the system will access it directly.
One of the most common keys from the Cold War era was to have a book of random numbers that equaled letters or entire words/phrases. Both the sender and recipient keep track of where in the book they leave off in the series of numbers, so there is a system among the randomness. The assumption is that no other party will ever have access to this list of numbers and their meaning. This is easy enough to accomplish if there are only two copies. It is a little harder if you have a few hundred copies (as during WWII, for example), but it is theoretically impossible when millions of computer users have a copy of the key (regardless of form). Recall the metaphor of a million monkeys pounding away at typewriters. Now upgrade that to several million computer geeks, hobbists, hackers, etc. systematically looking to humiliate an arrogant and sinister corporate giant. It's hopeless.
You might have recently read how an anti-coping system on audio cds was foiled by a felt-tip marker. The idea was that the computer would not be able to tell that the cd was audio information and instead think it was a data disk. This would prevent people from "ripping" the tracks to their hard drives in the form of mp3s. The method was to code a short strip of "computer speak" at the beginning of the disk. The computer assumed it was a cd-rom and would not continue as with other audio cds. Audio cd players just ignored this section. A user realized this and covered this section with ink. System bypassed!
My dad likes to point out that, for every system a men generates, another man can overcome it. I'm sure there must be a name for this principle. It's nearly universal.
Another point that should be made is that Microsoft is surprisingly lazy. For all the programmers in their employ, much of the code (not just the features) in their products has been licenced from other companies. They can afford to do this, and it is certainly cheaper than accomplishing the same end from scratch, but they end up owning applications without a history. Thus, they have to reverse engineer software they actually own in order to advance it any. The hard disk defragmenter was originally created by Norton. Much of the base code in DOS that keeps up with coordnating applications was written by a German company. MS would have you believe Bill Gates wrote everything in his basement when he was in college.
I suspect (predict, even) that Palladium will be cracked in short order. To make things still worse, unlike conventional software, radical changes to a distributed system such as this will compromise rather than improve its effectiveness. At any rate, I will keep watch as this develops.
|Back to the index|