Are Gemstar eBooks Crackable?

igaborf writes: "Last night on C-SPAN's BookTV (the only thing on TV Sunday nights worth watching other than The Simpsons -- sorry X-Files fans), Henry Yuen, chairman and CEO of Gemstar-TV Guide was touting the Gemstar eBook. In particular, he was telling the audience of publishers about the strong copy protection the product provides. But how strong is it? Briefly, each eBook reader unit has a unique embedded encryption key. When the reader is used to download a book, the book is sent in encrypted form and the key needed to decrypt the book is itself encrypted with the unit's own key. Clearly, if the decrypted book-encryption key is divulged and shared, copying the book would be fairly straightforward (albeit a violation of the DMCA). Of course, the decrypted book text itself could be shared. Their belief that neither scenario is likely seems to rest on the fact that the eBook is a closed system. I dunno, this doesn't seem like a particularly hard crack. Comments?"

Answers

[rjh]

ObDisclosure: Last year I was employed by a San Francisco company which was competing with Gemstar for the ebook market. Specifically, my job was security and countersecurity--making sure that our ebook offerings were crack-resistant, and exposing weaknesses in other companies' offerings so as to give my firm competitive advantage. I am probably very biased here: take everything I'm saying with several (large) grains of salt.

1. Is it crackable?
   
   The answer is an unqualified, unhesitant yes, it is. This shouldn't be a surprise, because any ebook on the market is crackable. The current state of the art in computer security allows two people, each of whom trusts the other to communicate in good faith, to communicate securely.
2. What do you mean, "good faith"?
   
   If Alice and Bob want to talk privately, and Alice and Bob trust each other to respect the privacy of the conversation, there are wonderful tools (IPsec, OpenPGP, etc.) to facilitate secure communications. But if Alice and Bob don't trust each other to respect the privacy of the communication, there's no technology that will help. (Example: Alice suspects Bob is a shill for the NSA. Alice PGP-encrypts all of her emails to Bob. PGP won't help, though, because Bob will just decrypt the traffic and hand the plaintext to Fort Meade.)
   
   The good-faith assumption is at the heart of most cryptographic protocols nowadays. As soon as that goes away, so does security. Now, if you're selling ebooks, can you really possess any certainty that all the people who buy ebooks from you have proper, lawful motives at heart? Apparently not, because then you wouldn't need security, right? But if you can't trust your customers, what sort of security can you reasonably expect? -- These questions are equal parts rhetorical and realistic. There are no good, pat answers to them.
3. So how can the Gemstar ebook be cracked?
   
   Given the DMCA's anticircumvention standards, I do not feel the political climate is safe to give specifics. (If any Congressional aides are reading this, take note of the chilling effect the DMCA has on frank discussion of technological issues.)
4. In general, how can ebooks be cracked?
   
   
   1. Display drivers.
      
      If the signal gets sent to the PC screen at some point, that signal can be intercepted. Step through each page of the ebook, take a screenshot of each page, then run it through OCR to translate it into ASCII. Presto: you've stripped all watermarks from the book. There are some countermeasures, though--DVD decoder cards bypass the OS screen-drawing routines completely to render directly to the screen, precisely so that people can't take screenshots of DVD movies as they're being played.
   2. Pulling decryption keys
      
      It's really not very hard to do this. A computer program tends to possess very little real entropy. If you find a 16-byte block in a computer program which passes every statistical test for randomness, it's a decent bet that you've found a 128-bit key. Similar statistical analysis can find likely asymmetric keys. Once you've located likely places for the keys to be stored, it's pretty simple to pull the keys out.
   3. Reverse-engineering
      
      Once you reverse-engineer the reader, there typically no longer exists any security anywhere in the system. Reverse-engineering a Kerberos client doesn't get you very far in cracking Kerberos, because Kerberos access is controlled at the server level; but since nobody wants to connect their Palm Pilot to the Net every time they want to read Alice in Wonderland, ebook access is controlled at the client level. Reverse-engineering a client thus gives you control of the security mechanisms.
   4. Brute-force attacks
      
      Last year there were several ebook companies who were encrypting their text using severely broken cryptosystems. A 1024-bit RSA key provides no security when it's coupled with a 40-bit Blowfish implementation. 3DES provides minimal security when it's coupled with 512-bit RSA.
      
      The most critical problem with ebook security is that the security precautions must protect the content for the entire duration of copyright--which, at this point, is darn near eternal. Last year, one of our competitors (which was using a 40-bit key) announced that they were making their cipher "over sixteen million times more secure" by switching to a 64-bit key. Well, gee. Given Moore's Law, that means in twenty years 64 bits will be as easy to break as 40 bits today--hardly a good forward-looking security strategy.

If anyone wants to talk to me further about this, feel free to email me. That's what my address is up there for. :)