Using Palladium to Secure P2P Networks

user555 writes "The RIAA and MPAA have seen Palladium as a way to prevent piracy. But this article argues that ironically Palladium may actually make P2P piracy more widespread (PDF). They argue that the security features of Palladium could be used to create P2P networks that are more resistant to attacks from content owners."

Yeah, right.

[user+no.+590291]

Looks to me like a cleverly planted story to attempt to stem the tide of ill-will toward the "Next Generation Secure Computing Base," a.k.a. "the lockdown technology formerly known as Palladium."

Conclusion

[(54)T-Dub]

It's a long read, but i think the conclusion sums it up nicely To thwart piracy the entertainment industry must keep distribution costs high, reduce the size of distribution networks, and (if possible) raise the cost of extracting content. However, if 'trusted computing' mechanisms deliver on their promises, large peer-to-peer distribution networks will be more robust against attack and trading in pirated entertainment will become safer, more reliable, and thus cheaper. Since it will always be possible for some individuals to extract content from the media on which it is stored, future entertainment may be more vulnerable to piracy than before the introduction of 'trusted computing' technologies.

Re:Conclusion

[(54)T-Dub]

You would like this article describing how the RIAA is attempting to battle the laws of economics.

Faulty assumptions:

[Pituritus+Ani]

That those producing the locked down machines won't:

• have the ability to impersonate any Pd machine.
• cooperate with the *AA by either sharing that ability or acting on their behalf to intervene in the P2P networks

That, and the authors give away their toadyism to the "content industries" by referring to P2P networks as "peer to peer pirate networks," as if they have no possible legitimate use save to board ships on the high seas, murder the crew, and plunder the vessels.

Uhh.. prolly not

[doormat]

1. MS holds all the keys to Palladium. I'm sure its got backdoors (either because they write insecure code or they intentionally want a back door).

2. The APIs for this will probably be under lock and key. The next Jon Johansen wont have access to the API calls to interface with palladium.

3. Why use palladium when you can use waste or something similar.

The gist of what they're saying

[Otto]

Okay, in summation:

How to attack a P2P network (aka, find 'em, fake 'em, and kill 'em):
1. Find 'em: Break the confidentiality. If you can sniff the network, and gain access to it, then you can find who has stuff being shared and thus sue them out of existence.
2. Fake 'em: Break the data's integrity. Basically, shove in tons of fake data to piss off other users.
3. Kill 'em: Break the availability of the network. Screw with the protocol, drop packets, generate thousands of fake clients, flood off other clients with search requests.

How to defend a P2P with something like Palladium:
Basically, it breaks down to not letting untrusted clients into your network. Since you can now trust that the hardware is secured, and since every client has to be vouched for in order to get in, you can stop all three of the attacks dead in their tracks. A P2P can be trusted in that other clients it tries to connect to will be able to verify that trust mechanism using the very same secure computing methods that this stuff gives you.

Think of it like this. I trust Bob, so I let Bob connect. Bob trusts Cathy, so I can get a network of trust relationships going. Obviously, somewhere, someone could break that trust chain, but the existence of the trust chain is a new thing that hasn't been implemented yet. Combine it with encryption to prevent sniffing the network or at least make it way too difficult, and I can build a trusted network over which anything can be shared, *and* know that nobody is hacking my clients on either the software or hardware level, such that they can see or send things that they shouldn't.

Find 'em breaks down simply by going through enough nodes to make it impossibly difficult to track down where the hell the data actually is. This is already a nearly solved problem anyway, with stuff like FreeNet's method of ensuring that even the clients don't know what they're sharing.

Fake 'em is broken by the trusted architecture. I can trust, to some degree, anyone on my network because of the chain. I can trust the client isn't doing shit it ain't supposed to be doing. I can trust that the hardware hasn't been modified to some degree. I can revoke clients by breaking the trust links to them or creating an "antitrust" kind of link that other clients might use as well. If someone injects fakes onto the network, I put down that I don't trust them, and voila, that propgates to those who trust me and so on. Creates a closed circle.

Kill 'em is broken by the same trust relationship to some extent. If the client can't get into the network, he can't inject things onto the network. Once someone doesn't trust that client, it finds that nobody trusts him anymore. If someone is attacking via flooding, obviously there's not much you can do except block them down the pipe, but the trust chain lets me tell others on the network that this guy is a jackass and thus they don't trust them either.

And so on.