Slashdot Mirror
Using Palladium to Secure P2P Networks
user555 writes "The RIAA and MPAA have seen Palladium as a way to prevent piracy. But this article argues that ironically Palladium may actually make P2P piracy more widespread (PDF). They argue that the security features of Palladium could be used to create P2P networks that are more resistant to attacks from content owners."
Looks to me like a cleverly planted story to attempt to stem the tide of ill-will toward the "Next Generation Secure Computing Base," a.k.a. "the lockdown technology formerly known as Palladium."
It's a long read, but i think the conclusion sums it up nicely To thwart piracy the entertainment industry must keep distribution costs high, reduce the size of distribution networks, and (if possible) raise the cost of extracting content. However, if 'trusted computing' mechanisms deliver on their promises, large peer-to-peer distribution networks will be more robust against attack and trading in pirated entertainment will become safer, more reliable, and thus cheaper. Since it will always be possible for some individuals to extract content from the media on which it is stored, future entertainment may be more vulnerable to piracy than before the introduction of 'trusted computing' technologies.
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
..and get sued under the DMCA.
Perfect!
Palladium score:
Good: 1
Evil:50
Microsoft might just hobble Windows ulnder palladium, so that it can't do certain things without RIAA/MPAA aproval.
This would be another win for Linux.
OS Software is like love: The best way to make it grow is to give it away.
"Palladium may actually make... piracy more widespread."
Yeah, piracy of Windows XP when no one wants to buy Windows Palladium Edition. It astounds me that the population in general is so ignorant and apathetic toward the loss of their rights.
barzelay.net
24/06/2002 - The Register... Starting with a Newsweek exclusive which wonderfully quotes His Billness as saying: "It's a funny thing, we came at this thinking about music, but then we realized that e-mail and documents were far more interesting domains." Which is cute, because it suggests that Microsoft's original plans to produce a secure PC that will protect the music companies' stuff from us have been spiked in favour of something much more positive and progressive.
That, and the authors give away their toadyism to the "content industries" by referring to P2P networks as "peer to peer pirate networks," as if they have no possible legitimate use save to board ships on the high seas, murder the crew, and plunder the vessels.
Another proud carrier of the $rtbl flag
Use Palladium for secure P2P? This is probably the only time you'll hear Microsoft say "That's not a feature, that's a BUG!"
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
the implementation of the evil bit! MUHAHAHAHA
1. MS holds all the keys to Palladium. I'm sure its got backdoors (either because they write insecure code or they intentionally want a back door).
2. The APIs for this will probably be under lock and key. The next Jon Johansen wont have access to the API calls to interface with palladium.
3. Why use palladium when you can use waste or something similar.
The Doormat
If you're not outraged, then you're not paying attention.
First of all, it suggests that P2P networks are by nature about piracy. I am a huge fan of BitTorrent and have used it for nothing other than downloading cool movie trailers. While piracy has always been common online, you can't blame the cables for the content.
The second issue I take with this submission is the phrase "more resistant to attacks from content owners." I assume you're talking about the RIAA because security from artists who want to be paid for their work is not something most people ever want. Sure, cut the thieves in the RIAA out of the equation but few people will ever begrudge the artists their $1 or $2 per album. It's the oligarchy that is the RIAA that people are mad at.
It could kick ass for servers. I could sign all the binaries my system runs using a secondary (unnetworked) system and then so long as i control all the keys then it becomes very difficult for someone to install backdoors, rootkits, and viruses.
I'm quite psyched about the control it provides. Sadly most of the public are probably too ignorant to even want that control.
In order for software to be 'trusted', Microsoft has to sign it (that's what Palladium is all about. Microsoft has a monopoly over what is or is not trusted). Microsoft is not going to sign software unless it serves Microsoft's agenda. If p2p software hampers Microsoft's plans to monopolize the online media distribution channel, they will either demand the software be crippled before they sign it, or simply refuse to sign it at all.
As the article in many more words states, It is not simple for DRM enabled sytems like Palladium to differentiate between whats actually illegal or not.
They require that the software that will interact with the DRM features actually be 'trusted'. Unless they want all software written for Palladium to be 'MPAA/RIAA' approved, anyone can write 'untrustful' code. Only one link in the chain has to be broken for it to fail completely.
So, write 'trusted' p2p file sharing.
I am afraid that someone like MS will require you to pay in the future to have the right to write 'trusted' code, or any code won't run at all.
Teamwork is a bunch of people doing what I tell them.
Schechter, Greenstadt and Smith write that "to thward piracy the entertainment industry must keep distribution costs high, reduce the size of distribution networks and raise the cost of extracting content". While that may be a true statement, it is as useful as Saddam Hussein's military advisors recommending that Iraqui aviation enginners be sent to major American defense contractors to increase fuel consumption of US bombers and reduce the accuracy of their communication systems.
Since the entertainment industry does not own fiber, switches, PCs, or consumer CD burners they must take Schechter's advice and invert it to suit the networks that they do own.
I'll restate their conclusion as follows:
To thward piracy the entertainment industry must keep distribution costs low> , reducing the total cost for consumers to acquire legitimate content. When it takes less total effort (purchase price + effort) to acquire legitimate media the users will abandon piracy. This approach has been clearly demonstrated with Apple's iTunes product.
In a previous article (with quotes from ron rivest?), it was pointed out that the question is whether or not people will be able to control the signed code that runs on their machines.
If you need an official MS signature on the code, things like p2p networks probably aren't going to fly.
Unfortunately, the knee-jerk "MS is the devil" reaction hurts everyone. Technology that allows other people to trust information coming out of your machine is useful. This paper describes a good example of an application for that technology.
The problem is going to be in the details -- specifically, as rivest (I think) pointed out, whether or not you need an MS signature to load the code on your machine.
Instead of saying "palladium is evil", we should be pushing for comparatively open implementations. Any system that runs trusted code on my machine ought to be under my control and transparent. I ought to be able to decide what I want to run, and how that code will communicate with the rest of the world.
Unfortunately, that's not going to happen, because everyone is taking a simplistic view of the issue. No one is engaging MS seriously on this, and because of that they're going to deploy a system that's not under user control, and that's not transparent.
You can already do this with Windows XP and Windows Server 2003. There is a security policy that allows you to prevent the system from running any binaries that you didn't sign.
The downside is that you also need to individually sign the patches too, and that can be time consuming.
I agree with this post.
I welcome our future overlords.
God bless Bill Gates.
I hope not. It is well known that the fundamental problem with P2P systems is the inability to trust the client. What does palladium offer? - an ability to trust the client. duh
Surely even Microsoft could have put the 2 together - this would not be news to them, or anyone else really (except journos).
I.O.U One Sig.
Unauthorized copying (sometimes called piracy) is not the real threat against the __AA, but it is the easiest to defend. What they really fear is the ability of independents from creating and distributing their own content without their aid. They want to eventually force all technologies to only play content that was blessed by one of their sacred keys. Think about the CSS keys in DVDs...I am unable to produce a DVD containing my own content which is protected by CSS because I don't have access to one of the magic keys. But is my content which I own a copyright on any less deserving of full copyright protection under the law? Well, certainly the DMCA doesn't protect my content because I've been locked out of even using the popular circumvention technologies.
Well, Palladium and the like are the step towards eroding my rights as an independent creator even further. At least with DVDs, I could given enough capitalistic force create my own alternative to CSS with which I could protect my own content. But with an enforced technology, I don't even have that option open to me. Content creators will be forced to publish only through the evil media oligopoly.
BTW, on an unrelated crypto subject. What about an idea of taking advantage of what is traditionally viewed as fair rights. Say it's okay to just extract 3 seconds of media. I can then publish on a P2P network an article which includes an except of seconds 7.2 through 9.8 of a song. If enough different (and independenly-acting) people publish fair-use derived content with different 3-second extracts, one could in theory reproduce the entire original. There are also crypto techniques such as secret splitting, but the simple 3-second method may be more defendable in the interests of expression of fair rights as long as there is no collusion among individuals. Just a thought, not that I condone unauthorized copying.
Last time I checked, the RIAA was not a Law Enforcement Agency.
This is a scary thought... but have you actually looked at the slashdot concensus track record... it's a hell of alot better than any technical analyst I know of. Slashdot usually jumps to the most cynical conclusion about technology that even hints at restricting your rights... and they are usually right.
hmmm odd, I've never had problems with either of these things on my linux network. Perhaps you can enlighten me as to why this can't be done with secure, effective, and open tools?
"Oh, Mommy, look, it's Shiny Video Game. Can we buy it?"
"No, darling, it says it only runs on Palladium, and we still run XP."
"But MOMMY, I WANT SHINY VIDEO GAME!"
Total cost of that trip to Best Buy?
People will buy whatever is being sold to them. They deserve it all, especially since they'll be trampling us on the way.John
Preventing client-side cheating in games by locking the binary.
The $100 M blockbuster is a fixed cost that can be spread over all of the copies. So if you sell one hundred million copies (considering the global market of ~7 B people, not unreasonable) your cost per copy of media is $1. Now the pirate cost is still low, but in both cases "production cost" tends towards zero.
Now, back to distribution.
Assuming the pirate and the legitimate product have identical distribution and identical production cost, there is still the playback cost to the consumer. I claim that pirate material is MUCH more expensive to playback than legitimate. However, this cost is better measured in hours used than dollars spent.
(1) Pirate CD/VCD media -- often the pirate media simply does not work. If the failure rate is 50%, your $2 pirate metallica disc now costs $4 on average. Now add in the time it took you to bring the disc home, put it in to your cd player, discover it does not work, return to the vendor and buy a new disc. You can save time brining a discman with you, but now you have to carry a discman and spend a minute or two trying to listen to the disc. Suppose 15 minutes of effort here.
(2) Kazaa -- Take five minutes to look for the track you want, take another ten to download. You have spent 15 minutes acquiring a song which may be corrupt. Now burn drop it into winamp or burn it to CDR. Kazaa doesn't have a built in burning tool yet, so add in the cost of Nero -- either in dollars or the time it takes to obtain a pirate copy.
(3) Bittorrent Video -- Take ten minutes to locate a torrent for your video of choice. Note that this video must be a recently released video or otherwise popular in the pirate world. Now take 8 hours to download the video. Spend another half an hour burning it to CD(s) so you can play it.
So in case (1) you pay $4 for the pirate disc plus 15 minutes of your time. In case (2) you still contribute 15 minutes of time, but probably closer to $0.25 for CDR media. In case (3) you spend over eight hours acquiring the media.
Now the class of consumers who have unlimited time or otherwise undervalue their time is limited to those who are either unemployed or employeed beneath some poverty line (in this case, defined for the benefit of this example). While a tiny fraction of thses unemployed consumers are independantly wealthy, we can ignore them. The remaining pirates steal because they cannot afford anything.
Now the digital piracy is not the same as real world piracy. The architypical poor guy who takes a loaf of bread is actually depriving the hard working employed guy of his hard earned meal. In the digital case, the bread is still there, so the hardworking consumer may still benefit despite the theft.
This does not mean that the industry will stop caring about piracy -- after all, the hardworking guy needs a good reason to believe that he should actually pay for his media. But it is clear that it is more efficient for the recording industry to build efficient distribution systems and spend minimal effort complaining about theft.
Question though... what's to keep MS from trusting a piece of software that I don't? ex. Bonzi Buddy, Xupiter, Save Now...
It just so happens that I don't trust those apps. I don't really care for anyone to tell my computer that I trust these programs. Because I really don't.
But legally, can Microsoft only trust who they want? Wouldn't they have to trust almost everyone? Can they legally say "We're not going to sign your programs as trusted" to anyone? Wouldn't that be anticompetitive, almost?
It isn't okay to run spyware/adware/malware on my system.
Is is okay to run programs that I have written myself.
So why has MS done the exact reverse of this!?
Stop the Slashdot effect! Don't read the articles!
It's a research paper. For school. It's not journalism, not a "cleverly planted story," it's a bloody academic essay. It is sitting in a student's directory on a Harvard server. The only "planting" I see is the link Slashdot provided to it in the first place.
The coolest voice ever.
Okay, in summation:
How to attack a P2P network (aka, find 'em, fake 'em, and kill 'em):
1. Find 'em: Break the confidentiality. If you can sniff the network, and gain access to it, then you can find who has stuff being shared and thus sue them out of existence.
2. Fake 'em: Break the data's integrity. Basically, shove in tons of fake data to piss off other users.
3. Kill 'em: Break the availability of the network. Screw with the protocol, drop packets, generate thousands of fake clients, flood off other clients with search requests.
How to defend a P2P with something like Palladium:
Basically, it breaks down to not letting untrusted clients into your network. Since you can now trust that the hardware is secured, and since every client has to be vouched for in order to get in, you can stop all three of the attacks dead in their tracks. A P2P can be trusted in that other clients it tries to connect to will be able to verify that trust mechanism using the very same secure computing methods that this stuff gives you.
Think of it like this. I trust Bob, so I let Bob connect. Bob trusts Cathy, so I can get a network of trust relationships going. Obviously, somewhere, someone could break that trust chain, but the existence of the trust chain is a new thing that hasn't been implemented yet. Combine it with encryption to prevent sniffing the network or at least make it way too difficult, and I can build a trusted network over which anything can be shared, *and* know that nobody is hacking my clients on either the software or hardware level, such that they can see or send things that they shouldn't.
Find 'em breaks down simply by going through enough nodes to make it impossibly difficult to track down where the hell the data actually is. This is already a nearly solved problem anyway, with stuff like FreeNet's method of ensuring that even the clients don't know what they're sharing.
Fake 'em is broken by the trusted architecture. I can trust, to some degree, anyone on my network because of the chain. I can trust the client isn't doing shit it ain't supposed to be doing. I can trust that the hardware hasn't been modified to some degree. I can revoke clients by breaking the trust links to them or creating an "antitrust" kind of link that other clients might use as well. If someone injects fakes onto the network, I put down that I don't trust them, and voila, that propgates to those who trust me and so on. Creates a closed circle.
Kill 'em is broken by the same trust relationship to some extent. If the client can't get into the network, he can't inject things onto the network. Once someone doesn't trust that client, it finds that nobody trusts him anymore. If someone is attacking via flooding, obviously there's not much you can do except block them down the pipe, but the trust chain lets me tell others on the network that this guy is a jackass and thus they don't trust them either.
And so on.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Last time I checked, they owned several congressmen...*coughcampaigncontributionscough*
These three students must be some of those new "grassroots" Microsoft has been trying to buy on campuses. Harvard, that's almost as costly as Tulane, so these three must have been expensive to confuse or corrupt.
Anyone who uses the term "piracy" for unauthorized file violation is clueless to begin with. Other midless gems from these three include:
The author's research is lacking. They reference 17 works, mostly popular press articles with one or two intersting texts. One reference they omitted is Microsoft's EULAs which require forced upgrading and Microsoft's right to search your files and delete those they considercopyright infringing.
Anyone who considers the control Microsoft now demands of it's user's computers could not think that Microsoft would ever extend "protection" to user content or clients programs. They promise to do it now, despite a lack of tools. Chances are that Microsoft will delete all peer to peer client programs they find.
Shame on Harvard. I've got to give this student paper an A for effort and the fluent ability to state the obvious but an F in research and critical reasoning. The music and film industry blinders these students wear prevent them from exploring the use of P2P for anything but "piracy". The whole idea of "trusted computing" aiding "piracy" is a juvenile conivance of wishful thinking. It lacks all the things Universities are supposed to be full of, honesty and critical thinking.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Excuse me, but isn't it already illegal to attack computers you don't own, even if you are the content owner? Nor, except for a few fake files, is it even happening?
So it will be harder to do something that already is illegal, and already isn't happening.
Boy, I just can't wait to upgrade my processor and OS to get all those benefits.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Simplistic view? In the past, M$ has proven they will lie, cheat, and steal to control their users and to try trapping everyone into using their product. It is like working with Hitler. Making a compromise or alliance with such people is suicide. Just ask Stalin.
What good would "open implementations" of DRM do? Allowing others to control what your computer does with their file/data is the entire point of DRM. When that fails, M$ and the MPAA will create a censorship system under the guise they need to delete infringing files. To do so, a M$ controlled DRM system will need to be in place--to trap everyone into only using M$ systems, and/or to hide the fact they are censoring people.
An open implementation would defeat the entire purpose. An open implementation would not even be good for most of the other purposes touted for DRM. Anyone would be able to counterfeit Eca$h, or copy those secret emails. A trusted third party would be required to control your computer. I will never trust M$, only a fool would.
It's alittle too late to get modded up but maybe one or two people will see this
:D
a few days ago I found a new p2p it uses SSL, proxys and tunnels though port 80. lots of other ways to trick the RIAA/ISP's from finding out what we'...ahem YOU are sharing.
Unfortuanatly right now it only works on windows so i was hoping for some slashdot press so we could bug them to death with e-mails
here is the site: http://www.earthstation5.com/homeweb.html
if anyone has more information on this id like to hear it, all I know is what the developers want me to think since word of mouth hasn't spread yet.
-- "of course thats just my opinion, I could be wrong." --Dennis Miller
Unless they are hacked, and then they won't be allowed to run on a Pull-a-DRM machine.
Ever since DRM first reared its ugly head, I have been (hysterically, at times) hollering about how this is about 'content' control. Monopolizing the *abillity* to publish. (Subscribers can find many posts of mine dealing with that, amongst all the trolling I do ;)
P2P will NOT be 'secure' on a Pull-a-DRM. It will not work! Even if the Pull-a-DRM system is broken by 3 lines of script, those who use the 3 lines will be sued or charged under some **IA brokered law. Sharing will be *restricted* to what the **IAs allow through their 'special' keys.
Sure, copy, share, rip mix burn the newest crap as pushed on Clear Channel, but try and nab a homemade mix of some band you saw last night or a little video from your friend on vacation and it just won't work.
Maybe MS has got it all figured out - somehow Pull-a-DRM just *knows* that Billy's video email is ok, but somehow I doubt it. Remember, YOU DON'T GET TO DECIDE - you are NOT TRUSTED.
Everyone needs to realize that Pull-a-DRM will KILL what the net has done for independent musicians, filmmakers, artists, writers, and coders.
It will be a cancer, slowly spreading. Mom will get the new PC "MSN 10" with the 'Super-Security'(for the kids). Things won't run, she'll bitch, more crap will be made to work ONLY with DRM. Boil the frog. It's what's for dinner!
DRM is NOT YOUR FRIEND