Data insecurity
Is “secure digital data” an oxymoron?
Paul Schreier, Contributing Editor

And so we face one of the central conundrums of the convergence era. If data can be copied effortlessly, it can be copied effortlessly. It took special machinery to create player-piano rolls. And though you could copy a videocassette or commit an LP to tape, the copy was always inferior. Now, a perfect digital copy is just a short data transfer away.

The benefits of this digital distribution are too dramatic to ignore. No more traipsing from store to store in search of a desired song. No waiting for delivery. Lower prices (we hope), thanks to elimination of manufacturing. But as we rush headlong into the digital age, the very freedom and ease we anticipate also has a dark side. And that holds true whether the data in question is a song to which you own the copyright or a spreadsheet full of your confidential tax figures.

Look at many of today's portable digital appliances, and you'll see a slot for a removable storage device—a flash-memory-based card that can ferry data around among the appliance, a PC, and other gadgets. These eminently transportable devices are set to play a vital role in the post-PC market, but manufacturers are just starting to grapple with how to secure them. In fact, as you lift your gaze beyond removable media, you see security concerns looming over the entire convergence era like thunderheads over a parade.

Data transporters

Flash memory is an enticing solution for data mobility. Although reprogrammable, it can retain data indefinitely without battery backup. Unlike a disk drive, it can withstand shock equivalent to a 9-foot drop onto concrete. Flash memory typically consumes less than 5 percent as much juice as a 1.8- or 2.5-inch disk drive and can run from a pair of AA batteries.

Given these specs and market conditions, it's no surprise that market forecasts are bright. SanDisk, for example, expects to see more than 70 million slots for secure flash-memory-based cards by 2003, based on numbers from market-research firms IDC and Semico. And, one hopes, consumers will populate those slots with multiple flash cards.

Bruce Schneier

The first concerns price. Secure flash-based memory cards start at $100 today, so they're clearly unsuitable for first delivery of content through retail outlets. However, they fit the bill for users who want to download content onto a PC, load it onto a flash card for temporary use, and afterwards return the usage rights back to the PC. Ahead, dropping chip prices will alter the picture. In fact, according to Eli Harari, president of leading flash-memory supplier SanDisk, within five years secure flash devices will obsolete CDs and MiniDiscs, as well as 35-mm film for all but $10 throwaway cameras.

Meanwhile, the market must decide among several incompatible formats. Consumers historically have rejected such VHS-vs-Beta confusion, but the same situation is arising here, with several different types of removable storage devices available.

The final obstacle—one that looms large in the minds of content providers—concerns a reluctant admission that security will be difficult to achieve at an acceptable level at an acceptable cost. The recent DVD hack, in which hackers developed a program that can capture the encrypted contents of a DVD, has made content providers very sensitive about when and how to allow their valuable properties to reach the market in digital form. The entertainment industry was starting to build up some positive experience with digital media, with sales of DVDs and players climbing a steep curve. The DVD hack, however, forces the participants to face up to an uncomfortable fact that security and cryptography experts have been preaching all along: There's no such thing as absolute security for digital content. It will never be a question of if a scheme gets hacked; it's only a question of when. And that fact should send chills down the spines of content providers, manufacturers, and end users alike.

Porous barrier

Given that some hackers look upon cracking security schemes as almost a blood sport, manufacturers of new media, such as secure flash cards, are extremely reluctant to reveal any details of their security implementations—lest they give away the least small clue as to how to defeat them. On the other hand, content providers want assurances that their property won't easily be pirated. To satisfy this need, manufacturers of both secure media and players now tout their goods as being "SDMI compliant."

The Secure Digital Music Initiative is an industry group that aims to develop an open architecture and specification that protects copyrighted music in all existing and emerging digital formats and through all delivery channels. The spec, now in version 1.0, resembles many other industry specs in that it outlines goals and requirements but leaves implementation details up to participating companies. How much impact SDMI will have is a subject of much debate. The spec focuses on preventing casual piracy and admits it can only slow down, not stop, the concentrated efforts of zealous pirates.

The other type of attacker, he continues, is "Uncle Steve," who just wants a personal copy of some copyrighted material, but doesn't want to pay. This kind of activity is more difficult to catch, but it presents much less of a financial threat.

Security represents a tradeoff between cost of implementation and cost of compromise, Schneier asserts. Almost any protection mechanism works against Uncle Steve, but almost nothing works against determined pirates. Because the latter attackers have so much skill, and because breaking the security mechanism has so much value, building a system that holds up against them is simply impossible. "The only possible solution," Schneier concludes, "is to put the decryption mechanism in secure hardware and then hope that this slows the professionals down by a few years."

Some people think that sophisticated encryption is a complete solution. Unfortunately, no matter how capable an encryption system, you must still get the raw data ("plaintext") onto the media in the first place, and then let the consumer again turn it into plaintext for use. To get that plaintext, the system (be it a PC or some other device) must have a copy of the key and the decryption algorithm. A clever enough hacker with good debugging tools will always be able to reverse-engineer the algorithm, get the key, or just capture the plaintext after decryption.

It's at these interfaces between secure media and an unsecured hardware platform that weak points arise. "This problem cannot be solved with more security or more cryptography," Schneier says. "It is a basic problem of digital information. If a software player can display the unencrypted data, then it can be stolen. Period."

If you assume secure hardware, security schemes can work. If the decryption/viewing device is inside a tamperproof piece of hardware, the hacker can't reverse-engineer anything. But, adds Schneier, tamperproof hardware is largely a myth. "It might be a bitter pill for the entertainment industry to swallow," he writes in his Crypto-Gram newsletter, "but software content protection does not work. It cannot work."

It's important to realize, Schneier says, that security is a process. You can have the finest components—encryption and digital-signature algorithms, one-way hash functions and message-authentication codes—but they must be put together properly (see sidebar, "For your eyes only"). If anyone along the route gets the least bit sloppy about implementation, the entire system can be compromised. The DVD hack illustrates this vividly. The security scheme shattered when Xing Technology neglected to encrypt the decryption key embedded in its XingDVD software DVD player.

Carry a little stick

As noted earlier, you can buy standard flash cards as well as those specifically intended for use with copyrighted content. But to buy protected cards today, you have only one option: a secure version of Sony's Memory Stick, which came out in late 1998. Memory Sticks occupy roughly the same space as a stick of gum (21.5 by 50 by 2.8 mm) and weigh 4g (about 0.14 oz). They run from 2.7 to 3.6V, consume an average of 45 milliamps of current, and read data at a maximum speed of 2.45 Mbytes/sec through a serial interface. Early this year, Lexar Media announced it's developing a high-speed Memory Stick that can download 64 Mbytes of music (roughly 120 minutes worth) in less than 10 seconds.

STICK BLITZ: Sony offers an expanding line of products that accept Memory Sticks. For now, Sony is also the only vendor shipping memory modules with built-in copy-protection provisions.

Leveraging its head start in secure memory, Sony is delivering several SDMI-compliant digital music players. Two, the Network Walkman (about $330) and Vaio Music Clip ($300), contain only built-in memory. A third, the Memory Stick Walkman ($400), supports removable Memory Sticks.

Sony is busy lining up companies to commit to this memory technology, and Lexar joins 26 others who plan to license it. The latest licensee, General Motors, could help Sony establish the technology as a de-facto consumer standard. The carmaker is planning vehicles that use Memory Sticks to download, store, and play back navigation information and entertainment content. GM reportedly chose the technology because of Sony's track record with consumer-oriented products.

SanDisk, which delivered its first products in 1991, claims the title of the world's largest supplier of flash data-storage products, shipping more than 1.5 million units in 1998. Although not designed specifically with security in mind, the firm's CompactFlash and MultiMediaCards both contain a processor with a unique ID that can provide one level of protection.

The two types differ primarily in their physical format. CompactFlash modules are the size of a matchbook, weigh 0.5 oz, and come with capacities up to 192 Mbytes. They've been designed into more than 210 products including digital cameras, handheld PCs, MP3 players, and audio recorders. Introduced in 1997, the MultiMediaCard (MMC) was developed with Siemens (now Infineon). This module, roughly the size of a postage stamp and 1.4 mm thick, with a weight less than 2 oz, currently ships in capacities up to 32 Mbytes and has been designed into more than 70 products.

For higher security in line with SDMI, the developers of the MMC have spawned two incompatible forms: SanDisk is developing the Secure Digital Memory Card (SD Memory Card), while Infineon only recently announced its intentions to develop a Secure MMC, for which few details are available.

As for the SD card, it's roughly the size of a normal MMC but slightly thicker (32 by 24 by 2.1 mm). Its serial interface today achieves download rates of 200 kbytes/sec, but the specification allows for 10 Mbytes/sec. SanDisk expects to ship samples of 32- and 64-Mbyte capacities at the end of this quarter and in volume by summer. The company plans to price these modules the same as its regular cards, unlike Sony, which charges a premium for MagicGate ($20 in the case of a 32-Mbyte device).

STAMP ACT: Matsushita, SanDisk, and Toshiba are launching the Secure Digital Association to promote their Secure Digital Memory Card. SanDisk plans to start shipping its SD Memory Card in volume this summer.

Pointing out another security difference between SD cards and Memory Sticks, SanDisk product manager Ed Cuellar adds that MagicGate doesn't offer revocation capabilities, whereas SD cards use what's called a MediaKey Block to recognize a memory module whose security has been breached and revoke its playback capabilities. Another difference concerns size and weight, with SD cards occupying half the volume of Memory Sticks. For instance, Panasonic recently showed a wristwatch MP3 player that uses the SD card, but it would be quite difficult to create such a player around the Memory Stick.

Finally, Cuellar argues that working in a closed environment, where Sony calls all the shots, has disadvantages. Royalties that manufacturers must pay to Sony discourage them from adopting Memory Sticks. Beyond the cost itself, the fees allow Sony to estimate the sales volumes of competitive devices, Cuellar adds. In the year since Memory Sticks started shipping, several companies announced intentions to license the technology, but Cuellar says he's not aware of a single platform from another company actually using it.

To encourage use of the SD card, Matsushita, SanDisk, and Toshiba are launching an industry association called the Secure Digital Association, which sets standards for the SD card. Already 69 companies say they plan to join. And any company that pays the nominal membership fee can use SD-card technology without paying royalties.

Smart-enough cards?

Rather than rely on security keys, RCA/Thompson advocates the use of smart cards similar to those that protect satellite broadcasts from pilferage by video pirates. The firm has introduced its XCA (Extended Conditional Access) descrambling system, which it has integrated into its HDTVs in a demonstration set. XCA avoids two-way key-exchange schemes and allows for simple one-way copy protection across any digital interface. The proposal also eliminates the need to embed software secrets in all consumer devices, where they could someday be vulnerable to hacks.

Since around 1994, explains TAMPER's Markus Kuhn, almost every type of smart-card processor used in conditional-access TV systems has been successfully reverse-engineered. Recently, an enterprising French engineer managed to crack a smart-card system used in point-of-sale terminals in his home country; he developed a homemade card that spoofed the bank-operated network into completing transactions.

The lesson of these hacks: Engineers should design systems so as to not motivate a determined attack, and so that a single penetration won't be fatal to the system owner. For instance, if breaking a card allows access to only one bank account, then it's unlikely that an attacker would find it worthwhile or prove more than a minor nuisance to the card issuer.

But the weaknesses of even smart cards again points out the irresponsibility of any systems claiming 100 percent security. In the end, determining whether or not a system is "secure" depends entirely on how you define that term.

Author information

Paul Schreier (aa1mi@ARRL.net) is a marketing consultant and writer from Rye, NH, who would prefer to be on his sailboat in Casco Bay, operating his home-brew ham radios, or hacking at a keyboard (the one on his digital stage piano).