Piracy Protection and Online Identity Security with Digital Duplicate Detection


Published on

Digital Data is trivial to duplicate. A bit is a bit. This is an overview of a cryptographic strategy for detecting duplicates online. It is applicable to games, movies, music, ebooks, license enforcement, piracy detecting, and digital fingerprints.

For additional information, resources, and tools, visit http://free2secure.com/.

There is a lot more that can be done to protect your critical information. If you are interested, send me an email to steve @ free2secure.com with the subject “Duplicate”.

If you are interested in keeping up with the latest books, articles, and tools from me at Free2Secure send me an email steve @ free2secure.com with the subject “Subscribe”.

Finally, if you have any security questions, issues, or shoot me a note to steve @ free2secure.com with the subject “Help”.

You can be secure. Your information can be protected. You have the right to expect excellent protection from the companies, organizations, and governments you do business with.

Published in: Software, Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • http://paintingperceptions.com/videos/the-http://www.paintingperceptions.com/wp-content/uploads/2011/03/monoDamien.jpg http http://images3.wikia.nocookie.net/__cb20061109120654/uncyclopedia/images/1/12/MonaLisa.jpg http://1.bp.blogspot.com/-fnnRDjPhs8I/Ts4LO4RifQI/AAAAAAAACkE/FICafzhG68s/s1600/bin+laden+mona.jpg http://www.freakingnews.com/pictures/21000/Mona-Lisa-Jack-Sparrow--21109.jpg http://www.deviantart.com/download/83657642/Lego_Mona_Lisa_by_Eeveeisgerman.jpg http://www.artyfactory.com/pop_art_portraits/images/mona_lisa/mona_lisa_group_3.jpg http://cloud.kapilsoni.com/2009/11/What-Mona-Lisa-Looks-Like-002.jpg
  • http://file.cdn.global.netmarble.com/img/Forum/40/2011/10/05/20111005134703.jpg
  • Piracy Protection and Online Identity Security with Digital Duplicate Detection

    1. 1. Security eBooks Cryptographic Duplicate Detection For Access Management, Piracy Protection, and More Steven Davis steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    2. 2. Security eBooks Protocols not Players or Computers That’s all you see online steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    3. 3. Security eBooks Traditional Identification & Authentication Methods are very weak for verifying actual identities • Name/Password can be shared & compromised • ID/Key can be shared or compromised • “Digital Fingerprints” can be duplicated steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    4. 4. Security eBooks• Powerful white list of good platforms• Improve association of players with platforms• Identifying problem platforms• Can be a very powerful technique Detecting to fight server piracy / ghost servers Duplicate• Support legitimate Identities sharing and backups steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    5. 5. Security eBooks Core Idea Why not change identities AND keys at every session (or more frequently)? steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    6. 6. Security eBooks Active Identity System - General Flow tic sta • Initialization be to – Done in a variety of ways ve ha – Identity can even be verified retroactively ot • Verify Current Identity/Key Pair sn doe • Update Identity/Key Pair e • Verify Update alu tit yV • Continue Operations en Id • OPTION - use “rolling update” to operate smoothly during identity changes • add an “A” or “B” Flag to messages • Send “rollover” command message steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    7. 7. Security eBooks Server-Push Identity Player posts ID to server ID(x) Server returns Challenge Phrase Challenge(IDx)) Player posts encrypted Challenge Phrase ID(x),E(Key(x),Challenge(IDx)) Server validates Response Server creates updated ID & Key Server sends updated ID & Key encrypted in old key E(Key(x+1),ID(x+1),SessionID) Player decrypts new ID & Key Player sends validation message to Server SessionID,E(Key(x+1),SessionID) • Client gets new ID/Key pair from server • Server knows underlying identity of client • If duplicate made of client info, server can create an “Identity Fork” or take other action • You know a duplicate has been made, not which copy is a duplicate • Can be done with symmetric keys or public (asymmetric) key systems steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    8. 8. Security eBooks Collaborative Identity Generation 1 Player creates new ID(cx+1), Transform of new ID, and Challenge1 Player creates new DH random z and computes b z mod p Player posts Challenge Phrase to server ID(x),E(Key(x),T(ID(cx+1)), b z mod p,Challenge1) Server decrypts Challenge Phrase Server creates new ID(sx+1), Transform of new ID, and Challenge2 Server creates new DH random y and computes b y mod p * Server creates new DH key Key(x+1) = (b z ) y mod p Server posts Challenge Phrase to Client ID(x),E(Key(x),T(ID(sx+1)), b y mod p,Challenge1, Challenge2, H(Key(x+1)) Client decrypts Challenge Phrase and validates Challenge1 • Sample using Diffie-Hellman style key generation • Could easily be adapted to other public key algorithms steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    9. 9. Security eBooks Collaborative Identity Generation 2 (from previous page) Client decrypts Challenge Phrase and validates Challenge1 * Client creates new DH key Key(x+1) = (b z ) y mod p Client validates new DH key with received hash Client sends new ID(cx+1) to Server with hash of new Key and Challenge2 ID(x),E(Key(x),ID(cx+1),H(Key(x+1)),Challenge2) Server validates new ID against previously received Transform and validates Key(x+1) hash * Server computes new ID ID(x+1) = ID(cx+1)+ ID(sx+1) Server sends new ID contribution to Client ID(x),E(Key(x),ID(sx+1) * Client computes new ID ID(x+1) = ID(cx+1)+ ID(sx+1) Client and sever use new ID(x+1), Key(x+1) pair • Active Identity System is really a temporary pairwise identity with a remote entity • Does not need to be client-server, could be peer-to-peer steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    10. 10. Security eBooks Active Identity is Part of an Overall Identity & Access Management Solution To Str en an gth d O en nli Pla ne tfo Se rm • Digital Fingerprints cu i d rity en • User Name/Passwords tity • Security Tokens • IP Address • Platform IDs • Active ID steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    11. 11. Security eBooks Fighting Server Piracy • Client can detect server duplicates as server won’t have current identity/key pair – Can prevent connection to pirate server • Even if real server identity/key database gets compromised, clients will rapidly rekey to new identity/key pairs • Can also be used for traditional computer piracy detection system steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    12. 12. Security eBooks What next? • Don’t give up! • More security presentations at: http://free2secure.com/ • Check out my book “Protecting Games” – Additional information at http://playnoevil.com/ • You can “win” the security game steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    13. 13. Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise • Worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • http://www.linkedin.com/in/playnoevil – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at http://free2secure.com/ . – Join me there, ask questions, challenge assumptions, let’s make things better. steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416