The Internet provides users with convenient and ubiquitous access to digital content. Because of the potential of the Internet as a powerful distribution channel, many consumer electronics (CE) products strive to directly access the Internet or to interoperate with the PC platform, the predominant portal to the Internet. The CE products include, but are not limited to, digital set top boxes, digital TVs, game consoles, PCs and, increasingly, hand-held devices such as PDAs, mobile phones, and mobile storage and rendering devices, such as Apple's iPod. The use of the Internet as a distribution medium for copyrighted content creates the compelling challenge to secure the interests of the content provider. In particular it is required to warrant the copyrights and business models of the content providers. Increasingly, CE platforms are operated using a processor loaded with suitable software. Such software may include the main part of functionality for rendering (playback) of digital content, such as audio and/or video. Control of the playback software is one way to enforce the interests of the content owner including the terms and conditions under which the content may be used. Where traditionally many CE platforms (with the exception of a PC and PDA) used to be closed, nowadays more and more platforms at least partially are open. In particular for the PC platform, some users may be assumed to have complete control over the hardware and software that provides access to the content and a large amount of time and resources to attack and bypass any content protection mechanisms. As a consequence, content providers must deliver content to legitimate users across a hostile network to a community where not all users or devices can be trusted.
Typically, digital rights management systems use an encryption technique based on block ciphers that process the data stream in blocks using a sequence of encryption/decryption steps, referred to as rounds. During each round, a round-specific function is performed. The round-specific function may be based on a same round function that is executed under control of a round-specific sub-key.
Content providers must deliver content to legitimate users across a hostile network to a community where not all users or devices can be trusted. In particular for the PC platform, the user must be assumed to have complete control of the hardware and software that provides access to the content, and an unlimited amount of time and resources to attack and bypass any content protection mechanisms. The software code that enforces the terms and conditions under which the content may be used must not be tampered with. The general approach in digital rights management for protected content distributed to PCs is to encrypt the digital content, for instance DES (Data Encryption Standard), AES (Advanced Encryption Standard), or using the method disclosed in WO9967918, and to use decryption keys.
The two main areas of vulnerability of digital rights management relying on encryption are the software plug-ins which enforce the terms and conditions under which the content may be used, and the key distribution and handling.
After the key used to encrypt content is comprised, it can be distributed over the Internet with comparative ease. One way to avoid this is to use white-box cryptography, wherein a key dependent cryptographic operation is performed in such a way that the key cannot be recovered, not even by attacker having full access to the implementation. In white-box cryptography it is assumed that an attacker has full access to the implementation. Apart from analyzing the input and output behavior of a system, in the white box context an attacker may also analyze the internal behavior of a system. Usually it is the goal of a white box attack to recover in a useable form the key that corresponds to particular encryption or decryption operation.
Most white-box implementations use techniques based on hiding the cryptographic key by adding a veil of randomness, such as random encodings, and complexity in both the control and the data path of the software application. The idea behind this is that it becomes more difficult to extract information merely by code inspection.
“White-Box Cryptography and an AES Implementation”, by Stanley Chow, Philip Eisen, Harold Johnson, and Paul C. Van Oorschot, in Selected Areas in Cryptography: 9th Annual International Workshop, SAC 2002, St. John's, Newfoundland, Canada, Aug. 15-16, 2002, referred to hereinafter as “Chow 1”, and “A White-Box DES Implementation for DRM Applications”, by Stanley Chow, Phil Eisen, Harold Johnson, and Paul C. van Oorschot, in Digital Rights Management: ACM CCS-9 Workshop, DRM 2002, Washington, D.C., USA, Nov. 18, 2002, referred to hereinafter as “Chow 2”, disclose methods with the intend to hide the key by a combination of encoding its tables with random bijections, and extending the cryptographic boundary by pushing it out further into the containing application.
In Chow's white-box implementations, the key is not explicitly present in the implementation. This reduces the risk of the key being found by inspection of the implementation. Instead, the key is only present implicitly. Chow uses the method of partial evaluation to hide a key in a cryptographic system, therein a look-up table which needs key input is evaluated in-so-far it depends on the key and does not depend on the input-message. For example, a basic operation wherein an input-value, a key-value, and a masking value which does not depend on the input-message, e.g. a value from an s-box needs to be xor-ed can be partially evaluated by xor-ing the key value and the masking value together beforehand. In this way the operation still depends on the key-value although the key-value is not explicitly present in the implementation. Instead, only the xor between the key-value and masking-value is present in the implementation.