Google DRM and WON Authentication

So, Google have invented their own DRM, apparently. I’m keen to find out more details; Techdirt and Plasticbag.org are so far the only places I can find in the blogosphere to discuss it in any detail.

One tidbit worth noting from the LA Times coverage:

The Google copy-protection software also imposes a big restriction: The CBS shows, NBA games and other material protected by the software can be watched only on a computer that’s connected to the Internet.

“I think it’s going to be a problem,” said Li, the Forrester analyst, adding that Google executives told her they were trying to fix it.

That’s interesting. In my opinion, given that quote, I’ll bet Google’s DRM is something similar to the copy-protection systems used for many games since about id’s Quake 3 and Valve’s Half-Life; an online “key server” which validates codes, tracks player IDs, and who’s viewing what, “live”, as the video is cued up and played.

Some more info on the Half-Life WON authentication system can be found in this GamaSutra article; subscription required — try viewing this google-cache version with Javascript off if you don’t have a sub. That’s historical now, of course, since that WON system has been replaced by a new auth protocol as part of Valve’s ‘Steam’ system.

The key factor is the network, separating the dangerous, untrustworthy user machine from the trusted key server. Since the online key server can act as a platform for trusted, known-insubvertable code to run, along with the video server, both being under Google’s control, it’s actually possible to build reasonably solid DRM on this model. That’s as opposed to the usual case, where a reasonably determined teenager can break it in a week of school-nights. ;)

Anyway, that’s speculation. It remains to be seen if they’ve come up with something along the lines of WON authentication — and if it’s still easily subvertable or not.

Update: Aristotle Pagaltzis has a pretty good point in the comments:

Watching video, unlike playing a multiplayer game, is not an activity that inherently requires connecting to a server. Playing a multiplayer game, OTOH, inherently is.

So cracking a multiplayer game’s key check is fruitless, because then you can’t play online anymore, which was the whole point of the game in the first place. In contrast, a video player with a cracked key check still fulfills its purpose just fine.

I think he’s right. That’s a key point, demonstrating how WON authentication still can’t help — media playback, as a task, is itself fundamentally crackable.

This entry was posted in Uncategorized and tagged , , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.

7 Comments

  1. Posted January 9, 2006 at 10:04 | Permalink

    It will be interesting to see if Google repeats the same mistake that many of the companies providing Pay-TV security made – specifically the ones where they thought that they were so clever that nobody could hack their system and underestimating the opposition. Google has a lot of very smart people – it just doesn’t have any world class DRM/Conditional Access systems designers or people who can think like Pay-TV hackers. Google’s DRM system wouldn’t just be country specific. It would be a global target.

  2. Posted January 9, 2006 at 18:07 | Permalink

    hi John!

    I would hope that Google has enough smart people to avoid the underestimation problem. One funny thing about reverse-engineering and DRM removal, is that it’s very asymmetric; it’s a lot harder to create a hard-to-break system, than it is to break a system. Anyway, it’s going to be fun to watch ;)

  3. Posted January 9, 2006 at 18:34 | Permalink

    There are still targets for cracking at multiple levels of such a process that aim at circumventing the need for communication with the keyserver. Quake3 was cracked almost instantly.

    But the scheme worked anyway because in online games, well, you need to connect to a server in order to play multiplayer games. And because the scheme in Q3 required a crack on both the client and the game server, and tracking down cracked public servers was easy for id software, you couldn’t connect to public servers with a cracked client. But there were still lots of people playing with cracked Q3 copies on cracked Q3 servers in LAN parties.

    For watching content offline, I don’t see how this model is supposed to be enforcable.

    Worse, there is a huge privacy concern. I certainly wouldn’t be interested in media that gives an external entity the opportunity to track exactly what I watched or listened to and when. That was much less of an issue with Quake3 because of the structure of the relationship between content, producer, consumer and the keyserver entity.

  4. Posted January 9, 2006 at 19:38 | Permalink

    hi Aristotle —

    ‘For watching content offline, I don’t see how this model is supposed to be enforcable.’

    that’s the point; the press release notes that it’s required to be online, right now. That’s the key that may make it possible to build hard-to-crack DRM out of it.

    …Mind you, something’s just occurred to me; when you’re playing a game, it’s impossible for a cracker to record all parts of the game data as it happens, then play it back later and play another game, with a possibly different set of players and a possibly different outcome. However, in the video case, it is possible for a cracker to record all the data from the video server, and play it back verbatim later, offline. So a WON-style scheme may not be such an advantage for Google after all, simply because video is fully recordable.

    Regarding privacy: ‘I certainly wouldn’t be interested in media that gives an external entity the opportunity to track exactly what I watched or listened to and when’ — Google is already doing pretty well there, via AdSense ad and/or Google Analytics javascript. For example, take a look at this YouTube page — google ads…

  5. Posted January 9, 2006 at 23:24 | Permalink

    Microsoft’s Janus DRM works similarly — you need to be online to download a time-sensitive “license” to playback music. You can then transfer the file & license onto a portable player with a “secure” clock which enforces the file expiration.

    So you don’t need to be connected to the net to play — Just to download and activate.

    You’ll note that Janus hasn’t been cracked either. The closest that there’s been was a workaround using an old version of Winamp which could dump out WAVs of DRM’d tracks, but MS were able to nuke the license attached to that old version of Winamp within a couple of days (and you couldn’t get the compressed file with DRM stripped — you’d have to lossily re-encode the WAV back to MP3 or WMA).

    Rod.

  6. Posted January 10, 2006 at 15:46 | Permalink

    the press release notes that it’s required to be online, right now. That’s the key that may make it possible to build hard-to-crack DRM out of it.

    No, you didn’t get my point. Watching video, unlike playing a multiplayer game, is not an activity that inherently requires connecting to a server. Playing a multiplayer game, OTOH, inherently is.

    So cracking a multiplayer game’s key check is fruitless, because then you can’t play online anymore, which was the whole point of the game in the first place. In contrast, a video player with a cracked key check still fulfills its purpose just fine.

    I thought that was obvious.

    Google is already doing pretty well there, via AdSense ad and/or Google Analytics javascript.

    Right, which is why I’m using an proxy that refuses to fetch data from the relevant servers.

  7. Posted January 10, 2006 at 19:00 | Permalink

    So cracking a multiplayer game’s key check is fruitless, because then you can’t play online anymore, which was the whole point of the game in the first place. In contrast, a video player with a cracked key check still fulfills its purpose just fine.

    Yeah, that’s the point I’d been missing — until I got it in the next paragraph of that comment. ;)