Feeds

Stealth plan puts copy protection into every hard drive

And buggers backups, imaging and RAID

  • alert
  • submit to reddit

Security for virtualized datacentres

Exclusive Hastening a rapid demise for the free copying of digital media, the next generation of hard disks is likely to come with copyright protection countermeasures built in.

Technical committees of NCTIS, the ANSI-blessed standards body, have been discussing the incorporation of content protection currently used for removable media into industry-standard ATA drives, using proprietary technology originating from the 4C Entity. They're the people who brought you CSS2: IBM, Toshiba Intel and Matsushita.

The scheme envisaged brands each drive with a unique identifier at manufacturing time.

The proposals are already at an advanced stage: three drafts have already been discussed for incorporating CPRM (Content Protection for Recordable Media) into the ATA specification by the NCTIS T.13 committee. The committee next meets in February. If, as expected, the CPRM extensions become part of the ATA specification, copyright protection will be in every industry-standard hard disk by next summer, according to IBM.

However, what's likely to create a firestorm of industry protest is that the proposed mechanism introduces problems to moving data between compliant and non-compliant hard drives. Modifications to existing backup programs, imaging software, RAID arrays and logical volume managers will be required to cope with the new drives, The Register has discovered.

The ramifications are enormous. Although the benefit to producers is great - bringing the holy grail of secure content one step closer - the costs to consumers will be significant. For example, corporate IT departments will be unable to mix compliant and non-compliant ATA drives as they try to enforce uniform back up policies, we've discovered. Restoring personal backups to a different physical drive - a common enough occurrence when a disk has failed - will require authentication with a central server. Imaging software used by OEMs and large corporates to distribute one-to-many disk images will also need to be modified.

And the move casts a shadow over some of the hottest emerging business models: the network attached storage industry, which relies on virtualising media pools, the digital video recorder market currently led by TiVo and Replay, and the nascent peer-to-peer model all face technical disruption.

How it works

Today, CPRM is implemented on DVD and removable SD disks. But the SCSI and ATA/ATAPI proposals incorporate an extension of the scheme to allow the encryption to be used on hard drives, in addition to removable drives and ATAPI devices such as CD-ROMs and DVD drives.

The proposal makes use of around a megabyte of read-only storage on each hard drive that isn't usually accessed by the end user for a "Media Key Block". According to research scientist Jeffrey Lotspiech of IBM's Almaden Research Lab, this is a matrix of 16 columns and some 3000 rows. A static "Media Unique Key" in a separate, hidden area of the drive, identifies the individual drive. Making use of broadcast encryption and one way key algorithms, would-be hackers face a daunting number of keys to break. CPRM adds new commands into the ATA specification.

But because the system makes use of the physical location on the device of the encrypted item, software designed for non-compliant drives will break in some circumstance when encrypted data files are moved.

"It requires both drives to be compliant when data is to move from one disk to another," says Lotspiech. "And a compliant application to get all that data to the new drive".

So a hard drive containing small individual containing non-copyable files of say, Gartner reports, will essentially be unrestorable using existing backup programs.

Similar problems arise with RAID arrays using IDE disks, acknowledges IBM. "This may help IT managers when auditing for copyright compliance," suggests IBM spokesman Mike Ross.

However the decision to make an organisation CPRM compliant. Free copying is no longer an option:-

"It's not up to us to determine or guess what the content provider might permit," says Ross. "Nothing will handcuff proper backup and restoring provided the content provider permits it. Some may not permit it - but what will the customers reaction be then?"

Well, quite. Clearly key management becomes an urgent priority when CPRM-aware drives are introduced next year, as CPRM-aware content will surely follow. The decision to go with CPRM in an organisation is also an all or nothing proposition - it can't be introduced gradually.

But for home users, the party's over. CRPM paves the way for CPRM-compliant audio CDs, and the free exchange of digital recordings will be limited to non-CPRM media.

The Register understands there is fierce opposition to the plan from Microsoft and its OEM customers. Generating hundreds of thousands of images each week, the PC industry relies on data going from one master to many reliably and smoothly. Imaging programs face the same problem as restore software: the target disk isn't the same as the originator disk. Microsoft Redmond already has put in a counter-proposal that eschews low-level hardware calls.

Where were you when they copy-protected the hardware, Daddy?

The intellectual property is owned by the 4C Entity, and administered by License Management International, LLC - a limited liability company based in Morgan Hill, California. Company founder John Hoy told The Register that "LMI,LC holds no intellectual property. Entities are granted a master license."

Per-device royalties are payable to LLI,LC. License fees of between 2c and 17c have been mooted for each device, according to documents circulated to the T.13 group. 5c is the current rate for a DVD device.

Three possible paths lie ahead. CPRM may be bounced out of the T.x committees. Or manufacturers may choose not to implement it, and opt for an incomplete ATA or SCSI specification. This is deemed unlikely. Or thirdly, manufacturers may choose to implement the new command set, but not activate it.

Although it hardly has a prominent media profile - yet - CPRM in hardware is the most comprehensive mechanism for enforcing rights protection the industry has seen, and is likely to be viewed by content producers as a magic bullet. Its progress depends on whether its proponents can overcome industry and consumer opposition. Which might be brewing right about ... now. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
Yes, Virginia, there IS a W3C HTML5 standard – as of now, that is
You asked for it! You begged for it! Then you gave up! And now it's HERE!
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.