Xref: utzoo comp.arch:7908 comp.edu:1897 comp.misc:4734 Path: utzoo!utgpu!attcan!uunet!lll-winken!ncis.llnl.gov!ncis!helios.ee.lbl.gov!pasteur!ucbvax!hplabs!amdcad!rpw3 From: rpw3@amdcad.AMD.COM (Rob Warnock) Newsgroups: comp.arch,comp.edu,comp.misc Subject: Re: built-in security features Keywords: computer security, network security Message-ID: <24102@amdcad.AMD.COM> Date: 18 Jan 89 02:57:34 GMT References: <8846@nsc.nsc.com> <5995@polya.Stanford.EDU> <1804@maccs.McMaster.CA> Reply-To: rpw3@amdcad.UUCP (Rob Warnock) Organization: [Consultant] San Mateo, CA Lines: 65 +--------------- | >The world does change. Some time before the IBM-PC was introduced, | >"someone" suggested anti- software piracy features to Intel. The | >basic idea was to have dealers trap-door encrypt code, using a | While the details are somewhat hazy now, I believe that HP did sell | some systems with a similar scheme... +--------------- Fortune Systems (yes, they still exist, as part of SCI) had a protection scheme on their Unix systems which allowed user backups. Uninstalled software was encrypted with a "global" key known only to Fortune. The act of installing it -- using a protected (gencrypted) "install" program -- caused it to be decrypted and re-encrypted with a key based on the CPU serial number (the key was stored in a PAL on the motherboard). Thus once the software had been "installed" on a given CPU, you could make as many copies as you like (back it up, put it on a net server, etc.), but it would only run on the specific CPU it had been "installed" on. And the "install" procedure was about as user-friendly as one might want. You stuck a shrink-wrapped disk in (unwrapping it first ;-} ) and selected "Install New Product" on the "System Management" menu. Each product disk had a product-specific install script that could ask questions for local configuration, if needed. Motherboard changes required moving the (socketed) security PAL. And a damaged security PAL could be replaced [with a *lot* of questions asked, as the PALs never broke!] from the factory, based on the serial number of the CPU. (Oh, and the PAL stored not the actual serial number, but some encrypted/checksummed function of the serial number.) Actually, it worked pretty well. There was a way for a large site to buy CPUs in a "group", and then buy "group-coded" versions of software that would run on any machine in the group (but priced so high nobody used it). More importantly, there was a program for 3rd-party software vendors so they could have their disks "branded" by Fortune to make them one-time installable. (You didn't *have* to use copy-protection, by the way. Things compiled on a Fortune would run on any CPU unless specifically "branded".) Physical security of uninstalled disks was an issue, as clearly any uninstalled program disk was a single-use "blank check". (There were some tricks played to prevent copying of uninstalled disks.) Many people in this group (and others) have expressed disgust with the whole notion of copy-protection, but Fortune's original business plan was based (rightly or wrongly) on having a number of proprietary applications run on their system, and at the time (1980) "software piracy" was estimated in the trade press to account for as much as 80% of the software actually being run. So they wanted to protect their development investment. Of course, they went a bit far, for my taste. They were so scared of somebody copying their programs that they encrypted/decrypted a protected program if it ever had to swap out/in. This seriously affected multi-user performance, to say the least! They forgot that "security" is always a balancing act, between what it costs the perpetrator to penetrate and what it costs you (in lost function/convenience) to protect. (*Sheesh!* Look, anybody capable of picking bits off swap space is capable of using a logic analyzer and cracking the scheme more straightforwardly!) Rob Warnock Systems Architecture Consultant UUCP: {amdcad,fortune,sun}!redwood!rpw3 ATTmail: !rpw3 DDD: (415)572-2607 USPS: 627 26th Ave, San Mateo, CA 94403