Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!csd4.milw.wisc.edu!uxc!uxc.cso.uiuc.edu!m.cs.uiuc.edu!gillies From: gillies@m.cs.uiuc.edu Newsgroups: comp.arch Subject: Re: built-in security features Message-ID: <3300046@m.cs.uiuc.edu> Date: 24 Jan 89 06:23:00 GMT References: <8846@nsc.nsc.com> Lines: 62 Nf-ID: #R:nsc.nsc.com:8846:m.cs.uiuc.edu:3300046:000:2794 Nf-From: m.cs.uiuc.edu!gillies Jan 24 00:23:00 1989 Xerox Information Systems Division sells a lot to the government, and sells to some fortune-500 companies (Boeing, etc). Here is how they protect their system software from copying: Each Daybreak=6085/Star=8010 workstation has a unique identifier. This identifier is the 6-byte absoluately unique ID used for a 48-bit ethernet host ID. I'll call this the "UID". The ethernet cards are made & sold only by Xerox, and I believe the UID is in an EPROM chip which (probably) also contains startup microcode. This is very-much a closed-architecture / proprietary product (source code is never distributed, & the assembly language is proprietary like on the old Pyramid computers), so the following scheme works fairly well: Each sites gets a full set of floppies with every piece of software Xerox makes. Each major software package has an "product number" K. Xerox has a (perhaps public-key?) private encryption function F(K, UID). The O/S is programmed with the (public) decryption function Finverse(). During initialization, each package reads a "product factoring file" looking for its number F(K, UID). It then applies Finverse and checks to see if Finverse(F(K, UID)) = K,UID. If so, then the program will run. If not, then it says "call technical support to get authorization to run this package" You install all the software you want, then run the "factoring" program, and call Xerox, giving them your UID. Xerox checks to make sure you paid for certain packages, then gives you the numbers F(K2,UID), F(K2,UID), ..., computed from your UID & the package numbers K1, K2, .... There may be some added subtlety, but this is the main idea. Anyway, this scheme provides enough protection for their needs. Of course, there are obvious attacks, but you asked for a REAL-WORLD system. Some obvious flaws are: 1. Reprogram the ROM chip to be the same as a competitor, who has paid for all the software. But you better not *EVER* connect to his network! 2. Dissect each software package and remove the checks (nearly impossible without any development tools or debuggers) 3. Spoof Xerox into giving you the numbers by saying you're from another company (with the software), then giving out your machine number & package numbers (Xerox can check machine ownership). Also, after every release the encryption/decryption functions change, so they can charge for new software versions. Nobody says you must solve this problem totally, in order to make a healthy profit on your product. I doubt if *ANYONE* outside Xerox has ever broken the product factoring system. If anyone ever did, then you could just revise the hardware/software to thwart the attack their attack. I think this system serves the needs of Xerox adequately. Don Gillies {uiucdcs!gillies} U of Illinois