Copyright Protection
There is a huge amount of piracy on all sorts of digital content, including music, software, and movies. This has huge economic repercussions, and is causing a creative stagnation (essentially, more theft equals less profit for the shareholders).
The biggest problems in all copy protection systems is that they are all susceptible to class breaks, meaning that once broken, they affect all users of the technology or product, and not a specific instance of that protection. Once Blu-ray copy protection has been bypassed, all Blu-rays are susceptible to being copied.
Media Based Protection
This is a type of protection commonly used in the 1980s. Programs check the media the file is shipped on and confirm that the file is an original. For example, they would create 'bad' sectors on a floppy disk, which were then distributed and these bad sectors would be checked during execution.
If the program was then copied to a new floppy disk, this would then detect that the floppy it was running on didn't have the special sectors and would thus refuse to run.
Once the community saw this was an issue, they wrote programs to deal with these special sectors and duplicate them.
Serial Numbers
Another problem that exists is that users can share serial numbers for programs, and as long as they don't contact the vendor in the process, the vendor has no way of knowing about illegal installations.
The vendor ships each copy of the software with a unique serial number. This is then entered during the installation program, and the program verifies the typed number is valid.
Challenge Response
This is an improvement to the serial number protection scheme, with the program sending a challenge response to the online activation server to the vendor. This challenge-response idea is well known, but has issues. The user can type the serial number, then the program gets a unique identifier of the machine.
This combination value is then sent to the vendor, who verifies the number is legitimate, and that the user can install the software. The vendor then sends a response which is fed into the installation program, confirming mathematically that the response is valid.
Hardware-Based Protection
This is a step up from conventional copy protections. We add some form of tamper proof non-software based component to the mix, to assist in authentication of the running software. The program needs this dongle to operate correctly.
The most common implementation is to have the program call the device driver and check the dongle is installed, but a cracker can simply remove or ignore the check.
Dongle developers thus need to design the dongle so that the program needs something from the dongle to run. For example, the dongle could contain a HSM, which decrypts the installed version of the program on the fly as it runs.
The issue with this is that the program will eventually end up in memory, so can simply be ripped from there once loaded.
Software-as-a-Service (SaaS)
As computers become more powerful and cloud computing is ubiquitous, many vendors opt to run their software from a set of servers, with the end user connecting to the server to access the software. It is impossible to access the service without the vendor agreeing, as the vendor owns and maintains the servers where the program runs.
This is not for every type of software though, for example video editors would consume huge amounts of bandwidth if ran from the cloud.
Dedicated Hardware
To achieve unbreakable software, we need to include dedicated hardware, either separate to the main CPU, or somewhere on-die that can be cryptographically verified as being the crypto hardware. To achieve unbreakable, or nearly unbreakable solutions, there must be some dedicated hardware to assist the protection technology.
Computers are inherently open, with the user being able to manipulate the hardware as they desire, with control of raw data only restricted by the operating system, which places artificial limits on the access to the hardware.
Protected information stored on the computer will be readable to an attacker is at any point that data is stored on the system unencrypted. As decryption is typically done with the CPU, the keys for decryption are impossible to hide.
Cryptoprocessors
These address software piracy and more general DRM, by including a processor that can directly execute encrypted code, and only decrypt it on the fly as needed. There is another problem with cryptoprocessors in that the data generated by the program can be used to expose the information about the encrypted program, for example, the raw video frames from a Widevine CDM.
At manufacture, the processor manufacturer keeps a list of the public keys for particular CPU serial numbers. When the decryption is needed, the media distributor encrypts the code or media with the public key of the end user, which is then only decrypted within the crypto-coprocessor. This crypto-coprocessor stores the code in the memory which the CPU manufacturer makes inaccessible to the OS or anyone.
HSMs
Hardware security modules are physical devices that safeguard and manage secrets. They perform encryption and decryption for digital signing, and other cryptographic functions.
HSMs can run their own OS and execute custom programs designed to be run within the HSM. They conform to PKCS #11 to be accessible to any application wanting to use their services.
TPMs
These are similar to HSMs but are internationally standardised and included either on-die, or on PCB for most modern systems. They can perform encryption, decryption, signing, and authentication but are much slower than HSMs.
Digital Rights Management (DRM)
The basics of DRM include encrypting the protected content, transmitting it encrypted, and only decrypting it when they control the entire path the content flows along after decryption.
The big issue with DRM is how to keep the content protected after it has been decrypted.
Watermarking
If we cannot stop DRM being bypassed, we can sometimes add an additional channel of data alongside the visual data, and keeping the data and encoding of the watermark secret. Thus, if a media file makes its way onto torrent sites, it can (hopefully) be traced back to the user who downloaded or streamed it.
Good watermarking schemes are imperceptible, and contain as much information about the stream as possible. They should be robust to transfers and modifications of the carrier signal, compression, and other processing. They should be difficult to detect, and encrypted. They should also make it difficult to remove, although it is always possible to remove a watermark if located.