Skip to content

Barry / rf-depot

Go to a project
Toggle navigation
Toggle navigation pinning
Switch branch/tag
Proposals_auth.htm 31 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 
<html xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 9">
<meta name=Originator content="Microsoft Word 9">
<link rel=File-List href="./Proposals_auth_files/filelist.xml">
<title>Proposals for authenticating content in the BB player</title>
<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Author>pramila</o:Author>
  <o:Template>Normal</o:Template>
  <o:LastAuthor>pramila</o:LastAuthor>
  <o:Revision>2</o:Revision>
  <o:TotalTime>2054</o:TotalTime>
  <o:Created>2002-05-30T23:00:00Z</o:Created>
  <o:LastSaved>2002-05-30T23:00:00Z</o:LastSaved>
  <o:Pages>5</o:Pages>
  <o:Words>1488</o:Words>
  <o:Characters>8484</o:Characters>
  <o:Company>RouteFree</o:Company>
  <o:Lines>70</o:Lines>
  <o:Paragraphs>16</o:Paragraphs>
  <o:CharactersWithSpaces>10418</o:CharactersWithSpaces>
  <o:Version>9.3821</o:Version>
 </o:DocumentProperties>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;
	mso-font-charset:2;
	mso-generic-font-family:auto;
	mso-font-pitch:variable;
	mso-font-signature:0 268435456 0 0 -2147483648 0;}
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
h1
	{mso-style-next:Normal;
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	page-break-after:avoid;
	mso-outline-level:1;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-font-kerning:0pt;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
 /* List Definitions */
@list l0
	{mso-list-id:124927964;
	mso-list-type:hybrid;
	mso-list-template-ids:992389694 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l1
	{mso-list-id:168448410;
	mso-list-type:hybrid;
	mso-list-template-ids:-1642313258 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l2
	{mso-list-id:197353463;
	mso-list-type:hybrid;
	mso-list-template-ids:-1088905386 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l3
	{mso-list-id:239097934;
	mso-list-type:hybrid;
	mso-list-template-ids:-882996448 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l4
	{mso-list-id:500775990;
	mso-list-type:hybrid;
	mso-list-template-ids:1123342702 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l5
	{mso-list-id:511915055;
	mso-list-type:hybrid;
	mso-list-template-ids:923467322 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l5:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l6
	{mso-list-id:747267171;
	mso-list-type:hybrid;
	mso-list-template-ids:214713466 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l6:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l7
	{mso-list-id:939333541;
	mso-list-type:hybrid;
	mso-list-template-ids:-1648340322 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l7:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:39.0pt;
	mso-level-number-position:left;
	margin-left:39.0pt;
	text-indent:-.25in;
	font-family:Symbol;}
@list l8
	{mso-list-id:1260944396;
	mso-list-type:hybrid;
	mso-list-template-ids:1444040892 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l8:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l9
	{mso-list-id:1345668352;
	mso-list-type:hybrid;
	mso-list-template-ids:-2066321262 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l9:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l10
	{mso-list-id:1513102625;
	mso-list-type:hybrid;
	mso-list-template-ids:1588505130 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l10:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l11
	{mso-list-id:1517959659;
	mso-list-type:hybrid;
	mso-list-template-ids:1972950454 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l11:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l12
	{mso-list-id:1621842119;
	mso-list-type:hybrid;
	mso-list-template-ids:1089749658 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l12:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l13
	{mso-list-id:1633291694;
	mso-list-type:hybrid;
	mso-list-template-ids:-629924432 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l13:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l14
	{mso-list-id:1802070372;
	mso-list-type:hybrid;
	mso-list-template-ids:-703850912 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l14:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l15
	{mso-list-id:1993869208;
	mso-list-type:hybrid;
	mso-list-template-ids:-288729150 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l15:level1
	{mso-level-number-format:bullet;
	mso-level-text:\F0B7;
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Symbol;}
@list l15:level2
	{mso-level-number-format:bullet;
	mso-level-text:o;
	mso-level-tab-stop:1.0in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:"Courier New";
	mso-bidi-font-family:"Times New Roman";}
@list l15:level3
	{mso-level-number-format:bullet;
	mso-level-text:\F0A7;
	mso-level-tab-stop:1.5in;
	mso-level-number-position:left;
	text-indent:-.25in;
	font-family:Wingdings;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
-->
</style>
</head>

<body lang=EN-US style='tab-interval:.5in'>

<div class=Section1>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<h1><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt'>Proposals for
authenticating content in the BB player<o:p></o:p></span></h1>

<p class=MsoNormal>(Will be merged into Security document, BB player security
section)</p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b>Proposals for authenticating flash content loaded into
the DDR.<o:p></o:p></b></p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>The following are a few proposals for the hardware/software
solution for authenticating content loaded for execution into the BB player.</p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>The following are the <b>resources</b> supported by the
server security infrastructure:</p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l8 level1 lfo1;tab-stops:list .5in'>The
     server has the ability to generate a signed hash of the content </li>
 <li class=MsoNormal style='mso-list:l8 level1 lfo1;tab-stops:list .5in'>The
     server has the ability to generate a content key and encrypt data with
     that key </li>
 <li class=MsoNormal style='mso-list:l8 level1 lfo1;tab-stops:list .5in'>The
     server has the ability to create a signed license with the above hash and
     content key and encrypt it with the recipient’s public key</li>
</ul>

<p class=MsoNormal style='margin-left:.25in'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>The reason authenticating content becomes important is
because content revenue is tied to players being able to play our content and
no one else’s. It is more important due to the fact that pirated content is
already available, so there do exist those who will benefit from being able to
sell content to BB player owners.</p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b>Requirements:<o:p></o:p></b></p>

<p class=MsoNormal>The following are the security requirements for the
authentication:</p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l11 level1 lfo2;tab-stops:list .5in'>The
     BB player in secure mode has to authenticate the content (including code
     and data or parts therof)</li>
 <li class=MsoNormal style='mso-list:l11 level1 lfo2;tab-stops:list .5in'>The
     code and data will be continually dma’ed from the flash as the game is
     played. All this content has to be authenticated during game play.</li>
 <li class=MsoNormal style='mso-list:l11 level1 lfo2;tab-stops:list .5in'>It
     should not be possible to pass the authenticity checks and then enter
     unauthorized code into the player by launching a timing attack.</li>
</ul>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b>Additional system constraints</b>:</p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l4 level1 lfo3;tab-stops:list .5in'>The
     flash read, decryption and hash calculation should together satisfy the
     data rate requirement of 2-5MB/s (?)</li>
 <li class=MsoNormal style='mso-list:l4 level1 lfo3;tab-stops:list .5in'>Games
     could span more than one flash: upto about 64MB.</li>
 <li class=MsoNormal style='mso-list:l4 level1 lfo3;tab-stops:list .5in'>External
     16MB/32MB flash contains the content</li>
 <li class=MsoNormal style='mso-list:l4 level1 lfo3;tab-stops:list .5in'>Internal
     flash is 64KB</li>
 <li class=MsoNormal style='mso-list:l4 level1 lfo3;tab-stops:list .5in'>Writing
     rate on external flash is about 1-2.5 sec/MB.</li>
</ul>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>Each of these proposals are described in terms of steps
required in </p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l1 level1 lfo4;tab-stops:list .5in'>Content
     creation</li>
 <li class=MsoNormal style='mso-list:l1 level1 lfo4;tab-stops:list .5in'>Server
     packaging</li>
 <li class=MsoNormal style='mso-list:l1 level1 lfo4;tab-stops:list .5in'>Prior
     to run time operation in chip</li>
 <li class=MsoNormal style='mso-list:l1 level1 lfo4;tab-stops:list .5in'>Run
     time operation and hardware requirement</li>
</ul>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>The missing part is the transfer of license and content from
server to the player, which does not influence this decision.</p>

<p class=MsoNormal><b>The proposals are arranged in the order of increasing
complexity in porting the game. The first two involve a systematic modification
of the game code (possibly by a tool with some manual intervention). The third
involves looking up some characteristics of the game upfront, but no
modification. The others are agnostic of the content.<o:p></o:p></b></p>

<p class=MsoNormal>The first two proposals rely on the following principle:</p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l6 level1 lfo12;tab-stops:list .5in'><b>Bootstrapping:
     A piece of code is authenticated based on a signature in the license. This
     code DMAs in and verifies other pieces of code. This happens recursively.
     There is no security hole in this unless unauthorized code enters through
     some other means (like spoofing DDR).<o:p></o:p></b></li>
</ul>

<p class=MsoNormal style='margin-left:.25in'><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Proposal 1:<o:p></o:p></b></p>

<p class=MsoNormal><b>Resources used: hardware signature calculation, periodic
secure timer trap for verification<o:p></o:p></b></p>

<p class=MsoNormal><b>Content creation:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l2 level1 lfo5;tab-stops:list .5in'>Manually
     identify critical parts of code that are dma’ed as one unit. These dmas
     use a different API call, for example, to enable code verification.</li>
</ul>

<p class=MsoNormal><b>Server operation:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l2 level1 lfo5;tab-stops:list .5in'>Verify
     for minimum number of tagged data blocks, compute MD5 hashes of the
     identified blocks (and the entire code?) and sign entire license <b><o:p></o:p></b></li>
</ul>

<p class=MsoNormal><b>Prior to run time:<o:p></o:p></b></p>

<p class=MsoNormal style='margin-left:.5in'>Secure kernel dma’es in the
contents of the boot code of the game and verifies the signature of the code.
(There is no need to verify entire flash contents, so reduces start up time).</p>

<p class=MsoNormal><b>Run time:</b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l2 level1 lfo5;tab-stops:list .5in'>The
     game proceeds by loading an initial boot module from flash. The signature
     of this module is computed, and this code is allowed to execute. For
     following DMAs, if required, the MD5 hash is computed and pushed in a
     stack for future use. <b><o:p></o:p></b></li>
 <li class=MsoNormal style='mso-list:l2 level1 lfo5;tab-stops:list .5in'>When
     the secure timer interrupt happens the stack of calculated hashes is
     verified against the ones stored in the license. If valid, the game
     proceeds.<b><o:p></o:p></b></li>
</ul>

<p class=MsoNormal><b>Hardware:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l3 level1 lfo6;tab-stops:list .5in'>MD5
     hash computation on blocks of decrypted data<b><o:p></o:p></b></li>
 <li class=MsoNormal style='mso-list:l3 level1 lfo6;tab-stops:list .5in'>Some
     storage space in the license for list of valid signatures. Actually (start
     address, end address, hash) triples.<b><o:p></o:p></b></li>
</ul>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Points of Discussion:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l13 level1 lfo8;tab-stops:list .5in'>Requires
     space in license to store a table of values</li>
 <li class=MsoNormal style='mso-list:l13 level1 lfo8;tab-stops:list .5in'>There
     is no security hole in the time lag between the signature calculation and
     verification because the verification interrupt is not maskable and the
     signature list is not modifiable. So inauthentic code can only run until
     the next timer driven secure kernel interrupt.</li>
 <li class=MsoNormal style='mso-list:l13 level1 lfo8;tab-stops:list .5in'>Is there
     security benefit to doing the calculation during load time and
     verification at a different time? The operation is still validating code
     loaded from flash, not that actually running in the CPU, for instance. The
     question is whether there is better use for the ability to do run time
     check? </li>
</ul>

<p class=MsoNormal style='margin-left:.25in'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Proposal 2:<o:p></o:p></b></p>

<p class=MsoNormal><b>Resources used: hardware signature calculation<o:p></o:p></b></p>

<p class=MsoNormal><b>Content creation:<o:p></o:p></b></p>

<p class=MsoNormal>(there are a few ways of achieving this goal: this is just
one illustration)</p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l3 level1 lfo6;tab-stops:list .5in'>Use a
     tool to process the entire content and process every DMA request (except
     the first boot loader of the game), adding the hash of the contents it
     will DMA in into the application. (The DMA request contains the hash value
     of the data). This requires the game to be played so that DMA requests and
     results are captured.<b> </b>Ideally we require a scheme that can be
     mostly automated followed by some manual selection.</li>
</ul>

<p class=MsoNormal><b>Server: <o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l3 level1 lfo6;tab-stops:list .5in'>Calculates
     signature of first boot loader of the game (the first DMA) and stores it
     in the license</li>
</ul>

<p class=MsoNormal><b>Prior to run time:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l3 level1 lfo6;tab-stops:list .5in'>Loads
     the first DMA from flash from secure kernel and verifies its signature
     against that stored in the license.<b><o:p></o:p></b></li>
 <li class=MsoNormal style='mso-list:l3 level1 lfo6;tab-stops:list .5in'>This
     authenticated data contains the signatures of the data corresponding to
     the dma calls it makes<b><o:p></o:p></b></li>
</ul>

<p class=MsoNormal><b>Run time:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l5 level1 lfo9;tab-stops:list .5in'>Every
     DMA call automatically loads (apart from source, destination, length) the
     signature, to the hardware unit, to trigger a signature calculation. The
     hardware computes the signature and verifies it atomically and if true,
     proceeds.</li>
 <li class=MsoNormal style='mso-list:l5 level1 lfo9;tab-stops:list .5in'>So all
     DMAs are followed by signature calculation and verification.</li>
 <li class=MsoNormal style='mso-list:l5 level1 lfo9;tab-stops:list .5in'>If
     there is no match it sets up some register/flag which has to be cleared
     before data can be loaded again from the flash. This can be interpreted by
     software to stop the game or exit.</li>
</ul>

<p class=MsoNormal><b>Hardware:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l10 level1 lfo10;tab-stops:list .5in'>Engine
     to compute signatures and verify with known signature</li>
</ul>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b>Points of Discussion:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l10 level1 lfo10;tab-stops:list .5in'>There
     are DMAs corresponding to audio data which streams in continuously from
     flash. These cannot be signature checked because the data is based on
     input and there are numerous of these small requests.<b><o:p></o:p></b></li>
 <li class=MsoNormal style='mso-list:l10 level1 lfo10;tab-stops:list .5in'>So
     for this to work we need the assumption the audio data is strictly data
     and cannot be hacked to issue further DMAs.<b><o:p></o:p></b></li>
</ul>

<p class=MsoNormal style='margin-left:.5in'><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal style='margin-left:.5in'><b>Note: one difference between
proposal 1 and 2 is that in proposal 1 there is a time gap between the
signature calculation and verification. Hence, the secure trap is essential. In
proposal 2 the operations are atomic, hence there is no need for the secure
trap.<o:p></o:p></b></p>

<p class=MsoNormal style='margin-left:.5in'><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Proposal 3:<o:p></o:p></b></p>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Content creation:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l0 level1 lfo14;tab-stops:list .5in'>Use a
     tool to scan through the data to extract a list of DMA calls. Manually
     extract those that require verification. No alteration to the code.<b><o:p></o:p></b></li>
</ul>

<p class=MsoNormal><b>Server: <o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l0 level1 lfo14;tab-stops:list .5in'>Create
     a table of hashes for the above list and embed in the license.<b><o:p></o:p></b></li>
</ul>

<p class=MsoNormal style='margin-left:.25in'><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Prior to run time:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l0 level1 lfo14;tab-stops:list .5in'>Verify
     boot code as always</li>
</ul>

<p class=MsoNormal style='margin-left:.25in'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Run time:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='text-align:justify;mso-list:l0 level1 lfo14;
     tab-stops:list .5in'>For every DMA request, do a table lookup to determine
     whether the DMA has to be verified, and perform the calculation and
     verification if needed. <b><span style="mso-spacerun: yes"> </span>(The
     decision of whether to do the check is not embedded in the data, it is in
     the table).</b></li>
</ul>

<p class=MsoNormal><b>Hardware:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l0 level1 lfo14;tab-stops:list .5in'>Signature
     calculation </li>
</ul>

<p class=MsoNormal><b>Points for discussion:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l0 level1 lfo14;tab-stops:list .5in'>Can
     this table be of a size such that this table lookup is possible for every
     DMA request, including audio requests?</li>
 <li class=MsoNormal style='mso-list:l0 level1 lfo14;tab-stops:list .5in'>If we
     put in a size constraint on the DMA request to eliminate audio data, is it
     possible to remove the manual process and make it seamless so that the
     signature is checked for all required DMAs and we are able to capture all
     the critical content?</li>
</ul>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b>Proposal 4:<o:p></o:p></b></p>

<p class=MsoNormal><b>Content creation: </b>none</p>

<p class=MsoNormal><b>Server: </b>compute MD5 hash of entire content and store,
signed, in license</p>

<p class=MsoNormal><b>Prior to run time: </b>compute MD5 hash of entire
content, verify against license. Generate a hardware dependent key and restore
data on the flash encrypted by a new key. Program new key into decryption
hardware for the remainder of game play.</p>

<h1>Run time: none</h1>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Hardware: none (except for acceleration)<o:p></o:p></b></p>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Points of Discussion:<o:p></o:p></b></p>

<p class=MsoNormal style='margin-left:39.0pt;text-indent:-.25in;mso-list:l7 level1 lfo13;
tab-stops:list 39.0pt'><![if !supportLists]><span style='font-family:Symbol'>·<span
style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>One matter of inconvenience is that it might even take
a couple of minutes to re-write flash for a large game. </p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l12 level1 lfo11;tab-stops:list .5in'>Secondly,
     if the flash is pulled out or power is shut off without gracefully exiting
     the game, it will be left in unusable state and has to be downloaded from
     the depot.</li>
</ul>

<p class=MsoNormal style='margin-left:.25in'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b>Proposal 5:<o:p></o:p></b></p>

<p class=MsoNormal><b>(Content agnostic) Starting from computed hashes for all
data in content<o:p></o:p></b></p>

<p class=MsoNormal><b>Content creation: <o:p></o:p></b></p>

<p class=MsoNormal><b>Server:<span style="mso-spacerun: yes">  </span></b>create
hash values of 1KB blocks (as an example) irrespective of data and store in a
large block along with the content. Put the hash of this hash table in the
license.</p>

<p class=MsoNormal><b>Prior to run time: </b>verify and load in this hash table
to secure part of DRAM. This is used for later verification</p>

<p class=MsoNormal><b>Run time: <o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l12 level1 lfo11;tab-stops:list .5in'>Hardware
     computes hash values on every 1K byte block read in every DMA and saves
     for future verification</li>
 <li class=MsoNormal style='mso-list:l12 level1 lfo11;tab-stops:list .5in'>In
     the next secure kernel trap these computed values are verified against
     values stored in DRAM.</li>
</ul>

<p class=MsoNormal style='margin-left:.25in'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Hardware: signature calculation <o:p></o:p></b></p>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>Points for discussion:<o:p></o:p></b></p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l9 level1 lfo15;tab-stops:list .5in'>For a
     64MB game the rough data size for all hashes assuming 1K blocks is about
     512KB. Can we carve this much in DRAM as application inaccessible?<b><o:p></o:p></b></li>
 <li class=MsoNormal style='mso-list:l9 level1 lfo15;tab-stops:list .5in'>Is
     any randomization needed to pick a certain number of 1KB blocks? (due to
     storage reasons). Then we may need to store those addresses too.<b><o:p></o:p></b></li>
 <li class=MsoNormal style='mso-list:l9 level1 lfo15;tab-stops:list .5in'>In
     the verification step is it possible to load and verify from DRAM all the
     computed hashes or is any randomization needed?<b><o:p></o:p></b></li>
</ul>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<p class=MsoNormal><b>MD5 details:<o:p></o:p></b></p>

<p class=MsoNormal>Since this is the major hardware support no matter which
scheme is used, it is roughly characterized here:</p>

<ul style='margin-top:0in' type=disc>
 <li class=MsoNormal style='mso-list:l15 level1 lfo16;tab-stops:list .5in'>Input
     512 bit blocks</li>
 <li class=MsoNormal style='mso-list:l15 level1 lfo16;tab-stops:list .5in'>Divide
     into 16 32 bit subblocks.</li>
 <li class=MsoNormal style='mso-list:l15 level1 lfo16;tab-stops:list .5in'>Result
     is 128 bit hash.</li>
 <li class=MsoNormal style='mso-list:l15 level1 lfo16;tab-stops:list .5in'>Pad
     and extend to make complete input a multiple of 512 bits</li>
 <li class=MsoNormal style='mso-list:l15 level1 lfo16;tab-stops:list .5in'>For
     each 512 bit block:</li>
 <ul style='margin-top:0in' type=circle>
  <li class=MsoNormal style='mso-list:l15 level2 lfo16;tab-stops:list 1.0in'>For
      4 rounds</li>
  <ul style='margin-top:0in' type=square>
   <li class=MsoNormal style='mso-list:l15 level3 lfo16;tab-stops:list 1.5in'>For
       16 values of t</li>
   <li class=MsoNormal style='mso-list:l15 level3 lfo16;tab-stops:list 1.5in'>(operation
       A() has approx 4 steps of logic):</li>
   <li class=MsoNormal style='mso-list:l15 level3 lfo16;tab-stops:list 1.5in'>A()
       + 3 adds, 1 shift (variable number of bits) +t.</li>
  </ul>
 </ul>
 <li class=MsoNormal style='text-align:justify;mso-list:l15 level1 lfo16;
     tab-stops:list .5in'>Approx 600 logical ops per 512 bit block (excluding
     data movement and some initialization, discounting the variation in the
     shift).</li>
 <li class=MsoNormal style='text-align:justify;mso-list:l15 level1 lfo16;
     tab-stops:list .5in'>For a 1Kbyte block that is about 9600 ops. So for
     about 2Mbytes per sec we need about 20 x 10^6 operations per second.</li>
 <li class=MsoNormal style='text-align:justify;mso-list:l15 level1 lfo16;
     tab-stops:list .5in'>Apart from this there is a decryption operation +
     flash read etc…</li>
 <li class=MsoNormal style='text-align:justify;mso-list:l15 level1 lfo16;
     tab-stops:list .5in'>In software it is about 6 cycles per byte on a
     Pentium.</li>
</ul>

<p class=MsoNormal style='margin-left:.25in;text-align:justify'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></b></p>

<h1><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></h1>

</div>

</body>

</html>