JILT 1996 (3) - John Sharman
The Role of Encryption in Electronic Publishing
John Sharman
Ç-Dilla Ltd.
John.Sharman@c-dilla.co.uk
Abstract
Encryption and access control are increasingly common in Electronic Publishing. This paper describes how such systems work and comments on why Publishers need them.
Ç-Dilla is one of the world's leading developers of encryption and access control software. Its products are used by a wide range of publishers to protect and market their products.
Contents
- 1. Why Do Publishers Use Encryption?
- 2. What is encryption?
- 3. What are Threats for a Publisher?
- 4. The Ç-Dilla Solution
- 5. Issues and comparison to other systems
- 5.1 Real time decryption or not?
- 5.2 Hardware protection vs software protection
- 6. Application of ÇD-Secure2 to real publishers products and problems
- 7. Summary
Date of publication: 30 September 1996
Citation: Sharman J (1996) 'The Role of Encryption in Electronic Publishing', BILETA '96 Conference Proceedings, 1996 (3) The Journal of Information, Law and Technology (JILT). <http://elj.warwick.ac.uk/elj/jilt/bileta/1996/3sharman/>. New citation as at 1/1/04: <http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/1996_3/special/sharman/>
1. Why Do Publishers Use Encryption?
There are three reasons why publishers go to the effort and expense of encrypting their products:
- First to protect them from piracy
- Second to help market them.
- Third to enforce their network licences.
Encryption is simply a method of encoding information so that it can be read by selected people only. The basic techniques go back at least as far as the ancient Greeks. Julius Caesar had a proprietary system. Cryptography is now an established technology and well understood.
Most people associate "encryption systems" with "transit security", that is the protection of highly confidential communications between trusted individuals. This is the area that has the most publicity in connection with the Internet. Modern technology has made such systems very strong and complex. However from a publisher's perspective they share certain characteristics:
- One person who can read the material can pass it to someone else by giving them the decryption key. This is not usually a problem for military secrets because the people concerned wish to maintain the confidentiality of the documents. However it is a severe problem for publishers because they want to be paid by everyone who uses their information and the users are often willing to share the information with friends and colleagues.
- Transit security systems are often complex to operate because they are designed to protect communication between a few individuals. Publishers typically wish to reach large numbers, in some cases very large numbers.
- Transit security systems usually have to be set up in advance. This is not practical for publishers, since they don't know who their customers will be.
In short, encryption alone is not enough for a publisher. They need a complete system which allows them to control who can access their information and what they can do with it. The system must be easy to use, but the controls must be inaccessible to the end-users. My company's software based encryption system - ÇD-Secure2 - is just such a system.
3. What are Threats for a Publisher?
The very factors that make a CD-ROM so attractive for electronic publishing also make it vulnerable to piracy:
- The content of a CD is completely accessible. Most electronic products use authoring software which allows many programmes to read the material.
- CD-ROMs hold very large amounts of information. The content is therefore very valuable. However the products are quite cheap. The publisher therefore has to sell a large number to make a profit. The publisher needs to be paid by everyone who uses the product.
- Electronic products are increasingly networked with fees dependent on the number of users. Both the publisher and the customer need these limits to be enforced. The publisher to earn their revenue and the customer to ensure that they do not breach the terms of their license.
- It used to be said that "CD-ROMs were their own protection" because the average user had nowhere else to put 600 Mb of material. However hard disks are bigger and much cheaper now. Further more most CDs contain much less than 600 Mb.
This encourages casual pirates to take illicit copies and share them with their friends and colleagues.
- Rogue mastering houses have appeared in China and elsewhere which are willing to manufacture pirate CDs in large numbers.
- CD Writers (gold disk writers) which allow people to make their own CDs are now relatively cheap. Phillips recently suggested that they will become so cheap that they will be put in every machine instead of a CD reader.
This has lead to the growth in amateur, car boot sale pirates.
- Finally the legal protection is weak and in many countries difficult to enforce.
The fundamental issue is that Electronic Publishing is large, global business. The products and the material they contain are very valuable. The investment required to develop good quality products is growing. It is therefore vital that publishers' material is not stolen, even accidentally.
I believe that publishers will not be able to risk distributing their material electronically unless they can protect it.
4. The Ç-Dilla Solution
The best way to describe our ideas is to give you an example. It is based on a real product with the names changed to avoid embarrassment.
Imagine a publisher who publishes 5 specialist legal reference books. They want to improve the product by moving it to CD-ROM and providing sophisticated search and retrieval systems.
However there is a problem - they can't find a way of making any money out if it. They can't afford to produce a separate CD for each book. On the other hand, one CD would hold all five books for which they would have to charge a such a high price that not enough customers could afford it.
The publisher is also very worried that people may steal the data which is expensive to produce and maintain. Pirate copies of the books are already appearing in the Far East. It is much easier to produce pirate copies of a CD than of a book. The pirate books are quite shoddy, but a pirate CD would be as good as the original.
Customers want to be able to buy a network license and the publisher wants to base the fees on the number of users.
ÇD-Secure2 provides a solution. All five books are encrypted and the decryption reader bound to the publisher's specific application. Each user buys access only to the books in which they are interested for the number of network users they need. Thus smaller specialist customers can buy one book for a reasonable fee and larger users can buy all of them. The publisher only has to make one disc.
The system is simple to operate. The publisher prepares the information in the usual way. Just before pre-mastering, the data is encrypted.
When a customer receives the CD he runs the ÇD-Secure2 install programme which creates a licence file on his hard disk. It then generates a unique one-time request code and asks him to ring the publisher's help desk. The help desk staff put the code into the ÇD-Secure2 help desk programme and ask him how many network licences he wants for which book(s). The help desk software then generates a unique one-time response code which allows the customer access to those countries and specialities on that number of networked machines. ÇD-Secure2 will enforce the limit on the number of network users so there is no risk that customers will breach their licence.
This process has several advantages for both publisher and customer:
- The publisher can sell to many small customers not just to a few big ones.
- Smaller, specialist customers can select exactly the information they want. Furthermore, if they expand into new areas they don't have to buy a new CD. They simply contact the publisher to release more information.
- All customers receive the same physical product which minimises costs.
- Customers cannot steal the data. The data can only be read by the publisher's own application which has no export or "save as" function and only a limited print function.
- The CDs cannot be pirated. Pirate CDs would be identical to the original and would therefore not work until the user had exchanged request and response codes with the publisher.
- Legitimate users do not have to pay for people who steal fee access.
- The actual CDs can be sold very cheaply, or even given away, without fear of the data being stolen.
- The control software is all carried on the CD-ROM. This is important since users hate dongles, key diskettes and all other extraneous hardware.
The ÇD-Secure2 process is highly secure because users cannot tamper with the licence file nor can they move it to another machine. The request code is generated by the decryption programme and the response code by the help desk software so the user cannot misuse them.
5. Issues and comparison to other systems
Potential users of software encryption are confronted with several issues. The first question being: "Is it safe?" When considering this question it is important to review the entire process. The easiest way to rob a safe is to steal the key. Similarly in my earlier example, the easiest way to steal the information is get access to the help desk software.
The process can be broken into several components - encryption, how the data is decrypted and how decryption is controlled.
The strength of the encryption determines how easily someone could read one of the encrypted files without access to the other components of the system. Any encryption scheme can be broken if the attacker has the necessary software tools, powerful computers and time. From most commercial uses it is sufficient to make the cost of breaking the encryption substantially greater than the value of the material protected.
When the information is read, the decryption routine has to call on one or more keys. It is important to ensure that these cannot be obtained illicitly from the CD. The simplest way is not to put the key on CD.
The earliest way to gain illegal access it to subvert the process by which the decryption keys are released. For instance, hackers must not be able to reverse engineer the licence file or the request and response codes.
A different set of issues arises in selecting the type of system to use. The key questions here are what is to be protected and the level of operational inconvenience the end users will tolerate . Options include:
5.1 Real time decryption or not?
There are two fundamental ways the decryption can work. Each has its own merits and it is important to use the right one for your application.
The easiest way, from the developer's point of view, is for the decryption programme to copy the data from the CD to the hard disk and decrypt it at the same time. The user then has the same unrestricted access as with any other unprotected data on a hard disk.
Clearly, this approach is not very secure because users can easily copy the data and give it to their friends and colleagues. It also requires that the user has enough hard disk space to hold the un-encrypted copy.
For these reasons, copy decryption is usually confined to selling software from freely distributed CD's, since the low security is no worse than a comparable floppy disk product.
The alternative is to decrypt the data in real time as it is being read by the publisher's application from the CD into RAM. This is much more difficult for the developer, but much easier for the user. The data is decrypted "on the fly" when the application asks for it. The protected data only exists in un-encrypted form temporarily in RAM, unless the application specifically allows users to save it to another drive.
5.2 Hardware protection vs software protection
Hardware protection can offer stronger encryption schemes but the decryption process tends to be less well protected. The problem is that a potential hacker knows where the hardware is and can therefore intercept calls to it. Hardware based encryption is used for protecting highly sensitive information in transit. The CD is very difficult to read because it carries only the encrypted data, the decryption hardware is sent separately.
Some dongles don't encrypt the data, they simply protect the application software. They therefore cannot protect the content of a multimedia product from piracy.
Hardware meters have the advantage that they are portable. Whereas software meters are bound to one machine.
Hardware systems' greatest problem is the very fact that they are hardware. Users must therefore install the hardware and vendors must buy, store and distribute it. There can also be problems if the user wants to run several encrypted programmes because they have to attach several devices to their machine.
Some hardware finds it difficult to work with latest generation of fast processors and low power portables.
6. Application of ÇD-Secure2 to real publishers products and problems
ÇD-Secure2 is more than simply a method of protecting data. Publishers often use it to improve their products and make them more accessible to users. Here some of the ideas our customers have used. I should add that they think up new ideas all the time.
Try and Buy
This is probably our most poplar facility because it is difficult to evaluate an electronic product from an advertisement. Publishers do not yet have a marketing "language" with which to explain the benefits of their products to potential customers. The best way to evaluate a product is to try it. ÇD-Secure2 can convert any product into one that will run for a limited period. Potential customers can therefore try the complete actual product and not a cut-down version. Publishers do not have to worry that if they send out CDs "on approval", all the disks may not come back.
Subscription Control
The help desk can allow each user to access the data for the period of their subscription. This might be a year for an expensive information product or a short period a training package. Customers can therefore "rent" material that they could not afford to buy outright. I should add that ÇD-Secure2 stops people getting around this by winding their clocks back.
Multiple Datasets
This allows people to subscribe to only part of the information in the way I have already described. It is widely used to sell parts of databases, separate journals or reports from a CD containing lots of them.
Metering
The ÇD-Secure2 Licence File on each user's hard disk can contain a meter. As people use the data, the meter is decremented. When the meter is empty, access stops and users have to ring the vendor to buy more units. This reduces the entry cost and is popular with users because they only pay for what they use rather than for what is available.
Date expiry
This is used to ensure that out of date CDs cannot be read. This is widely used to ensure that people use the latest information, which is vital for technical support information or drug databases.
Confidential Information ÇD-Secure2 is ideal for distributing confidential information. The decryption software ensures that only selected machines and/or people can read the data. There is a major consumer goods company which circulates its product specifications this way. This control can also be used to protect discs produced by CD Writers.
The latest electronic publishing technology enables Publishers to create valuable and innovative products. However the investment required to make such products is large and growing. I believe that software based encryption and access control systems will give Publishers the confidence to make these investments and will therefore be vital to the development of the industry. Indeed I believe that Publishers will not publish their best material without some form of protection and control.