TiVo Awarded Patent For Password You Can't Hack

Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."

So....

[revlayle (964221)]

3-4 weeks tops?

Re:So....

[by Anonymous Coward]

I want to know if the patent is invalidated when it's broken.

(ie: does making outlandish and incorrect claims in a patent invalidate it?)

IANAL...

[untree (851145)]

...but I am a law student and just took an introductory IP course, so I'll try to answer. A patent must actually do what you claim it does. But they don't claim it can't be cracked:

...difficult or impossible...

...significantly more secure...

Re:So....

[jddj (1085169)]

I don't think so.

In the US at least, there's no requirement that a patented idea or invention or system actually do anything useful or work or even do what it claims.

There are numerous patents for mind-reading devices, nutjob free energy systems and perpetual motion machines, and searching the USPTO database for the "hyper-light-speed antenna" will produce some interesting reading.

Might as well patent completely unbreakable DRM.

Re:So....

[rob1980 (941751)]

No shit. The second your product gets into a consumer's home, its "unhackable" status vanishes.

Re:So....

[PC-PHIX (888080)]

Quite true because at that point there is nothing to stop a person simply copying everything off the disk (just a raw copy even if it is still encrypted).

As soon as you can do that, 3 things are true:

(1) You can preserve it on something more reliable (longer life) than the original drive and work on cracking it from there.
(2) You can make multiple copies and work on it x times faster by attacking each drive/copy with a separate part of the list of possible solutions.
(3) You can spend as long as you like working on cracking it and when the drive reaches the end of it's life, pick up where you left off working on your clone disk.

More importantly how many copies would you need to make to solve it within a useful time period at all? Would you get the data within a useful time frame? Within years? Within your own life time?

Obviously if they have made it so that you can only access the drive with a specific controller then the idea of taking copies is significantly more difficult, but from what I've read it's just a regular Western Digital drive which means you could hook it up and take a raw image of the entire disk even without being able to decode the contents at that point. So as the parent said, you're not hacking it "in situ" and as soon as the drive gets into a consumer's home, you've handed of a the data to be copied.

This is just a patent for making hacking difficult, but since when does that stop anyone?

Meanwhile, I am not even going to bother trying to figure out how this is a solution for "securing networks".

The patent that will never reach courts.

[DrYak (748999)]

"Unhackable" passwords ?!?

At least you know nobody is going to get sued over this one. Ever.

Re:So....

[thrillseeker (518224)]

3-4 weeks tops?

At least ... it's triple rot-13 after all.

Re:So....

[Dun Malg (230075)]

Tivo loses because the person says they couldn't have broken the tivo code because the code is unbreakable, if they did, then Tivo loses the patent.

Don't be daft. The vague boasts in the patent abstract are irrelevant to the validity of the patent. You could claim in the abstract that your patented method will grant the user perpetual happiness. All that's relevant to the validity are the claims, and those are purely descriptive of function.

Re:So....

[Achoi77 (669484)]

*in the underground lair of tivo*

tivo suit guy 1: Those lousy internet people keep cracking our encryption!

tivo suit guy 2: How do they keep doing it?

tivo suit guy 1: Because time is on their side, and they have no life! grr

tivo suit guy 2: How long can a 'really hard' encryption take?

tivo suit guy 1: I have no idea, maybe like a month? A week?

tivo suit guy 2: A WEEK? You can't be serious!

drive manufacturer suit: Well, if you can't beat crackers at their own game, what needs to get done is to beat them from a different angle.

tivo suit guy 1: what do you mean?

drive manufacturer suit: Think about it, every time you come up with a new password, it gets cracked in a week, there is no control over that. So, what needs to get done is to beat them where they have no control. TIME!

tivo suit guy 2: Time? And how do you expect us to control TIME?

drive manufacturer suit: Easy. Since we know that a password can be cracked within a week, what needs to get done is to prevent them from getting access to the password before that week. All we have to do is manufacture drives that will fail within a week!

tivo suit guy 2: That's brilliant!

tivo suit guy 1: Wait a minute. We can't have customer's drives dying withing one week. That's just no good for business.

drive manufacturer suit: Don't worry about it. We'll use flash drives. Flash ram wears out overtime. We can explain to the customer that the new flash drives will use less energy, have no moving parts, and are cheaper!

tivo suit guy 1: Will they really be cheaper?

drive manufacturer suit: only to you they will be. That way you won't have to pass off the savings to the customer. Plus, you can add in an additional subscription fee to have new flash drives mailed to them every week when they mail back their old flash drives! Think: netflix, but instead of dvds, flash drives. More money for you!

tivo suit guy 2: kinda like the photo-copier industry with their toners.. hrm, I like it!

tivo suit guy 1: Wait wait wait! Those drives will still cost us a pretty penny, so what's the secret?

drive manufacturer suit: *grins* we will be using _OLD_ flash drives. Just like the old flash drives that croaked so quickly. The manufacturing technology to build them was very cheap. We can churn those out like nobody's business.

tivo suit guy 1: hrm, so essentially they are disposable drives?

tivo suit guy 2: It's an excellent plan! We can add in the additional 'service' and bleed our customers dry!

drive manufacturer suit: soo, do we have a deal?

tivo suit guy 1 & 2: it's a deal! I think I'm gonna patent that idea!

*shakes hands, and the meeting is ended, tivo suit guys leave*

drive manufacturer gets on cell phone

drive manufacturer boss: so, how did it go?

drive manufacturer suit: They accepted project 'disposable drive.' Those fools have no idea we're playing them for our pawn.

drive manufacturer boss: Eeeexxxeeeelent~

drive manufacturer suit: Phase 1 is complete. I've finished talking to Apple and Creative already. I'm scheduled to meet with Sprint and Verizon tomorrow.

drive manufacturer boss: Once we have all the mp3 players, cell phones, and tivos supplied with our disposable drive, users will be upset that only after a week of use, their electronics became useless! This will soil the name of flash drives in a larger scale never seen before, and drive customer confidence towards flash down! They will be forced to lower their prices, and eventually perish under their manufacturing costs. Harddrives will RISE AGAIN! MUHWAHAHAHAHAHA!

And the password is...

[kihjin (866070)]

MDlGOTExMDI5RDc0RTM1QkQ4NDE1NkM1NjM1Njg4QzA=

Don't tell anyone.

longer than the life of a hard drive in order ....

[frovingslosh (582462)]

Wasn't about the same thing said for the DVD protection system? All security systems like this fall apart when the user had the device being hacked in his hands.

And what if it's a WD drive they are talking about? The life of those is so low they had to drop their warranty to 1 year because they admitted 3 years would put them out of business. (The reason I only use Segate 5 year warranty drives).

Hamel's Folly

[eddy (18759)]

On the dangers of assuming keyspace => security:

The mechanical ciphering machine invented by Alexander von Kryha in 1924 received the Prize of the Prussian Ministry of the Interior at the 1926 Police Fair and a Diploma from the famous postwar Chancellor of Germany, Konrad Adenauer, at the International Press Exhibition in Cologne two year later. Von Kryha was not only an inventor, but also an astute entrepreneur. To promote his commercial venture Internationale Kryha Machinen Gesellschaft of Hamburg, Kryha turned to the famous mathematician Georg Hamel for an endorsement. Hamel calculated the size of the key space to be 4.57*10^50 and concluded that only immortals could cryptanalyze Kryha ciphertext. Not withstanding Hamels estimate, a cryptanalysis of the Kryha machine by Friedman did not require as much time and is described in the ''2 Hours, 41 Minutes,'' a chapter in Machine Cryptography and Modern Cryptanalysis [Devoirs and Ruth, 1985].

from ''Computer Security and Cryptography'', Alan G. Konheim.

Clone Drives?

[Tuoqui (1091447)]

If it exceeds the life of the drive theres an easy way to just clone the drive or remove the platters and put them into another hard drive (yeah very sensitive operation likely requiring the conditions of a clean room).

Its hard to make something undefeatable and if you claim such it is only going to attract people as a challenge. Maybe that is what they want?

Of course if someone proves that it isnt 'impossible' then does that void the patent?

Yet another reason not to get a Series3 TiVo

[Mr2001 (90979)]

I have two Series2 units and I love them. But there's no way in hell I'd spend PS3-level prices on a Series3 recorder, especially with the lack of TivoToGo and now this bullshit.

Look, if I buy a device that has a hard drive in it, that hard drive is mine. The data on it is mine. If you don't want me to access it from the "wrong" host, maybe you shouldn't have sold it in the first place. You can have all the control you want over that hard drive while it's gathering dust in your warehouse.

Re:Yet another reason not to get a Series3 TiVo

[CastrTroy (595695)]

This is the reason why SageTV, MythTV, and other free-to-do-what-I-want-to-PVR-software for the computer is the way to go. PVRs that try to control what we can record, when we can fast forward, and what we can do with the recorded content aren't giving the consumers what they want. You can buy a $300 PC, add a $100 TV Tuner, and buy a copy of sageTV for $80 (because setting up MythTV is more complicated than it should be), and you have a complete PVR that doesn't try to control what you do. You can even get it with an IR Blaster to control that set top box.

Blog spam is just plain wrong

[asdfghjklqwertyuiop (649296)]

it's an interesting solution for solving the problem of securing networks.

This has nothing to do with networks at all. The patent is about making sure a hard disk can only talk to a certain host.

Its just another attempt to prevent people form using their own hardware how they want to.

New Marketing Tool

[ProdigySim (817093)]

Make a security claim so wild that every hacker will buy your product to try to crack it. $$$$

Nothing Is Unhackable

[mmurphy000 (556983)]

When I was a wee tot, I remember seeing a single-panel _Dennis The Menace_ cartoon. The cartoon itself had Dennis' father at a boardroom-type table with a few other people, his briefcase open, and various parts spilling out. The caption was something like "Gentlemen, our new bathroom scale did not pass the 'Dennis test'. We cannot refer to it as 'unbreakable'".

Since then, whenever I've heard about something claiming to be unbreakable, I picture a very broken bathroom scale...

can we get the old hahaha tag now

[zappepcs (820751)]

I love it when someone says that 'x' can't be done.... that is sure to bring on the people that show it can be done

How is this news?

[Sycraft-fu (314770)]

It's not like good crypto is hard to come by. I mean if I pick a good password with AES you aren't cracking that in your lifetime, much less the life of a harddrive. The problem isn't a good password, the problem is that DRM tries to use crypto for something it isn't made for. Crypto is about keeping out non trusted parties. That's how SSH works. You have the key, the server has the key and thus only you and the server can decrypt the traffic. Anyone else can capture everything if they want, and they are going to get all of nowhere with it.

The problem with DRM is that the person who is the recipient is also one of the people they want to keep out. This creates a problem: To decrypt the message (by message I mean whatever they are giving you, video, song, game, whatever) you have to give them the key. However, if they have the key, well then they can decrypt it and do what they want with it.

This leads to all the tricky, and ineffective, stuff we see these days. They try to hide the key so that only the device can find it and you can't get at it. Well that just don't work. It can make it so it isn't as simple as just copying a disk, but as we've seen with the AACS break, you can't hide that shit from a determined attacker. The key IS on there, it CAN be found.

So I don't care how good their password scheme is. AES-256 with a 64 character password is good enough to last until the sun goes dark (or at least until quantum computing becomes a reality) but that doesn't buy you anything if you have to hand out the key as part of your scheme as is required by DRM.

Why It Does and Does Not Matter

[Midnight Warrior (32619)]

Quickly, before Cringely ruins it with bad math, I need to point out some very obvious weaknesses in making this work correctly:

• SHA-1 has been (somewhat) broken [schneier.com]. Not highly repeatable yet, but they're getting there.
• Encryption does not hide a message forever. Most of us picked up on that in one form or another. It just hides it long enough to make the information useless. If I can only break a single machine 6 years after it was written, the video isn't going to be very useful to me.
• Good encryption methods assume two things. One is the attacker does not have the key. Smart card attacks have shown [iacr.org] (PDF) that even though an attacker has to guess the key, a poor implementation may provide useful hints during the guessing phase.
• The second assumption is that the message is not highly predicatable. Disk drives are known for having highly-predicable components on them which makes finding the plaintext all that easier.
• These folks are so cocky about SHA-1's entropy space, they claim "there is no need to abort the authentication process from a specific host. For example, there is no need to abort the authentication process if a specific host generates three wrong passwords. " Zeroization [cerberussystems.com] is the only way to do this right. You can also vary this so that after three failures, an automatic delay is introduced to slow down the guessing.
• Reading the patent text indicates that new "commands" will be added. No mention of a bus protocol (ATA or SCSI) is mentioned. Presumably, they won't make the drives themselves, so it will need standardized. The hard drive community is open to using patents, but only if the terms are reasonable or a cross-licensing deal is in the works. If this is a forced attempt, it will fail miserably or cost so much that the drives will be considered custom, low-volume, high-cost components.
• The likelihood of them screwing the implementation up are so high, they should pursue FIPS 140-1 [cerberussystems.com] certification for every hard drive made. Then, the patent can apply outside the domain of Tivo.
• This scheme works better as a general hard drive protection measure than for a Tivo. People who own a Tivo might probe the memory chips for the crypographic module to sweep for the drive or system keys. AACS recent events ought to make it obvious that people are motivated to do this. The general case may prevent a lost hard drive from being very useful.
• It would appear that the cryptographic module does NOT actually encrypt data on the platters. It seems to only cover communication between the host and the disk controller. If an attacker were to replace the circuit board with one whose path was trusted, they could read the platters without issue. They do this all the time in the hard drive repair business; no clean room required.

Okay, you all can go back to your regularly scheduled cheap shots.

Re:I've done this before just for fun.

[CedgeS (159076)]

Essentially they are claiming: Using a wire-secure challenge system between a hard drive and a host.

In the text they mention prior art of both:
1. Using a challenge system between a hard drive and a host
2. a wire-secure challenge system

Even if no one has ever put cryptographic functions into a hard drive (I'd be surprised) virtually every cryptography paper talks about all of the communications in the only meaningful terms, abstract ones, implying in a way obvious to non-experts that it can be used between any equipment.

This, like many other bad patents, is at best a land-grab for a specific piece of territory so well discovered, mapped, and understood that claiming a portion of it is just ridiculous.

Re:Really?

[kimvette (919543)]

TiVo has always been know for thinking outside of the box,

No they're not. They've always been known for seeking to keep everything IN the box.

Re:Sure, uncrackable like every uncrackable code

[Torvaun (1040898)]

There's still a difference. Firmware is much more difficult to reverse engineer. If you can get your hands on a binary and a system that runs it, you can capture every bit of code. If you've got a ROM chip, then you can only see what goes in, and what goes out. There are ways to prevent it from being opened and examined, photosensitivity being the big one.

Crypto on a chip is more secure than crypto in a binary.