Ronny L. Bull CS657 Advanced Topics in Computer Security Reaction Paper 10 Steal T is !ovie" Automatically Bypassin# $R!

Protection in Streamin# !edia Services What Technical details (approaches or techniques) were novel? T e aut ors o% t e paper claim t at t e tec ni&ue t at t ey ave developed to 'ypass $R! du''ed (!ovieStealer) is t e %irst utility pu'lis ed t at 'ypasses $R! 'y o'servin# 'u%%er contents and e*tractin# t e in%ormation directly a%ter it is decrypted. +ne o% t e ,ays t ey do t is is 'y identi%yin# loops in t e pro#ram , ic allo,ed t em to %ind t e decryption steps and t e resultin# 'u%%er locations. What was learned from this paper? - learned &uite a 'it %rom t is paper. .o,ever t e one t in# t at really stood out to me ,as t e part a'out t e $i#ital !illennium copyri# t act t at states t at copyri# t mec anisms can 'e 'ro/en in t e name o% security researc as lon# as t e researc is done ,it in t e 0nited States. %eel t at t is is an important lesson %or any security researc since per%ormin# t e researc itsel% 'ecomes a lia'ility and security researc ers s ould ta/e every precaution to protect t emselves and t eir a%%iliates. Could I have done this work if I had the idea? Why or why not? T is ,or/ ,ould re&uire a team o% people to per%orm due to t e amount o% researc and reverse en#ineerin# re&uired. 1it t at stated - do %eel t at t e ,or/ could ave 'een done 'y any team o% #raduate level researc ers since t ere really are not any e*traordinary resource re&uirements. T e main re&uirement t at ,as necessary %or t is ,or/ ,as time and most li/ely a lot o% patience. Is there any way I could repeat or validate this work? T is ,or/ could 'e repeated and validated 'y %ollo,in# t e aut ors ,or/. T is ,ould prove to 'e a time consumin# endeavor since t e aut ors did not reveal t eir ,or/ in its entirety. So many o% t e tec ni&ues t at t e aut ors outlined in t e paper ,ould ave to 'e re2implemented 'y anyone loo/in# to duplicate t e ,or/. T e aut ors do not release t e source code %or !ovieStealer. My best idea for follow on work that I can personally do? - t in/ someone ,ould really ,ant a team o% la,yers 'e ind t eir 'ac/ 'e%ore t ey ,ould even t in/ a'out per%ormin# %ollo, on ,or/ to t is particular researc . .o,ever i% - ad to do somet in# - ,ould most li/ely stop at validation. T en possi'ly setup a test environment on a LA3 to test a#ainst %las 2'ased $R! protected streams osted on a local server. 1or/ could 'e done in t e protected environment to attempt to develop measures to prevent t is type o% piracy on %las 2 'ased media at t at point.

What would be the best way for the authors to e tend this work? T e aut ors at t is point s ould 'e#in ,or/in# ,it t e service providers to elp protect t eir content a#ainst t is type o% attac/. T ey ave already outlined preventative measures %or t is 'ut ,ould really re&uire colla'oration ,it t e service providers in order to pro#ress %urt er. Where there any lo!istical e perimental lessons learned? 1 en readin# t is paper you 4ust #et t e %eelin# t at someone is #oin# to #et into trou'le once t is #ot released to t e pu'lic. T e aut ors did a #reat 4o' o% indicatin# t eir intentions as ,ell as coverin# t emselves 'y includin# t e et ics and le#al sections in t e end. T ey even made a point to stress t at t e ,or/ ,as per%ormed in t e 0SA and ,as covered under t e $i#ital !illennium Copyri# t Act , ic allo,s %or ,or/ in t e area o% security researc dealin# ,it encryption. Comparison to other papers we read As ,it t e paper titled (Ta/in# t is Personally ...) t is paper su%%ers %rom t e %act t at in order to pro#ress %urt er and contri'ute in a positive ,ay t e aut ors really need to colla'orate ,it service providers suc as 3et%li* and .ulu in order to elp t em prevent t is type o% attac/ %rom appenin#. My bi!!est criticism of the paper T ey didn5t release t e source code66 +t er t an t at - t ou# t t e paper ,as very educational and ,ell ,ritten. T e aut ors ,ere a'le to 'rea/ t e $R! o% all o% t e ma4or streamin# services as ,ell as provide insi# t on o, preventative measure could 'e implemented. T e le#al and et ical sections - %elt ,ere a must %or t is paper7 and ,ere a must read %or any security researc er. "ist # cited references or terms$concepts that you would be most interested in readin!$learnin! more about% &#'( To,ards revealin# attac/ers intent 'y automatically decryptin# net,or/ tra%%ic T is 'rin#s up all sorts o% et ical &uestions &#)( Automatic reverse en#ineerin# o% data structures %rom 'inary e*ecution T is is most li/ely an important resource %or anyone loo/in# to duplicate t is ,or/ &#*( Automated identi%ication o% crypto#rap ic primitives in 'inary pro#rams Anot er /ey resource.