Friday, June 27, 2008

You can run, but can you hide?

So, a question being discussed at length on the SL Developers mailing list, and pontificated on endlessly by the unqualified, is whether cached textures should be obfuscated to protect content. Of course, any such obfuscation has to be undone to use the texture, so it's a question of the tradeoff between the overhead and effectiveness.

Unfortunately, the effectiveness is at best questionable.

First, there's the equivalent of what, in the context of protecting audio and video, is called the "analog hole": you can take a picture of the monitor (an LCD monitor will keep you from having to worry about the scan rate), and then fire up GIMP or Photoshop. [UPDATE: D'oh! I guess I forgot the snapshot facility...] In the general case you'd have to undo the way the SL client wraps the textures around object or avatar, but it's doable. As long as you can see a texture in SL, you can do this, whatever happens to the texture along the way.

Second, there is a proof that obfuscation is in general impossible. One of the authors of the paper giving the proof, which was presented at the CRYPTO 2001 conference, has conveniently put up an informal discussion of the result and what it means. (In turn it has a link to the paper.)

Third, such schemes are subject to all the methods of cryptanalysis, such as the known plaintext attack. Anyone can upload a texture; it's just L$10, which at current rates is less than three cents. Upload it and paint a box with it. Poof--you now know that somewhere in your cache is the obfuscated form of your texture, and you have the original version. With this you can attempt to analyze and crack the obfuscation. (If you've read the Wikipedia entry, you know that technically this is a chosen plaintext attack, because you have control over the plaintexts that you can get the enciphered versions of.)

Is the graphics file format for textures known? Then you know that somewhere in the cache are multiple copies of the stock headers and trailers that format uses, just as codebreakers in WWII could count on Japanese telegraphs ending with owari, and stock salutations and closings of letters could give one an entering wedge into a cipher.

In brief: it's pointless. Honest people won't steal (and will, as I do, want to support those who create all the wonderful things SL has to offer), and there's always the "analog hole."

No comments: