PS3 security is "epic fail"

[olsen]

Are we sure Sony can't find a defense for this?

That depends upon how brittle their security framework is. If the keys to the kingdom are really what the security system is all about, then the design is very poor indeed. Any sufficiently mature design, intended to remain operational for at least a decade, would include a protocol for revoking and replacing keys and cryptographic algorithms.

If I remember correctly, the Blu-Ray system is prepared to be upgraded if the keys which enable it to work should be compromised. As the design came out of Sony, just like the PS3, I expect that the PS3 has the same kind of layered security defense.

But that does't have to mean that the design actually has to work. Let's say a key is compromised: how do you safely revoke and replace it? I remember reading about the Blu-Ray security system, and how difficult it would be to revoke a key and replace it. Since not all Blu-Ray devices are connected to the Internet, and some may require manual intervention for updating them, it may not be realistic to revoke and replace the keys without rendering existing discs unplayable. That would be an extremely unpleasant outcome for consumers.

This could get really ugly.

[olsen]

If you see the full presentation the situation is explained quite well. It is trivial to overwrite any revocation lists totally breaking the chain of trust. Also, there's a reliable way to downgrade from whatever update Sony might come up with. In short: Sony is screwed.

Yes, you are correct. I just watched the last 15 minutes of the presentation, and this looks as bad as it gets. The Sony designers certainly ticked all the right boxes and threw the right algorithms at the task (anybody not using ECC and AES these days?), but what did them in was likely a trivial programming error in the code that was supposed to supply proper crytographic random numbers to the ECC implementation.

Makes you wonder whether the crypto was properly reviewed by a separate team, or if the same guys who wrote it also reviewed and "certified" it. My guess is that it's probably the latter. With that much at stake (Blu-Ray security, PSN security, etc.), this is exactly the kind of process you must not scrimp on. But it happens all the time, even for organizations which ought to know better.

I guess it's time to short your Sony stock, if you have it

[olsen]

Actually I don't believe it to be an error per se. They just failed to realize that "random number x" actually meant "new random number x every time", while elliptic curve crypto documentation is quite clear about it. This is the epic part in the fail.

That could have been a case of "cookbook programming": 1) find a working, documented implementation of the algorithm and deploy it, 2) ..., 3) profit!

Bruce Schneier at one point came to regret writing his landmark book "Applied cryptography" because it led programmers to believe that the magic was in the algorithms, and not in how they were deployed.

Indeed. Bruce Schneier summarized it pretty well: http://www.schneier.com/essay-028.html

It's right on the money.

I personally would never even imagine trying to build my own crypto. It's just too easy to fail. I'm perfectly happy to use ready to use and proven solutions such as things provided by openssl.

We may never know how Sony came to choose the technology they deployed. Organizations of that scale usually learn only from failure, and there haven't been that many security tech failures originating from within Sony, unless I'm mistaken (I would not consider the CD "root kit" debacle to be a comparable security failure: it "only" compromised the security of the consumer, but not the security of the manufacturer).

Microsoft had the opportunity to learn from the XBOX security hacks, but Sony's previous console was not as technically complex as the XBOX. So Sony could not build upon an existing design and iterate.

I guess that because Sony started over from scratch for the PS3, it led to the security design to be developed from scratch, too, with no references to existing similar designs. They may have rejected traditional, proven technology (old-fashioned RSA/DSA, etc.) because of how their product development process works. It would not surprise me at all if this is how it went down.

Here's another recent crypto failure:
HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently
(well not that recent as it was predicted ages ago that the thing was broken... oh, noone listened)

I think I remember that the researcher who discovered the issue was either bought off or silenced. Intel probably calculated how much they had already invested into the technology and decided that "security through obscurity" would likely give them enough time to recoup the investment and make enough money on it before the next generation of the interface would go to market. In a way, this paid off, didn't it? We probably would still be waiting for affordable flat screen displays and TVs to become available if Intel hadn't stepped in and standardized the connector technology.

And here's one somewhat older case that was really serious:
Debian OpenSSL Predictable PRNG Toys

Yup, that one was ugly and epic, too

[olsen]

I didnt read all the threads, but "epic fail" seems a bit extreme to me

The term was used by the researchers who presented it at the 27C3. I've just seen the entire presentation, and I can understand why they called it "epic fail".

The security system used by the PS3 is layered, so in theory an adversary would have to break down each layer for the whole system to be compromised. But as the presentation showed, the layer design is either bungled (e.g. the media encryption, the code signing), effectively irrelevant to security (e.g. the Hypervisor, the crypto functions of the dedicated security processor) or so brittle that there is no defense against compromised components (e.g. the bootstrapping process).

A lot of effort went into implementing these security measures, but taken as a whole their effectiveness is reduced to security by obscurity, which is shocking if you are familiar with the technology. This ought to have been designed and implemented much better.

What is "epic" about the whole affair is how much effort Sony spent on this product, how long it took to become marginally profitable, how long Sony plans to keep this product alive, and yet how little leverage is required to undo these efforts. Feet of clay, etc.

All consoles do and will get hacked at some point. There's enough clever people out there with an interest in cracking cosnole security, just for the challenge and notoriety to make sure of that. The fact that its taken so long I'd actually consider quite a success in this day and age.

Actually, how the security system came apart is what makes it an "epic" failure. It did not withstand the attacks because of its resilient architecture: there is no resilience where it would have mattered. It withstood the attacks because of the security by obscurity principle. That is not a success because the barn door is wide open by now. As they say, attacks only get better over time, they never get worse.

All the PS3 devices Sony sold up until now are vulnerable to the kind of exploit that would hurt Sony's business: pirated games. And it may not take long for the exploit to get "better" in that the security of the Blu-Ray device could be compromised. Which would hurt Sony, too, since they pretty much control this technology and benefit from the byzantine technology licensing scheme.

The kind of security Sony's engineers tried to implement in the PS3 can only succeed in buying time before a successful security compromise will have a noticeable impact on the market which the device was created for. What is shocking about the security failure presented at 27C3 is both in how inadequate the security architecture of the platform actually is, and in how little time it actually bought Sony. They have barely succeeded at making the PS3 profitable, and the jury is still out on whether the Blu-Ray platform will ever be profitable before other technology succeeds in eclipsing it (e.g. online streaming).

[olsen]

What really surprised me about this was that it's taken so long. If you've ever dealt with the Sony PS3 API's you'd see what an absolute house of cards it is. Not to mention and flaky piece of crap

I guess if you're paying for the privilege of having Sony grant you permission to publish your software on their grand entertainment device, you don't want to jeopardize your chances of selling the product by breaking the non-disclosure-agreement you signed with these guys

I can't say I know how the APIs look like. Given that they are not for intended to be used by a large number of developers, Sony can probably get away with anything. Sony is going to make money on the end product (games and whatnot), and not on the SDKs. So the latter might as well stink. And the industry certainly did complain about the programming model used by the CELL.

I own a 2nd generation PS3 (the fat one) and I've seen my share of poor ports of AAA titles. You don't get that kind of poor quality software unless the API were something of a let-down.

[olsen]

I have to say I dont like the attitude on here, of them coders and off other sites towards Sony, they make the ps3 its their product so they get to decide what should and shouldn't be allowed on it, if you don't like it, dont support them and get your self a cheap Linux box for all your home brew you could ask for.  

I do not entirely disagree with this notion, but the situation is loaded. If the only way to do make this kind of business work revolves around taking away rights from the consumer (DMCA and whatever pressure was applied to other countries in the free world on behalf of industries such as Sony represents, in order to make something very much like it happen overseas) then something is wrong.

I'm not saying that voting with your wallet is the wrong approach, in principle. But even if you don't care about the PS3 (it's an entertainment device: you don't have to have one to lead a satisfied life), there are still the side-effects caused by the legal machinations without which a product such as the PS3 would have to survive on its technical merits alone. This sort of thing is essentially unjust.

One the main reason I have not got a apple product, like the iphone or an ipad is because of its controlling nature and not allow flash and other things, shore I could buy their product and get it hacked to allow me to use some of this stuff, but then I'm supporting the company that I don't really agree with. Thats why I'm much more interested in company that are a lot more open like http://www.fungp.com/ and supporting them.

Apple has always worked in this manner once they managed to crack the mass market. Look at the original 1984 Macintosh operating system design. If management had gotten its way, it would have been even more restricting than it always was. Shades of the past: the same philosophy came back with the iPhone, the iPad and the App Store.

Vote with your wallet. I'd be glad to do so, but four years ago the choices open to somebody who needed to replace his laptop were so dire that only Apple had something useful to offer. As long as they ship a POSIX operating system on their computers, with tools to develop software for it, not everything is lost.

I'm pretty sure the only reason that OtherOS was removed was due to hack made with that option being open, so they had to close it off, but once one way is found around the hack usually loads more follow so I'm not surprised its happened, I just dont agree with the way the hacker are spinning it that the only reason they did it was due to Sony pulling linux support.  

Dropping Linux support (it wasn't even working that well, on account of the Hypervisor squeezing the life out of that sorry framebuffer display device) didn't really solve anything. I bet you five Euros that the decision to drop Linux support came about because it was the most cost-effective short term solution. The long term solution would have been to fortify the system's security foundations, which obviously didn't work out so well.

Still at least they got blue ray to protect it kind off, as to download 50gb games will take ages and the extra expense of blue ray still make ps3 bit of a problem for pirates, which I'm happy about.
 
 Everyone says that piracy doest do any harm to these big multimillion pound companies and they deserver it, but everyone forgets about the middle men, I mean recently where I live Blockbuster has closed down and gaming, cds and dvd sections are disappearing off the shelves, why partly because of things going digital, mp3 etc, plus online shopping but I think a bigger reason for it happing so quick is because more and more people are pirating games and movies.  

I don't think so. The cost of delivering the service has changed profoundly with the availability of cheaper broadband internet connections. Netflix rolled up Blockbuster, and although their business may not last, it's going to be very tough to compete against video on demand with a selection of games and movies stocked at a local brownstone building in every major city.

I expect the studios to eventually cut out the middle man and go into the business providers such as Netflix currently run for them.

I also believe its why so many publisher gave up on the Amiga more quickly because piracy was pretty bad on the Amiga, I mean you had all the tools to make copies of software with every Amiga sold.

The Amiga had a hard time making a dent in the market in the US. And while it was something of a power in Europe, there was no global market you could make much of a business in the way it is possible today. The rise of the IBM PC compatible and eventually the games consoles finally did the Amiga in. That and Commodore's lack of interest in their own platform.

The piracy angle was part of that meltdown, but it was not the only burning fuse.

[olsen]

Its sad that MGM gone bust and ok a lot was down to bad management but according to a few statics the most pirated film is Quantum of Solace so thanks folks for no more bonds.  Plus a lot of cinema's where on the verge of being closed down its only thanks to the success or 3d in the cinema that a lot have stayed open. Again the middle men are affected, the big exeecs and Hollywood stars with their millions are the last to be effected just the poor sod who work in the shops, or at the cinema.

Sony's involvement in the big mess that is MGM is at best tangential to the PS3. Their decision to throw in with the consortium which picked up the cadaver of MGM was largely seen as a way to garner support for the Blu-Ray medium. Great idea: nobody saw MGM's sole surviving asset (the huge film library, with most of the good stuff gone to Time Warner more than 20 years ago) as particularly useful anyway. The move probably just helped to stop Microsoft from grabbing this junk.

Sony's an entertainment conglomerate, and today that helps to diversify investments when some of the company's branches are not doing so well. The part of the company that develops and produces motion pictures maybe has it hardest, because this business is the most difficult to project. Big movies with large investments can tank, and then you've got to rely upon secondary income to recoup some of the loss, e.g. DVD sales or soundtrack sales.

As its worst, such a conglomerate can produce fierce company-internal infighting. It was the Sony Music branch which threw in its weight to keep the branch which made electronic music playback devices (their version of the iPod) stick to the proprietary ATRAC music compression scheme, thereby elegantly missing out on just about the entire MP3 playback device business. That's epic fail, too.

[olsen]

I feel a bit ashamed talking about PS3 on an Amiga forum, to be honest.. but I do have 2 questions, which I hope someone can answer.
 
I never knew about the 2 different GPU's inside the PS3.. If that is true, then which of those 2 is regarded the best second-hand PS3 to buy? I do have a PS2 that Im keeping.

The original launch (2006/2007) model had two different sets of GPU and CPU inside, which provided for PS2 backwards compatibility through a second set of hardware. It also had a bunch of other features (SACD support, for example) which along with the PS2 compatibility were dropped when the PS3 was introduced in Europe. Subsequent hardware revisions were pretty much identical to the European console version, in terms of features supported.

I suppose the original launch model could be considered a collector's item by now. In other words, you'd need a very good reason to shell out money for one.

Also, its only a matter of time before this allows us to play pirated games.. do I need to worry about being blocked from the Playstation Network at all when doing this? Im not going to do any online gaming or downloading.. if possible I dont even plan to connect it to anything.

Given how much care software developers devote to releasing patches to the games they ship in poor shape (e.g. the recent "Fallout 3: New Vegas" is considered one of the most bug-ridden games in years, and the makers already released two incremental patches to make the game playable on the consoles and the PC platform), I'd say you have to be able to download bug fixes, etc. Not sure how this will fly with pirated games (presumably, the patches are only applied to legitimate goods), though.

Consider me skeptical. It will require plenty of effort to side-step Sony's inevitable countermeasures, and for what benefit? Most of the games offered today are of poor quality. Play a pirated version of these, or rather throw money at the few good things there are? How much time can you spend on playing games, anyway?

[olsen]

Well, I did take the time now, and you're wrong. The root key is the one thing they didn't get (it's embedded in silicon after all, and each console has its own unique key)

If I remember correctly, the 27C3 presentation made a point of describing the PS3 as not having key verification in hardware, like the XBOX 360 has (signature goes in, hardware answers if it matches the private key: you cannot read the private key from the hardware).

Instead the work is being done by a dedicated SPE, which because it is not a specialized key verification device, must be programmed to do the job. And it is vulnerable to attack, because the chain of trust protecting it has been broken.

[olsen]

Well, the PS3 does have hardware verification; it's what provides the basis of the chain of trust. The loaders (or at least one of them) are verified by the hardware as part of entering the isolated SPU (SPE) state. In the 27C3 slides (which I read but didn't watch the presentation) it is claimed that the bootldr is not updatable (residing in ROM?). Perhaps only the bootldr is verified by hardware, and it in turn is responsible for the rest of the loaders and they have broken that chain.

Yes, the hardware verification is there. I confused it with how and where the keys are stored. On the XBOX360 the keys are on the die, which is why you cannot extract them by means of a software exploit. The PS3 does not store the keys on the die.

The presentation complements the slides. You might want to take a look, as the slides alone tell only part of the story.

It's kind of stupid, because then this system basically offers no more protection than a hardware cipher as in the PSP (I am not familiar at all with the X360), whereas if all the loaders were updatable, it'd offer protection precisely against this sort of thing where the chain of trust is broken along the way (which is also fascilitated by writing a critical piece of software in such insecure language as C...)

If I understand this correctly, the one loader bootstrapping the system cannot be updated, and because the private key it uses has been recovered, it is possible to replace the code the bootstrap loader will load.

The use of the 'C' programming language made the security architecture vulnerable. But even then the vulnerability ought to have had limited impact. As you wrote, the overall design is strange, and how certain parts are implemented (the 27C3 presentation raises questions about encrypted storage, and how the hypervisor design is unsuitable as a security measure) make you wonder how it was designed and reviewed.

It probably was not independently reviewed.