Protect commercial SW-based service?

On 25 Jun, 22:29, "Fred Marshall" <fmarshallx@remove_the_x.acm.org>
wrote:

> With something like this I'm not sure YOU want to sell a service. &#4294967295;I should
> think that you'd want SOMEONE to sell the service and that you would benefit
> from it. &#4294967295;I can imagine a demo for an instrument company AND a potential
> customer or two of theirs:
> You sit in a room with your gadget, take in the data and spit out the
> results for all to see.

Done that. I agreed with somebody who was responsible for
operational equipment in a survey company to show a demo.
First of all, I got to borrow some data from a survey of
theirs, just to check the logistics; that I could handle
data formats, decide how much data my PC could handle
without choking, etc. Before the meeting I made a few
pictures and animations for a powerpoint presentation.
The usual stuff.

But my friend had set one condition for all this: During
the meeting he were to give me a set of data I had never
seen before, and I was to run my demo on those data in
front of the attendees.

Of course, I did run with the new data, and the result was:

>&#4294967295;They get hyped.

Exactly.

>&#4294967295;You sell the technology and drink
> Akvavit as the parade passes by.

Ah. This is where my plan glitched. The problem was
that the people I talked with - the users of such
software - did not see it as their business to develop
this thing: "Why don't you go to the SW companies?"

Now, I don't want to do that, because the software I have
seen in use in the business is not at all good. Yes, it
gets the job done, but ergonomics and user friendliness
couldn't have been worse [*]. Since my starting point was
to get the job done fast, well and conveniently for the
human operators, involving the SW companies would just
undermine the whole idea.

And, of course, to the SW companies my gadget is just that:
A gadget. One more among the several dozens already on
everybody's whish-list. They wouldn't know what impact it
would have on the industry. The software they produce shows
that they don't understand the industry at all.

To the survey companies, on the other hand, my gadget
might be a decisive competitive advantage.

Rune

[*] One of the software packages coordinates GPS
    position instruments and and vessel (heave, roll, pitch)
    attitude loggers, and log the data. Totally essential
    when doing survey work. When you configure this software,
    you first specify an instrument and then allocate a vessel
    to it, as opposed to first specifying a vessel and then
    allocating instruments onboard.

    This might seem like a semantic detail, but the end
    result is that technicians only have fragmented
    impressions of individual instruments, no big picture
    of what goes on onboard the vessel. Which makes
    their job significantly harder than it needs to be.

    On one of my trips the vessel lost some 4 days, at
    $100000 lost revenues per day, to fault-seeking the
    navigation instrument suite. The error turned out to
    be an incorrect baud rate setting across some internal
    bus.

    As it were, each instrument had to be checked
    individually, with the techies having no clue what to
    look for. It took three days of more or less random
    searches before somebody came up with the idea of
    the systematic search that eventually disclosed the
    error.

    In the heat of the moment no one think about doing
    systematic searches. After a while, people realize
    that the quick searches don't work. But by that time,
    they are exhausted by the serach, frustrated by not
    finding the flaw, and under pressure from everybody
    onboard to actually get the problem solved. Very few
    people keep a clear mind under such circumstances.

    That's when flawed overall planning comes to play:
    Since no one was used to think in terms of the big
    picture, no one saw the big picture, nor thought
    about systematic searches. Until several days later.

    I'm pretty sure that they would have found the
    glitch in hours in a vessel-centric (as opposed to
    instrument-centric) layout of the instrument bundle.
    People just would have got the idea of doing
    systematic searches a lot earlier than they did.

    But then, I am certain the glitch would never have
    occured if even the simplest settings consistency
    checks had been implemented.

steveu wrote:
>> steveu wrote:
>>>> mblume wrote:
>>>>> You could protect it with an USB dongle that must be present for 
>>>>> the SW to run like e.g. http://wibu.de/start.php?lang=en 
>>>> They are easily cracked with a disassembler. Just look for references
> to
>>>> the parallel port and modify the dongle-check to always return TRUE.
>>>>
>>>> Jerry
>>> Gee, you must have worked with some lousy dongles. Most work with a
>>> challenge/handshake scheme that requires some serious determination to
>>> crack.
>> You just bypass all that and return whatever would be returned with the 
>> dongle present.
> 
> Not with a challenge handshake system. The computer sends a different
> random string to the dongle each time, and the dongle must return the
> appropriate string after processing it with its own secret code. Replay
> approaches are useless, and trying to work out the secret code is pretty
> hard. That's what protection dongles have been doing for at least 15
> years.

No need to replay anything. When the check subroutine returns, it 
declares the challenge passed. There are (at least) two ways to cheat on 
an exam. Either be given the correct answers, or ensure that the grade 
will be A regardless of the answers.

Jerry
-- 
Engineering is the art of making what you want from things you can get.
�����������������������������������������������������������������������

Vladimir Vassilevsky wrote:
> 
> 
> steveu wrote:
> 
> 
>>>
>>> You just bypass all that and return whatever would be returned with 
>>> the dongle present.
>>
>>
>> Not with a challenge handshake system. The computer sends a different
>> random string to the dongle each time, and the dongle must return the
>> appropriate string after processing it with its own secret code. Replay
>> approaches are useless, and trying to work out the secret code is pretty
>> hard. 
> 
> .....and this paranoidal conglomeration comes down to one JZ somewhere 
> in the program that simply has to be patched to JNZ.

That's the spirit!

>> That's what protection dongles have been doing for at least 15
>> years.
> 
> If the dongle doesn't perform some not so obvious function essential for 
> the program operation, it will be hacked as the matter of few hours.

Jerry
-- 
Engineering is the art of making what you want from things you can get.
�����������������������������������������������������������������������

steveu wrote:
>>
>> steveu wrote:
>>
>>
>>>> You just bypass all that and return whatever would be returned with the
> 
>>>> dongle present.
>>>
>>> Not with a challenge handshake system. The computer sends a different
>>> random string to the dongle each time, and the dongle must return the
>>> appropriate string after processing it with its own secret code.
> Replay
>>> approaches are useless, and trying to work out the secret code is
> pretty
>>> hard. 
>> .....and this paranoidal conglomeration comes down to one JZ somewhere 
>> in the program that simply has to be patched to JNZ.
> 
> Jerry was talking about fooling the software by emulating the dongle, and
> most dongles make that hard. How hard it is to patch the software itself
> depends on the application developer. It is largely beyond the dongle
> maker's control. 

No no! I was talking about changing the software to make the dongle 
irrelevant.

>>> That's what protection dongles have been doing for at least 15
>>> years.
>> If the dongle doesn't perform some not so obvious function essential for
> 
>> the program operation, it will be hacked as the matter of few hours.
> 
> Most well know programs have a fairly complex interaction with the dongle,
> which makes them somewhat hard to circumvent. For example, the encryption
> engine in the dongle can be used to decrypt important sections of the
> code.
> 
> In the end, most of these techniques fall into certain patterns, which the
> people trying to crack them start to recognise. Most things end up cracked,
> and the legitimate customer tends to be the one who is most
> inconvenienced.

I was an inconvenienced legitimate customer. The dongle broke, and they 
wouldn't sell me a replacement, even with a trade-in. "Against policy." 
I got a call a few weeks later asking how I was managing without the 
program. I told them that I has cracked the program and was still 
getting my money's worth. They threatened to sue. I threatened 
countersuit for the time spent in the cracking. (I had checked with the 
lawyer.) Their clauses ruling out hacking remained valid only so long as 
they fulfilled the obligation to provide service on reasonable terms. 
They had broken the contract when they refused to sell a replacement 
dongle, charging for the whole program instead, and I had their 
smart-ass response in writing.

Jerry
-- 
Engineering is the art of making what you want from things you can get.
�����������������������������������������������������������������������

On Jun 24, 8:33&#4294967295;am, Rune Allnor <all...@tele.ntnu.no> wrote:
> Hi folks.
>
> Suppose you have developed an SW-based service that
>
> 1) Reduces processing time by >99%
> 2) Reduces manual interactions ( = personnel salaries,
> &#4294967295; &#4294967295; training and accomodations costs) by >99%
> 3) Reduces error rates and product flaws by >99%
>
> compared to present standard procedures. The commercial
> idea is to
>
> a) Lease a dedicated computer+SW to customers.
> b) Have the computer + SW do its thing as a LAN-based
> &#4294967295; &#4294967295; 'black box'. Clients send data in and recieve end results
> &#4294967295; &#4294967295; by LAN protocol.
> c) Have the clients subscribe to the service, paying annual
> &#4294967295; &#4294967295; fees, or the computer disables its LAN-based service.
>
> How would you go about protecting the integrity of the
> computer + SW? &#4294967295;If the computer is compromised and
> the SW hacked, the commercial basis for the service
> is gone.
>
> Rune

Hello Rune,

A very important fact left out here is how much total work is there?
Can you do it all using your "box?"

When spreadsheet programs were 1st created (Visicalc for example),
accountants were able to do in one hour what took 40 hours to do.
Smart accountants then managed to "pack" 1600 billable hours into a 40
hour work week. But once the clients knew about the accoutant's more
efficent method, then the accountants had to lower their costs sine
clients were used to paying on an quasi-hourly basis.


People who have "golden gooses" can lease them out with the promose of
their getting all improvements and continued maintainace to the
system. Certainly people use dongles.

My past experience with doing software for the cellular phone data
collection industry, was we actually used geo-keying. The dongle
included within it a valid polygon for which data would really be
properly processed. All of the data gets encoded before being sent to
the dongle, the dongle decodes (1 layer of decoding) the data, and
alters it based on its geolocation. The collection equipment encodes
the data as it is collected and only after a complete pass through the
system is the data straighened out. The encrytion is multikeyed and
multilayered to where things like serial numbers, license numbers etc
determine the keys. A multipermutable bijective encrytption is used
(RSA is a great example) and one needs to run the data through the
dongle. Multiple dongles may actually be used with this method with
servers in different locations. Part of building in a public key based
algorithm is once a hacker takes apart the code, he still only has
half of the key and by design this is really the public half.  One can
have a bit of fun with this.

You may find my paper on Totients of interest if public key encryption
piques your interest.

http://www.claysturner.com/dsp/totient.pdf


IHTH,
Clay

Am Fri, 26 Jun 2009 10:30:17 -0400 schrieb Jerry Avins:
>>>
>>> [dongles to protect SW]
>>> 
> I was an inconvenienced legitimate customer. The dongle broke, and they
> wouldn't sell me a replacement, even with a trade-in. "Against policy."
> 
That's the problem with dongles. Ultimately honest customer are p***d off
and come close to an undesirable encounter with lawyers. 
Nevertheless, Rune's problem remains: He, a small company, probably the 
only guy in the shop (garage?) against a big company with a lot of vessels
(and probably more lawyers). They buy one copy, install it on 17 vessels. 
How to prevent that? 

Martin

On 26 Jun, 18:38, Clay <c...@claysturner.com> wrote:
> On Jun 24, 8:33&#4294967295;am, Rune Allnor <all...@tele.ntnu.no> wrote:
>
>
>
>
>
> > Hi folks.
>
> > Suppose you have developed an SW-based service that
>
> > 1) Reduces processing time by >99%
> > 2) Reduces manual interactions ( = personnel salaries,
> > &#4294967295; &#4294967295; training and accomodations costs) by >99%
> > 3) Reduces error rates and product flaws by >99%
>
> > compared to present standard procedures. The commercial
> > idea is to
>
> > a) Lease a dedicated computer+SW to customers.
> > b) Have the computer + SW do its thing as a LAN-based
> > &#4294967295; &#4294967295; 'black box'. Clients send data in and recieve end results
> > &#4294967295; &#4294967295; by LAN protocol.
> > c) Have the clients subscribe to the service, paying annual
> > &#4294967295; &#4294967295; fees, or the computer disables its LAN-based service.
>
> > How would you go about protecting the integrity of the
> > computer + SW? &#4294967295;If the computer is compromised and
> > the SW hacked, the commercial basis for the service
> > is gone.
>
> > Rune
>
> Hello Rune,
>
> A very important fact left out here is how much total work is there?
> Can you do it all using your "box?"

What I can do, is to remove one of two or three bottlenecks
in the data processing as it is done today. The data procssing
sequence is quite long, and involved from measuring the data
to the end product. Contracts usually specify time limits
from end-of-survey (survey of nondescript length) to a 99%
finished product needs to be available. These time limits
are on the order of 24-28 hours. One needs to spend 8-10
man-hours to manually process 1 hour worth of survey data.

My little trick pushes substantial parts of what is now done
manually, into the computer.

> When spreadsheet programs were 1st created (Visicalc for example),
> accountants were able to do in one hour what took 40 hours to do.
> Smart accountants then managed to "pack" 1600 billable hours into a 40
> hour work week. But once the clients knew about the accoutant's more
> efficent method, then the accountants had to lower their costs sine
> clients were used to paying on an quasi-hourly basis.

What I had in mind was to allow users to lease a HW device
and subscribe to a SW key. How much they would pay to be
able to release all those man-hours, would be a 'topic for
future research'.

The idea is that they subscribe to a production capacity,
not a software program.

Rune

Rune Allnor wrote:
> On 26 Jun, 18:38, Clay <c...@claysturner.com> wrote:
<snip>
> 
> The idea is that they subscribe to a production capacity,
> not a software program.
> 
> Rune

So what about this idea is not simply a packaging problem?


--
Les Cargill

mblume wrote:
> Am Fri, 26 Jun 2009 10:30:17 -0400 schrieb Jerry Avins:
>>>> [dongles to protect SW]
>>>>
>> I was an inconvenienced legitimate customer. The dongle broke, and they
>> wouldn't sell me a replacement, even with a trade-in. "Against policy."
>>
> That's the problem with dongles. Ultimately honest customer are p***d off
> and come close to an undesirable encounter with lawyers. 
> Nevertheless, Rune's problem remains: He, a small company, probably the 
> only guy in the shop (garage?) against a big company with a lot of vessels
> (and probably more lawyers). They buy one copy, install it on 17 vessels. 
> How to prevent that? 

Put it into a pressurized box (without revealing any details) and have 
the program in volatile RAM that gets powered down if the pressure 
drops. Make it clear that replacement is at the option of the supplier. 
If, in the opinion of the supplier, the failure seems due to tampering, 
the lease is terminated.

Jerry
-- 
Engineering is the art of making what you want from things you can get.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Jerry Avins wrote:
> mblume wrote:
>> Am Fri, 26 Jun 2009 10:30:17 -0400 schrieb Jerry Avins:
>>>>> [dongles to protect SW]
>>>>>
>>> I was an inconvenienced legitimate customer. The dongle broke, and
>>> they wouldn't sell me a replacement, even with a trade-in. "Against
>>> policy."
>> That's the problem with dongles. Ultimately honest customer are
>> p***d off and come close to an undesirable encounter with lawyers.
>> Nevertheless, Rune's problem remains: He, a small company, probably
>> the only guy in the shop (garage?) against a big company with a lot
>> of vessels (and probably more lawyers). They buy one copy, install
>> it on 17 vessels. How to prevent that?
>
> Put it into a pressurized box (without revealing any details) and have
> the program in volatile RAM that gets powered down if the pressure
> drops. Make it clear that replacement is at the option of the
> supplier. If, in the opinion of the supplier, the failure seems due
> to tampering, the lease is terminated.
>
> Jerry

That may be a small price to pay.....

Fred