On the anti-piracy beat with Cryptography Research

Psst! Hey buddy! Wanna buy a Snoy TV, an Appel Mic, or a bottle of Vaigra? Probably not -- not only are counterfeit products inferior, they can be downright hazardous. Paul Kocher wants to help ensure you never do.

Kocher, known well to security geeks as one of the architects of the SSL 3.0 protocol (and one of the theorists behind differential power analysis as a crypto-cracking strategy), is working these days to quash piracy and counterfeiting. He was at CES with Cryptography Research Inc. earlier this month to talk about tech that integrates anti-counterfeiting technology into systems such as computers, televisions, and set-top boxes.

What gets counterfeited? Kocher says that the most commonly knocked-off items are those that are inexpensive to manufacture and make good money in the marketplace. For instance, DVDs or printer cartridges are counterfeited at far higher rates than airplane components; Kocher estimates that fake printer cartridges make up 20-30% of the market worldwide, while aeronautics gear has maybe a 2% fake rate.

In Kocher's vision, there's no reason a authentic product can't prove its provenance, revealing its point of origin and even its supply chain of custody to other gear or to sensors listening for its particular ping. CryptoFirewall, the custom silicon core that the company's offering, does that (depending on the application) either by adding a chip to the system or as part of a circuit already in the system. The latter approach lessens the potential for tampering and cuts costs; the former approach leads to components capable of authenticating other components.

Spooky stuff, perhaps, if you're wondering about the implications of gear that listens for a ping that never comes. (If I plug a non-Expensiva ink cartridge into my Expensiva printer, will I void the warranty, cause the printer to stop working altogether, or just cause das blinkenlights?) But -- leaving that debate aside for now -- for businesses focusing on fighting back counterfeiters, a system such as CryptoFirewall kneecaps the problem by making the would-be fakes infeasible to convincingly create.

The nitty-gritty details are, of necessity, a secret. As Kocher notes, in his line of work you never know, in any absolute sense, "whether your system is unbreakable or just stronger than that of your competition." After eight hack-free years in a business where "everything we do is in the line of fire," he notes that a lot of the company's business comes from manufacturers who have already experienced a counterfeiting episode.

It's not much fun to have your intellectual property stolen, he says, whether you're selling DVDs, automotive gear or highly specialized equipment. "The first thing that happens [to these companies] when they realize they've got a problem is an irrational feeling -- 'I'm being victimized, this is awful.'" Most firms will attempt to deal with the problem internally and, that failing, turn to professionals. Companies such as Cryptography Research are paid to solve problems; there are performance metrics, and for any given anti-counterfeiting tech, "you don't know if it'll break or not, but if you go five years and there's no counterfeit, you're successful."

Success comes in part from understanding whom you're up against -- something a specialized security firm is likely to do better than a manufacturer who'd really rather just think about how to build a better TV or computer. Kocher points out that counterfeiters have millions of dollars at stake in their "businesses," just as real manufacturers do. Pay-television gear (e.g., set-top boxes) are particularly attractive targets right now, and Kocher jokes that he's "got some beautiful pictures of designs [Cryptography Research has] built, made by people trying to reverse-engineer them." His adversaries "know their stuff and do a good job."

The good news for consumers is that as far as Kocher's concerned, none of this should ever come into their line of sight. "If an end-user ever encountered [anti-counterfeiting tech], somebody did something wrong behind the scenes," he says. That goes for a lot of security solutions, including some of the highest-profile popular-crypto efforts of yore. "You shouldn't have to deal with things like managing a keyring" to authenticate communications, let alone your gear, Kocher says. "A good piece of tech is the one that takes your problem from you and solves it."