-2

I have developed a windows desktop application using VB.NET. My applications main purpose is to play videos. I have some videos which has copyrights on them, that are not suppose to be distributed or transfered without authorized permission.

I am looking for a way of preventing those videos from being copied or transfered. I am going to install this application on many PC's in places and cities. My biggest worry is how to protect those videos from illegal transfer or distribution.

I know that many giant companies has spent billions of dollars on how to prevent the privacy of their products but still they cant prevent it... So I am not expecting that I can get 100% solution on this, but still I want to protect it as much as I can.

I am listing down some of my ideas to prevent the videos from being copied. Let me know if I am wrong anywhere.

  1. Is there any way that i can make a PC only run my application - no other application at all, no one can see the desktop or open the start menu or a command prompt or Windows explorer or anything? When the PC starts, only my application will start and from my application the PC can be shut down.

  2. Can I create my own video format for these video files, which cant be converted to a normal video file just by changing its extension?

  3. I have tried to add these videos as resource files in my Visual Studio project, but I can not add videos that has a file size over 500 MB. I have much bigger files than that.

  4. Can I convert these videos to Flash files and add some code to it, so these files can run only on my machine not on any other machine?

Any kind of suggestions or solutions or guidance are welcome.

carla
  • 411
  • 4
  • 7
bnil
  • 295
  • 1
  • 3
  • 7
  • 1
    May be you can use encryption to protect your files. But still any video can be copied while its being played using camera – Sravan May 04 '16 at 11:18
  • @Sarvan No, I don't have any camera, the videos will be played on PC itself... – bnil May 04 '16 at 11:27
  • 3
    You can protect the files using encryption and play using your application which will use a decryption key(example hardcoded in code). But while playing video someone can capture the screen using camera. – Sravan May 04 '16 at 11:37
  • 10
    See my ancient answer on StackOverflow (before IS.SE): http://stackoverflow.com/a/1790206/19746 TL;DR: you can't. – Piskvor left the building May 04 '16 at 12:12
  • 17
    Remember that when people make something illegal, it's usually because it can't be made impossible. – T. C. May 04 '16 at 13:02
  • 7
    It's very likely that you will waste your money on that. If someone's really thinking your work is worth the effort of pirating it they will. – Noir May 04 '16 at 13:39
  • 7
    Alice wants to share a message with Bob, but ensure that Carl is unable to ever read it. You are Alice. Bob and Carl are the same person. – smitelli May 04 '16 at 16:34
  • What on earth are you trying to do? If you control the machines that will run your application then you (arguably) don't have to secure the videos. If you're after legal protection then you need to follow industry standards instead of homebrewing something with help from SE. If you can't control the entire chain then like you say there's simply no solution. – Lilienthal May 04 '16 at 18:24
  • Read http://security.stackexchange.com/q/97964/485 – Rory Alsop May 09 '16 at 07:43

6 Answers6

15

As you state in the question, doing this in a foolproof way is technically impossible. For the video to be displayed on the screen it must somehow reside somewhere in the RAM on the computer, be transfered to the monitor and then displayed there. From all these points the video could be extracted. Possible ways include:

  • Copied from RAM.
  • Recorded with screen capture program.
  • Recorded with hardware designed to record output from video port.
  • Screen filmed with an ordinary video camera.

What you can do is to make it harder for people to copy the videos. What all such efforts have in common is that they are breakable. If your videos are a high value targets, sooner or later anybody with basic googling skills will be able to copy the videos. But if your user group is small, non technical and/or not motivated, even a thin veil of protection might be enough.

This is called Digital Rights Management (DRM).

So how would you go about doing it? I would use an ordinary video format, and then encrypt it (for instance with AES). When a video is played, you decrypt it in RAM (so that the decrypted video never touch the hard drive) and play it. Apart from the thing mentiones about, this is vulnerable to the encryption key being extracted from wherever you store it.

So where do you store the encryption key? The easiest way is to just have it hard coded into the source code of your program. However, that means that anyone who copy the program and the videos will be able to play them. You could play around with different solutions where the key is hidden (in some obscure file, in a weird place in the registry) or where every installation of the program is distributet with its own encryption key that decrypts the universal encryption key that in turn decrypts the videos. In the end it is all security through obscurity anyway.

Or - and this is the easiest solution if it is possible - you just distribute the videos through an existing distributor that already has its own DRM in place.

EDIT: User billc.cn has some examples of existing DRM schemes that you can use in his answer. I would strongly recommend you to consider those before trying to roll your own.

Anders
  • 65,052
  • 24
  • 180
  • 218
  • Thanks for the detail information... Well, I have heard of the DRM thing, but I didn't get much information of it except wiki...it will be so nice of you , if you give a link where DRM is explained... means i want to know how can I use DRM to protect videos...It will be nice if you give me some links for encryption process... Thanks again... – bnil May 04 '16 at 15:57
  • I have tried to search the DRM thing on internet but I couldn't find how exactly its implemented on any application or on any file... I have no clue at all... – bnil May 04 '16 at 16:02
  • 1
    -1. As I said above, can we please not legitimize malware on a security-focused site? – Mason Wheeler May 04 '16 at 18:24
  • @bnil The example I give with encrypting the file is one way to do it. How to implement that in code is a very broad question that I don't think belong on this forum. – Anders May 05 '16 at 00:13
  • @MasonWheeler As I said below, if you have an issue with that, take it up on meta. The comments are not the place for that kind of discussion. – Anders May 05 '16 at 00:15
12

Do not roll your own DRM scheme. The industry have tried and failed so many times that a homebrew solution will stand little chance.

It would be better to "stand on the shoulders of giants" and use existing DRM solutions. Windows Media Rights Management and PlayReady are good solutions. The latter supports HDCP and are used by mainstream premium content distributors like Netflix and Amazon.

These solutions takes care of the theoretical, software and hardware aspects of a DRM solution and provides licenses to DRM-related patents, etc. that you'll undoubtedly need.

Obviously, you'll have to pay money to license these solutions and maintain some infrastructure to keep them running. Whether this is worth it depends on the value of the contents you're trying to protect.

billc.cn
  • 3,892
  • 1
  • 17
  • 24
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/39307/discussion-on-answer-by-billc-cn-how-to-prevent-illegal-file-transfer-or-copying). – schroeder May 05 '16 at 00:49
  • One thing to note though is that there is a drawback: This are really broadly used systems. there are a lot of people who try to break them. Skilled people! Let's assume they can be broken after 10000 hours of work by skilled experts. This will happen sometime. After that, probably anyone who can use google will be able to break the DRM on **your** videos. If your target audience is small and doesn't include people skilled in breaking such things, a custom system could be more secure. If a expert can break it in 100h but no one even tries, this is more secure. All DRM is security by obscurity! – Josef Oct 05 '16 at 11:01
7

As mentioned, its impossible to prevent capture of the displayed video - even in the worst case, the user can record the video on a smartphone or using a fixed camera (as some pirate movies do when they are recorded at the cinema)

What you can do then is to shift the protection from stopping copying, to prosecuting copiers. You can embed watermarks in the video, watermarks generated uniquely per PC or user. These are not usually visible to the human eye (but could be) but can be read by careful inspection of the video frame data. This means that if you find a copy of your video, you can tell who showed it (or who it was assigned to) and deal with them in whatever fashion you choose.

gbjbaanb
  • 218
  • 1
  • 5
4

This is a problem of trying to protect what you want to provide. It's impossible to do, but you can make it difficult.

Probably the best approach would be to encrypt the files. But at the end, you give all the data for a person to run on a computer they have full access to. Since it will play the video at some times, it means the keys will be available in the code, or in the memory.

The problem will also occur with a computer as you describe in 1. Even if this was possible, the files are available in some format to the user at some point, and reverse engineering this can be done.

2 suffers the same problem, there is but a finite way to do videos. Even if you develop your own codec and container format, these can be reversed engineered.

As for 3/4, resources are files from which you can extract data.

As a rule on computers, what can be seen can be duplicated.

M'vy
  • 13,053
  • 3
  • 48
  • 69
3

I know that many giant companies has spent billions of dollars on how to prevent the privacy of their products but still they cant prevent it... So I am not expecting that I can get 100% solution on this, but still I want to protect it as much as I can.

You've already got your answer, you just don't realize it. "As much as you can" is "not at all."

Why? Because the Internet.

You need to keep the Internet in mind to realize just exactly how ridiculously stacked against you the deck is in this endeavor. Because the Internet exists, because the World Wide Web has been established worldwide, all it takes is any one person, anywhere in the world, to crack your protection even once, and then upload the crack, and the entire world has access to it. This is the problem at the heart of your (entirely correct) observation that many companies spend more money than you'll ever see in your life to prevent piracy, without success.

DRM does not work. Period. And worse than not working, it makes things worse, because it introduces a failure mode to the system. DRM doesn't simply lock people out if they're not authorized; it locks people out if they cannot prove to the satisfaction of the DRM code that they are authorized. Those are two very different things even if your code doesn't contain any bugs (and how confident are you of that, really?) because it frequently means that if the user isn't connected to the Internet, or if anything goes wrong at the server, or with the network along the way, or if you go out of business, your customers lose access to content that they legitimately bought and paid for.

What this does is set up a set of perverse incentives, where a hacked copy does not simply provide your product to users without paying for it; it provides a better product, one that is not encumbered by the problems DRM brings. When you add protection to your content, you are creating a positive incentive for people to want to crack it that would not exist otherwise!

If you want people to pay for your content, there is only one way to achieve it, and it's with basic economics, not with code. A person will buy something if they perceive that the value it provides to them is greater than the price they're being asked to pay for it.

It's really that simple.

Mason Wheeler
  • 1,635
  • 1
  • 11
  • 15
  • Period? *cough* — JC3. – Insane May 06 '16 at 09:56
  • thanks for the reply, It will be nice, if you suggest me any link to check for DRM. I have tried on google to find out about , How DRM works, but I didn't get much information... Do you know any links where I can see the sample code or any application with DRM... – bnil May 07 '16 at 15:09
  • 1
    @bnil No, for two reasons. First, because the sorts of people who don't understand why DRM is an exercise in futility tend to also not understand [Kerckhoff's Principle,](https://en.wikipedia.org/wiki/Kerckhoffs's_principle) and so they avoid going into details of how their DRM systems work in order to keep people from more easily figuring out how to crack it. And second, because the entire point of my answer is to persuade you not to use DRM. It would be counterproductive of me to point you to resources showing you how to do so, even if I did know where to find such things. – Mason Wheeler May 08 '16 at 20:44
0

Windows Embedded with the UI disabled would be a first step.

Then you could:

  • Disable the network
  • Epoxy all open ports
  • Remove the floppy drive (do these still exist)

As all have said already, 100% is impossible, but if you look at each possible entry point and close it you can get close.

Instead of the epoxy method you can setup a USB whitelist to only accept your thumb drive, and an application whitelist would also be possible to prevent sideloading of screen capture software.

Short of welding the monitor cable in though, a pass-through device would still be able to be inserted inline.

To bypass the file size limit you could possibly break up the video into smaller parts and play them as a playlist.

Matthew
  • 27,263
  • 7
  • 89
  • 101