Recently, Apple unveiled a new system that allows customers to browse the iTunes store and \u201crent\u201d selected movies for a smaller fee than it would cost to purchase them. This fee also happens to be slightly more than one would pay for renting from a video store, but convenience isn\u2019t cheap. The iTunes rental system allows customers to download a video and store it for up to 30 days, but the movie must be watched within 24 hours of starting it. 24 hours after starting the movie, it is removed from the iTunes library.<\/p>\n
<\/p>\n
Assets<\/strong><\/p>\n The backing of the movie studios is a huge asset to Apple if they want to continue making movies available for rental online. Movies studios will only continue backing Apple if they feel thatI people are paying for the movies that they download, and that, once downloaded, the movies expire after a certain amount of time.<\/p>\n Customer trust could also be considered an asset. By making customers feel that their identity is safe with Apple, customer trust can be protected.<\/p>\n The credit card number of customers also need to be protected. The goal in protecting this asset would be twofold \u2013 one goal is to protect the pocketbooks of the consumers, but another goal is to protect Apple\u2019s reputation as a legitimate player in the online marketplace.<\/p>\n Adversaries\/Threats<\/strong><\/p>\n Identity thieves are one adversary that is common to all online marketplaces. The threat is that someone might be able to collect credit card and\/or iTunes store login information as it is being sent over the wire from a customer\u2019s computer to an Apple server.<\/p>\n Customers who want to keep a movie for longer than 24 hours should likely be considered adversaries as well. The thread here is that if customers can circumvent the 24 hour limitation on watching the movie, then movie studios won\u2019t be as inclined to offer movies for rent through iTunes.<\/p>\n Weaknesses<\/strong><\/p>\n Local storage. The fact that the movie is stored on the customer\u2019s machine once it is downloaded is a weakness of the system. It allows attackers more freedom to \u201cplay\u201d and an easier time to deconstructing the videos to learn about their encryption and safeguards.<\/p>\n Network connection. In order for a transaction to occur, some sensitive information has to be transmitted from the customer\u2019s computer to an Apple server somewhere far, far away.<\/p>\n Time-based system. The fact that the rental system is based on a time limit is a weakness of the system. Computer times change (or can be changed), people move between time zones, and it\u2019s possible that the inconstancy of time on the computer could be used to extend rental periods indefinitely.<\/p>\n Defenses<\/strong><\/p>\n Encryption of sensitive data. When transferring data across the wire, a strong encryption scheme should be (and probably is) used to protect the integrity and the contents of the data being transferred.<\/p>\n Server-side timestamps. When a video is requested for rental from the store, the remote server could store the time the video download was completed, and then iTunes could ask the server periodically whether or not the rental should still be active. This wouldn\u2019t work if someone were to cut off access to the Internet from their computer, but the assumption would be that they wouldn\u2019t be able to keep the computer unplugged indefinitely. This could also be combined with checking of timestamps on the client side to make a very robust system.<\/p>\n Risks<\/strong><\/p>\n The risk involved in sending sensitive information (e.g. credit card numbers) across a public network is very real. The likelihood of someone successfully sniffing encrypted data going across the network is likely not very large, but the possible consequences if someone were to successfully decrypt that data are fairly significant. Also, many people live in situations where wireless network connections abound. Sniffing data on a wireless network is much easier than sniffing over a wired network for the casual thief.<\/p>\n It is very likely that someone will come up with a way for customers to circumvent the timeout on downloaded rentals from the iTunes store. However, most customers probably won\u2019t take advantage of an exploit because the either won\u2019t know about it, or will choose not to do so for ethical reasons. The risk of a significant number of users abusing the system is therefore probably low.<\/p>\n Conclusions<\/strong><\/p>\n Online video rentals are an interesting idea. Given a good system of downloading videos that expire after a fixed amount of time and a good way of transmitting data across a network securely (which I will assume that Apple already has), the market could be lucrative. As the field is relatively new, it is likely that the technologies used to ensure that videos do, in fact, expire after a set amount of time will evolve and become harder to tamper with. Perhaps those technologies might be used to transfer time-sensitive data between corporations at some point in the future.<\/p>\n","protected":false},"excerpt":{"rendered":" Recently, Apple unveiled a new system that allows customers to browse the iTunes store and \u201crent\u201d selected movies for a smaller fee than it would cost to purchase them. This fee also happens to be slightly more than one would … Continue reading