Dongle
From Wikipedia, the free encyclopedia
A dongle is a small hardware device that connects to a computer to authenticate a piece of software. When the dongle is not present, the software runs in a restricted mode or refuses to run. Dongles are used by some proprietary vendors as a form of copy prevention or digital rights management because it is much harder to copy the dongle than to copy the software it authenticates. Vendors of software protection dongles (and dongle-controlled software) often use terms such as hardware key, hardware token, or security device in their written literature. In day-to-day use however, the jargon word "dongle" is much more commonly used.
The term has been somewhat generalized to describe specialized connectors that convert one type of port to another, for example an RJ45 jack that plugs into the edge connector on some kinds of PCMCIA Ethernet cards, as well as small devices such as USB flash drives or wireless networking adapters. In addition, author Douglas Adams, in a 1990s column for the US edition of MacWorld magazine, used the term "little dongly things" to describe plug converters necessary for adapting US power cables to international plugs.[1] These usages are not universally accepted.
Software protection dongles are typically used with very expensive packages (starting with about USD 500 and up) and vertical market software, such as CAD/CAM software, Digital Audio Workstation applications and some translation memory packages. Efforts to introduce dongle copy prevention in the mainstream software market were generally met with stiff resistance from users. Despite being hardware, dongles are not a complete solution to the trusted client problem.
Well-known software protection dongle manufacturers include Matrix (Matrix Dongle),[2] SafeNet (better known as Rainbow),[3] Aladdin,[4] WIBU-SYSTEMS[5] and SG-Lock.[6] In the digital audio world, some versions of Pro Tools and many plug-ins use the Pace iLok Smart Key USB dongle.
Contents |
[edit] History
The word dongle has been used as a placeholder name since the 1970s. Its origin is unknown. The American Heritage Dictionary, 4th edition, says it is "probably [an] arbitrary coinage." Claims that it was derived from the name "Don Gall" are an urban myth popularized by a 1992 advertisement for Rainbow Technologies, now SafeNet, a dongle vendor.
Dongle as the name of a device was used well before 1980 within the telecom industry to refer to BNC cable joiners of either gender (such as the RG58 cable used on 10 meg Ethernet).
WORDCRAFT was the first program to use a software protection dongle, in 1980. Its dongle was a simple passive device that supplied data to the pins of a Commodore PET's external cassette port in a pre-determined manner. This arrangement was made possible because the PET cassette port supplied both power and data connections through a proprietary edge connector. It did, however, make the cassette port unusable for its intended purpose.
That first dongle was allegedly invented and named by Graham Heggie in the UK although the true inventor and namer of the Dongle was a Mr John Paulson from Chinley in Derbyshire (UK)
The two cubic inch (33 cm³) resin-potted first generation devices were called "dongles" by the inventor as there was no other suitable term to hand on the day. The device increased WORDCRAFT sales significantly. The distributor, Dataview Ltd., then based in Colchester, UK, then went on to produce a derivative dongle which became their core business.
Dongles rapidly evolved into active devices that contained a serial transceiver (UART) and even a microprocessor to handle transactions with the host. Later versions adopted the USB interface in preference to the serial or parallel interface.
[edit] Problems with software protection dongles
There is the potential for weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. It requires considerable cunning to implement this in a fashion that is not easy to crack. For example, naïve implementations might simply define a function to check for the dongle, returning "true" or "false" accordingly, reducing the prevention scheme to a single bit value at one point in the program.
Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — key parts of the software may actually be stored on the dongle. Thus dongles evolved and have become secure cryptoprocessors that execute inaccessible program instructions that may be input to the cryptoprocessor only in encrypted form. The original secure cryptoprocessor was designed for copy protection of personal computer software (see US Patent 4,168,396, Sept 18, 1979) to provide more security than dongles could then provide. See also bus encryption.
However, security researchers warn that dongles still do not solve the trusted client problem: that if you give a user the cryptographic ciphertext, the algorithm and the key, your cipher is likely to be breakable, even with the algorithm and key encoded in hardware.[7]
Another problem is that if a hacker manages to bypass the need for the dongle, the counterfeit version of the program is then seen to be superior to the legitimate original.
[edit] Game consoles
- Some unlicensed titles for game consoles used dongles to connect officially licensed cartridges to circumvent authentication chips embedded in the console that give restrictions on what software will run.
[edit] References
- ^ http://www.douglasadams.com/dna/980707-03-a.html
- ^ http://www.tdi-matrix.com/english
- ^ http://www.safenet-inc.com/products/sentinel/hardware_keys.asp
- ^ http://www.aladdin.com/hasp/default.asp
- ^ http://wibu.com/codemeter.php
- ^ http://www.sg-lock.com/en
- ^ Attacks on and Countermeasures for USB Hardware Token Devices (PDF) (Joe Grand, Grand Ideas Studio, Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation, Reykjavik, Iceland, October 12-13, 2000, pp 35-57, ISBN 9979-9483-0-2
