How to make a document truly read only

Question

How is it possibile to cryptographically make a document truly read only? As in read only I imply that the user can obviously view it which can be achieved by coding which pixels have which colors. But how is it done in the industry? and what's more important is it possibile to password-protect it too? I have considered a few solutions but I would like input from someone who has more knowledge than I in cryptography and security.

Answer 1

Cryptography studies properties of information. Information, at least in discrete form (a sequence of bits) can inherently be duplicated. Inasmuch as a document conveys meaning, it can be expressed as a sequence of bits. If someone obtains a copy of the document, they can duplicate the sequence of bits and make other copies. It is impossible to prevent the copying of a document by cryptographic means alone.

It's also impossible to prevent making modified copies of a document. It is however possible to detect whether a copy of a document is pristine: this property is called authenticity, and it's one of the basic security properties that cryptography studies. Authenticity can be guaranteed by including a signature (which can be produced only by entities who know a particular private key and can be verified by anyone knowing corresponding the public key) or a MAC (which can be verified by entities who know the secret key that was used to produce the MAC).

While copies cannot be prevented, they can be made detectable through watermarking. Unlike authenticity, for which robust, generic solutions exist, watermark techniques are inherently tied to a particular medium (e.g. sound or video) and tend to be broken.

Protection against copying can be achieved by physical means (optionally in combination with cryptography). This is not always easy to achieve. In order to prevent copying, the information has to stay within systems that are under the control of the information holder. Properties such as “this information may not be copied outside a certain system” are known as digital rights management (DRM).

As soon as the information needs to be communicated to a human, it has to leave the controlled system. This is an analog hole, and cannot be prevented by physical means alone. There are two ways to mitigate the analog hole:

• By physical means: the analog hole implies a quality degradation for some types of documents (e.g. filming a video in a cinema produces a lower-quality video — but technology is improving rapidly). Fundamentally, the analog hole represents a limit on the rate at which the information leak out of the controlled system.
• By legal means: show the document only to people who have signed a contract whereby they guarantee that they will not make copies. In effect, legal means can make the human part of the controlled system.

In practice, DRM works (inasmuch as it works at all) by arranging to make the computer that a user bought remain under the control of the content provider: your computer is not your computer, you only paid for it, and you can only use software that is approved by the content provider. If DRM-protected content escapes computers that are under the control of a content provider (for example, if it's visible on a PC), it is no longer protected.

As long as the document is on systems under your control, you can configure your systems to require a password to view it. If the document leaks, then you can enforce confidentiality by encryption, making the document only readable only to holders of a key. Someone who doesn't have the key can tell that the document is there and (at least approximately) how large it is but not what it contains. It is possible to derive a key from a password, so that only entities who know the password can read the document.