Dongle
Encyclopedia : D : DO : DON : Dongle
A dongle is a small hardware device that connects to a computer to authenticate some piece of software. This was its primary meaning in the computer industry in the 1980s and 1990s. When the dongle is not present, the software runs in a restricted mode or refuses to run. Dongles are used by some proprietary vendors as a form of copy prevention or digital rights management because it is much harder to copy the dongle than to copy the software it authenticates.
Software protection dongles are typically used with very expensive packages (starting with about USD 500 and up) and vertical market software, such as CAD/CAM software, Digital Audio Workstation applications and some translation memory packages. Efforts to introduce dongle copy prevention in the mainstream software market were generally met with stiff resistance from users. Despite being hardware, dongles are not a complete solution to the trusted client problem.
Vendors of software protection dongles (and dongle-controlled software) often use terms such as hardware key, hardware token, or security device in their written literature. In day-to-day use however, the jargon word "dongle" is much more commonly used.
Dongle can also refer to something that plugs into a computer, especially something with wires that "hang" (dangle) from a laptop computer. For example:
- A jack wired to a small edge connector on a Type I or II PCMCIA card, typically an RJ45 or RJ11 jack for an Ethernet or telephone cable. This type of dongle has no copy prevention purpose. PCMCIA card dongles are notoriously fragile and unreliable. They are falling out of favour as more laptops include built-in Ethernet and modem sockets.
- USB adapters, such as for memory cards.
- Other USB devices, primarily flash memory "drives", used only for data storage (as opposed to USB Hardware Token Devices).
- The word has also been applied to Bluetooth and Wi-Fi antennas.
History
The word dongle has been used as a placeholder name since the 1970s. Its origin is unknown. The American Heritage Dictionary, 4th edition, says it is "probably [an] arbitrary coinage." Claims that it was derived from the name "Don Gall" are an urban myth popularized by a 1992 advertisement for Rainbow Technologies, now SafeNet, a dongle vendor.
Dongle as the name of a device was used well before 1980 within the telecoms industry to refer to BNC cable joiners of either sex (such as the RG58 cable used on 10 meg Ethernet).
WORDCRAFT was the first program to use a software protection dongle, in 1980. Its dongle was a simple passive device that supplied data to the pins of a cassette port in a pre-determined manner. That first dongle was invented and named by Graham Heggie in the UK.
The two cubic inch (33 cm³) resin-potted first generation devices were called "dongles" by the inventor as there was no other suitable term to hand on the day. The device increased WORDCRAFT sales significantly. The distributor, Dataview Ltd., then based in Colchester, UK, then went on to produce a derivative dongle which became their core business.
Dongles rapidly evolved into active devices that contained a serial transceiver (UART) and even a microprocessor to handle transactions with the host. Later versions adopted the USB interface in preference to the serial or parallel interface.
Problems with software protection dongles
Implementation problems
There is the potential for weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. It requires considerable cunning to implement this in a fashion that is not easy to crack. For example, naïve implementations might simply define a function to check for the dongle, returning "true" or "false" accordingly, reducing the prevention scheme to a single bit value at one point in the program.
Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — key parts of the software may actually be stored on the dongle. Thus dongles evolved and have become secure cryptoprocessors that execute inaccessible program instructions that may be input to the cryptoprocessor only in encrypted form. The original secure cryptoprocessor was designed for copy protection of personal computer software (see US Patent 4,168,396, Sept 18, 1979) to provide more security than dongles could then provide. See also bus encryption.
However, security researchers warn that dongles still do not solve the trusted client problem: that if you give a user the cryptographic ciphertext, the algorithm and the key, your cipher is likely to be breakable, even with the algorithm and key encoded in hardware. (Grand, 2000)
Dongles in pop culture
- Some unlicensed titles for game consoles used dongles to connect officially licensed cartridges to circumvent authentication chips embedded in the console that give restrictions on what software will run.
- In the film [[Terminator 2: Judgment Day]], John Connor used an ATM card with a dongle and used an Atari Portfolio palmtop computer to circumvent security on the ATM when making his transaction for arcade money.
References
- [Attacks on and Countermeasures for USB Hardware Token Devices] (PDF) (Joe Grand, Grand Ideas Studio, Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation, Reykjavik, Iceland, October 12-13, 2000, pp 35-57, ISBN 99799483-0-2
See also
From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.