Dongle
|
In the computer industry, the word dongle was used for many years to primarily refer to a small hardware device that connects to a computer and acts as an authentication key for a particular piece of software. When this software protection dongle is present, the software will run properly; when it is not, the program will run in a restricted mode or refuse to start. Dongles are used by some proprietary vendors as a form of copy prevention or digital rights management because it is much harder to copy the dongle than to copy the software it authenticates.
Dongle can also be used to refer to any thing that plugs into a computer, especially things with wires that "hang off" of (dangle from) laptop computers. For example:
- A jack wired to a small edge connector on a Type I or II PCMCIA card, typically an RJ45 or RJ11 jack for an Ethernet or telephone cable. This type of dongle has no copy prevention purpose. PCMCIA card dongles are notoriously fragile and unreliable. They are falling out of favour as more laptops include built-in Ethernet and modem sockets.
- USB adapters, such as for memory cards.
- Other USB devices, primarily flash memory "drives", used only for data storage (as opposed to USB Hardware Token Devices).
- The word has also been applied to Bluetooth antennas.
Software protection dongles are typically used with very expensive packages and vertical market software, such as CAD/CAM software, Digital Audio Workstation applications and some translation memory packages. Efforts to introduce dongle copy prevention in the mainstream software market were generally met with stiff resistance from users. Despite being hardware, dongles are not a complete solution to the trusted client problem.
Vendors of software protection dongles (and dongle-controlled software) often use terms such as hardware key, hardware token, or security device in their written literature. In day-to-day use however, the jargon word "dongle" is much more commonly used.
Contents |
History
The word dongle has been used as a placeholder name since the 1970s. Its origin is unknown. The American Heritage Dictionary, 4th edition, says it is "probably [an] arbitrary coinage." Claims that it was derived from the name "Don Gall" are an urban myth popularized by a 1992 advertisement for Rainbow Technologies, a dongle vendor.
Dongle as the name of a device was used well before 1980 within the telecoms industry to refer to BNC cable joiners of either sex (such as the RG58 cable used on 10 meg Ethernet).
WORDCRAFT was the first program to use a software protection dongle, in 1980. Its dongle was a simple passive device that supplied data to the pins of a cassette port in a pre-determined manner. That first dongle was invented and named by Graham Heggie in the UK.
The two cubic inch (33 cm³) resin-potted first generation were called "dongles" by the inventor as there was no other suitable term to hand on the day. The device increased WORDCRAFT sales eight-fold overnight, which illustrated the background level of software copying even in those days. It made millionaires of the software authors and the distributor, Dataview Ltd., then based in Colchester, UK, who then went on to produce a derivative dongle which became their core business.
Dongles rapidly evolved into active devices that contained a serial transceiver (UART) and even a microprocessor to handle transactions with the host. Later versions adopted the USB interface in preference to the serial or parallel interface.
According to a contributor claiming to be "Paul Handover, founder and managing director of Dataview Ltd.":
Although I can't remember the precise date, I well remember the conversation that I was having with Graham Heggie when he used the term 'dongle' and my immediate response that we couldn't use it as a term as it seemed vaguely vulgar. But we did and it became the generic term for a software protection key. In fact our sales of Wordcraft didn't rise anything like "eight-fold" much more like a steady doubling of sales over about a 6 month period. The biggest rise in sales were from larger organisations who had only purchased a single copy of Wordcraft. One large organisation in East Anglia, a single user of Wordcraft, turned out to have the product installed on over 200 Commodore PCs.
The other small amendment is that it didn't "make millionaires" of those involved. Certainly Peter Dowson, the author of Wordcraft, made a very good living out of the sales of Wordcraft for a number of years. But this was much more down to his commitment to a constant development of Wordcraft than the impact of the dongle.
Finally, the idea of the 'dongle' came out of a visit that I had made to our Canadian distributors, Canadian Micro Distributors (just slightly unsure if I recall the name correctly), in Milton, Ontario. They had developed a softtware key in conjunction with their local university and I saw this cube-like device stuck on the cassette port on the back of the Commodore. They avoided my questions about what it was doing but I guessed it was a software key. Upon my return to the UK, I rang Graham and explained what I had seen. It took him only a few days to deduce what it was doing and make a prototype. So, ultimately, we have our Canadian friends to thank for the idea of the Dongle.
Problems with software protection dongles
Implementation problems
There is the potential for weaknesses in the implementation of the protocol between the dongle and the copy-controlled software. It requires considerable cunning to implement this in a fashion that is not easy to crack. For example, naïve implementations might simply define a function to check for the dongle, returning "true" or "false" accordingly, reducing the prevention scheme to a single bit value at one point in the program.
Modern dongles include built-in strong encryption and use fabrication techniques designed to thwart reverse engineering. Typical dongles also now contain non-volatile memory — key parts of the software may actually be stored on the dongle.
However, security researchers warn that dongles still do not solve the trusted client problem: that if you give a user the cryptographic ciphertext, the algorithm and the key, your cipher is likely to be breakable, even with the algorithm and key encoded in hardware. (Grand, 2000)
User problems
Dongles tie up a port on the host machine. This has been ameliorated to some extent by the adoption of USB, but is still a serious drawback. To get around this, most practical dongles include a replacement port, so as to become an inline device.
In fields where dongle-controlled software is common, users often need more than one such application installed on a given computer. Manufacturers claim that multiple dongles can be successfully stacked or daisy-chained, but operational problems with stacked dongles are common. The number of dongles can also become physically problematic.
There is the obvious problem of losing the dongle, rendering the copy-controlled software useless until a replacement can be obtained. This is particularly likely if one needs to swap dongles for different applications.
References
- Attacks on and Countermeasures for USB Hardware Token Devices (http://www.grandideastudio.com/files/security/tokens/usb_hardware_token.pdf) (PDF) (Joe Grand, Grand Ideas Studio, Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation, Reykjavik, Iceland, October 12-13, 2000, pp 35-57, ISBN 99799483-0-2
See also
- Jargon File: dongle (http://www.catb.org/~esr/jargon/html/D/dongle.html)
- the trusted client model