7 What does it mean? Worst scenario! – The attacker fully controls the host – This is also true in game consoles – Secure coding techniques – Will TPM bring some help? Law 1: Attackers will always find their way Is Open source DRM possible? – C2C – Trusted partners
8 Trust model for a new breed DRM Alic e Bob Authority Clear content DRM
9 What does it mean ? Serious privacy issue – Monitor what you watch Till to proof the business viability
12 Compliance & Robustness Regimes Trust model Compliance rules Robustness rules Means for compliance What do we trust What does it have to do What does it have to resist How we force it to comply
13 Tools? Secure implementations – How to test them? – Basic tools for testing typical exploits Key management, side channel attacks, buffer overflow… Robustness – How to resist to attacks? – Does it respect the trust model? – Does it respect the robustness rules?
15 Economic incentives Some failures – AACS and PowerDVD – Selling hardware and not content Align incentives! – The entity that implements security must suffer from eventual loss.
16 How to solve? Study the economics – Return On Investment – Return On Non Loss Take into account psychology – Prospect Theory Use game theory – Adjust parameters or scenarii to get win-win Nash equilibrium – Adjust business models correspondingly
17 An example: DRM and game theory Pay Steal DRM No DRM DRMNo DRM Pay2,23,1 Steal4, -1 DRMNo DRM Pay5,26,1 Steal4, -1
18 Conclusions Trust is paramount for DRM – Suitable Trust Model – Trust of implementation Fields of research – Trust model for attacker owned platform – Tools to check implementation – Use economics and psychology in design of global system
Thank you for your attention This document is for background informational purposes only. Some points may, for example, be simplified. No guarantees, implied or otherwise, are intended