Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust & Digital Rights Management DIEHL Eric Security Technology Director CE&SAR 2008, 5 December.

Published byFelicity Deeble Modified over 9 years ago

Similar presentations

Presentation on theme: "Trust & Digital Rights Management DIEHL Eric Security Technology Director CE&SAR 2008, 5 December."— Presentation transcript:

1 Trust & Digital Rights Management DIEHL Eric Security Technology Director CE&SAR 2008, 5 December

2 2 Trust Content Protection Rights Enforcement Rights Management Trust Management IIIIVVIIIXIIIVVIVIIIX Trust No One

3 3 Outline Trust your model Trust your implementation Trust the greed

4 Trust your model

5 5 Trust model Alic e Bob Eve OpenSSL

6 6 Trust model for DRM Alic e Bob Eve DRM

7 7 What does it mean? Worst scenario! – The attacker fully controls the host – This is also true in game consoles – Secure coding techniques – Will TPM bring some help? Law 1: Attackers will always find their way Is Open source DRM possible? – C2C – Trusted partners

8 8 Trust model for a new breed DRM Alic e Bob Authority Clear content DRM

9 9 What does it mean ? Serious privacy issue – Monitor what you watch Till to proof the business viability

10 10 Real world model Alic e Bob Eve Ruth

11 Trust your implementation

12 12 Compliance & Robustness Regimes Trust model Compliance rules Robustness rules Means for compliance What do we trust What does it have to do What does it have to resist How we force it to comply

13 13 Tools? Secure implementations – How to test them? – Basic tools for testing typical exploits Key management, side channel attacks, buffer overflow… Robustness – How to resist to attacks? – Does it respect the trust model? – Does it respect the robustness rules?

14 Trust the greed

15 15 Economic incentives Some failures – AACS and PowerDVD – Selling hardware and not content Align incentives! – The entity that implements security must suffer from eventual loss.

16 16 How to solve? Study the economics – Return On Investment – Return On Non Loss Take into account psychology – Prospect Theory Use game theory – Adjust parameters or scenarii to get win-win Nash equilibrium – Adjust business models correspondingly

17 17 An example: DRM and game theory Pay Steal DRM No DRM DRMNo DRM Pay2,23,1 Steal4, -1 DRMNo DRM Pay5,26,1 Steal4, -1

18 18 Conclusions Trust is paramount for DRM – Suitable Trust Model – Trust of implementation Fields of research – Trust model for attacker owned platform – Tools to check implementation – Use economics and psychology in design of global system

19 Thank you for your attention This document is for background informational purposes only. Some points may, for example, be simplified. No guarantees, implied or otherwise, are intended

Download ppt "Trust & Digital Rights Management DIEHL Eric Security Technology Director CE&SAR 2008, 5 December."

Similar presentations

Compliance and Robustness Rules for Windows Media DRM Implementations Microsoft Corporation.

Compliance and Robustness Rules for Windows Media DRM Implementations Microsoft Corporation.
Jose Jimenez Director. International Programmes Telefónica Digital.

Jose Jimenez Director. International Programmes Telefónica Digital.
1 THOMSON multimedia 2001 ©24 May 2001 Copy Protection System for Digital Home Networks CPTWG – May 24, 2001.

1 THOMSON multimedia 2001 ©24 May 2001 Copy Protection System for Digital Home Networks CPTWG – May 24, 2001.
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept. 2004.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.

Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
1 Are “Trusted Systems” Useful for Privacy Protection? Joan Feigenbaum PORTIA Workshop Stanford Univ., July 8-9, 2004.

1 Are “Trusted Systems” Useful for Privacy Protection? Joan Feigenbaum PORTIA Workshop Stanford Univ., July 8-9, 2004.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.
CIS700: Hardware Support for Security Professor Milo Martin

CIS700: Hardware Support for Security Professor Milo Martin
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Law and Economics-Charles W. Upton Why Property Rights.

Law and Economics-Charles W. Upton Why Property Rights.
Anonymizing Web Services Through a Club Mechanism With Economic Incentives Mamata Jenamani Leszek Lilien Bharat Bhargava Department of Computer Sciences.

Anonymizing Web Services Through a Club Mechanism With Economic Incentives Mamata Jenamani Leszek Lilien Bharat Bhargava Department of Computer Sciences.
The 10 Deadly Sins of Information Security Management

The 10 Deadly Sins of Information Security Management

Similar presentations

Ads by Google