Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Rights Management John Mitchell CS 155 Spring 2006.

Published byRoger Park Modified over 8 years ago

Similar presentations

Presentation on theme: "Digital Rights Management John Mitchell CS 155 Spring 2006."— Presentation transcript:

1 Digital Rights Management John Mitchell CS 155 Spring 2006

2 2 Next Tuesday Paul Kocher President and Chief Scientist Cryptography Research, Inc.

3 3 Basic Problem Joey writes and records a song Song distributed on some sort of media Joey (and music company) want to sell recordings But digital info is easy to copy, on most media What can Joey (and Music Inc.) try to do? Look for copies? Mark recording to make it easier to find copies? Restrict media so only certain devices can play it? All of these approaches have problems; no perfect solution (yet?)

4 4 Outline Examine or modify content Content hashing and copyright crawling Watermarking Fingerprinting Regulate use through special content players Apply complex policies, need tamper-proof platform Some examples  MediaMax CD3: restrict access on software players  DVDs: CSS encryption and hardware/software players  Windows Media Rights Management  Office Information Rights Management

5 5 Content hashing Suppose we had a “content-aware” hash function: H: {music}  {short strings} satisfying: 1. If M1 and M2 are two music clips (e.g. MP3 files) that play the “same” song then H(M1) = H(M2) 2. Given a clip M a pirate cannot create an “acceptable” clip M’ such that H(M)  H(M’) Is this realistic? Hash function must resist all signal processing tricks Do not know such hash functions exist  some claim to have them

6 6 Copyright Crawler Web crawler looks for copyright violations Use list of hashes of all copyrighted content Scans all web sites, Kazaa network, Napster, etc. For every music file found, compute hash and compare If match is found, call the lawyers Problems: Hash functions unlikely to exist for music Does not protect against anonymous postings: publius Very high workload

7 7 Examples DigiMarc MarcSpider Crawls web looking for pirated images May use watermarking? (next topic) MOSS (Measure Of Software Similarity) Detect plagiarism in programming assignments, web pages http://www.cs.berkeley.edu/~aiken/moss.html SCAM: N. Shivakumar, Stanford. Crawls web looking for academic plagiarism Several success stories: http://www-db.stanford.edu/~shiva/SCAM/scamInfo.html

8 8 Improvement: watermarking Embed hidden watermark at the recording studio Embed( M, I ): outputs a watermarked version of music M with the information I embedded in it Retrieve( M’ ): takes a watermarked music file M’ and outputs the embedded watermark I Watermark requirements (not necessarily achievable): Watermark must be inaudible Watermark should be robust: Given M 1 = Embed(M,I), pirate cannot create an “acceptable” M 2 with Retrieve(M 2 )  I  To do this, watermark must resist all signal processing tricks - resampling, cropping, low-pass filtering, …

9 9 Example Watermarked File Second image has watermark inserted by DOS software “White Noise Storm”

10 10 Watermark-based enforcement Copyright crawler uses “Retrieve” algorithm Benefits: Copyright crawler does not need list of all copyrighted material No need for content aware hash  Watermarking music “seems” to be an “easier” problem. But, some of the same problems as before Does not defend against anonymous postings High workload

11 11 Robust watermarks?? Embed & Retrieve algs are usually kept secret “Security by obscurity” – not a successful approach Do robust watermarking systems exist? We don’t know the answer StirMark  Generic tool for removing image watermarks  Oblivious to watermarking scheme SDMI challenge:  Broken: Felten, et al. Obj1 Obj1 mark ?? Obj2 mark

12 12 Fingerprinting Basic idea: Embed a unique user ID into each sold copy If user posts copy to web or Napster, embedded user ID identifies user Problem: Need ability to create distinct and indistinguishable versions of object Collusion: two users can compare their objects to find parts of the fingerprint

13 13 Watermarking Images (>200 papers) DigiMarc: embeds creator’s serial number. Add or subtract small random quantities from each pixel. Embedded signal kept secret. Signafy (NEC). Add small modifications to random frequencies of entire Fourier Spectrum. Embedded signal kept secret. Caronni: Embed geometric shapes in background. SigNum Tech. (SureSign).

14 14 Watermarking Music (>200 papers) Aris Tech (MusicCode): Rate: 100 bits/sec of music Solana (E-DNA) Used by LiquidAudio. Argent: Embed full text information. FrameBased: info. inserted at random areas of signal Secret key determines random areas. Merged to form Verance Used by SDMI

15 15 Some other issues Digital Millennium Copyright Act (DMCA) Forbids circumvention of copy protection mechanisms, and circumvention tools and technologies Some exceptions for security testing, law enforcement, research that aims to improve security Fair Use Copyright law allows regulated use of copyrighted material in certain circumstances  Example: quote copyrighted material in a critical review Disclaimer: I am not a lawyer. No statements in CS155 are legal advice.

16 16 “My Story” by Ed Felten Industry consortium (SDMI) considering four technologies for deployment in next-gen music and players. We (Princeton, Rice, Xerox researchers) study technologies, find that they don’t work very well. We write a paper detailing our findings. Paper accepted for publication at conference. 3 Slides from: http://csrc.ncsl.nist.gov/ispab/2002-06/Felten-06-2002.pdf

17 17 “Our Paper” Music industry claims that our paper is a “technology” whose primary purpose is copyright circumvention Similar claim for oral presentation Threatens to sue authors of paper, conference organizers, and employers Seeks control over contents of paper

18 18 “My Story (cont.)” Music industry (RIAA, SDMI, Verance) threatens lawsuit if we publish. Conference organizers also threatened. We withdraw paper because of threats. We file lawsuit seeking right to publish After legal wrangling, paper is published We managed to publish, but: Months of effort by researchers lost Hundreds of lawyer-hours spent ($$$) Member of our team loses his job Eight-month delay in release of our results

19 19 Outline Examine or modify content Content hashing and copyright crawling Watermarking Fingerprinting Regulate use through special content players Apply complex policies, need tamper-proof platform Some examples  MediaMax CD3: restrict access for software players  DVDs: CSS encryption and hardware/software players  Windows Media Rights Management  Office Information Rights Management

20 20 Passive vs Active Protection

21 21 MediaMax CD3 (SunnComm) Goal Restrict use of music CD on computer Method CD contains autorun file that causes Windows to launch LaunchCD.exe, installs “SbcpHid” driver Driver prevents copying of restricted CDs Failures LaunchCD.exe will not run on Linux On Windows: hold shift key while loading CD Digital Millennium Copyright Act (DMCA) Forbids circumvention of copy protection mechanisms, and circumvention tools and technologies http://www.cs.princeton.edu/~jhalderm/cd3/

22 22 Sony XCP CD contains copy protection software Copy protection software protected by rootkit Rootkit detected by RootkitRevealer http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

23 23 Content protection via encryption Basic idea: Content distributor encrypts content before releasing it. Release: C = E K [content] Decryption key embedded in all players. Player will only decrypt if policy is satisfied. Note: cannot prevent copying after decryption. User can probe bus to sound card. Unlike watermarking: watermark is embedded in content. Propagates in cleartext copies of content. Problem: what if one pirate uses reverse engineering to expose global key k ??

24 24 Example: CSS CSS: Content Scrambling System Used to protect DVD movies. Each DVD player manufacturer i has key K i, e.g. K sony Embed same key K sony in all players from Sony. Every DVD movie M is encrypted as follows: 1. enc-content = E K [M] ; K – a random key. 2. E Ksony [k], E Kphilips [K], … About 400 manufacturer keys

25 25 Problems with CSS DeCSS: Extracted key from Xing software player Could decrypt any DVD playable on the Xing player MPAA revoked Xing key: disabled all Xing players! Bigger problem: Encryption algorithm in CSS is based on LFSR’s Very fast: video rate decryption on weak DVD player Very weak: given one manuf. Key, can get all keys

26 26 Better revocation technique Embed a distinct key in every player Every node v has an associated key K v. Every player corresponds to leaf node. Key for player i: all keys on path from root to leaf i. Players: i

27 27 Revocation Initially Encrypt all content with key at root Any player can decrypt content. When player i is revoked Encrypt content-key so only players other than i can decrypt.

28 28 How to tell which player to revoke? When pirate publishes single key on Internet, MPAA knows which keys to revoke. What if pirate sells pirated players? How can MPAA tell which keys embedded in player? Solution: Tracing systems can interact with player and determine how to revoke that player. How? Take crypto class…

29 29 Player Digital Distribution Dream ( ) Artist DistributorConsumer Package Content Package Content Movies Books Music Secure network transactions Software player

30 30 Digital rights management Distribute information in specific format Player that knows this format controls action Control reading, playing, or copying content Guarantee payment in proportion to use  Count number of times content is used  Transfer payment to distributor No end run Must be impossible to use content without player Player must be tamper resistant Problem: Computer files are easy to duplicate Can software player on general-purpose computer achieve goals?

31 31 DRM Reference Architecture Rosenblatt, et al. Content Server Client License Server Content repository DRM packager Encryption Content Metadata Package Encryption Keys Rights License Product information Rights Encryption keys DRM controller Rendering application Identity Financial transaction Identities License generator

32 32 Windows Media Rights Manager Input file.wav,.mp3,.avi encode Win Media file.wma,.wmv,.asf Packaged Win Media file Key ID, license acquisition URL package Web site, CD, email message, etc License Rights license URL Packaged Windows Media file Content owner Distributor License issuer Windows Media License Service Packager Consumer (player)

33 33 Windows Key and License Management

34 34 HDCP, Secure Audio Path High-bandwidth Digital Content Protection HDCP is a specification developed by Intel Corporation to protect digital entertainment content across the DVI/HDMI interface http://www.digital-cp.com/home

35 35 FreeMe – breaks Windows Media RM http://www....com/crypt/drm/freeme/README The software distributed with this README file removes content protection from any Windows Media Audio file (.wma file) that uses DRM version 2 (as implemented in Windows Media Player version 7). … http://www...com/crypt/drm/freeme/Technical This document describes version 2 of the Microsoft Digital Rights Management (MS-DRM), as applied to audio (.wma files). The sources for this material are varied... The basic components of MS-DRM involve use of elliptic curve cryptography (ECC) for public key cryptography, DES for a block cipher, RC4 for a stream cipher, and SHA-1 for a hash function. There is also a block cipher which I haven't seen before, used in the MS-DRM system to build a MAC, or keyed hash function.

36 36

37 37 Microsoft Office Rights Management

38 38 Information Rights Management Platform Server Microsoft® Windows® Rights Management Services Windows Server 2003 Application Information Rights Management (IRM) Office 2003, IE Add On Protection goes with the file File level, each gets its own protection Persistent, goes wherever the file goes Controls Access and Usage Encryption to help restrict access Enforces usage policies in the application, e.g. disables print Can expire content after it is no longer relevant www.microsoft.com/rms Slide graphics: Johann Kurz, Microsoft Schweiz GmbH, May ’04 presentation

39 39 System schematic

40 40 Authorizing user’s UI

41 41

42 42 PC system components

43 43 View of restricted email in Outlook

44 44 File contents

45 45 Server components Server’s Private Key User Keys and addresses User keys come from RMS when created User addresses come from Active Directory, which is required for RMS Permission Templates Logs Logging occurs on creation and issuance of certificates and licenses and is IT controllable. Can be used as an audit trail.

46 46 XrML Summary Vocabulary Principals: Alice, Bob Resources: movie, picture, song Rights: play, edit, print Properties: manager, employee, trusted Licenses and grants license ::= (grant, principal)  Principal p issues/says grant g grant ::= ∀ x1… ∀ xn (cond → conc)  If cond holds, then conc holds conc ::= Pr(p) | Perm(p, r, s)  Pr(p) means principal p has property Pr  Perm(p, r, s) means p is permitted to exercise right r over resource s

47 47 Outline Examine or modify content Content hashing and copyright crawling Watermarking Fingerprinting Regulate use through special content players Apply complex policies, need tamper-proof platform Some examples  MediaMax CD3: restrict access on software players  DVDs: CSS encryption and hardware/software players  Windows Media Rights Management  Office Information Rights Management

48 48

Download ppt "Digital Rights Management John Mitchell CS 155 Spring 2006."

Similar presentations

ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.

ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.
CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.

CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.
The Digital Millennium Copyright Act Questions and Critical Observations Max Vilimpoc Washington Internship for Students of Engineering.

The Digital Millennium Copyright Act Questions and Critical Observations Max Vilimpoc Washington Internship for Students of Engineering.
Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK.

Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK.
Digital rights management Audio watermark Jiamian.

Digital rights management Audio watermark Jiamian.
Rob Farraher Ken Pickering Lim Vu

Rob Farraher Ken Pickering Lim Vu
T O P I C ST O P I C S Uses of Technical Measures Case Studies and Types of Technical Measures The Problem of Hacking and Circumvention Online Music Distribution.

T O P I C ST O P I C S Uses of Technical Measures Case Studies and Types of Technical Measures The Problem of Hacking and Circumvention Online Music Distribution.
1 Copyright Protection Lecture 1:Watermarking and Fingerprinting (passive copyright protection) Lecture 2:Tracing and Revoking pirates. (copyright protection.

1 Copyright Protection Lecture 1:Watermarking and Fingerprinting (passive copyright protection) Lecture 2:Tracing and Revoking pirates. (copyright protection.
Why the DMCA has the right to outlaw numbers

Why the DMCA has the right to outlaw numbers
© 2000 Verance Corporation Verance Audio Watermarking Technologies for Protection of Digital Audio and Video Joseph M. Winograd, Ph.D. Verance Corporation.

© 2000 Verance Corporation Verance Audio Watermarking Technologies for Protection of Digital Audio and Video Joseph M. Winograd, Ph.D. Verance Corporation.
The digital age of information is not yet a done deal and copyright is not the only potential “block” DRM.

The digital age of information is not yet a done deal and copyright is not the only potential “block” DRM.
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.
Blue Spike © 2001 Blue Spike, Inc. - 1 Copyright Protection? What are the technologies which can address copyright management in a world of digital copies?

Blue Spike © 2001 Blue Spike, Inc. - 1 Copyright Protection? What are the technologies which can address copyright management in a world of digital copies?
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 4: Intellectual Property.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 4: Intellectual Property.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Computer Concepts 2013 Chapter 8 Digital Media. 8 Digital Audio Basics  Sampling a sound wave Chapter 8: Digital Media 2.

Computer Concepts 2013 Chapter 8 Digital Media. 8 Digital Audio Basics  Sampling a sound wave Chapter 8: Digital Media 2.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
CSE331: Introduction to Networks and Security Lecture 36 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 36 Fall 2002.
In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

Similar presentations

Ads by Google