Presentation is loading. Please wait.

Presentation is loading. Please wait.

DRM: Technology overview Keunwoo Lee CSE 590 SO 19 April 2005.

Published byEmmeline Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "DRM: Technology overview Keunwoo Lee CSE 590 SO 19 April 2005."— Presentation transcript:

1 DRM: Technology overview Keunwoo Lee CSE 590 SO 19 April 2005

2 Outline Trends in technology of copying Goals of DRM Security basics Three DRM technologies Questions

3 Trends in technology of copying Kucher et al., Self-Protecting Digital Content

4 Goals of DRM Problem: Anything that can be done to bits, can be done by a general-purpose computer Some people want to give you bits, but want to prevent you from doing certain things with them: –Redistribution –Public performance –Derivative works –Permanent storage –… (Call these restrictions the policy.) The DRM Dream: make it “hard enough” for users to violate policy without permission

5 Security basics DRM is a security measure (it protects the confidentiality and integrity of certain data) “Security” is not a binary property; it can only be measured in terms of tradeoffs and costs in a particular context: Q1. What is the the resource being protected, and how much is it worth? Q2. What are the expected attacks? Q3. How well do the available security measures stand up against these attacks? Q4. What is the cost of these measures?

6 A short detour into cryptography Encryption Digital signatures Watermarks

7 Encryption Symmetric: Public-key: +) encryption decryption + + encryptiondecryption + Public key Private key ) ) )

8 Digital signatures + signing Private key Public key + X OK verification +) ) ) + X ) a a a a b

9 Watermarks +ID ) watermarking 15 7 9 9 detection ) ) ) ) 9 15 9 7

10 DRM as a security problem Q1: What is the resource being protected, and how much is it worth?

11 DRM as a security problem Q2: What are the expected attacks? Brute-force decryption Analog capture Software: –Key recovery –Plaintext memory read Hardware: –Key recovery or plaintext capture

12 Attacks in detail Brute-force decryption –Attack cryptographic algorithm directly to recover plaintext –Infeasible for well-designed cryptosystems Analog capture –Render into human-consumable form using provided mechanisms, and capture using other equipment –Always feasible –May be inconvenient, and result in minor loss of quality, metadata, or features

13 Attacks in detail (2) Software: key recovery or plaintext memory read –Systems usually require that unencrypted keys and/or plaintext be transmitted and/or reside in memory Cory Doctorow: “Alice has to provide Bob --- the attacker --- with the key, the cipher, and the ciphertext. Hilarity ensues.” –In most computers, always possible to inspect any location in memory –Hence, user can, in principle, always circumvent software-only DRM solutions by this attack

14 Attacks in detail (3) Hardware attacks: –To defeat software attacks, some functions can be “locked up” in hardware –Hardware is harder for user to inspect/modify than software –If hardware is designed naively, user can probe hardware to extract keys or plaintext, or “trick” hardware into doing things it should not

15 Constructing DRM systems Q3. How well do the available security measures stand up against these attacks? Consider 3 example systems: FairPlay Content Scrambling System Self-Protecting Digital Content

16 FairPlay (Apple iTunes) Policy: user may –Copy tracks to any iPod or burn to any CD –Play tracks on 5 computers –Burn playlist to CD up to 7 times without changing the playlist + ) Track master key Encrypted track Plaintext music file + User key iTunes server user Track master key ) Encrypted master key +) + ) iTunes client software Client machine OS sound driver Sound card Speakers

17 Content Scrambling System (DVDs) Policy: user may decrypt content on licensed device Architecture: DVD data divided into “titles” Each title encrypted with a title key Each title key encrypted with a disc key, and placed on disc Disc key copied 409 times, each encrypted with a different one of the 409 player keys, and all encrypted copies placed on disc One or more player keys distributed to each licensed device manufacturer +) … +) … + + + + … ) DVD DVD drive DVD producer Title keysTitles Disc keyTitle keys Player keys Disc key copies

18 Attacks on CSS Key recovery attack: –Can compromise one player, get the key, and decrypt all DVDs –“Break Once, Break Everywhere” (BOBE) Memory attack: –DVD-ROMs are attached to general-purpose computers; can read video out of memory buffer during playback Analog attack –With appropriate adapters, can plug video out into VCR. Note: CSS doesn’t really prevent copying anyway; DVD ciphertext can be copied without ever decrypting contents.

19 Self-Protecting Digital Content [Kucher et al.]

20 SPDC: End-to-end security

21 SPDC: Attacks Safe from software key recovery and memory read attacks: –key and plaintext never leave secure environment on chip, and so never appear in memory accessible to general-purpose computer Hardware attacks: –Can build (imperfectly) tamper-resistant hardware –Even if attack succeeds, may compromise existing content only; future content uses different encryption schemes –Can add more features for extra security e.g., require content to “phone home” over net to authenticate that hardware/software environment has not been compromised Analog attack: can put a camcorder in front of the monitor

22 Aside: a note on watermarks Watermarking can be applied to content independently of other DRM schemes Watermarks can usually be erased by clever users or clever software Still, some users are too dumb to use clever software, so watermarks may yield some forensic benefits

23 DRM as a security problem Q4: What are the costs of these security measures? …for content producers? …for device manufacturers? …for technical innovators? …for honest consumers?

24 Questions Given the prerequisites for a SPDC system, is there a path to probable market acceptance of strong DRM? What is the real effect/value of weak DRM? Are there restriction policies that users of e- books might consider “reasonable”? –Consumers? –Scholarly users? –Public libraries? –Users with accessibility needs? –Hackers?

Download ppt "DRM: Technology overview Keunwoo Lee CSE 590 SO 19 April 2005."

Similar presentations

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Introduction to Modern Cryptography Instructor: Amos Fiat Strongly based on presentation and class by Benny Chor School of Computer Science Tel- Aviv Univ.

Introduction to Modern Cryptography Instructor: Amos Fiat Strongly based on presentation and class by Benny Chor School of Computer Science Tel- Aviv Univ.
DRM & Key Revocation By David Coleman. DRM & Key Revocation ► Digital Rights Management – A system for controlling the use of content ► Key Revocation.

DRM & Key Revocation By David Coleman. DRM & Key Revocation ► Digital Rights Management – A system for controlling the use of content ► Key Revocation.
CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT

CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT
C opyright Protection and Digital Rights Management 1.

C opyright Protection and Digital Rights Management 1.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Database Key Management CSCI 5857: Encoding and Encryption.

Database Key Management CSCI 5857: Encoding and Encryption.

Similar presentations

Ads by Google