Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Principles of Information Security, 2nd edition1 Cryptography.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.
Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Installing and Troubleshooting Hardware Device and Drivers Chapter 6 powered by dj.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Week #7 Objectives: Secure Windows 7 Desktop
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
DRM Building Blocks - Protecting and Tracking Content Adopted from Chapter 5, Digital Rights Management Business and Technology.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Cryptography, Authentication and Digital Signatures
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Chapter 21 Distributed System Security Copyright © 2008.
Module 7: Managing the User Environment by Using Group Policy.
Module 9: Fundamentals of Securing Network Communication.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK
Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Creating and Managing Digital Certificates Chapter Eleven.
Digital Rights Management and Trusted Computing Kari Kostiainen T Special Course in Operating System Security April 13 th 2007.
Digital Rights Management for Mobiles Jani Suomalainen Research Seminar on Telecommunications Business II Telecommunications Software and Multimedia Laboratory.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
NTHU CS ISLAB 國立清華大學 資訊工程研究所 資訊安全實驗室 Digital Rights Management in a 3G Mobile Phone and Beyond Thomas S. Messerges Ezzat A. Dabbish Speaker:Wu.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
© 2015 Digital Rights Management in a 3G Mobile Phone and Beyond Thomas S.Messerges, Ezzat A. Dabbish ILKOO LEE.
Unit 3 Section 6.4: Internet Security
Outline What does the OS protect? Authentication for operating systems
Outline What does the OS protect? Authentication for operating systems
Install AD Certificate Services
PLANNING A SECURE BASELINE INSTALLATION
Erica Burch Jesse Forrest
Presentation transcript:

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk

Introduction DRM Concepts and Strategies Our DRM System DRM Manager Trusted Application Agents Security Agent DRM Credential Security Issues Family Domain Example Use Cases Conclusion

3G mobile phone High communication rates 144K ~ 2Mbps Personal Area Networking capability P2P sharing of digital item over short-range networks High Internet Connectivity Losses from piracy Digital Rights Management(DRM) will be an important component for future Mobile phone

License File Metadata Usage Rules Encrypted Key Hash Signature Protected Content File Encrypted Content With key in license file DRM System Rendering Software DRM Services

MAC of RO Protected RO RO Rights Content Encryption Key (CEK) Permission Digest of Content Content ID Digital Signature of Rights (optional) Right Encryption Key (REK) and MAC Key Decrypt

How to interface the DRM and security S/W with the phones OS and applications Two approaches of Schnecks paper Replace the I/O elements of OS with new modules Hyperadvisor Our approach The OS is extended to support DRM functionality Access these extended system services through API

Authenticate Licenses and Content Before use protected digital content Need to verify the integrity and authenticity of the license file Computation of hash in the license file Verifying the signature of the license Enforce Rights Application can ask the DRM manager To do Actions like Play, display, copy Actions can be associated with 3 fundamental types of rights Render rights, Transport rights, Derivative work rights Some additional events Need to use a secure database to track events Rights to an action are assigned to a device Decrypt Content

Access and manipulate decrypted content Rendering Agents Provide application to render the protected content Provide the low-level driver Convert the digital data The execution of a DRM-protected software application is categorized as a rendering operation Transport Agents Provide services that move content from one location to another The establishment of a Secure Authenticated Channel(SAC) with help of security agent Derivative Work Agents Used to extract and transform protected content into a different form Installation of DRM-protected software or data

Memory and file management Access-controlled file system Store decrypted digital content Store a secure database Encrypted private keys and data Memory separation system Configure a hardware monitor to define available memory area to task Secure memory system Prevent critical data from leaking out of the system Linked to tamper detection circuitry Cryptographic operations Symmetric key Hash Public key Key/Certificate manager Securely handling a database of the phones credentials (keys, certificates, ID)

Serial number Unchangeable number that identifies the phone Model number Number that identifies HW and SW version Root key Check the authenticity and integrity of the credentials Private keys and Certificates KuPri and UniCert Used for establishing Secure Authenticate Channel(SAC) to a phone KdPri and DRMCert Used for assigning content to a device Content encryption key is encrypted with KdPub and decrypted with KdPri

License Four essential items A hash value that links the license to the digital item The rights allowed for that digital item A key to decrypt the digital item A signature of the license Integrity and Authenticity Established through a Public-Key Infrastructure(PKI) or a shared secret Rights Enforcement DRM manager needs to parse the license file and recognize rights expressions DRM manager needs to be able to recognize the version of the license file Content Protection Privacy Issues User information and identity in a license must not disclosed without the consent of the user

Consumers wish to user content on any of their devices Suitable for devices with limited or no networking capability Device only needs to register with DA once and can access to all the content in a domain with domain private key

Our proposed DRM framework is also applicable to other devices PDA, set-top box, automobile, or a PC Family domain concepts could be make content be more seamlessly shared amongst all devices

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.