Trust & Digital Rights Management DIEHL Eric Security Technology Director CE&SAR 2008, 5 December.

Slides:

Advertisements

Similar presentations

Compliance and Robustness Rules for Windows Media DRM Implementations Microsoft Corporation.

Advertisements

Jose Jimenez Director. International Programmes Telefónica Digital.

1 THOMSON multimedia 2001 ©24 May 2001 Copy Protection System for Digital Home Networks CPTWG – May 24, 2001.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Effective Design of Trusted Information Systems Luděk Novák,

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.

1 Are “Trusted Systems” Useful for Privacy Protection? Joan Feigenbaum PORTIA Workshop Stanford Univ., July 8-9, 2004.

outline Purpose Design Implementation Market Conclusion presentation Outline.

CIS700: Hardware Support for Security Professor Milo Martin

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Law and Economics-Charles W. Upton Why Property Rights.

Anonymizing Web Services Through a Club Mechanism With Economic Incentives Mamata Jenamani Leszek Lilien Bharat Bhargava Department of Computer Sciences.

The 10 Deadly Sins of Information Security Management

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Donald M. Whiteside Vice President, Corporate Technology Group Director, Technical Policy and Standards ITU and EBU Presentation A perspective on trends.

Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.

Tax Compliance Report January 30 th, Major Themes of Study IRS and other states also have income tax compliance issues. Estimating the level of.

Conditions and Terms of Use

Incorporating Cybersecurity Education into the CS curriculum Stephen Cooper, Stanford University.

Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Prof. William Bazeyo, Resource.

Hosted by Heather Tiller TermsTheories Types of government Purposes

SmartRight™ 1 THOMSON multimedia 2001 ©28 November 2001 Copy Protection System for Digital Home Networks Deployment process CPTWG – November 28, 2001.

SmartRight™ 1 THOMSON multimedia 2001 ©11 july 2001 Copy Protection System for Digital Home Networks CPTWG – July 11, 2001.

Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Security protocols and their verification Mark Ryan University of Birmingham Midlands Graduate School University of Birmingham April 2005 Steve Kremer.

Device-independent security in quantum key distribution Lluis Masanes ICFO-The Institute of Photonic Sciences arXiv:

Security Issues in Distributed Heterogeneous Systems Somesh Jha Computer Sciences Department University of Wisconsin Madison, WI

1 Analysis of Consumer Issues and Paths for Concrete Approaches Dr. Carsten Orwat Forschungszentrum Karlsruhe in the Helmholtz Association, Institute for.

Undertakings for collective investment in transferable securities (UCITS) Worldbank Global Development Learning Network The Advanced Program in Accounting.

Complying with Acceptable Use Policies.  AUP  Code of Conduct for Internet Use  Used by Organizations and Businesses  Outlines agreement in writing.

Workshop on Information Security Applications (WISA 2004) Jeju Island, Korea 23 Aug – 25 Aug License Protection with a Tamper-Resistant Token C.N.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.

1 PARCC Data Privacy & Security Policy December 2013.

PRESENTATION TO PORTFOLIO COMMITTEE ON WATER AFFAIRS AND FORESTRY Cindy Damons 28 May 2008 The role of municipalities in managing and giving effect to.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Database Laboratory Regular Seminar TaeHoon Kim Article.

Responsible Transparency MCC’s Experience with Microdata Protection and Dissemination Authors: Stephanie Burch, Heather Hanson, Jack Molyneaux, Jennifer.

Lecturer: Lina Vladimirovna Zhornyak, associated professor.

Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,

Security in Opened versus Closed Systems – The Dance of Boltzmann, Coase and Moore Presented By Chad Frommeyer.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

FATCA (Foreign Account Tax Compliance Act) and CRS (Common Reporting Standards) Next Practice Opportunity. ICAI – Ahmedabad Branch * 30th December 2016.

Single Market Information Tool seen from a business perspective

The Union’s Customs Code: the new European legal basis and its effects on international trade Roma, 7th September Cinzia Bricca Director of the Legislation.

Outline What does the OS protect? Authentication for operating systems

Outline What does the OS protect? Authentication for operating systems

Confidentiality October 14, 2005.

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

For modeling conflict and cooperation Schwartz/Teneketzis

EU Reference Centres for Animal Welfare

Nettest An implementation of BEREC’s recommendations

Forth International Forum

Prepared by: Yazan Metwalli(148371) Moyad Habiballah(137535)

Price Change Monitoring in the Lloyd’s Market From a finger in the air to a finger on the pulse September 2011.

DK presents Division of Computer Science, KAIST

A Distributed Tabling Algorithm for Rule Based Policy Systems

Distributed Digital Rights Management

Presentation transcript:

Trust & Digital Rights Management DIEHL Eric Security Technology Director CE&SAR 2008, 5 December

2 Trust Content Protection Rights Enforcement Rights Management Trust Management IIIIVVIIIXIIIVVIVIIIX Trust No One

3 Outline Trust your model Trust your implementation Trust the greed

Trust your model

5 Trust model Alic e Bob Eve OpenSSL

6 Trust model for DRM Alic e Bob Eve DRM

7 What does it mean? Worst scenario! – The attacker fully controls the host – This is also true in game consoles – Secure coding techniques – Will TPM bring some help? Law 1: Attackers will always find their way Is Open source DRM possible? – C2C – Trusted partners

8 Trust model for a new breed DRM Alic e Bob Authority Clear content DRM

9 What does it mean ? Serious privacy issue – Monitor what you watch Till to proof the business viability

10 Real world model Alic e Bob Eve Ruth

Trust your implementation

12 Compliance & Robustness Regimes Trust model Compliance rules Robustness rules Means for compliance What do we trust What does it have to do What does it have to resist How we force it to comply

13 Tools? Secure implementations – How to test them? – Basic tools for testing typical exploits Key management, side channel attacks, buffer overflow… Robustness – How to resist to attacks? – Does it respect the trust model? – Does it respect the robustness rules?

Trust the greed

15 Economic incentives Some failures – AACS and PowerDVD – Selling hardware and not content Align incentives! – The entity that implements security must suffer from eventual loss.

16 How to solve? Study the economics – Return On Investment – Return On Non Loss Take into account psychology – Prospect Theory Use game theory – Adjust parameters or scenarii to get win-win Nash equilibrium – Adjust business models correspondingly

17 An example: DRM and game theory Pay Steal DRM No DRM DRMNo DRM Pay2,23,1 Steal4, -1 DRMNo DRM Pay5,26,1 Steal4, -1

18 Conclusions Trust is paramount for DRM – Suitable Trust Model – Trust of implementation Fields of research – Trust model for attacker owned platform – Tools to check implementation – Use economics and psychology in design of global system

Thank you for your attention This document is for background informational purposes only. Some points may, for example, be simplified. No guarantees, implied or otherwise, are intended