Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London

Acknowledgement Thanks to Chris Mitchell for for his supervision, invaluable advice and encouragement.

Introduction In this paper we analysed five of the most common schemes that primarily focused on solving the problem of enabling a legitimate licence holder to use an item of content in all devices he/she owns, and simultaneously stop content transfer to devices not owned by the licence holder. The analyses is based on a developed list of requirements from the point of view of consumers, content providers and copyright law.

Agenda Defining the elements of content piracy. Analysing shortcoming of the five most discussed schemes in this area. Proposes a DRM Framework describing the requirements that solve the defined elements of content piracy.

Sends an item of content that can be consumed by 'n' number of devices. R

Problem Definition Most existing schemes try to solve content piracy by creating a domain with limited number of devices. Does that solve the RD problem? Does that solve the LD problem? Does that stop content piracy?

Analysed schemes eXtensible Content Protection (xCP). SmartRight. DRM in a 3G Mobile Phone and Beyond. OMA DRM proposed by the Open Mobile Alliance. DRM Security Architecture for Home Network.

xCP Shortcoming There is no binding between the domain unique key and the domain owner. Limiting the number of devices that can be added to a domain makes the system less flexible for consumers. Every time a domain membership changes or a device is hacked, the domain key must be changed. xCP is based on the broadcast encryption protocol, which requires a licencing agency to produce a Media Key Block (MKB) and assign device keys. This has the effect of increasing the overall cost and complexity of the system. A Media Key Block (MKB) is a large data structure that imposes a significant overhead when moving it between devices and generating the domain key, especially on devices that have limited capabilities.

SmartRight Shortcoming Devices must possess a smart card reader, and should have a Terminal module smart card and/or a Converter module smart card. There is no binding between the network key and the domain owner. The network key is securely stored in Terminal cards. If all Terminal cards are lost or fail, then all existing content will be unusable. If the system is hacked, the current smart cards must be replaced, which is an expensive and time-consuming process. The PPN’s network key can only be transmitted by the Terminal card most recently added to the network. If this Terminal card is lost or stolen, then no other devices can be added to the network.

DRM in a 3G Mobile Phone - Shortcoming Requires establishing a Domain Authority (DA). The DA is in charge of creating, installing and managing the domain key on all the registered devices in a domain. This creates a significant key management overhead, including the need for a secure infrastructure for creating, storing, archiving and transferring domain keys. There is no binding between the domain key and the domain owner.

Shortcoming, Cont. Domain is protected against abuse in two ways: (a) The frequency with which a device is added to or removed from the various existing domains. Monitoring all such additions and removals requires a complex and sophisticated infrastructure, that processes and records potentially huge numbers of events. Moreover, before authorising a device to join a domain, the DA must parse the history log files to ensure the added device is not abusing the system. (b) Domain creation is bound to owner private information. One major problem with this approach is user privacy, as the DA must hold confidential user information. In addition, it still does not prevent people from abusing the system, as the owner can add devices that he/she does not own to his/her domain without giving the password to other entities.

OMA DRM - Shortcoming Each RI is required to define domains for its subscribers, manage domains’ keys, and control which and how many devices are included and excluded from each domain. A device can join multiple domains at the same time, and there is no mechanism to control whose device is assigned to a domain. Each device needs to securely store domains keys, domains identifiers and domains expiry times. Extra secure storage is needed to store these keys, which increases the overall cost and domains management. In order for all domain devices to use all domain content, they must participate with all RIs the domain owner is a member of. This creates more complications and administration procedures from the user’s perspective.

Security Architecture for Home Network - Shortcoming Failed to bind devices with the domain owner. The maximum number of devices that can join a domain depends on hardware factors, such as the maximum storage size on the lowest capable device that is expected to join the domain, which is used to store the domain secure information, e.g. the credential set and the device master key. Adding new devices to a domain once it reaches it is maximum capacity, can only be done by removing other devices, which is inconvenient for users, especially big organisations.

Shortcoming, Cont. The way revocation list is distributed has a great effect on system performance. The Global Device Revocation List (GDRL) is associated with every downloaded item of content; in turn, the download size for the associated GDRL could be larger than the associated content. This increases the total time to download content. In addition to that, the domain-specific revocation list is very difficult to maintain, because it is associated with every item of content in the said domain rather than being stored in a central location. The proposed scheme requires devices to possess a processor and a memory to store domain secret information. In addition, it requires joining devices to possess an I/O component. Backup and recovery policy has not been proposed for domain keys and content.

Analysed schemes

DRM Framework One approach to solving both the RD and the LD problem involves defining a domain specific secret key (K) bound to the domain owner, and shared securely between all domain devices. This key is used to encrypt domain content.

DRM Framework, cont. The RD problem could be solved by introducing two factors into domain management: 1. control both domain size and changes in domain membership. - Domain size can be controlled by limiting the maximum number of devices allowed to join a domain, in such a way that this limit can be changed where necessary. - Changes in domain membership should not affect domain content in any way, such as requiring content or content encryption keys to be re- encrypted whenever a device joins or leaves a domain.

DRM Framework, cont. 2. The second is to ensure that the key K is generated automatically, is bound to the domain owner, and is unavailable in the clear, even to the domain owner. This stops the domain owner from disseminating the protected key K. Consequently, distributing content to a device outside the domain will not enable access to the content unless this device joins the domain to receive K.

DRM Framework, cont. The problem of LD can be solved by ensuring the uniqueness and confidentiality of the key K. In addition, we require that K is bound to the domain owner, in such a way that the domain owner can authorise transferring the key K to other devices whilst joining the domain. Although domain devices possess the key K, but they cannot redistribute it to other devices.

Thank You… Questions?