Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Seven – Digital Rights Management February 23, 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Applications Trusted computing is there to support specific applications with specific policies that might be hard to enforce on machines outside of the control of the entity needing the policies enforced. The first of the applications we will discuss is the one most closely tied to trusted computing. –Digital rights management (DRM)

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE TC Applications and Policy The issues that are addressed by most applications are issues of policy. TC is able to better support many of these policies than can be supported without TC. DRM is all about policy –Who can access protected content. –What they can do with protected content. –How long they can do it for. –TC is what protects the content from being accessible to applications that will not enforce the policies.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Protected Interests DRM primarily protects the content provider or content owner. –That content will not be accessible to applications that do not enforce content provider specified restrictions on access. Typical DRM does not consider protection for other interests that SHOULD be protected: –That the users private data is not disclosed or used for other than purposes agreed to. –That added software to which the user does not agree is not installed on their system. –That the user should be able to access content to which they have legitimate access even if the provider changes their mind.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Negotiation of Interests User’s can choose to relinquish some right in exchange for others: –Reduced cost –Ability to access needed data. Such negotiation should be based on informed acceptance. It should be based on balanced interests, though often it will not.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE DRM Today Software –Usually through code obfuscation –Licensing keys –Hardware dongles Media (audio / video) –Encryption ▪Embedded keys (obfuscated or hardware) –Programs or devices enforce policy Problems with approaches –Often cracked –Special program embed extra behavior –Lack of portability across devices

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE DRM Problems Often cracked Special program embed extra behavior Lack of portability across devices The Analog hole

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE DRM Problems Cracking of DRM –Often just a matter of de-obfuscation –Find keys embedded in software –Find keys embedded in hardware and distributed among others –Inability to distribute new keys means it is hard to revoke the keys that have been stolen –Inability to change encryption on existing instance of objects causes similar problem.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Blu-Ray and HD-DVD Crack The keys were discovered –Initially, just the keys for individual titles, which allowed decryption of the disks and dissemination of content. –More recently, the processing key discovered, that which enables decryption of all the disks made. –Determined by recording changes to certain parts of memory during startup. –Example of de-obfuscation.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Bonus Code DRM enabling application often –Collect usage information, sometimes for marketing purposes. –Slow down your system. –Like to stay resident when not using the protected content. –Report back about what else is installed. –Enable automatic updates (downloading of new versions). –Have been known to open your system to other malicious activities – whether intentionally or through carelessness.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE No Portability Each content distributor has its own stack that works with its own content. –Doesn’t allow integrated management by users. –Requires lots of extra software. But this is a standards issue, and isn’t necessary fixed by TC.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE The Analog Hole Once content is “scanned” outside the protected devices, it can no longer be controlled. –Protections are removed. Industry wants to make everything DRM enabling. –Whether for access to content or not. –Imposes costs on others. –No longer “negotiated”.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE User perceived DRM Problems From Wired –Region coding – even though fair use, forces one to breach technical measures. –Disabling functionality in Verizon phones. –Subsequent changes to ability to access that which one has paid for.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE How TC can help Reduce reliance on obfuscation. Base policies can be enforced in common by OTS software, not different policies for each content stack. Possibility to raise the point of commonality of policies to provide better portability. –But it is a hard human problem and might not be possible.