Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

Published byRyan Hellams Modified over 9 years ago

Similar presentations

Presentation on theme: "Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University."— Presentation transcript:

1

2 Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University

3 DRM2 This talk…  What is DRM?  Overview of MediaSnap DRM system  Other DRM systems  Conclusions

4 DRM3 What is DRM?  “Remote control” problem  Digital book example  Digital music, video, documents, etc.  Privacy

5 DRM4 Persistent Protection  Restrictions on use after delivery  No copying  Limited number of reads  Time limits  No forwarding  etc.

6 DRM5 What to do?  The honor system (The Plant)  Give up (HIPAA, etc.)  Lame software-based DRM  Better software-based DRM  Tamper-resistant hardware http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html

7 DRM6 The hype  “Our solutions let enterprises control their confidential information at all times, even after the recipients receive it.” --- Authentica  “Seal confidential digital documents and protect you business against intellectual property theft indefinitely.” --- SealedMedia

8 DRM7 Is crypto the answer?

9 DRM8 Current state of DRM  Security by obscurity (at best)  Secret designs (Kerckhoff’s Principle?)  Crypto is king  “Whoever thinks his problem can be solved using cryptography, doesn’t understand his problem and doesn’t understand cryptography.” --- Attributed by Roger Needham and Butler Lampson to each other

10 DRM9 MediaSnap’s DRM system SSecure Document Server (SDS) PPDF plugin (or reader) SSecurity stuff…

11 DRM10 Protecting a document SDS Recipient Sender encrypt persistent protection

12 DRM11 Tethered mode SDS Recipient Sender key

13 DRM12 Untethered mode SDS Recipient Sender key

14 DRM13 Security issues  Server (SDS)  Protect keys, authentication data, etc.  Apply persistent protection  Client (Reader/PDF plugin)  Protect keys, authenticate, etc.  Enforce persistent protection

15 DRM14 Document reader security Obscurity Tamper-resistance

16 DRM15 Anti-debugger Encrypted code Tamper-resistance

17 DRM16 Obscurity  Key management  Authentication  Caching (keys, authentication, etc.)  Encryption and “scrambling”  Key parts (data and code)  Multiple keys

18 DRM17 Other MediaSnap features  Module tamper checking (hashing)  Anti-screen capture  Watermarking  “Unique-ification”

19 DRM18 Other possibilities  General code obfuscation  Code “fragilization” (guards)  OS issues

20 DRM19 Make fun of DRM systems  Patently obvious  Crypto claims  Sillyness  “Respect” model  MS-DRM

21 DRM20 InterTrust “…a company whose business model appears to rely entirely on legal filings against Microsoft.”

22 DRM21 Crypto claims Q: How does Atabok security compare to the competition? A: The majority of service providers offer the ability to encrypt at 128- bits. Atabok encrypts your content with 256-bit encryption, which is exponentially more secure.

23 DRM22 Sillyness  secretSeal’s five “radical innovations”  hieroglyphic passwords  variable-length encrypted keys  morphogenetic encryption algorithm  no encryption formula in software  the use of public keys

24 DRM23 The respect model Adobe eBooks --- “It is up to the implementors of PDF viewer applications to respect the intent of the document creator by restricting access to an encrypted PDF file according to passwords and permissions contained in the file.”

25 DRM24 MS-DRM (version 2)  Weak proprietary block cipher (MultiSwap) used for hashing  No controlled execution  No obfuscation, etc.

26 DRM25 Conclusions  Current DRM systems are weak  Ideal software-based DRM…  Individual content is non-trivial to attack  Overall system survives repeated attacks  Is this possible?

27 DRM26 More info…  M. Stamp, Digital rights management: The technology behind the hype, Journal of Electronic Commerce Research, http://www.csulb.edu/web/journals/jecr/issues/20033/paper3.pdf http://www.csulb.edu/web/journals/jecr/issues/20033/paper3.pdf  M. Stamp, Risks of digital rights management, Communications of the ACM, http://www.csl.sri.com/users/neumann/insiderisks.html#147 http://www.csl.sri.com/users/neumann/insiderisks.html#147  M. Stamp, Digital rights management: For better or for worse?, ExtremeTech, http://www.extremetech.com/article2/0,3973,1051610,00.asp http://www.extremetech.com/article2/0,3973,1051610,00.asp

Download ppt "Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University."

Similar presentations

ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.

ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.
Digital Rights Management © Knowledge Books & Software, 2012.

Digital Rights Management © Knowledge Books & Software, 2012.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Software Part 4  Software 2 Software Reverse Engineering (SRE)

Software Part 4  Software 2 Software Reverse Engineering (SRE)
This presentation will take a look at to prevent your information from being discovered by and investigator.

This presentation will take a look at to prevent your information from being discovered by and investigator.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Digital Rights Management © Knowledge Books & Software, 2012.

Digital Rights Management © Knowledge Books & Software, 2012.
Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.
Cryptography The science of writing in secret code.

Cryptography The science of writing in secret code.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Startup 1 The Life and Death of a Silicon Valley Startup Company Mark Stamp Department of Computer Science San Jose State University.

Startup 1 The Life and Death of a Silicon Valley Startup Company Mark Stamp Department of Computer Science San Jose State University.
The MediaSnap ® Digital Rights Management System Priti Sabadra and Mark Stamp Department of Computer Science San Jose State University.

The MediaSnap ® Digital Rights Management System Priti Sabadra and Mark Stamp Department of Computer Science San Jose State University.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Similar presentations

Ads by Google