Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Rights Management and Trusted Computing Kari Kostiainen T-110.7200 Special Course in Operating System Security April 13 th 2007.

Published byBernard Reynolds Modified over 8 years ago

Similar presentations

Presentation on theme: "Digital Rights Management and Trusted Computing Kari Kostiainen T-110.7200 Special Course in Operating System Security April 13 th 2007."— Presentation transcript:

1 Digital Rights Management and Trusted Computing Kari Kostiainen T-110.7200 Special Course in Operating System Security April 13 th 2007

2 First paper: Enabling fair use with trusted computing (unpublished draft)

3 Motivation Good DRM system should enable various use cases Listening a song three times before purchase Renting a movie so that it can be watched only once Moving a purchased song from one device to another Enforcing this kind of stateful licenses is difficult in open platforms Reverting the system to a previous state is easy  the movie can be watched again Existing solutions are not satisfactory Obfuscation and rootkits Online solutions Dongles and smardcards This paper presents an architecture that enables enforcement of stateful licenses on open platforms using trusted computing

4 Security objectives License integrity and enforcement All parties must enforce licenses and unauthorized alteration must be infeasible Freshness Replay-attacks must be infeasible License availability Usage without online connectivity must be possible Privacy The system should preserve users’ privacy

5 System model Strong isolation between compartments Trusted channels bound to configurations of compartments In principle all compartments could be located on different machines

6 Implementation Hardware layer: normal PC hardware with TPM Virtualization layer: based on L4-family microkernels (Xen could be used as well) Trusted software layer: based on PERSEUS security architecture Application layer: legacy operating system (para-virtualized Linux) and security critical applications

7 System startup Normal TPM-based boot sequence BIOS measures master boot record (MBR) before giving control to it MBR measures kernel before giving control to it and so on… Uses modified GRUB boot loader The Compartment Manager (CM) measures other compartments, legacy operating systems and applications before executing them

8 Establishing trusted channels TPM creates cert BIND using AIK TPM creates PK BIND and SK BIND RC compares to known comp_conf LC and TCB_conf RC creates a secret key sk TPM verifies that TCB_conf is same TM verifies that comp_conf LC is same Verify signature using AIK

9 Secure storage overview Storage Manager maintains metadata index that logs usage of securely stored items To maintain freshness the index also manages a software counter that is incremented synchronously with TPM 1.2 monotonic hardware counter  Provides protection against attacks that try to revert into previous state

10 Using secure storage Sealed against TCB configuration Same TCB configuration TPM counter check missing?

11 Second paper: Enabling advanced mobile DRM scenarios N. Asokan and Jan-Erik Ekberg

12 Example use case Timo has purchased a song using his mobile device Anna would like to listen the song as well Timo transfers the song to Anna’s device for limited free listening If Anna wants to continue listening she must commit to purchasing the song for herself Constant online connectivity should not be needed How to implement a system like this that provides flexible and fair use of purchased content without allowing unauthorized use?

13 Conceptual architecture DRM device is a tamper-resistant module Protocol engine contains the actual DRM enforcement logic Different payment methods can be plugged into this architecture

14 Types of rights and transfers Each piece of content has two types of rights Usage rights that govern local use Transfer rights that specify how new rights can be created for different devices Different kind of transfers are possible: Give: once the right is transferred the original device cannot use the content anymore Copy: a new right is created for the new device

15 Vouchers determine rights Each piece of content is encrypted with a content key Rights for a piece are embodied in a voucher that contains Description of content Description of rights Content key encrypted using public key of target device Sequence number for freshness MAC for integrity When rights are transferred the sending device creates a new voucher for the target device Sending device must check that target device is compliant

16 Metering and reporting new rights Creation of new rights must be metered and reported Otherwise, unauthorized copying could take place New created right can be either sender-reported or receiver-reported Preview vouchers are special case of receiver-reported voucher Unreported voucher is marked as report-pending When a proof of reporting is inserted into device, the report-pending voucher is converted into an unconstrained one If the number of report-pending vouchers exceeds a certain limit, the device could be disabled in some fashion

17 Lifecycle of vouchers

18 Rights transfer protocol

19 Requirements from platform The user cannot make modifications in the OS kernel OS processes cannot access each other’s memory areas Small tamper-resistant secure storage for kernel which can be used to bootstrap larger secure storage Process claiming to be DRM engine must be authenticated Integrity checks could be used

20 Implementation

21 Own thoughts about these paper and DRM in general:

22 Own thoughts The DRM system should be flexible, so that users can consume legally purchased content on all of their devices This means that all devices should be compliant  all devices should have TPM or something similar Will device manufacturers put TPM to 20 € MP3 player? I don’t think so Thus, these schemes do not seem promising for music If TPMs get very popular in PCs use cases like enforcement of software license or video rental might work But even then it would be difficult to get all audio and video device drivers accepted

23 Thank you!

Download ppt "Digital Rights Management and Trusted Computing Kari Kostiainen T-110.7200 Special Course in Operating System Security April 13 th 2007."

Similar presentations

Operating Systems Components of OS

Operating Systems Components of OS
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Computer Software 3 Section A Software Basics CHAPTER PARSONS/OJA

Computer Software 3 Section A Software Basics CHAPTER PARSONS/OJA
Vpn-info.com.

Vpn-info.com.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Implementing an Untrusted Operating System on Trusted Hardware.

Implementing an Untrusted Operating System on Trusted Hardware.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.

Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”

Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
1 Web Server Administration Chapter 3 Installing the Server.

1 Web Server Administration Chapter 3 Installing the Server.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Applied Cryptography for Network Security

Applied Cryptography for Network Security

Similar presentations

Ads by Google