Security of Digital Rights Management Systems Hugo Jonker
Outline Introduction Supporting techniques Modelling DRM systems Security Closing remarks
Copyright in the digital era Early content protection systems (e.g. cable tv, CSS): –Either full access or no access, no possibility to update access rights –Content supplier also grants access rights Current situation: –Digital versions of music/films/books (content) are being exchanged in various (digital) manners –Existing copy-protection measures (e.g. CSS) are not sufficient New possibilities: –Desire to offer digitised content (e.g. over the Internet) whilst ensuring copy protections after delivery –Interest in offering tailor-made access to content Legal situation Netherlands (2004): uploading bad, downloading not bad Introduction copyright purpose description constraints state Techniques Model Security Closing remarks
Purpose of DRM systems A new content protection mechanism –As desired by those offering content Access control –Not just copy prevention Practical security –In absense of perfect security, settle for practical security (e.g. prevent “break once, run everywhere”, updatable security measures) Introduction copyright purpose description constraints state Techniques Model Security Closing remarks
General description of DRM systems Govern the distribution and protective measures of content –video, audio, tekst, graphics, software Content can only be accessed with a license –More precise: in adherence to a valid license, issued by a bona fide license issuer –License specifies the access rights –License is typically bound to a device –Unlicensed access to protected content should be impossible Network oriented technique –Internet, cable television, cellular phone, CD / DVD Introduction copyright purpose description constraints state Techniques Model Security Closing remarks
Constraints DRM systems (as we consider them) offer: No protection of analogue content –DRM protection ends when content has been rendered No payment mechanisms –As this can be considered a seperate problem Introduction copyright purpose description constraints state Techniques Model Security Closing remarks
State of DRM development Existing systems: –Apple: iTunes (music) –Microsoft: MS Media DRM (music, audio/video), MS Reader (text) –Adobe: eBooks (text) Standards: –XrML, ODRL (right expression languages) – (metadata) –OMA (cellphones) Developments by: –Open Mobile Alliance (cellphones) –MPEG, OpenIPMP, SDMI, SMPTE, ISMA, OeBF, CRF, OASIS (IT industry) Note: there is not one standard DRM system, nor a DRM system which is market leader on all markets Introduction copyright purpose description constraints state Techniques Model Security Closing remarks
Supporting techniques
General goals: –Updatability –Interoperability Specialised techniques –Content identification: DOI, watermarking, fingerprinting –Stating rights: Right Expression Language, Rights Data Dictionary (REL, RDD) –Cryptography: secure container –Security enabling: hard/software Trusted Computing Base (TCB) –Traitor tracing Introduction Techniques supporting techniques content identification rights expression cryptography TCB Model Security Closing remarks
Content identification Digital Object Identifier (DOI) –Lookup system using codes, similar to bar codes –DOI number identifies content, but must be supplied with content Watermarking –Embedding information in content without disturbing perception of content –Embedded information can be used to identify content (e.g. a DOI) Fingerprinting –Identifying content based on perceptual equivalence Introduction Techniques supporting techniques content identification rights expression cryptography TCB Model Security Closing remarks
Rights expression Rights Expression Language (REL): syntax of the license Rights Data Dictionary (RDD): semantics of the REL Two main contenders: Open Data Rights Language (ODRL) –open standard, supported by OMA eXtensible rights Markup Language (XrML) –proprietary standard from Contentguard, supported by MPEG, Microsoft Both are XML-based Introduction Techniques supporting techniques content identification rights expression cryptography TCB Model Security Closing remarks
Cryptography Various uses of cryptography In communications –Authentication, secure channel For a secure container –(possibly conceptual) container consisting of the encrypted content, metadata describing content, and possibly access rights for the content –Seperate encryption from key management –Secure container can be exchanged unlimited Introduction Techniques supporting techniques content identification rights expression cryptography TCB Model Security Closing remarks
Trusted Computing Base Trusted computing base A component that provides a trusted platform on which computations are performed Computations cannot be inspected nor disturbed Traditionally implemented in hardware (e.g. smartcards) Software TCB conceptually impossible, but practically feasible Requirements: –code tamper resistance –data tamper resistance (secure storage) –key hiding Introduction Techniques supporting techniques content identification rights expression cryptography TCB Model Security Closing remarks
Modelling DRM systems
Possible components Content packaging Media server License server Content registration server Authentication server Payment gateway DRM tools server User interface Introduction Techniques Model possible components MOSES / OpenSDRM derived model process model Security Closing remarks
MOSES / OpenSDRM Content Packaging server Registration server Authentication server License server e-Commerce server Media delivery server DRM Tools server Payment gateway connection storage player video driver audio driver video card display hardware analogue out sound card audio hardware analogue out Server sideUser side Introduction Techniques Model possible components MOSES / OpenSDRM derived model process model Security Closing remarks
Derived model (old) packager license secure container network interface storage player video driver audio driver video card video output device sound card audio output device network trusted computing base distributor’s side content provider analogue output user’s side Introduction Techniques Model possible components MOSES / OpenSDRM derived model process model Security Closing remarks
Process model Introduction Techniques Model possible components MOSES / OpenSDRM derived model process model Security Closing remarks
Security
Intruder model –Typical intruder threat for entire DRM systems stronger than Dolev / Yao –Dolev / Yao seems adequate for protocols Security goals –Theory focuses on complete(?) security –Practice: not per se so strict E.g. iTunes allows creating CD’s which could then be “ripped” Security requirements
Method 1.Stakeholder analysis Establish core roles and incentives 2.Establish (high level) properties Use concepts of DRM systems (see process model) to translate the incentives into properties 3.Derive (low level) security requirements Use process model Introduction Techniques Model Security method stakeholder analysis high-level properties security requirements Closing remarks
Stakeholder analysis Parties: media company, developer, user, reseller,... A party can play more than one role Three core roles: user, license creator, content creator Incentives of the content creator –support new business models (e.g. bundling of content) –Offer revenue-generating alternative to downloading (opens new market) Incentives of the license creator –Offering tailor-made access (new market) –Low overhead compared to physical devices (CD / DVD) Incentives of the user –Legitimate and known-quality content (compared to downloading) –Ease of use –Pricing can be more fine-grained Introduction Techniques Model Security method stakeholder analysis high-level properties security requirements Closing remarks
High-level properties Content creator 1.Content is only accessible under the conditions of a valid license issued by a bona fide license creator (includes binding of license to device) License creator 1.The above 2.The impact of breaking the system must be constrained User 1.Ordering licenses / content requires user participation 2.Content nor licenses can be linked to the user Introduction Techniques Model Security method stakeholder analysis high-level properties security requirements Closing remarks
Security requirements Content cannot be eavesdropped Secure communications Content will only be rendered –if a valid license for the content and the renderer is available –if all conditions of such a license have been met The manager / renderer ‘s inner workings cannot be influenced Secrets stay secrets –E.g. cryptographic keys used by manager / renderer Prevent “break once, run everywhere” Updatability... Introduction Techniques Model Security method stakeholder analysis high-level properties security requirements Closing remarks
Further research Application of security requirements Formal verification of the correctness of used protocols –Secrecy, authentication Formal verification of other security properties of protocols –E.g. privacy Formal specifications pertaining to TCB Questions?