Digital Rights Management with Consumer Interests 逢甲大學資工系 教授 李維斌 Nov. 06, 2009
2 Outline Introduction What is DRM? Preferences of digital users Overview of content portability schemes Consumer’s private key Smart card Biometric The proposed DRM scheme with consumer interests Conclusions
3 Revenue growth vs. loss in DRM Revenue growth The global entertainment and media industry grows fast at a CAGR of 6.6% to $2.2 trillion by (Source: PricewaterhouseCoopers, 2008) Loss caused by piracies in 2008 PC software piracy rate is 38%. (Source: BSA, 2008) Music piracy rate is around 95 %. (Source: IFPI, 2009)
4 What is DRM? A technical measure used to protect copyrighted contents from any copyright violation of intellectual property Be named “Digital Rights Management” A restraint on consumers “freedom” when using content Be a very negative connotation associated with draconian restrictions on usage rights Be named “Digital Restrictions Management”, “Digital Restrictions Malware”, or “Digital Handcuffs”
5 Typical DRM model Protected Content (1) Usage Rule+ Content Key (2) (3) License(4) Content Owner Distributor Consumer License Server DRM Agent
6 Microsoft’s DRM Protected Content (1) Usage Rule+ Content Key (2) (3) License(4) Content Owner Distributor Consumer License Server DRM Agent
7 Apple FairPlay Digital Content Usage Rule + Content Key License(3) iTunes Music Store Consumer iTunes Client Protected Content (1) (2) iPod nano iPod iPod touch iPhone
8 Why consumers’ interests must be considered in the design of DRM? Violations of consumers’ interests Tie license to a limited device Microsoft’s DRM Cannot provide super-distribution Apple FairPlay Discourage consumers from using the related service again Awkward predicament Bear the risk of restraining the growth potential of digital content industries Require to sell DRM-free music (Steve Jobs, 2007)
9 Microsoft’s DRM Apple FairPlay DRM game C V Purchase Download Technical Protection No Technical Protection C V g1 No Sharing Sharing Action No Action g2 g3 No Sharing Sharing Action No Action g4 C V Sharing No Sharing Action No Action Conditional Technical Protection C C V V V: Content Owner C: Consumer
10 Would you agree or not agree to the following? Fully disagree Important to transfer files between devices I want to share music with friends and family Listening is more important to me than storing I am afraid that files will be unusable in future (in % of digital music users) (4,852 European consumers ) Disagree somewhat Agree somewhat Fully agree I want to resell purchased files 1541 Preferences of digital users 10 (Source: INDICARE/Berlecon Research, 2005) 4 5 Microsoft’s DRM Apple FairPlay
11 DRM and law (to protect consumer interests) DRM and the law in EU Private copying exception Consumers who want to make a private copy for personal use will be not obliged to acquire the content owner's permission before doing so. The purpose of the copy may not be commercial. It is allowed that the consumer makes copying of legitimately obtained content on any device for private use.
12 To protect consumer interests (Content portability) (1/2) Tie the license to the authorized consumer instead of specific device Be bound to consumer’s private key (Löytynoja et al., 2003) (Chen et al., 2008) Be bound to smart card (Lee et al., 2007 ) (Sun et al., 2007) (Chen and Lee, 2008)
13 Challenges in the scheme with consumer’s private key or smart chard Share private key with other consumers May be duplicated, such as smart card cloning
14 To protect consumer interests (Content portability) (2/2) Be bound to biometrics European Union’s report stated “…biometrics might be useful for DRM to replace code and/or password protected files in everyday life in year 2015”. Biometric traits Need not remember Be extremely difficult to copy, share, and forge Require the consumer to be present
15 (Source: Zhang et al. 2006) Biometrics-based key release The content key is released if and only if the offered biometric sample matches the biometric template. (Wang et al., 2007) and (Zhang and Zhang, 2004) Biometric Matcher Biometric Template Key Decision Retrieve Key Key End Offer Biometric Sample Accept Reject
16 Completely decouple consumer authentication and key release in “biometrics-based key release” Be vulnerable to Trojan horse attacks. (Source: Uludag et al., 2004) Be costly if online connection to a remote storage is required every authentication Be insecure because of theft of biometric template stored locally Challenges in “Biometrics-based key release”
17 Turning biometric into key Biometrics-based key generation Extract/generate cryptographic key from biometrics Challenge Not reproducible precisely each time biometric is measured Acceptable biometric key length Biometric Fuzzy Extractor
18 The key length directly extracted from biometrics 140 bits with acceptable recognition performance (Hao et al., 2006) 938 bits with FRR=0.52% and FAR=0 (Zhang et al., 2009)
19 PinSketch Sketch Given an input set A of any number of (nonzero) m-bit strings and a parameter t, the program “sketch” will produce as output a sketch of A of size tm bits. (Source: Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “Fuzzy Extractor: How to Generate Strong Keys from Biometrics and Other Noisy Data,” SIAM Journal on Computing, Vol. 38, No. 1, pp , 2008.)
20 Biometric fuzzy extractor Key generation Extractor A Key Generation Public Store PinSketch Sketch s Fuzzy Generation
21 PinSketch Differ Then, if the size of the symmetric difference between sets A and B is at most t, the program “differ” will find the symmetric difference between A and B given only B and the sketch of A. (Source: Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith, “Fuzzy Extractor: How to Generate Strong Keys from Biometrics and Other Noisy Data,” SIAM Journal on Computing, Vol. 38, No. 1, pp , 2008.)
22 Key reproduction Key Generation s Public Store B PinSketch Differ dis(A, B) < t Extractor Reject YesNo Fuzzy Reproduction A
23 For example Assume A = {10, 21, 23, 33} Give s and B = {11, 21, 23, 33} 1. Set Difference = {10, 11} 2. if n in B and Set Difference, delete n in the both. SD = {10}; B’ ={21, 23, 33} 3. Recover A = {SD, B’ } = {10, 21, 23, 33} PinSketch Differ s B A Set Difference SD Recover B’
24 The proposed DRM scheme with consumer’s interests Preliminary Protected Content Usage Rule+ Content Key Content Owner Distributor License Server
25 (s, ) Registration phase License Server Consumer Fuzzy Generation A s Key Generation
26 License obtainment phase License Server Consumer License
27 Play phase Consumer License Fuzzy Reproduction A s Key Generation Public Store (s, )
28 Play on an other device Consumer License Fuzzy Reproduction A s Key Generation Public Store (s, )
29 Conclusions Protect consumer’ interests as well as content owners’ interests Design in line with consumers’ behaviors and needs – play at any where Provide super-distribution Focus on content owners’ remunerations for their creations Future works Take other consumer’s interests into account Content sharing (in an authorized domain) Consumer privacy
Thanks for Your Attention!