Towards a Software Architecture for DRM Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research.

Slides:



Advertisements
Similar presentations
ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Digital Rights Management (DRM) Goal: Provide access control to digital content in order to support a variety of business models. Technical Challenge:
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.
Securing the Broker Pattern Patrick Morrison 12/08/2005.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.
8.
Protecting Digital Content - The Challenge Andy Barlow CTO – Phocis.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Chapter 17: Client/Server Computing Business Data Communications, 4e.
02/12/00 E-Business Architecture
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Chapter 7: Client/Server Computing Business Data Communications, 5e.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Middleware for P2P architecture Jikai Yin, Shuai Zhang, Ziwen Zhang.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Private Cloud: Application Transformation Business Priorities Presentation.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
myGuruji Powered by technology, used by Scholars
Architecting Secure Mobile P2P Systems James Walkerdine, Peter Phillips, Simon Lock Lancaster University.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
Capita Selecta Distributed Systems Danny Hughes, Wouter Joosen, Sam Michiels, Eddy Truyen IBBT-DistriNet, KULeuven September
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
SOFTWARE DESIGN AND ARCHITECTURE LECTURE 09. Review Introduction to architectural styles Distributed architectures – Client Server Architecture – Multi-tier.
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Web Services based e-Commerce System Sandy Liu Jodrey School of Computer Science Acadia University July, 2002.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY License4Grid: Adopting DRM for Licensed.
SWIM-SUIT Information Models & Services
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
Documenting threats and vulnerabilities in a web services infrastructure Lieven Desmet DistriNet Research Group, Katholieke Universiteit Leuven, Belgium.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Chapter 17: Client/Server Computing Business Data Communications, 4e.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
Private Information Protection based on User-Trusted Program Institute of Systems and Information Engineering/KYUSHU Ken ’ ichi Takahashi.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)
Web Services Security Patterns Alex Mackman CM Group Ltd
COSC573 Instructor: Professor Anvari Student:Shen Zhong ID#: Summer semester,1999 Washington.D.C.
Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.
Cooperation & Interoperability Architecture & Ontology.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Digital Rights Management for Mobiles Jani Suomalainen Research Seminar on Telecommunications Business II Telecommunications Software and Multimedia Laboratory.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
Efficient Opportunistic Sensing using Mobile Collaborative Platform MOSDEN.
TV Broadcasting What to look for Architecture TV Broadcasting Solution
Module 8: Securing Network Traffic by Using IPSec and Certificates
Chapter 18 MobileApp Design
Introduction to Databases Transparencies
Module 8: Securing Network Traffic by Using IPSec and Certificates
Presentation transcript:

Towards a Software Architecture for DRM Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research group, K.U.Leuven, Belgium

DRM'05 Sam Michiels Context DRM systems are complex DRM systems are complex Diversity of devices, users, platforms, media Diversity of devices, users, platforms, media Wide variety of system requirements Wide variety of system requirements Security, flexibility, manageability Security, flexibility, manageability Complexity is increasing Complexity is increasing digital news papers, iPod/MP3, digital TV digital news papers, iPod/MP3, digital TV Complexity poses 3 major challenges Complexity poses 3 major challenges Fragmentation of individual solutions Fragmentation of individual solutions Limited reuse & interoperability of DRM systems Limited reuse & interoperability of DRM systems Lack of domain specific software architecture Lack of domain specific software architecture

DRM'05 Sam Michiels Context DRM challenges in detail DRM challenges in detail Fragmentation of individual solutions Fragmentation of individual solutions State-of-the-art DRM technologies often ad-hoc State-of-the-art DRM technologies often ad-hoc This leads to fragmented point solutions This leads to fragmented point solutions Difficult to cover the complete DRM picture Difficult to cover the complete DRM picture Limited reuse & interoperability Limited reuse & interoperability Vertically integrated designs Vertically integrated designs In-house developed components can interoperate In-house developed components can interoperate Limited (no?) interoperability between different DRM systems Limited (no?) interoperability between different DRM systems Lack of domain specific software architecture Lack of domain specific software architecture Need for a common DRM software architecture Need for a common DRM software architecture Identify major service components Identify major service components Define how they interact Define how they interact

DRM'05 Sam Michiels Context Research objective Research objective Enable integration of independent service components into a generic DRM software architecture Enable integration of independent service components into a generic DRM software architecture Analogy: TCP/IP architecture Analogy: TCP/IP architecture Similar characteristics Similar characteristics Complex Complex Considerable evolution in technology, scale, and usage Considerable evolution in technology, scale, and usage Power does not lie in the elegance or efficiency of individual components… Power does not lie in the elegance or efficiency of individual components… But in the ability to encompass growth in scale and diversity But in the ability to encompass growth in scale and diversity

DRM'05 Sam Michiels Context Related work Related work DRM as a layered software architecture (Jamkhedkar and Heileman [JH04]) DRM as a layered software architecture (Jamkhedkar and Heileman [JH04]) Detailed technology overview: Technical Report [MJT05] Detailed technology overview: Technical Report [MJT05] Research contribution Research contribution Propose a next step towards a software architecture for DRM that supports reuse and interoperability Propose a next step towards a software architecture for DRM that supports reuse and interoperability Identify key DRM service components Identify key DRM service components Locate them in the architecture Locate them in the architecture [JH04] P. Jamkhedkar and G. Heileman. “DRM as a Layered System”. In Proceedings of DRM’04, pp , [MJT05]S. Michiels, W. Joosen, E. Truyen, K. Verslype. “Digital Rights Management – A Survey of Existing Technologies”. Technical Report K.U.Leuven, CW-428, Nov In press.

DRM'05 Sam Michiels Overview Towards a DRM software architecture Towards a DRM software architecture Functional perspective Functional perspective Security perspective Security perspective Architectural overview Architectural overview Validation Validation Discussion Discussion Conclusion & future work Conclusion & future work

DRM'05 Sam Michiels Functional perspective Typical DRM consumer use case Typical DRM consumer use case Content Consumer DRM client Content server License server 1. Content request 2. Protected Content 3. License request 4. License

DRM'05 Sam Michiels Functional perspective Use cases based on 3 application view points Use cases based on 3 application view points Consumer (E-paper reader, iPod user) Consumer (E-paper reader, iPod user) Browse content catalog Browse content catalog Select license type and learn about usage rules Select license type and learn about usage rules Authenticate themselves Authenticate themselves Consume protected content in a user-friendly way Consume protected content in a user-friendly way Producer (EMI, Sony, Time Warner) Producer (EMI, Sony, Time Warner) Compose/update/manage licenses Compose/update/manage licenses Interpret logged information on content usage Interpret logged information on content usage Publisher (iTunes music store) Publisher (iTunes music store) Deploy or revoke usage rights Deploy or revoke usage rights Extract usage patterns Extract usage patterns Identify sources of abuse Identify sources of abuse

DRM'05 Sam Michiels Functional perspective Six major service components Six major service components License service License service License issuing License issuing Content service Content service Packaging and distribution of content Packaging and distribution of content Access service Access service Authentication and access control Authentication and access control Tracking service Tracking service Logging of usage information Logging of usage information Import service Import service Content preparation Content preparation Identification service Identification service Identification of the owner of particular content Identification of the owner of particular content

DRM'05 Sam Michiels Functional perspective Content Service License Service Payment Service Import Service Identification Service Tracking Service Certification Authority Access Service Consumers Producers Publishers Major DRM Service components External Services

DRM'05 Sam Michiels Security perspective Locating security hot spots Locating security hot spots License License Unforgeability, integrity, content binding Unforgeability, integrity, content binding Content Content Integrity, authentication, confidentiality, non-repudiation Integrity, authentication, confidentiality, non-repudiation DRM client DRM client Authentication, confidentiality, integrity, individualization, secure time Authentication, confidentiality, integrity, individualization, secure time Publisher (online DRM system) Publisher (online DRM system) Confidentiality, integrity, authentication, anonymity Confidentiality, integrity, authentication, anonymity

DRM'05 Sam Michiels Security perspective Same security service, different cryptographic primitives Same cryptographic primitive, applied in multiple services Establishing security services Establishing security services Licenses Licenses Unforgeability, integrity => digital signatures Unforgeability, integrity => digital signatures Content binding => fingerprinting, DOI Content binding => fingerprinting, DOI Content Content Integrity, authentication => digital signatures Integrity, authentication => digital signatures Confidentiality => encryption Confidentiality => encryption Non-repudiation => digital signatures + certificates + watermarks Non-repudiation => digital signatures + certificates + watermarks DRM client DRM client Authentication, confidentiality => trusted computing Authentication, confidentiality => trusted computing Integrity => self-checking Integrity => self-checking Individualization => code obfuscation Individualization => code obfuscation Secure time => hardware clocks Secure time => hardware clocks Publisher (online DRM system) Publisher (online DRM system) Confidentiality => encryption Confidentiality => encryption Integrity => digital signatures Integrity => digital signatures Anonymity => zero knowledge proofs (no digital signatures!) Anonymity => zero knowledge proofs (no digital signatures!) Authentication => certificates Authentication => certificates

DRM'05 Sam Michiels Overview

DRM'05 Sam Michiels Architectural overview Distributed view Distributed view Matches 3 application view points Matches 3 application view points Client-server interaction Client-server interaction Parties interacting at different levels Parties interacting at different levels Content Consumers/ DRM clients Content ProducersPublisher Security level communication Service level communication Rights interpretation Digital news paper iPod Mobile phone

DRM'05 Sam Michiels Architectural overview Locating service components in a layered architecture Locating service components in a layered architecture Watermarking Digital Signatures Certificates Encryption … … Right Expression and Interpretation Tracking Service Content Service License Service Access Service Import Service Identification Service … Digital News Paper iTunes Windows Media Player Application layer Negotiation Layers Right Expression & Interpretation Layer Right Enforcement Layer (Type dependent) Right Enforcement Layer (Type independent)

DRM'05 Sam Michiels Evaluation DRM does not completely adopt a layered structure DRM does not completely adopt a layered structure DRM complexity often requires to customize service components DRM complexity often requires to customize service components Application specific requirements Application specific requirements Various business policies Various business policies Yet, layering often implies virtualization Yet, layering often implies virtualization Functionality of lower layers is hidden to applications Functionality of lower layers is hidden to applications This abstraction may prevent necessary customizations This abstraction may prevent necessary customizations DRM architecture is asymmetric DRM architecture is asymmetric Not all nodes run the same functionality (as opposed to TCP/IP) Not all nodes run the same functionality (as opposed to TCP/IP) Rights expression layer is fully implemented at publisher’s side Rights expression layer is fully implemented at publisher’s side to enable associating various business policies to content to enable associating various business policies to content Yet, minimally implemented at consumer’s side Yet, minimally implemented at consumer’s side To prevent clients from tampering with business policies To prevent clients from tampering with business policies

DRM'05 Sam Michiels Validation DRM Tech/Service ContentLicenseAccessTrackingPaymentImportIdentification WMDRMXX-X-X- LWDRMX-X-X-- EMMSXXXXXX- HelixXXXX--- Aegis-XXX--- OMAXXX-X--

DRM'05 Sam Michiels Discussion Three major DRM Challenges revisited Three major DRM Challenges revisited Reuse and interoperability Reuse and interoperability Many DRM technologies implement the same limited set of services Many DRM technologies implement the same limited set of services High potential for reuse High potential for reuse Green zone Green zone Highest reuse benefit for content, license and access services Highest reuse benefit for content, license and access services Software architecture Software architecture Many services are implemented by few DRM technologies Many services are implemented by few DRM technologies Orange and red zone Orange and red zone Difficult to standardize ‘the’ DRM technology Difficult to standardize ‘the’ DRM technology More efficient to focus on particular services More efficient to focus on particular services Enable to integrate them in a generic architecture Enable to integrate them in a generic architecture

DRM'05 Sam Michiels Conclusion & Future work Paper proposed a next step towards a software architecture for DRM Paper proposed a next step towards a software architecture for DRM Evaluation based on 6 DRM technologies Evaluation based on 6 DRM technologies Confirmed potential of applying software architectures Confirmed potential of applying software architectures

DRM'05 Sam Michiels Conclusion & Future work Future work Future work Refine interaction interfaces of identified components Refine interaction interfaces of identified components Apply and validate architecture in a case study, revealing additional issues Apply and validate architecture in a case study, revealing additional issues Driven by non-functional requirements… Driven by non-functional requirements… Efficiency of content distribution, content personalization Efficiency of content distribution, content personalization And solutions for that And solutions for that In-network caching, load balancing, multicast/broadcast transport protocols In-network caching, load balancing, multicast/broadcast transport protocols

Towards a Software Architecture for DRM Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research group, K.U.Leuven, Belgium

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.