Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Signature-like Primitive for Broadcast-encryption- based Systems Jeffrey Lotspiech IBM Almaden Research Center.

Published byAdelia Stafford Modified over 8 years ago

Similar presentations

Presentation on theme: "A Signature-like Primitive for Broadcast-encryption- based Systems Jeffrey Lotspiech IBM Almaden Research Center."— Presentation transcript:

1 A Signature-like Primitive for Broadcast-encryption- based Systems Jeffrey Lotspiech IBM Almaden Research Center

2 Overview Motivation Broadcast encryption basics The scheme Attacks/defensesConclusion

3 Motivation – “Broadcast Encryption” A term describing a class of key management schemes “One-way” cryptographic flow “One-way” cryptographic flow Essential for protection of physical media (e.g., DVDs) Over one billion CPRM devices licensed so far (e.g., SD cards, DVD RAM/R/RW) Over one billion CPRM devices licensed so far (e.g., SD cards, DVD RAM/R/RW) Used for AACS (new generation of DVDs) Used for AACS (new generation of DVDs) Not based on identity Great for high-privacy applications Great for high-privacy applications Not so great for forensics Not so great for forensics Very friendly to consumer electronic devices

4 Motivation – “Electronic Sell-through” Download of a movie onto a recordable DVD Richer format compared to broadcast recording, therefore only for server/client download, not recorders Richer format compared to broadcast recording, therefore only for server/client download, not recorders Possible attack: “Garage replicator” Possible attack: “Garage replicator” There would be additional security if there were a “server blessing” E.g., a server-signed token for the individual disc E.g., a server-signed token for the individual disc Easily accomplished by a public key infrastructure Easily accomplished by a public key infrastructure But, high overhead calculation

5 Devices How Does Broadcast Encryption Work? Devices organized into overlapping subsets; each subset associated with a key Each device in many different subsets Each device knows the key for every subset it is a member of x x x Licensing agency picks subsets that cover all innocent devices and exclude all compromised devices Encrypts the media key in each selected subset key Devices

6 Media Key Block Identify subsets Encrypt Media Key for each Media key block

7 EST Binding Table Produced by Server EST Binding Table Produced by Server … (Associated w/disc) k1k1 k2k2 k3k3 knkn... Binding Table E E E E … + KmKm Media ID “Type 6” MKB (associated w/Movie)

8 Hierarchy of Binding Tables Possible k1k1 k2k2 k3k3 knkn... …… hash1 +,e hash2 K’s KmKm

9 Attacks A set of device keys helps very little Binding table is valid for only one entry (e.g., 1/1000 th of the market, under control of content owners) Binding table is valid for only one entry (e.g., 1/1000 th of the market, under control of content owners) Licensing agency can respond effectively by subdividing new MKBs E.g., doubling size of binding table reduces attack to 1/1,000,000 th of the market E.g., doubling size of binding table reduces attack to 1/1,000,000 th of the market Makes “Garage Replicator” attack uneconomic Other uses of stolen devices keys are more effective Other uses of stolen devices keys are more effective

10 Conclusions Only authorized servers can make widely playable EST downloads By using broadcast encryption instead of public key signatures: Transactions per second at the server greatly increased (for a given server cost) Transactions per second at the server greatly increased (for a given server cost) No difference in “disc insertion time” at player for pre-recorded versus EST download. No difference in “disc insertion time” at player for pre-recorded versus EST download.

Download ppt "A Signature-like Primitive for Broadcast-encryption- based Systems Jeffrey Lotspiech IBM Almaden Research Center."

Similar presentations

© 2003 Verance Corporation. 1 Verance Copy Management System Presentation to CPTWG ARDG April 10, 2003.

© 2003 Verance Corporation. 1 Verance Copy Management System Presentation to CPTWG ARDG April 10, 2003.
Andy Daniëls 3 SWMA ICT03. Introduction History Technical Comparison Companies Security Why Blu-ray is On the Rise? Television: HD vs. Standard Conclusion.

Andy Daniëls 3 SWMA ICT03. Introduction History Technical Comparison Companies Security Why Blu-ray is On the Rise? Television: HD vs. Standard Conclusion.
Rob Farraher Ken Pickering Lim Vu

Rob Farraher Ken Pickering Lim Vu
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.
1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.

1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”

Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”
Computer Concepts 2013 Chapter 8 Digital Media. 8 Digital Audio Basics  Sampling a sound wave Chapter 8: Digital Media 2.

Computer Concepts 2013 Chapter 8 Digital Media. 8 Digital Audio Basics  Sampling a sound wave Chapter 8: Digital Media 2.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Similar presentations

Ads by Google