Presentation is loading. Please wait.

Presentation is loading. Please wait.

A DRM Security Architecture for Home Network

Published byJohn Jenkins Modified over 6 years ago

Similar presentations

Presentation on theme: "A DRM Security Architecture for Home Network"— Presentation transcript:

1 A DRM Security Architecture for Home Network
Bogdan C. Popescu, Frank L.A.J Kamperman Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05) – Volume 00 ICIS '05

2 Compliant Device Make by CE Manufacturer.
Given a public/private key pair Private key stored in tamper-resistant memory Public key certified by manufacturer by mean of a device certificate. Identified by a unique Global Device ID( GDI ) Include in device certificate. Manufacturer-prefix + device serial number Local Device ID( LDI ) No cryptographic hardware accelerator

3 Authorized Domain Framework
Distribute revocation information Licensing Authority Content Provider Content Provider License Manufacture Distribute content Content Manager CE Manufacturer Authorized Domain Certify device Content Manager Register device Exchange content Domain Manager Compliant Device Compliant Device CE Manufacturer Compliant Device Compliant Device Certify device

4 Authorized Domain Creation
Generate a master device key list Size is equal to maximum number of device allowed Generate domain ID As concatenation of the manager’s GDI and ever-increasing domain version number At manufacture, domain version number is zero. If AD manager reset, domain version number is incremented.

5 Notation Description entity E’s public key certificate
Symbol Description certE entity E’s public key certificate YE/XE entity E’s public / private key pair NE a random nonce generated by entity E {data}K encrypted with the symmetric / asymmetric key K [data]K transmitted over a secure channel protected by a symmetric key K 5

6 Device Registration certA, { NA, GDIM } XA
Domain manager certM , { NM, GDIA , NA , { kS }YA }xM Compliant device A certA, { NM, GDIM } XA [ LDIA, KA , credentialsSetA ] ks

7 Device Authorization LDIA , NA LDIB, NB, authenticationTicketBA
Compliant device A Compliant device B { NB}K , authenticationTicketAB { NA}K K = SHA-1(KAB, KBA, NA, NB) Authentication credential set authentication key that is symmetric key Share between device with in same AD domain. authentication ticket associate with authentication key

8 Local Revocation List Generate by AD Manager
Consists of the GDIs of domain device Revoked Removed from domain Revoked device cannot receive new data digital content, so that eventually become useless.

9 Device removal Voluntary leave Damaged / Stolen Devices
Domain manager to identify the device to be removed Device Revocation Compliant are revoke by the licensing organization by having their GDLs listed on the global revocation list. Distributed by content providers together with the data content items. Content manager also report the identify of the domain manager to the providers. content manager attempt to connect to domain manager If AD Manager is reachable, Forward it the GDRL, process and return a Local Revocation List ( LRL ), If AD manager is not reachable. The content manager keep the original GDRL attached to the data content

10 Key Update If too many device are removed from the domain, the domain manager may run out of master key to assign to new device Terminate domain and re-create a new master key list. Not user-friendly Re-use the LDIs of removed device and assign to new device

11 Key Update LDIB , NB LDIC, NC, authenticationTicketCA
Compliant device B Assigned device A that has been removal Compliant device C { KCB,authenticationTicketCB}KC , authenticationTicketBC { NB}K , authenticationTicketCB { NC}K K = SHA-1(KBC, KBC, NC, NB)

Download ppt "A DRM Security Architecture for Home Network"

Similar presentations

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London

Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London
Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:

Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:
1 Authentication Protocols Celia Li Computer Science and Engineering York University.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Chapter 31 Network Security

Chapter 31 Network Security
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.

Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.

©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Similar presentations

Ads by Google