Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Anonymous Trust: Digital Rights Management Using Broadcast Encryption Proceedings of the IEEE, Vol. 92, No. 6, June 2004.

Published byLaurence Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Anonymous Trust: Digital Rights Management Using Broadcast Encryption Proceedings of the IEEE, Vol. 92, No. 6, June 2004."— Presentation transcript:

1 1 Anonymous Trust: Digital Rights Management Using Broadcast Encryption Proceedings of the IEEE, Vol. 92, No. 6, June 2004

2 2 Outline  Introduction  Broadcast encryption  Content binding  Server side binding -the anonymous trust system  XCP cluster protocol and the home network  Download to the home network  Conclusion

3 3 Introduction  Cryptography in DRM system The attacker has the keys Providing a hook to force compliance  Public-key based system Both the client and server have public-key certificates Using the handshake protocol Expensive The dependency on an online handshake protocol makes it unsuitable for physical media or broadcast-based distribution →Broadcast encryption

4 4 Broadcast encryption  Fiat & Naor, 1993 find a key management scheme with revocation, but without the handshake protocol →called broadcast encryption to emphasize its one-way nature  Size/performance tradeoff Much larger amount of data should be transferred Require less time for calculations

5 5 Broadcast encryption  Matrix-based schemes Content protection for recordable media (CPRM) Content protection for prerecorded media (CPPM) Media key block Device keys Drawbacks:  the size of the matrix  Sensitive to insider attacks

6 6 Broadcast encryption  The media key block is prerecorded on blank media at manufacturing time  The key matrix is generated by the CPRM licensing agency and is preembossed in the lead-in area on the disk  The media key block is the encryption of the media using different device key

7 7 Broadcast encryption CPRM key matrix

8 8 Broadcast encryption  Tree-based schemes Wallner, 1997 and Wong, 1997 → Logical key hierarchy (LKH) trees IBM, 2001 → subset-difference approach (NNL trees)  More concise than LKH trees  The size of the key management block in an NNL system is literally of the same order as the size of a public-key certificate revocation list

9 9 Broadcast encryption

10 10 Broadcast encryption

11 11 Broadcast encryption  Tricks in NNL Revoke more than one device How does it store the billions of keys? → the lower level keys are one-way functions of the higher level keys  NNL trees is the strongest known key management block technology in terms of number of revocations for a given size

12 12 Content binding in CPRM  The unique media key calculation K mu =H(K m,ID m ) → the binding step  Encryption D i =e K mu (K ti  H[CCI i ]) CCI : copy control information D i is then stored on the media (the unique media key encrypts the title keys, and the title keys encrypt the content)

13 13 Server side binding  CPRM enables a simple DRM system The client software would read the media key block and the media ID on the blank recordable DVD, and upload it to a DRM server. The server have a set of device keys to process the media key block, perform the binding calculation, and prepare a disk image The client software burns the DVD

14 14 Server side binding  Advantages of this system The client software contains no secrets The question of when to charge the consumer for the download does not occur (before or after the acknowledge of the client?) → The content has been customized to one particular piece of media, so it can be downloaded over and over again without the extra downloads counting as extra copies

15 15 Server side binding  Advantages for the consumer The content is designed to be consumed in the user’s normal electronic devices (e.g. TV, DVD player) Supporting the concept of “doctrine of first sale” (only payable on the first sale) The content owners are confident that the content will not be misused, even if they do not know who they have given to it → the anonymous part of anonymous trust

16 16 XCP cluster protocol and the home network  Next-generation entertainment devices are increasingly incorporating home networking technologies that allow easier access to content  The approach proposed in this paper is the only system that uses broadcast encryption, all other systems rely on public-key cryptography

17 17 XCP cluster protocol and the home network  A cluster of devices agree on a common key for content encryption

18 18 XCP cluster protocol and the home network  The devices in the xCP cluster have agreed upon three things: A common key management block The binding identifier (the network id) The authorization table  Binding key K b =H(K m,ID b  H[Auth table])  All content in the home is protected by the binding key (the binding key encrypts the title keys for each piece of content, and the title keys are used to actually encrypt the content)

19 19 XCP cluster protocol and the home network  Devices can calculate the binding key without having to have a conversation with any other device on the network  Devices are compliant and will not perform the forbidden action

20 20 XCP cluster protocol and the home network  Device join

21 21 XCP cluster protocol and the home network  New binding

22 22 XCP cluster protocol and the home network  Device removal

23 23 Download to the home network  The xCP cluster protocol supports the DRM download function by having the DRM server actually join the cluster  The DRM server can deliver and bind content to an entire home, not just a single piece of media  The server learns the cluster ID and can calculate the cluster’s binding key  Instead of a pay-for-download service, it uses the broadcast encryption

24 24 Conclusion  Many DRM systems use public-key cryptography but this approach has several drawbacks Computationally demanding Bidirection connection The end user’s privacy can be compromised easily  A new approach: broadcast encryption Suited for integration in low-cost consumer devices Providing a much higher level of consumer privacy Supporting disconnected distribution  DRM systems based on Broadcast encryption has high potential

Download ppt "1 Anonymous Trust: Digital Rights Management Using Broadcast Encryption Proceedings of the IEEE, Vol. 92, No. 6, June 2004."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course.

Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course.
Www.mobilevce.com © 2004 Mobile VCE 3G 20041. www.mobilevce.com © 2004 Mobile VCE 3G 20042 19 th October 2004 Regional Blackouts: Protection of Broadcast.

© 2004 Mobile VCE 3G © 2004 Mobile VCE 3G th October 2004 Regional Blackouts: Protection of Broadcast.
Video Streaming in the Lee Library Present and Future.

Video Streaming in the Lee Library Present and Future.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 37 How iPods, iTunes, and Podcasting Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 37 How iPods, iTunes, and Podcasting Work.
1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.
1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.

1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
An Efficient and Anonymous Buyer- Seller Watermarking Protocol C. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL.

An Efficient and Anonymous Buyer- Seller Watermarking Protocol C. L. Lei, P. L. Yu, P. L. Tsai and M. H. Chan, IEEE Transactions on Image Processing, VOL.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London

Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London
1 DVD Copyright Management Schemes Tanveer Alam CVN.

1 DVD Copyright Management Schemes Tanveer Alam CVN.
DRM & Key Revocation By David Coleman. DRM & Key Revocation ► Digital Rights Management – A system for controlling the use of content ► Key Revocation.

DRM & Key Revocation By David Coleman. DRM & Key Revocation ► Digital Rights Management – A system for controlling the use of content ► Key Revocation.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google