Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards a Software Architecture for DRM Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research.

Published byBruce Shaw Modified over 9 years ago

Similar presentations

Presentation on theme: "Towards a Software Architecture for DRM Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research."— Presentation transcript:

1 Towards a Software Architecture for DRM sam.michiels@cs.kuleuven.be Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research group, K.U.Leuven, Belgium

2 DRM'05 Sam Michiels Context DRM systems are complex DRM systems are complex Diversity of devices, users, platforms, media Diversity of devices, users, platforms, media Wide variety of system requirements Wide variety of system requirements Security, flexibility, manageability Security, flexibility, manageability Complexity is increasing Complexity is increasing digital news papers, iPod/MP3, digital TV digital news papers, iPod/MP3, digital TV Complexity poses 3 major challenges Complexity poses 3 major challenges Fragmentation of individual solutions Fragmentation of individual solutions Limited reuse & interoperability of DRM systems Limited reuse & interoperability of DRM systems Lack of domain specific software architecture Lack of domain specific software architecture

3 DRM'05 Sam Michiels Context DRM challenges in detail DRM challenges in detail Fragmentation of individual solutions Fragmentation of individual solutions State-of-the-art DRM technologies often ad-hoc State-of-the-art DRM technologies often ad-hoc This leads to fragmented point solutions This leads to fragmented point solutions Difficult to cover the complete DRM picture Difficult to cover the complete DRM picture Limited reuse & interoperability Limited reuse & interoperability Vertically integrated designs Vertically integrated designs In-house developed components can interoperate In-house developed components can interoperate Limited (no?) interoperability between different DRM systems Limited (no?) interoperability between different DRM systems Lack of domain specific software architecture Lack of domain specific software architecture Need for a common DRM software architecture Need for a common DRM software architecture Identify major service components Identify major service components Define how they interact Define how they interact

4 DRM'05 Sam Michiels Context Research objective Research objective Enable integration of independent service components into a generic DRM software architecture Enable integration of independent service components into a generic DRM software architecture Analogy: TCP/IP architecture Analogy: TCP/IP architecture Similar characteristics Similar characteristics Complex Complex Considerable evolution in technology, scale, and usage Considerable evolution in technology, scale, and usage Power does not lie in the elegance or efficiency of individual components… Power does not lie in the elegance or efficiency of individual components… But in the ability to encompass growth in scale and diversity But in the ability to encompass growth in scale and diversity

5 DRM'05 Sam Michiels Context Related work Related work DRM as a layered software architecture (Jamkhedkar and Heileman [JH04]) DRM as a layered software architecture (Jamkhedkar and Heileman [JH04]) Detailed technology overview: Technical Report [MJT05] Detailed technology overview: Technical Report [MJT05] Research contribution Research contribution Propose a next step towards a software architecture for DRM that supports reuse and interoperability Propose a next step towards a software architecture for DRM that supports reuse and interoperability Identify key DRM service components Identify key DRM service components Locate them in the architecture Locate them in the architecture [JH04] P. Jamkhedkar and G. Heileman. “DRM as a Layered System”. In Proceedings of DRM’04, pp. 11-21, 2004. [MJT05]S. Michiels, W. Joosen, E. Truyen, K. Verslype. “Digital Rights Management – A Survey of Existing Technologies”. Technical Report K.U.Leuven, CW-428, Nov. 2005. In press.

6 DRM'05 Sam Michiels Overview Towards a DRM software architecture Towards a DRM software architecture Functional perspective Functional perspective Security perspective Security perspective Architectural overview Architectural overview Validation Validation Discussion Discussion Conclusion & future work Conclusion & future work

7 DRM'05 Sam Michiels Functional perspective Typical DRM consumer use case Typical DRM consumer use case Content Consumer DRM client Content server License server 1. Content request 2. Protected Content 3. License request 4. License

8 DRM'05 Sam Michiels Functional perspective Use cases based on 3 application view points Use cases based on 3 application view points Consumer (E-paper reader, iPod user) Consumer (E-paper reader, iPod user) Browse content catalog Browse content catalog Select license type and learn about usage rules Select license type and learn about usage rules Authenticate themselves Authenticate themselves Consume protected content in a user-friendly way Consume protected content in a user-friendly way Producer (EMI, Sony, Time Warner) Producer (EMI, Sony, Time Warner) Compose/update/manage licenses Compose/update/manage licenses Interpret logged information on content usage Interpret logged information on content usage Publisher (iTunes music store) Publisher (iTunes music store) Deploy or revoke usage rights Deploy or revoke usage rights Extract usage patterns Extract usage patterns Identify sources of abuse Identify sources of abuse

9 DRM'05 Sam Michiels Functional perspective Six major service components Six major service components License service License service License issuing License issuing Content service Content service Packaging and distribution of content Packaging and distribution of content Access service Access service Authentication and access control Authentication and access control Tracking service Tracking service Logging of usage information Logging of usage information Import service Import service Content preparation Content preparation Identification service Identification service Identification of the owner of particular content Identification of the owner of particular content

10 DRM'05 Sam Michiels Functional perspective Content Service License Service Payment Service Import Service Identification Service Tracking Service Certification Authority Access Service Consumers Producers Publishers Major DRM Service components External Services

11 DRM'05 Sam Michiels Security perspective Locating security hot spots Locating security hot spots License License Unforgeability, integrity, content binding Unforgeability, integrity, content binding Content Content Integrity, authentication, confidentiality, non-repudiation Integrity, authentication, confidentiality, non-repudiation DRM client DRM client Authentication, confidentiality, integrity, individualization, secure time Authentication, confidentiality, integrity, individualization, secure time Publisher (online DRM system) Publisher (online DRM system) Confidentiality, integrity, authentication, anonymity Confidentiality, integrity, authentication, anonymity

12 DRM'05 Sam Michiels Security perspective Same security service, different cryptographic primitives Same cryptographic primitive, applied in multiple services Establishing security services Establishing security services Licenses Licenses Unforgeability, integrity => digital signatures Unforgeability, integrity => digital signatures Content binding => fingerprinting, DOI Content binding => fingerprinting, DOI Content Content Integrity, authentication => digital signatures Integrity, authentication => digital signatures Confidentiality => encryption Confidentiality => encryption Non-repudiation => digital signatures + certificates + watermarks Non-repudiation => digital signatures + certificates + watermarks DRM client DRM client Authentication, confidentiality => trusted computing Authentication, confidentiality => trusted computing Integrity => self-checking Integrity => self-checking Individualization => code obfuscation Individualization => code obfuscation Secure time => hardware clocks Secure time => hardware clocks Publisher (online DRM system) Publisher (online DRM system) Confidentiality => encryption Confidentiality => encryption Integrity => digital signatures Integrity => digital signatures Anonymity => zero knowledge proofs (no digital signatures!) Anonymity => zero knowledge proofs (no digital signatures!) Authentication => certificates Authentication => certificates

13 DRM'05 Sam Michiels Overview

14 DRM'05 Sam Michiels Architectural overview Distributed view Distributed view Matches 3 application view points Matches 3 application view points Client-server interaction Client-server interaction Parties interacting at different levels Parties interacting at different levels Content Consumers/ DRM clients Content ProducersPublisher Security level communication Service level communication Rights interpretation Digital news paper iPod Mobile phone

15 DRM'05 Sam Michiels Architectural overview Locating service components in a layered architecture Locating service components in a layered architecture Watermarking Digital Signatures Certificates Encryption … … Right Expression and Interpretation Tracking Service Content Service License Service Access Service Import Service Identification Service … Digital News Paper iTunes Windows Media Player Application layer Negotiation Layers Right Expression & Interpretation Layer Right Enforcement Layer (Type dependent) Right Enforcement Layer (Type independent)

16 DRM'05 Sam Michiels Evaluation DRM does not completely adopt a layered structure DRM does not completely adopt a layered structure DRM complexity often requires to customize service components DRM complexity often requires to customize service components Application specific requirements Application specific requirements Various business policies Various business policies Yet, layering often implies virtualization Yet, layering often implies virtualization Functionality of lower layers is hidden to applications Functionality of lower layers is hidden to applications This abstraction may prevent necessary customizations This abstraction may prevent necessary customizations DRM architecture is asymmetric DRM architecture is asymmetric Not all nodes run the same functionality (as opposed to TCP/IP) Not all nodes run the same functionality (as opposed to TCP/IP) Rights expression layer is fully implemented at publisher’s side Rights expression layer is fully implemented at publisher’s side to enable associating various business policies to content to enable associating various business policies to content Yet, minimally implemented at consumer’s side Yet, minimally implemented at consumer’s side To prevent clients from tampering with business policies To prevent clients from tampering with business policies

17 DRM'05 Sam Michiels Validation DRM Tech/Service ContentLicenseAccessTrackingPaymentImportIdentification WMDRMXX-X-X- LWDRMX-X-X-- EMMSXXXXXX- HelixXXXX--- Aegis-XXX--- OMAXXX-X--

18 DRM'05 Sam Michiels Discussion Three major DRM Challenges revisited Three major DRM Challenges revisited Reuse and interoperability Reuse and interoperability Many DRM technologies implement the same limited set of services Many DRM technologies implement the same limited set of services High potential for reuse High potential for reuse Green zone Green zone Highest reuse benefit for content, license and access services Highest reuse benefit for content, license and access services Software architecture Software architecture Many services are implemented by few DRM technologies Many services are implemented by few DRM technologies Orange and red zone Orange and red zone Difficult to standardize ‘the’ DRM technology Difficult to standardize ‘the’ DRM technology More efficient to focus on particular services More efficient to focus on particular services Enable to integrate them in a generic architecture Enable to integrate them in a generic architecture

19 DRM'05 Sam Michiels Conclusion & Future work Paper proposed a next step towards a software architecture for DRM Paper proposed a next step towards a software architecture for DRM Evaluation based on 6 DRM technologies Evaluation based on 6 DRM technologies Confirmed potential of applying software architectures Confirmed potential of applying software architectures

20 DRM'05 Sam Michiels Conclusion & Future work Future work Future work Refine interaction interfaces of identified components Refine interaction interfaces of identified components Apply and validate architecture in a case study, revealing additional issues Apply and validate architecture in a case study, revealing additional issues Driven by non-functional requirements… Driven by non-functional requirements… Efficiency of content distribution, content personalization Efficiency of content distribution, content personalization And solutions for that And solutions for that In-network caching, load balancing, multicast/broadcast transport protocols In-network caching, load balancing, multicast/broadcast transport protocols

21 Towards a Software Architecture for DRM sam.michiels@cs.kuleuven.be Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research group, K.U.Leuven, Belgium

Download ppt "Towards a Software Architecture for DRM Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research."

Similar presentations

ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.

ContentGuard An Intellectual Property Company IPED Conference November 1, 2007 Presented By Eddie Chen CONTENTGUARD.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Digital Rights Management (DRM) Goal: Provide access control to digital content in order to support a variety of business models. Technical Challenge:

Digital Rights Management (DRM) Goal: Provide access control to digital content in order to support a variety of business models. Technical Challenge:
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.

“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.
8.

8.
Protecting Digital Content - The Challenge Andy Barlow CTO – Phocis.

Protecting Digital Content - The Challenge Andy Barlow CTO – Phocis.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Chapter 17: Client/Server Computing Business Data Communications, 4e.

Chapter 17: Client/Server Computing Business Data Communications, 4e.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Chapter 7: Client/Server Computing Business Data Communications, 5e.

Chapter 7: Client/Server Computing Business Data Communications, 5e.

Similar presentations

Ads by Google