Can DRM achieve its security goals?
Upcoming SlideShare
Loading in...5
×
 

Can DRM achieve its security goals?

on

  • 1,854 views

 

Statistics

Views

Total Views
1,854
Views on SlideShare
1,854
Embed Views
0

Actions

Likes
0
Downloads
11
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Can DRM achieve its security goals? Can DRM achieve its security goals? Presentation Transcript

  • Can digital rights management achieve its security goals? Dr. Ian Brown, University College London and the Cambridge-MIT Institute
  • Digital Rights Management
    • Wide range of technologies that give publishers some control over the use of digital media
    • Restricts reproduction, but also viewing, printing, clipboard functions etc.
    • Present in Windows Media Player, Adobe e-books, RealPlayer, iTunes etc
  • DRM basic technology
    • Media data is encrypted and only accessible by licensed players that control usage
    • Licensed users given keys to decrypt tied to player
    • Media can be watermarked with usage instructions and/or user information
  • DRM a hard problem
    • Media data has to be decrypted at some point to be useful
    • Watermarks can be removed, especially with many original files to compare and players to test with
    • Bits are bits, and PCs are general purpose computers
    • Legacy equipment won’t disappear for many years
  • Previous DRM “solutions”
    • Secure Digital Music Initiative
    • CD protection
    • CSS
    • Sony-BMG (XCP and MediaMax)
  • Sony-BMG technical problems
    • XCP used virus-like technologies to embed deep within Windows; v. difficult to remove, but opened security vulnerabilities
    • MediaMax installed without user consent, transmitted customer listening data without notification
  • Sony-BMG brand problems
    • "Most people, I think, don't even know what a rootkit is, so why should they care about it?" –Thomas Hesse, President, Sony-BMG Global Digital Business
    • “ Do not install software from sources that you do not expect to contain software, such as an audio CD” –US-CERT
    • “ We need to think about how that situation could have been avoided in the first place. Legislation or regulation may not
    be appropriate in all cases, but it may be warranted in some circumstances." –Jonathan Frenkel, director of law enforcement policy, DHS Border and Transportation Security Directorate
  • New “trusted” architectures
    • Intel/IBM/HP/etc in TCPA/TCG: machine state auth to 3 rd parties; encrypted data only accessible in identical state; encrypted device links
    • Microsoft Palladium/NGSCB: “curtained” apps, secure drivers, DRM everywhere
    • Migrating to PDAs/mobiles/watches
  • Fundamental technical problems
    • The analogue “hole” – watermarking
    • Break Once Play Anywhere
    • File-sharing won’t stop
  • What could DRM feasibly support?
    • Live events
    • Highly select, time-sensitive audiences (customised information provided to individual recipients; Oscar judges)
    • Interactive systems e.g. games
  • Final thoughts
    • “ Be very glad that your PC is insecure – it means that after you buy it, you can break into it and install whatever software you want. What YOU want, not what Sony or Warner or AOL wants.” –John Gilmore
    • “ "If we can find some way to [stop filesharing] without destroying their machines, we'd be interested in hearing about that. If that's the only way, then I'm all for destroying their machines.” –Senator Orrin Hatch (writer of Our Gracious Lord , Climb Inside His Loving Arms , and How His Glory Shines )