Can DRM achieve its security goals?


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Can DRM achieve its security goals?

  1. 1. Can digital rights management achieve its security goals? Dr. Ian Brown, University College London and the Cambridge-MIT Institute
  2. 2. Digital Rights Management <ul><li>Wide range of technologies that give publishers some control over the use of digital media </li></ul><ul><li>Restricts reproduction, but also viewing, printing, clipboard functions etc. </li></ul><ul><li>Present in Windows Media Player, Adobe e-books, RealPlayer, iTunes etc </li></ul>
  3. 3. DRM basic technology <ul><li>Media data is encrypted and only accessible by licensed players that control usage </li></ul><ul><li>Licensed users given keys to decrypt tied to player </li></ul><ul><li>Media can be watermarked with usage instructions and/or user information </li></ul>
  4. 4. DRM a hard problem <ul><li>Media data has to be decrypted at some point to be useful </li></ul><ul><li>Watermarks can be removed, especially with many original files to compare and players to test with </li></ul><ul><li>Bits are bits, and PCs are general purpose computers </li></ul><ul><li>Legacy equipment won’t disappear for many years </li></ul>
  5. 5. Previous DRM “solutions” <ul><li>Secure Digital Music Initiative </li></ul><ul><li>CD protection </li></ul><ul><li>CSS </li></ul><ul><li>Sony-BMG (XCP and MediaMax) </li></ul>
  6. 6. Sony-BMG technical problems <ul><li>XCP used virus-like technologies to embed deep within Windows; v. difficult to remove, but opened security vulnerabilities </li></ul><ul><li>MediaMax installed without user consent, transmitted customer listening data without notification </li></ul>
  7. 7. Sony-BMG brand problems <ul><li>&quot;Most people, I think, don't even know what a rootkit is, so why should they care about it?&quot; –Thomas Hesse, President, Sony-BMG Global Digital Business </li></ul><ul><li>“ Do not install software from sources that you do not expect to contain software, such as an audio CD” –US-CERT </li></ul><ul><li>“ We need to think about how that situation could have been avoided in the first place. Legislation or regulation may not </li></ul>be appropriate in all cases, but it may be warranted in some circumstances.&quot; –Jonathan Frenkel, director of law enforcement policy, DHS Border and Transportation Security Directorate
  8. 8. New “trusted” architectures <ul><li>Intel/IBM/HP/etc in TCPA/TCG: machine state auth to 3 rd parties; encrypted data only accessible in identical state; encrypted device links </li></ul><ul><li>Microsoft Palladium/NGSCB: “curtained” apps, secure drivers, DRM everywhere </li></ul><ul><li>Migrating to PDAs/mobiles/watches </li></ul>
  9. 9. Fundamental technical problems <ul><li>The analogue “hole” – watermarking </li></ul><ul><li>Break Once Play Anywhere </li></ul><ul><li>File-sharing won’t stop </li></ul>
  10. 10. What could DRM feasibly support? <ul><li>Live events </li></ul><ul><li>Highly select, time-sensitive audiences (customised information provided to individual recipients; Oscar judges) </li></ul><ul><li>Interactive systems e.g. games </li></ul>
  11. 11. Final thoughts <ul><li>“ Be very glad that your PC is insecure – it means that after you buy it, you can break into it and install whatever software you want. What YOU want, not what Sony or Warner or AOL wants.” –John Gilmore </li></ul><ul><li>“ &quot;If we can find some way to [stop filesharing] without destroying their machines, we'd be interested in hearing about that. If that's the only way, then I'm all for destroying their machines.” –Senator Orrin Hatch (writer of Our Gracious Lord , Climb Inside His Loving Arms , and How His Glory Shines ) </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.