Key Management in
open DRM platforms
*Carlos Serrão, *Miguel Dias and **Jaime Delgado
carlos.serrao, miguel.dias {@iscte.pt}, jaime.delgado@ac.upc.edu
*ISCTE/DCTI/ADETTI **UPC/AC/DMAG
Lisboa, Portugal Barcelona, Spain

Summary
• DRM interoperability
• open DRM interoperability
• Key Management
• Key Management Life Cycle
• Key Management LC on open DRM
• OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA
DRM, Sun DReaM
• Comparison
• Conclusions and Future Work
2

DRM interoperability
• DRM involves the:
• description, layering, analysis, valuation, trading and
monitoring of rights over an individual or organisation's
assets, in digital format;
• DRM is:
• the chain of hardware and software services and
technologies governing the authorised use of digital
objects and managing any consequences of that use
throughout the entire life cycle of the object.
3

DRM interoperability
• Different DRM systems
do not interoperate
• DRM-A governed
content is incompatible DRM
???
A
with other DRM systems DRM
• B
Users hate it! ???
• Different formats,
???
??? ???
protocols, security
mechanisms, content DRM
protection mechanisms, C ???
and others... DRM
• Vertical solutions lead to
D
non-interoperability
4

DRM interoperability
• Solvable problem?
• Yes, but...
• Although technologically complex, it is not only a technical
problem
• It is also a business problem!
5

DRM interoperability
• 3 different strategies based on International
standards
• Full-format interoperability
• requires everyone using the same format
• Connected interoperability
• brokering between different DRM regimes
• Configuration driven interoperability
• DRM regimes use tools to adapt to other regimes
6

open DRM interoperability
• open DRM interoperability
• requires DRM solutions that provide open
specifications and/or are open-source based
• true connectedthis approach can only be
interoperability
achieved using
7

open DRM interoperability
• Connected DRM interoperability:
• DRM P2P connected interoperability
• specific individual connectors between each of the different
DRM functions
• DRM broker-based connected interoperability
• generic function broker between the different DRM functions
8

open DRM interoperability
• DRM P2P connected interoperability
9

open DRM interoperability
• DRM broker-based connected interoperability
10

open DRM interoperability
11

open DRM interoperability
• Approach for DRM interoperability study
11

open DRM interoperability
• Approach for DRM interoperability study
I. Select a group of different open-DRM systems;
11

open DRM interoperability
• Approach for DRM interoperability study
I. Select a group of different open-DRM systems;
II. Identify the major functionalities inside the particular
open-DRM systems;
11

open DRM interoperability
• Approach for DRM interoperability study
I. Select a group of different open-DRM systems;
II. Identify the major functionalities inside the particular
open-DRM systems;
III. Identify commonalities between the functionalities of
the different open-DRM systems;
11

open DRM interoperability
• Approach for DRM interoperability study
I. Select a group of different open-DRM systems;
II. Identify the major functionalities inside the particular
open-DRM systems;
III. Identify commonalities between the functionalities of
the different open-DRM systems;
IV. Create a brokerage functionality in a common generic
DRM broker, that maps to the specific open-DRM
functionalities;
11

open DRM interoperability
• Approach for DRM interoperability study
I. Select a group of different open-DRM systems;
II. Identify the major functionalities inside the particular
open-DRM systems;
III. Identify commonalities between the functionalities of
the different open-DRM systems;
IV. Create a brokerage functionality in a common generic
DRM broker, that maps to the specific open-DRM
functionalities;
V. Define an orchestration model, in the DRM-broker,
between the same functionalities of the different open-
DRM systems.
11

Some DRM concepts
• One of the functions that modern DRM
involves the use of several security technologies:
• Public-key cryptography
• Secret-key cryptography
• Digital signatures
• Digital certificates
• ... and others.
• All this keying material should be properly
managed, to avoid security breaches...
• ... and this brings us to Key Management.
12

Key Management
• What is Key Management?
• Key Management is the set of techniques and
procedures supporting the establishment and
maintenance of keying relationships between authorised
parties.
• Key Management encompasses techniques and
procedures supporting:
• Initialisation of system users within a domain;
• Generation, distribution and installation of keying material;
• Controlling the use of keying material;
• Update, revocation and destruction of keying material;
13

Key Management in DRM
• Key Management and DRM
• DRM uses keying material in several situations:
• Entities (content providers, users, ...) registration and
management
• Software applications and components registration and
management
• Content security
• Rights management and enforcement (licenses)
14

Key Management in DRM
• Key Management Life Cycle
Key installation
•
pre-operational
Key registration
operational
•
User Registration
•
Normal usage
•
System and User initialisation
•
Key backup
•
Key generation
•
Key update
•
Key recovery
•
post-operational
obsolete
Key de-registration and
•
Archival
•
destruction
Key revocation
•
15

Key Management in DRM
• Key Management Life Cycle
16

Key Management in DRM
• Key Management Life Cycle
• It is important to study on the different DRM solutions
handle this functionalities
• Establish a common secure license and key
management life-cycle
• Implementing a broker-based interoperable key
management system
• As a mechanism for DRM interoperability
17

Key Management in open DRM
• Key management analysis on open DRM
• a set of open DRM platforms were selected
• OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA
DRM, Sun DReaM
• and the key management cycle has been studied
• available specifications
• in some cases, open-source code (OpenSDRM, OpenIPMP, DMP
Chillout and Sun DReaM)
18

Key Management in open DRM
• OpenSDRM
• not very well documented
• source-code is available
• relies on XML certificates and X509
certificates
• key management life cycle
• handles key material creation, registration and
normal usage
• revocation, archival, or destruction of obsolete
key material is not handled
19

Key Management in open DRM
• OpenIPMP
• not very well documented
• source-code is available
• relies on X509 certificates
• key management life cycle
• handles key material creation, registration and
normal usage
• handles key and certificate revocation
• archival, or destruction of obsolete key material
is not handled
20

Key Management in open DRM
• DMAG MIPAMS
• some limited documentation exists
• no source-code available
• makes usage of X509 mechanisms
• key life cycle management
• handles key material creation, registration and
normal usage
• handles (partly) key and certificate revocation
• archival, or destruction of obsolete key material
is not handled
21

Key Management in open DRM
• DMP Chillout
• extensive and detailled documentation is
available
• source-code is well organized and
available
• makes usage of X509
• key management life cycle
• handles key material creation, registration and
normal usage
• revocation, archival, or destruction of obsolete
key material is not handled
22

Key Management in open DRM
• OMA DRM
• OMA has an extensive available
documentation with several specifications
• No source-code is available
• Details specific security details, like
algorithms to be used, protocols, ...
• key management life cycle
• handles key material creation, registration and
normal usage
• handles key and certificate revocation
• archival, or destruction of obsolete key
material is not handled
23

Key Management in open DRM
• Sun DReaM
• has some specifications available,
although very limited
• source-code is available (it is still under
heavy development)
• key management life cycle
• it is hard to analyse this due to early
development
• handles key material creation, registration
and normal usage
• revocation, archival, or destruction of
obsolete key material is not handled
24

Comparison
DMAG
MIPAMS
User Registration
System and User
Initialization
Key generation
Key installation
Key registration
Normal usage
Key backup
Key update
Key recovery
Key archival
Key revocation
Key de-registration and
destruction
25

Comparison
DMAG
MIPAMS
User Registration
operational
System and User
pre-
Initialization
Key generation
Key installation
Key registration
operational
Normal usage
Key backup
Key update
Key recovery
olet operati
Key archival
obs post-
Key revocation
Key de-registration and
destruction
26

Conclusions
• Key management is important in DRM for:
• confidentiality
• entity authentication
• data origin authentication
• data integrity
• and digital signatures.
• Managing correctlyinthe keying material and its life
cycle is important DRM security design.
27

Conclusions
• The analysis conducted to open of the platforms
DRM
revealed that important aspects key
management life cycle are poorly considered:
• key backup
• key update
• key recovery
• key archival
• key revocation
• key de-registration and destruction.
28

Conclusions
• The lackin DRM could lead keysome serious
of an appropriate management
scheme to
security problems, such as:
• the compromise of confidentiality of secret keys;
• compromise of authenticity of private or public keys,
and;
• the unauthorized usage of private or public keys.
• This is of DRM solutions. considered on the
an aspect to be further
design
29

Q &A
• It’s time for some questions...
• ... and (maybe) some answers.
30