Your SlideShare is downloading. ×
  • Like
Iadis Tns2007 Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Iadis Tns2007 Presentation

  • 422 views
Published

Presentation given in the IADIS conference - Telecommunication, Networks and Security 2007, Lisbon

Presentation given in the IADIS conference - Telecommunication, Networks and Security 2007, Lisbon

Published in Economy & Finance , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
422
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
8
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. PKI as a way to leverage DRM interoperability *Carlos Serrão, *Miguel Dias and **Jaime Delgado carlos.serrao, miguel.dias {@iscte.pt}, jaime.delgado@ac.upc.edu *ISCTE/DCTI/ADETTI **UPC/AC/DMAG Lisboa, Portugal Barcelona, Spain
  • 2. Summa ry (DRM)Interoperability ● PKI and the PKIX model ● PKIX and DRM interoperability ● Conclusions ● IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 3. Digital Rights Management DRM involves the: ● description, layering, analysis, valuation, trading and – monitoring of the rights over an individual or organization's assets, in digital format; DRM is: ● the chain of hardware and software services and technologies – governing the authorized use of digital objects and managing any consequences of that use throughout the entire life cycle of the object. IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 4. Digital Rights Management From a security point of view, two major aspects need to ● be considered in any DRM solution: the digital object protection, in which the digital object is – packaged in a specific container that is locked, preventing non- authorized copies or modifications, making usage of strong cryptographic algorithms. and the fact that through the entire object life cycle a – trustworthy environment must be established between the different actors, devices and software components. IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 5. Digital Rights Management Trust Environment ● In a common DRM system, trust must be established between – the different elements The way this trust environment is accomplished differs from – DRM implementation to implementation There is no common trust system – This creates interoperability problems – IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 6. DRM and int eroper ability Users Users Users Users Content Content Content Content DRM A DRM B DRM C DRM D Trust Trust Trust Trust Mechanism A Mechanism B Mechanism C Mechanism D Non-Interoperability points IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 7. DRM and int eroper ability Public-Key Infrastructures (PKI) are important for trust ● environment establishment PKIX (PKI for X.509) is currently one of the most ● deployed PKI technologies, present in many security solutions PKI offers functions/services that are crucial to the ● establishment of trust environments: Certification Authority – Registration Authority – Repository – Archive – IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 8. DRM and int eroper ability PKIX supports most of the security and trust functions ● that DRM needs DRM systems can “deliver” their security and trust ● requirements “in the hands” of an underlying PKIX system This would simplify the task of DRM interoperability ● IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 9. PKIX and DRM inter oper ability Two approaches for DRM interoperability through PKI: ● Use a single PKI service shared by all DRM systems; – Each DRM use their own PKI service, and brokering – mechanisms are used between them They both have their points, but... ● IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 10. PKIX and DRM inter oper ability All the different DRM systems use the same PKI solution, to establish the necessary trust environment between the different actors, devices or software components. IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 11. PKIX and DRM inter oper ability The different DRM systems have their own PKI, and a PKI broker is used to build interoperable trust environments between the different actors, devices and software components of the different DRM systems. IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 12. PKIX and DRM inter oper ability 1st Scenario ● The same PKI offers to the different DRM components, trust – credentials, that can be immediately trusted between different DRM systems This is however a low probability scenario. DRM systems will – adopt their own PKI solutions IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 13. PKIX and DRM inter oper ability 2nd Scenario ● Reflects what is happening now – each DRM chooses its own – PKI solution “Local” and “External” interoperability – “Local” - the internal components of a DRM system rely on the trust ● provided by their own PKI “External” - the components of different DRM systems, have to build ● trust relationships using a PKI broker IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 14. PKIX and DRM inter oper ability 2nd Scenario ● DRM A DRM B “Local” PKI “Local” PKI PKI broker IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 15. PKIX and DRM inter oper ability Assumptions: ● 1.DRM1 Device has a key pair: KpubDevice, KprivDevice; 2.DRM2 License Issuer has a key pair: KpubLicIssuer, KprivLicIssuer ; 3.DRM1 Device has a certificate issued by the DRM1 PKI: CertDRM1PKI(KpubDevice); 4.DRM2 License Issuer has a certificate issued by the DRM2 PKI: CertDRM2PKI(KpubLicIssuer); 5.All the PKI are PKIX-based and use X.509 digital certificates; 6.PKI Broker has a key pair: KpubPKIBroker, KprivPKIBroker; 7.DRM1 PKI and DRM2 PKI are registered at the PKI Broker; 8.DRM1 PKI has to have a certificate from the PKI Broker: CertDRMBroker(KpubDRM1PKI); 9.DRM2 PKI has to have a certificate from the PKI Broker: CertDRMBroker(KpubDRM2PKI). IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 16. PKIX and DRM inter oper ability Protocol ● 1.The DRM1 Device has acquired some digital object which is not governed by the same DRM; 2.DRM1 Device sends a message to DRM2 License Issuer to download the license for the digital object and their credentials: licenseDownload(contentID, CertDRM1PKI(KpubDevice)); 3.DRM2 License Issuer sends the DRM1 Device credentials to the DRM2 PKI for validation; 4.DRM2 PKI has no way to validate the request, because the credential has been issued by other PKI. Therefore the DRM2 PKI asks to the DRM Broker to try to validate the credential: validateCredentials(CertDRMBroker(KpubDRM2PKI), CertDRM1PKI(KpubDevice)); IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 17. PKIX and DRM inter oper ability Protocol ● 5.The DRM Broker validates the requesting PKI credentials, and checks the credentials sent by the device, checking the issuer PKI. It resolves the location of this PKI (DRM1 PKI) and sends it a validation request: validateRequest(CertDRM1PKI(KpubDevice)); 6.DRM1 PKI receives the request and then validates it, returning an answer to the PKI Broker; 7.PKI Broker receives the answer and sends the result to the requesting PKI (DRM2 PKI); 8.DRM2 PKI receives the answer from the PKI Broker asserting that DRM1 Device can be trusted; 9.DRM2 License Issuer generates the license and returns it to the DRM1 Device. IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 18. PKIX and DRM inter oper ability Interoperable scenario (license production) ● IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 19. Conc lus ions PKI is an important part of DRM (fulfil DRM ● requirements) Currently, most of the DRM solutions do not rely on ● already existing PKI services or vendors, implementing their own mechanisms – interoperability problems Two approaches for DRM interoperability based on PKI ● services An approach based on a broker is more viable ● DRM interoperability problems are not entirely solver by ● this – this is just the tip of the iceberg!!! IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems
  • 20. Ques tions Thank you! ● Any question? ● IADIS Multi Conference on Computer Science and Information Systems 2007 – Telecommunications, Networks and Systems