A Novel Approach to Allow Multiple Resales of DRM-Protected Contents Tarek Gaber Dept. of Computer Science, Faculty of Computers and Informatics, Suez Canal University Member of the Scientific Research Group in Egypt (SRGE) http://www.egyptscience.net Prof.Aboul Ella’s Group Agenda Introduction Research Problem Existing Solutions Drawbacks of the existing solutions Our vision Proposed approach Contributions Future work Introduction I Cryptographic Techniques could help but not enough Introduction II DRM (Digital Rights Management): Content owners Persistent protection Prevent unauthorized access Managing usage rights (i.e. license) E.g. expiration date, device restriction, etc. Protect their monetary interests Consumers Purchase licenses (from a License issuer (LI)) to access corresponding digital contents. But can NOT resell their licenses DRM System Research Problem Existing Solutions Hardware-based solutions Trusted devices are used Fair reselling addressed using offline TTP-based approach Software-based solutions Online service is used Fair reselling is NOT addressed using Did not address multiple resales of one license Problems in Existing Solutions Our Vision Designing a license reselling solution such that: Supporting reselling No additional hardware Play/view content offline Not compromising content owners’ rights Secure Non-repudiation Fairness Abuse-free Additional attractive features Support market power Proposed Approach LI Verifications Re-salablity Check Contributions Novel approach allowing resale of a DRM-Protected content multiple times. The underlying security mechanism already built into existing DRM systems. The approach enables a buyer to make sure that a license he is about to purchase is indeed resalable and has not yet resold. Contributions The analysis of the approach has shown that it satisfies the specified security requirements. The approach also can thwart potential threats and attacks that could be mounted by either a buyer or a reseller. Future Work Doing a prototype for this approach to assess its performance Thanks

1. A NOVEL APPROACH TO ALLOW
MULTIPLE RESALES OF DRM-PROTECTED
CONTENTS
Tarek Gaber
Dept. of Computer Science,
Faculty of Computers and Informatics,
Suez Canal University
Member of the Scientific Research Group in Egypt (SRGE)
http://www.egyptscience.net
25/10/14
1
tmgaber@gmail.com

2. Prof.Aboul Ella’s Group
25/10/14
2

3. Agenda
25/10/14
3
 Introduction
 Research Problem
 Existing Solutions
 Drawbacks of the existing solutions
 Our vision
 Proposed approach
 Contributions
 Future work
ICCES2013-Ain Shams Uni- Cairo, Egypt, 26-28 Nov 2013

4. Introduction I
 Cryptographic
Techniques
could help
but not
enough
25/10/14
4

5. Introduction II
25/10/14
5
 DRM (Digital Rights Management):
 Content owners
 Persistent protection
 Prevent unauthorized access
 Managing usage rights (i.e. license)
 E.g. expiration date, device restriction, etc.
 Protect their monetary interests
 Consumers
 Purchase licenses (from a License issuer (LI)) to
access corresponding digital contents.
 But can NOT resell their licenses

6. DRM System
25/10/14
6

7. Research Problem
Problems Problems iinn ssuuppppoorrttiinngg lliicceennssee rreesseelllliinngg
• Put content owners’ rights at risk
– Double reselling
– Continued use
– Reselling forged copy
• DRM feature
– License is bound to device
• More problems
– Must be fair for resellers and buyers
• No trust between entities

8. Existing Solutions
 Hardware-based solutions
 Trusted devices are used
 Fair reselling addressed using offline TTP-based
approach
 Software-based solutions
 Online service is used
 Fair reselling is NOT addressed using
 Did not address multiple resales of one license

9. Problems in Existing Solutions
• Hardware-based solutions
– Impose additional cost on consumers
• Software-based solutions
– Inconvenient: Play/view content online

10. Our Vision
 Designing a license reselling solution such that:
 Supporting reselling
 No additional hardware
 Play/view content offline
 Not compromising content owners’ rights
 Secure
 Non-repudiation
 Fairness
 Abuse-free
 Additional attractive features
 Support market power

11. Proposed Approach
25/10/14
11
Reseller
(Alice)
Buyer
(Bob)
1- Negotiation
•Agree on deal terms and conditions`
RD
2- Signing
•Commit to RD terms and conditions
Pre-official RD
3- Submission
•Submit a signed RD
•Make payment
•.LI verifications
License
Issuer
(LI)
Official-RD
4- Activation
•Create New RP for the license
•Revoke Alice’s license
•Send Bob’s payment to Alice
•
Send Alice’s license to Bob
RD done
Handling Misbehaviour of Alice
•Prevent further reselling: Blacklist
•Impose a charge

12. LI Verifications
No buyer’s signature or it is not valid
No reseller’s signature or it is not valid
25/10/14
12
Submitted RD
LIV1
No payment
Payment is provided
LIV2
LIV3.1
LIV3.2
LIV4
Stop
and
terminate
the
protocol
run
Payment is enough
Payment is not enough
Non-resalable (i.e. ks is not valid)
Resalable
Resold (i.e. ks is already released)
Not resold yet
LIV5
Buyer’s signature is valid
Reseller's signature is valid
Accept
and activate the submitted RD
Legitimacy check

13. Re-salablity Check
25/10/14
13

14. Contributions
25/10/14
14
 Novel approach allowing resale of a DRM-Protected
content multiple times.
 The underlying security mechanism already
built into existing DRM systems.
 The approach enables a buyer to make sure
that a license he is about to purchase is indeed
resalable and has not yet resold.

15. Contributions
25/10/14
15
 The analysis of the approach has shown that it
satisfies the specified security requirements.
 The approach also can thwart potential threats
and attacks that could be mounted by either a
buyer or a reseller.

16. Future Work
25/10/14
16
 Doing a prototype for this approach to
assess its performance

17. Thanks and
Acknowledgement
http://www.egyptscience.net
Authors
Mahmoud ElGayyar, Hany ElYamany, Tarek Gaber, and Aboul
Ella Hassanien

18. 25/10/14
18
Thanks
Questions

19. 25/10/14
19

20. 25/10/14
20

21. 25/10/14
21