A Novel Approach to Allow Multiple Resales of DRM-Protected Contents
Tarek Gaber
Dept. of Computer Science,
Faculty of Computers and Informatics,
Suez Canal University
Member of the Scientific Research Group in Egypt (SRGE)
http://www.egyptscience.net
Prof.Aboul Ella’s Group
Agenda
Introduction
Research Problem
Existing Solutions
Drawbacks of the existing solutions
Our vision
Proposed approach
Contributions
Future work
Introduction I
Cryptographic Techniques could help but not enough
Introduction II
DRM (Digital Rights Management):
Content owners
Persistent protection
Prevent unauthorized access
Managing usage rights (i.e. license)
E.g. expiration date, device restriction, etc.
Protect their monetary interests
Consumers
Purchase licenses (from a License issuer (LI)) to access corresponding digital contents.
But can NOT resell their licenses
DRM System
Research Problem
Existing Solutions
Hardware-based solutions
Trusted devices are used
Fair reselling addressed using offline TTP-based approach
Software-based solutions
Online service is used
Fair reselling is NOT addressed using
Did not address multiple resales of one license
Problems in Existing Solutions
Our Vision
Designing a license reselling solution such that:
Supporting reselling
No additional hardware
Play/view content offline
Not compromising content owners’ rights
Secure
Non-repudiation
Fairness
Abuse-free
Additional attractive features
Support market power
Proposed Approach
LI Verifications
Re-salablity Check
Contributions
Novel approach allowing resale of a DRM-Protected content multiple times.
The underlying security mechanism already built into existing DRM systems.
The approach enables a buyer to make sure that a license he is about to purchase is indeed resalable and has not yet resold.
Contributions
The analysis of the approach has shown that it satisfies the specified security requirements.
The approach also can thwart potential threats and attacks that could be mounted by either a buyer or a reseller.
Future Work
Doing a prototype for this approach to assess its performance
Thanks
A novel approach to allow multiple resales of DRM protected contents - icces2013 -cairo-egypt- By Tarek Gaber
1. A NOVEL APPROACH TO ALLOW
MULTIPLE RESALES OF DRM-PROTECTED
CONTENTS
Tarek Gaber
Dept. of Computer Science,
Faculty of Computers and Informatics,
Suez Canal University
Member of the Scientific Research Group in Egypt (SRGE)
http://www.egyptscience.net
25/10/14
1
tmgaber@gmail.com
3. Agenda
25/10/14
3
Introduction
Research Problem
Existing Solutions
Drawbacks of the existing solutions
Our vision
Proposed approach
Contributions
Future work
ICCES2013-Ain Shams Uni- Cairo, Egypt, 26-28 Nov 2013
4. Introduction I
Cryptographic
Techniques
could help
but not
enough
25/10/14
4
5. Introduction II
25/10/14
5
DRM (Digital Rights Management):
Content owners
Persistent protection
Prevent unauthorized access
Managing usage rights (i.e. license)
E.g. expiration date, device restriction, etc.
Protect their monetary interests
Consumers
Purchase licenses (from a License issuer (LI)) to
access corresponding digital contents.
But can NOT resell their licenses
7. Research Problem
Problems Problems iinn ssuuppppoorrttiinngg lliicceennssee rreesseelllliinngg
• Put content owners’ rights at risk
– Double reselling
– Continued use
– Reselling forged copy
• DRM feature
– License is bound to device
• More problems
– Must be fair for resellers and buyers
• No trust between entities
8. Existing Solutions
Hardware-based solutions
Trusted devices are used
Fair reselling addressed using offline TTP-based
approach
Software-based solutions
Online service is used
Fair reselling is NOT addressed using
Did not address multiple resales of one license
10. Our Vision
Designing a license reselling solution such that:
Supporting reselling
No additional hardware
Play/view content offline
Not compromising content owners’ rights
Secure
Non-repudiation
Fairness
Abuse-free
Additional attractive features
Support market power
11. Proposed Approach
25/10/14
11
Reseller
(Alice)
Buyer
(Bob)
1- Negotiation
•Agree on deal terms and conditions`
RD
2- Signing
•Commit to RD terms and conditions
Pre-official RD
3- Submission
•Submit a signed RD
•Make payment
•.LI verifications
License
Issuer
(LI)
Official-RD
4- Activation
•Create New RP for the license
•Revoke Alice’s license
•Send Bob’s payment to Alice
•
Send Alice’s license to Bob
RD done
Handling Misbehaviour of Alice
•Prevent further reselling: Blacklist
•Impose a charge
12. LI Verifications
No buyer’s signature or it is not valid
No reseller’s signature or it is not valid
25/10/14
12
Submitted RD
LIV1
No payment
Payment is provided
LIV2
LIV3.1
LIV3.2
LIV4
Stop
and
terminate
the
protocol
run
Payment is enough
Payment is not enough
Non-resalable (i.e. ks is not valid)
Resalable
Resold (i.e. ks is already released)
Not resold yet
LIV5
Buyer’s signature is valid
Reseller's signature is valid
Accept
and activate the submitted RD
Legitimacy check
14. Contributions
25/10/14
14
Novel approach allowing resale of a DRM-Protected
content multiple times.
The underlying security mechanism already
built into existing DRM systems.
The approach enables a buyer to make sure
that a license he is about to purchase is indeed
resalable and has not yet resold.
15. Contributions
25/10/14
15
The analysis of the approach has shown that it
satisfies the specified security requirements.
The approach also can thwart potential threats
and attacks that could be mounted by either a
buyer or a reseller.
16. Future Work
25/10/14
16
Doing a prototype for this approach to
assess its performance
17. Thanks and
Acknowledgement
http://www.egyptscience.net
Authors
Mahmoud ElGayyar, Hany ElYamany, Tarek Gaber, and Aboul
Ella Hassanien
Good afternoon everyone, thanks for your coming. I am Tarek Gaber, a PhD student under the Supervision of Dr. Ning Zhang
Today, I am going to give a talk about “ Contract Signing Protocol that supports fair License Reselling”.
Nowadays, most of us may have noticed some restrictions on the use of digital contents (such as Movies and Music, eBook ). These restrictions could be on device (use the content on one or two devices), on the platform (content to be used on Windows or Unix only). These restrictions are applied by a technology called DRM.
This technology allows content owners to provide persistent protection to their content. So, preventing unauthorised access to the content. The DRM also allows the owner to manage usage rights
(such as expiration date, device restriction ) over the content. This DRM enables owner to protect their monetary interests by only allowing consumers to access a digital content if they pay for the corresponding licenses . However, those consumers are not allowed to resell the licenses they have purchased
To allow a consumer to resell his license, we have designed a method called a Reselling Deal (RD) method. This method allows a reseller (Alice) to resell her license to a buyer (Bob). In the first step of this method, A and B negotiate a contract called RD. They then sign this RD. The output of this the signing process is a token called Pre-official RD. we have called it by this name as it is not yet approved by LI.
To activate this Pre-official RD, Bob (the buyer) submits it along the agreed payment to LI. After this process, LI can declare that the RD is Official and then revokes Alice’s license and sends her Bob’s payment and also sends Bob Alice’s license.
If for example, Alice refused to revoke her license after Bob has paid to LI, LI can either put Alice in a blacklist to prevent her from reselling any other licenses in the future, or impose a charge on Alice
)…….
In this presentation we will only focus on how Alice and Bob sign the RD. To sign this RD, we either adopt one of the existing protocols or design a new one.