2. DRM as Protection for copyrighted
materials
• Digital objects are very easy and cheap to copy:
– Music, Movies, Text, Executables.
– Essentially no “friction (resistance)” from duplication costs
• How to protect digital copyrighted content?
• Should content be protected?
– 40 billion dollars a year in foreign trade for the US.
– Should not conflict with “fair-use” doctrine (policy).
– What is fair use anyway?
• Can content be protected?
– Persistent (constant) pirate will always succeed in copying.
– Technology can potentially prevent small scale copying:
“keeping honest people honest”
Slide from Dan Boneh
3. Computer Security and DRM
• Computer Security involves processes and technology that
enable the enforcement of a security policy on a computer
system. Security Policy specifies:
– Isolation/Secure Execution and other “safety” properties
– Access and use restrictions on resources imposed on security
principals (think “users”) using the computer system (“Access
Control”)
– Availability and other “liveness” properties
• Digital Right Management (a.k.a – copyright/content
protection) involves enforcement of a security policy
affecting use of digitally encoded material specified by a
content “owner” on computers not in the physical control of
the content owner.
4. Kernelized Design
• Trusted Computing Base
– Hardware and software for
enforcing security rules
• Reference monitor
– Part of TCB
– All system calls go through
reference monitor for security
checking
– Note implicit trust assumption:
“owner” or “Admin” fully trusted
and omnipotent (supreme)
– Additional assumption: no offline
attack.
User space
Kernel space
User
process
OS kernel
TCB
Reference
monitor
5. … and now for something completely
different
• Superficially anyway
• Trust Model Changes
– Admin is not “root of trust” for all actions
– Model is naturally distributed
• Persistent Rights
– Off-line
– Granular (uneven) and Flexible
• Cryptographic protection
• Software runs in Trusted Environment.
– Software is the Security Principal
– Lampson, Abadi, Wobber model
6. Key Elements of DRM
• Licensing
– The process of packaging and delivering protected bits
with un-forgeable terms of usage (“digital license”)
useable only by authenticated user/environment
• Enforcement
– The process of insuring (assure/cover) that the use of
the digital work adheres (stick/hold/stay) to
enumerated (list) use, privacy and operating
restrictions stated in a digital license
7. Encryption and Rules
• Content is encrypted
– Therefore unusable (not viable) with the right to decrypt the content
• Content license specifies rights (“capabilities”) – cannot be forged
– Specifies authentication information, environment
(application, OS, etc.)
– Specifies usage/access control rules
– Contains the “sealed” key for the content. Key can be sealed by any
licensor (using a public key) but can only be “unsealed”
within an isolated,
trusted environment
(by a private key only
known in that trusted
environment)
Content License 938473
Machine 02345 Running
Program 1 (with hash 0x7af33)
Can view Document 3332 on 2002-20-01
Sealed Key: 0x445635
Signed Boeing
8. Enforcement
At initialization, Trusted Program says:
1. Isolate me
2. Authenticate me
After Initialization completes successfully, Jeff’s PC
1. Makes Private key available for use
When consuming content, Trusted Program:
1. Retrieves license and encrypted content file
2. Authenticates license by checking digital signature
3. Checks rule compliance (fulfillment)
4. Uses private key to unseal the content key
5. Decrypts and uses content within Trusted Program
Trusted ProgramTrusted Program
Authenticating Public KeyAuthenticating Public Key
(“Root of Trust”)(“Root of Trust”)
0x7af330x7af33 PK: 8374505PK: 8374505
Jeff’s PC
Jeff’s PC
9. Obtaining Rights and Permissions
License Server
Content License 938473
Machine 02345 Running
Program 1 (with hash 0x7af33)
Can view Document 3332
on 2002-20-01
Sealed Key: 0x445635
Signed Boeing
Machine License 83874
Machine 02345 Running
Program 1 (with hash 0x7af33)
Has access to a private key
Whose public key is 0x2231
Signed Microsoft
2) Response2) Response
Here’s your licenseHere’s your license
Customer benefitsCustomer benefits
Licenses can be used offlineLicenses can be used offline
Simple management of authorization (no central authority)Simple management of authorization (no central authority)
Very simple and flexible distribution (a server can distribute to “any” client)Very simple and flexible distribution (a server can distribute to “any” client)
1 2
Jeff’s PC
1)1) RequestRequest
I want document 3332.I want document 3332.
Here’s my Machine LicenseHere’s my Machine License
to show you can trust myto show you can trust my
machinemachine
12. XrML Expressions
Each “rights expression” may specify a combination of
rules such as:
– what rights are available,
– for whom,
– for how many times,
– within what time period,
– under what access conditions,
– for what fees,
– within which territory, and
– with what obligations,
– Etc.
13. “Small” Rights Management
• Protecting Personal Information
• Protecting personal Health and Financial
information
• Protecting individual communication
• Protecting Corporate information
14. Scenarios for Small Rights Management
Centralized logging of license requestsCentralized logging of license requests
Centralized templates to express policyCentralized templates to express policy
Offline and online scenariosOffline and online scenarios
Secure database-backed contentSecure database-backed content
Intranet portalsIntranet portals
Backward compatibility for earlier appsBackward compatibility for earlier apps
Who can access sensitive plansWho can access sensitive plans
Level of access: print, edit, save, etc.Level of access: print, edit, save, etc.
Length of access periodLength of access period
Keep mail off internalmemos.comKeep mail off internalmemos.com
Secure Executive-level mailSecure Executive-level mail
Consistent application of expiry rulesConsistent application of expiry rules
WebWeb
ContentContent
ProtectedProtected
InformationInformation
Do-Not-ForwardDo-Not-Forward
EmailEmail
CentralizedCentralized
Policy ControlPolicy Control
15. “Big” Rights Management
• Mass Market Content
– Books
– Audio
– Video
– Software
• Much more flexible use and better content
management
– But there are “Fair Use” concerns which can be
mitigated … maybe
16. Scenarios for Big Rights Management
Library/archiveLibrary/archive
RoamingRoaming
““Active” contentActive” content
Premium releasesPremium releases
Price discriminationPrice discrimination
I hear it. I want it. I get it.I hear it. I want it. I get it.
Lower manufacturing costsLower manufacturing costs
More variety?More variety?
Most popular use of DRMMost popular use of DRM
I don’t get itI don’t get it
Pay per viewPay per view
moviesmovies
Web distributedWeb distributed
songssongs
Ring tonesRing tones
E-BooksE-Books
17. Watermarking
• Durable, imperceptible (invisible) marking of content.
Each “mark” is one bit of information.
– Robust watermarking – watermark is hard to removed
• Watermarking is content specific
– Text- custom spacing, custom fonts, deliberate errors
– Music – Changes to Fourier transformed components
– Picture – Slight changes to Fourier transformed image
• Watermarking bandwidth is also content specific
18. How a watermarking system protection
systems work
• One bit of information (The “protected bit”) signals
to player (IE, RealPlayer, Windows Media Player,
DVD Player) that content is protected and
requires a license.
– Sometimes additional bits encoded identifying content
• Player refuses to play content without a license
19. DRM Systems in the News
• SDMI
• Windows Media Player
• Real DRM
• Apple DRM
• IRM
• CSS
• Macrovision
• LexMark
• Xbox
• Sony Playstation
20. Technical Issues in Mechanisms
• Break Once Break Everywhere
• Degree of isolation
– Transducer Problem
– I/O
• Privacy and Interoperability
• Flexibility (transfer, etc)
– Multiple devices
– Multiple users
– Migration
• User Control/Backup
21. Social and Policy Issues
• “Fair Use”
• Monopoly “Lock-in”
• Erosion of copyright in favor of “contracts”
• Archive
• DMCA and hacking
• “Information wants to be free”
• Consumer expectations
• Draconian licensing policies
Safe space for computing
Safe place for storage
Safe communication between user and machine
Provable machine integrity As a start on that path, here is a very basic breakdown of what NGSCB provides.
You can’t have one of these without the other: the four components are inextricably linked
All NGSCB capabilities build off of four key features:
Curtained memory/vaulted execution
Sealed Storage
Secure path to and from the user
Attestation
Terms and Conditions
Time Spec
When a right can be exercised: fixed intervals, metered intervals, sliding intervals, ...
Access Spec
Required digital certificates: individual identity, organization
type: academic, non-profit, commercial, government, fair-use license, country, ...
System security requirements
Fee Spec
Per use versus metered, billing, prepaid, currency designation, ...
Territory Spec
where a right can be exercised: physical locations or digital domains
Obligation Spec
how usage of a right is tracked and watermarked: where, how frequent and what information needed to be tracked, and what watermark information needed to be embedded
Types of rights currently in XrMLTypes of conditions associated with rights
Transfer rightsFee conditions
Rendering rightsTime conditions
Derivative work rightsAccess conditions
File management rightsTerritory conditions
Configuration rights Tracking conditions
Watermarks