Top Banner
Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University
26

Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

Dec 15, 2015

Download

Documents

Ryan Hellams
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

Digital Rights Management:

The Technology behind the Hype

Mark Stamp

Department of Computer Science

San Jose State University

Page 2: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 2

This talk…

What is DRM? Overview of MediaSnap DRM

system Other DRM systems Conclusions

Page 3: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 3

What is DRM? “Remote control” problem Digital book example Digital music, video, documents,

etc. Privacy

Page 4: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 4

Persistent Protection

Restrictions on use after delivery No copying Limited number of reads Time limits No forwarding etc.

Page 5: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 5

What to do? The honor system (The Plant) Give up (HIPAA, etc.) Lame software-based DRM Better software-based DRM Tamper-resistant hardware

http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html

Page 6: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 6

The hype

“Our solutions let enterprises control their confidential information at all times, even after the recipients receive it.” --- Authentica

“Seal confidential digital documents and protect you business against intellectual property theft indefinitely.” --- SealedMedia

Page 7: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 7

Is crypto the answer?

Page 8: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 8

Current state of DRM

Security by obscurity (at best) Secret designs (Kerckhoff’s Principle?) Crypto is king

“Whoever thinks his problem can be solved using cryptography, doesn’t understand his problem and doesn’t understand cryptography.” --- Attributed by Roger Needham and Butler Lampson to each other

Page 9: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 9

MediaSnap’s DRM system

Secure Document Server (SDS) PDF plugin (or reader) Security stuff…

Page 10: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 10

Protecting a document

SDSRecipient

Senderencrypt persistent

protection

Page 11: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 11

Tethered mode

SDSRecipient

Sender

key

Page 12: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 12

Untethered mode

SDSRecipient

Senderkey

Page 13: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 13

Security issues

Server (SDS) Protect keys, authentication data,

etc. Apply persistent protection

Client (Reader/PDF plugin) Protect keys, authenticate, etc. Enforce persistent protection

Page 14: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 14

Document reader security

Obscurity

Tamper-resistance

Page 15: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 15

Anti-debugger

Encrypted code

Tamper-resistance

Page 16: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 16

Obscurity

Key management Authentication Caching (keys, authentication,

etc.) Encryption and “scrambling” Key parts (data and code) Multiple keys

Page 17: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 17

Other MediaSnap features

Module tamper checking (hashing) Anti-screen capture Watermarking “Unique-ification”

Page 18: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 18

Other possibilities

General code obfuscation Code “fragilization” (guards) OS issues

Page 19: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 19

Make fun of DRM systems

Patently obvious Crypto claims Sillyness “Respect” model MS-DRM

Page 20: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 20

InterTrust“…a company whose business model

appears to rely entirely on legal filings against Microsoft.”

Page 21: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 21

Crypto claims

Q: How does Atabok security compare to the competition?

A: The majority of service providers offer the ability to encrypt at 128-bits. Atabok encrypts your content with 256-bit encryption, which is exponentially more secure.

Page 22: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 22

Sillyness

secretSeal’s five “radical innovations” hieroglyphic passwords variable-length encrypted keys morphogenetic encryption algorithm no encryption formula in software the use of public keys

Page 23: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 23

The respect model

Adobe eBooks --- “It is up to the implementors of PDF viewer applications to respect the intent of the document creator by restricting access to an encrypted PDF file according to passwords and permissions contained in the file.”

Page 24: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 24

MS-DRM (version 2)

Weak proprietary block cipher (MultiSwap) used for hashing

No controlled execution No obfuscation, etc.

Page 25: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 25

Conclusions

Current DRM systems are weak Ideal software-based DRM…

Individual content is non-trivial to attack

Overall system survives repeated attacks

Is this possible?

Page 26: Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

DRM 26

More info… M. Stamp, Digital rights management: The

technology behind the hype, Journal of Electronic Commerce Research, http://www.csulb.edu/web/journals/jecr/issues/20033/paper3.pdf

M. Stamp, Risks of digital rights management, Communications of the ACM, http://www.csl.sri.com/users/neumann/insiderisks.html#147

M. Stamp, Digital rights management: For better or for worse?, ExtremeTech, http://www.extremetech.com/article2/0,3973,1051610,00.asp