Digital Rights Digital Rights Management in a 3G Management in a 3G Mobile Phone and Mobile Phone and Beyond Beyond Thomas S.Messerges, Ezzat A. Dabbish Motorola Labs Young Sub Ko
Digital Rights Digital Rights Management in a 3G Management in a 3G Mobile Phone and BeyondMobile Phone and Beyond
Thomas S.Messerges, Ezzat A. DabbishMotorola Labs
Young Sub Ko
ContentsContents Introduction DRM Concepts and strategies Our DRM system Security issues Family Domain Example use cases Conclusion
IntroductionIntroduction 3G Mobile Phone
◦ High commmunication rates 144 Kbps, 384 Kbps, 2 Mbps depending on the mode of operation
◦ Personal Area Networking capability Peer-to-Peer sharing of digital items over short-range networks will be possible
◦ High Internet Connectivity More mobile phones than desktop computers connected to the Internet, soon
Business opportunities for digital contents are attracting much interest
Losses from piracy will mount◦ Digital Items can be copied or shared at no cost
Digital Rights Management(DRM) will be an essential component for in future mobile phones
DRM CONCEPTS AND STRATEGIESDRM CONCEPTS AND STRATEGIES - Overview of Trusted DRM - Overview of Trusted DRM SystemSystem License File
◦ Metadata◦ Usage Rules
How to deal with the content in DRM system Rights for content
◦ Content Encryption Key(CEK) Encrypt and decrypt the content
◦ Hash Link between the content and license
◦ Digital Signature For authenticity and integrity
Protected Content File◦ Encrypted Content
Encrypted with key in the license File DRM System(When content is rendered)
◦ Rendering Software Pass the protected content file and License file to DRM Services software
◦ DRM Service Verify the signature of the license Verify the hash of content Decrypt the content and send it to the rendering software in the system
DRM CONCEPTS AND STRATEGIESDRM CONCEPTS AND STRATEGIES - Open Mobile Alliance DRM(OMA) - Open Mobile Alliance DRM(OMA)
Certificate Authority Right Issuer
Device
KCEK
KREK KMAC
Kpriv
DCFDevice Cert
RI Cert Content Issuer
RO
Issue Certificate
Issue Certificate
Mutual Authentication
Using ROAP (RO
Acquisition Protocol) Generate RO (Rights
Object)Generate DCF
(DRM Content Format)
KPRIV: Private KeyKCEK: Content Encryption KeyKREK: Rights Encryption KeyKMAC: Message Authentication Code Key
DRM CONCEPTS AND STRATEGIESDRM CONCEPTS AND STRATEGIES - Open Mobile Alliance DRM(OMA) - Open Mobile Alliance DRM(OMA)
MAC of RO
Rights Encryption Key (REK) and MAC Key
Digital Signature of Rights (Optional)
Content ID
Digest of Content
Permission
Content Encryption Key (CEK)Rights
ROProtected RO
Integrity for DCF
Authentication, Non-Repudiation, and Integrity for Rights (Domain RO Only)
Authentication, Non-Repudiation, and Integrity for RO (Including REK; Device
RO)
Encrypted Using Device’s Public Key
Encrypted Using REK (Symmetric Key)
DRM CONCEPTS AND STRATEGIESDRM CONCEPTS AND STRATEGIES - Message Authentication - Message Authentication Code(MAC)Code(MAC)
OUR DRM SYSTEMOUR DRM SYSTEM - Interface for DRM - Interface for DRM Two approach noted in Schneck’s paper
◦ Replace the I/O elements of OS with new modules Monitor all requests for I/O operations and inform a user if a proper license is not
available◦ Hyperadvisor
Located between the OS and the hardware When an application requests access to a protected file, it would invoke the DRM
system
Our Approach◦ OS is extended to support DRM functionality◦ Access these extended system through API
A header in a particular file indicates that it is protected If file is protected, extended API will be called
OUR DRM SYSTEMOUR DRM SYSTEM - DRM manager - DRM manager Authenticate Licenses and Content
◦ Cryptographic hash of the content Verified by comparing computed hash based on the content with a hash in a license
file For a mobile phone, the hash value are computed in a piecemeal fasion and form a
hash table▶ The hash table is verified incrementally as each portion of content is rendered
◦ Digital signature Verified using a public key of signer Security Agents will help cryptographic operations
Enforce Rights◦ Actions can be associated with three fundamental types of rights
Render rights ,Transport rights, Derivative work rights◦ The license have an additional event for performing an action
Payments needs to be made or a play count needs to be decremented Secure database needed to track these events
◦ Rights to an action are assigned to a device DRM manager needs to have access to device’s credentials(e.g., keys, certificates,
IDs) A key/certificate manger is responsible for these credentials
Decrypt Content◦ Decrypt the content using key and route it to a trusted application
OUR DRM SYSTEMOUR DRM SYSTEM - Trusted Application Agents - Trusted Application Agents Access and manipulate decrypted content Organized according to the type of action they perform
◦ Rendering agents, Transport agents, Derivative work agents Rendering Agents
◦ Provide the ability to render DRM-protected content e.g., a music player, a picture viewer
◦ The execution of a DRM-protected application is also rendering operation e.g., an application loader
Transport Agents◦ Provide services that move content from one location to another
e.g., email attachments, messaging services, streaming◦ Establish a Secure Authenticate Channel(SAC) with the receiving device
Derivative Work Agents◦ Extract and transform protected content or license into a different form◦ Installation of DRM-protected software or data
For fast execution, installed software and data is decrypted and this makes it vulnerable to copying
Place the decrypted data into an access-controlled file system maintained by security agents
OUR DRM SYSTEMOUR DRM SYSTEM - Security Agents - Security Agents Handle the security-related functions in DRM system
◦ Secure Memory and File management, Cryptographic operations, Key management
Secure Memory and File management◦ Access-controlled file system
The storage of digital content that is no longer encrypted and a secure database Only trusted agents will be allowed to access
◦ Memory separation system Protect the memory being used by trusted agents from untrusted agent A memory separation manager configure a hardware monitor to define available
memory area to task◦ Secure memory system
Protectes critical data that should never be allowed to leak out the system(e.g,. private keys)
This memory is linked to tamper detection circuitry If suspicious events happen, this memory is immediately cleared
OUR DRM SYSTEMOUR DRM SYSTEM - Security Agents - Security Agents
Cryptographic Operations◦ Symmetric key
Protected content is encrypted using a symmetric-key algorithm such as AES◦ Hash
The binding between content and licenses is done with a hash algorithm such as SHA-1
◦ Public key(RSA, ECC) Content key encryption and decryption Digital signature verification and generation Secure networking protocols such as TLS or WTLS
Key/certificate Manager◦ Securely handle a database of the phone’s credentials(keys,
certificates, IDs) Installation of credentials Updates or Removal of credentials
◦ Parse and verifying the certificates
OUR DRM SYSTEMOUR DRM SYSTEM - DRM Credentials - DRM Credentials Serial and Model numbers
◦ Serial Numbers SN is a number that identifies the phone Rights can be enforced by matching SN in license and in device
◦ Model Numbers MN is a number that identified the hardware and soft ware version of a phone Content provider knows how to package the digital content for particular phones
Root key◦ Check the authenticity and integrity of the credentials of other
devices, servers, or licences Private Keys and Certificates(Public key)
◦ KuPri and UniCert Used for establishing secure authenticate channel(SAC) to a phone
◦ KdPri and DRMCert Used for assigning content to a device Content encryption key is encrypted with KdPub in DRMCert and decrypted with
KdPri
SECURITY ISSUESSECURITY ISSUES License
Hash value that links the license to the digital item The Rights allowed for that digital item A key to decrypt the digital item A signature of the license
Integrity and Authenticity Verification of the license file signature (Public Key Infrastructure) A symmetric key is preprogrammed into each device or securely
established(shared secret) Rights Enforcement
DRM manager parse the license file and recognize the rights expression If a conflicting expression or one that can’t be understood are found, it must fail in
a secure manner Content Protection
Content is protected with encryption up Streaming the content(decrypted) is protected via SAC
Privacy Issues User information and identity in a license must not disclosed without the consent of
the user
FAMILY DOMAINFAMILY DOMAIN The consumers wish to used their content on any of
their devices◦ Some proposed DRM systems provide this with Public Key
Infrastructure(PKI) and a centralized locker approach◦ This is not suitable for devices such as mobile phone which may
not have permanent networking capabilities
FAMILY DOMAIN Approach◦ Trusted Server referred to as a Domain Authority(DA) installs a
domain private key in each of devices in a domain◦ A Device needs to only register with a DA once and could access
to all the content in a domain with domain private key
KREK
KMAC
Device
License file
KREK
Content
KCEK
License file
Content
KMAC
KMAC
KCEKKCEK
EXAMPLE USE CASESEXAMPLE USE CASES
ConclusionConclusion Our DRM framework is applicable to other devices
such as PDA, set-top box, automobile, or a PC Content could be seamlessly shared amongst all
devices through family domain There are many areas need to be complete before our
DRM system becomes a reality◦ Many use cases need to be explored◦ The Software block need to be more thoroughly described◦ Secure mechanism to extend the OS need to be developed◦ Hardware support to enable a trusted computing platform needs to be deployed
Thank youThank you