Top Banner
Digital Rights Digital Rights Management in a 3G Management in a 3G Mobile Phone and Mobile Phone and Beyond Beyond Thomas S.Messerges, Ezzat A. Dabbish Motorola Labs Young Sub Ko
18
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: new

Digital Rights Digital Rights Management in a 3G Management in a 3G Mobile Phone and BeyondMobile Phone and Beyond

Thomas S.Messerges, Ezzat A. DabbishMotorola Labs

Young Sub Ko

Page 2: new

ContentsContents Introduction DRM Concepts and strategies Our DRM system Security issues Family Domain Example use cases Conclusion

Page 3: new

IntroductionIntroduction 3G Mobile Phone

◦ High commmunication rates 144 Kbps, 384 Kbps, 2 Mbps depending on the mode of operation

◦ Personal Area Networking capability Peer-to-Peer sharing of digital items over short-range networks will be possible

◦ High Internet Connectivity More mobile phones than desktop computers connected to the Internet, soon

Business opportunities for digital contents are attracting much interest

Losses from piracy will mount◦ Digital Items can be copied or shared at no cost

Digital Rights Management(DRM) will be an essential component for in future mobile phones

Page 4: new

DRM CONCEPTS AND STRATEGIESDRM CONCEPTS AND STRATEGIES - Overview of Trusted DRM - Overview of Trusted DRM SystemSystem License File

◦ Metadata◦ Usage Rules

How to deal with the content in DRM system Rights for content

◦ Content Encryption Key(CEK) Encrypt and decrypt the content

◦ Hash Link between the content and license

◦ Digital Signature For authenticity and integrity

Protected Content File◦ Encrypted Content

Encrypted with key in the license File DRM System(When content is rendered)

◦ Rendering Software Pass the protected content file and License file to DRM Services software

◦ DRM Service Verify the signature of the license Verify the hash of content Decrypt the content and send it to the rendering software in the system

Page 5: new

DRM CONCEPTS AND STRATEGIESDRM CONCEPTS AND STRATEGIES - Open Mobile Alliance DRM(OMA) - Open Mobile Alliance DRM(OMA)

Certificate Authority Right Issuer

Device

KCEK

KREK KMAC

Kpriv

DCFDevice Cert

RI Cert Content Issuer

RO

Issue Certificate

Issue Certificate

Mutual Authentication

Using ROAP (RO

Acquisition Protocol) Generate RO (Rights

Object)Generate DCF

(DRM Content Format)

KPRIV: Private KeyKCEK: Content Encryption KeyKREK: Rights Encryption KeyKMAC: Message Authentication Code Key

Page 6: new

DRM CONCEPTS AND STRATEGIESDRM CONCEPTS AND STRATEGIES - Open Mobile Alliance DRM(OMA) - Open Mobile Alliance DRM(OMA)

MAC of RO

Rights Encryption Key (REK) and MAC Key

Digital Signature of Rights (Optional)

Content ID

Digest of Content

Permission

Content Encryption Key (CEK)Rights

ROProtected RO

Integrity for DCF

Authentication, Non-Repudiation, and Integrity for Rights (Domain RO Only)

Authentication, Non-Repudiation, and Integrity for RO (Including REK; Device

RO)

Encrypted Using Device’s Public Key

Encrypted Using REK (Symmetric Key)

Page 7: new

DRM CONCEPTS AND STRATEGIESDRM CONCEPTS AND STRATEGIES - Message Authentication - Message Authentication Code(MAC)Code(MAC)

Page 8: new

OUR DRM SYSTEMOUR DRM SYSTEM - Interface for DRM - Interface for DRM Two approach noted in Schneck’s paper

◦ Replace the I/O elements of OS with new modules Monitor all requests for I/O operations and inform a user if a proper license is not

available◦ Hyperadvisor

Located between the OS and the hardware When an application requests access to a protected file, it would invoke the DRM

system

Our Approach◦ OS is extended to support DRM functionality◦ Access these extended system through API

A header in a particular file indicates that it is protected If file is protected, extended API will be called

Page 9: new

OUR DRM SYSTEMOUR DRM SYSTEM - DRM manager - DRM manager Authenticate Licenses and Content

◦ Cryptographic hash of the content Verified by comparing computed hash based on the content with a hash in a license

file For a mobile phone, the hash value are computed in a piecemeal fasion and form a

hash table▶ The hash table is verified incrementally as each portion of content is rendered

◦ Digital signature Verified using a public key of signer Security Agents will help cryptographic operations

Enforce Rights◦ Actions can be associated with three fundamental types of rights

Render rights ,Transport rights, Derivative work rights◦ The license have an additional event for performing an action

Payments needs to be made or a play count needs to be decremented Secure database needed to track these events

◦ Rights to an action are assigned to a device DRM manager needs to have access to device’s credentials(e.g., keys, certificates,

IDs) A key/certificate manger is responsible for these credentials

Decrypt Content◦ Decrypt the content using key and route it to a trusted application

Page 10: new

OUR DRM SYSTEMOUR DRM SYSTEM - Trusted Application Agents - Trusted Application Agents Access and manipulate decrypted content Organized according to the type of action they perform

◦ Rendering agents, Transport agents, Derivative work agents Rendering Agents

◦ Provide the ability to render DRM-protected content e.g., a music player, a picture viewer

◦ The execution of a DRM-protected application is also rendering operation e.g., an application loader

Transport Agents◦ Provide services that move content from one location to another

e.g., email attachments, messaging services, streaming◦ Establish a Secure Authenticate Channel(SAC) with the receiving device

Derivative Work Agents◦ Extract and transform protected content or license into a different form◦ Installation of DRM-protected software or data

For fast execution, installed software and data is decrypted and this makes it vulnerable to copying

Place the decrypted data into an access-controlled file system maintained by security agents

Page 11: new

OUR DRM SYSTEMOUR DRM SYSTEM - Security Agents - Security Agents Handle the security-related functions in DRM system

◦ Secure Memory and File management, Cryptographic operations, Key management

Secure Memory and File management◦ Access-controlled file system

The storage of digital content that is no longer encrypted and a secure database Only trusted agents will be allowed to access

◦ Memory separation system Protect the memory being used by trusted agents from untrusted agent A memory separation manager configure a hardware monitor to define available

memory area to task◦ Secure memory system

Protectes critical data that should never be allowed to leak out the system(e.g,. private keys)

This memory is linked to tamper detection circuitry If suspicious events happen, this memory is immediately cleared

Page 12: new

OUR DRM SYSTEMOUR DRM SYSTEM - Security Agents - Security Agents

Cryptographic Operations◦ Symmetric key

Protected content is encrypted using a symmetric-key algorithm such as AES◦ Hash

The binding between content and licenses is done with a hash algorithm such as SHA-1

◦ Public key(RSA, ECC) Content key encryption and decryption Digital signature verification and generation Secure networking protocols such as TLS or WTLS

Key/certificate Manager◦ Securely handle a database of the phone’s credentials(keys,

certificates, IDs) Installation of credentials Updates or Removal of credentials

◦ Parse and verifying the certificates

Page 13: new

OUR DRM SYSTEMOUR DRM SYSTEM - DRM Credentials - DRM Credentials Serial and Model numbers

◦ Serial Numbers SN is a number that identifies the phone Rights can be enforced by matching SN in license and in device

◦ Model Numbers MN is a number that identified the hardware and soft ware version of a phone Content provider knows how to package the digital content for particular phones

Root key◦ Check the authenticity and integrity of the credentials of other

devices, servers, or licences Private Keys and Certificates(Public key)

◦ KuPri and UniCert Used for establishing secure authenticate channel(SAC) to a phone

◦ KdPri and DRMCert Used for assigning content to a device Content encryption key is encrypted with KdPub in DRMCert and decrypted with

KdPri

Page 14: new

SECURITY ISSUESSECURITY ISSUES License

Hash value that links the license to the digital item The Rights allowed for that digital item A key to decrypt the digital item A signature of the license

Integrity and Authenticity Verification of the license file signature (Public Key Infrastructure) A symmetric key is preprogrammed into each device or securely

established(shared secret) Rights Enforcement

DRM manager parse the license file and recognize the rights expression If a conflicting expression or one that can’t be understood are found, it must fail in

a secure manner Content Protection

Content is protected with encryption up Streaming the content(decrypted) is protected via SAC

Privacy Issues User information and identity in a license must not disclosed without the consent of

the user

Page 15: new

FAMILY DOMAINFAMILY DOMAIN The consumers wish to used their content on any of

their devices◦ Some proposed DRM systems provide this with Public Key

Infrastructure(PKI) and a centralized locker approach◦ This is not suitable for devices such as mobile phone which may

not have permanent networking capabilities

FAMILY DOMAIN Approach◦ Trusted Server referred to as a Domain Authority(DA) installs a

domain private key in each of devices in a domain◦ A Device needs to only register with a DA once and could access

to all the content in a domain with domain private key

Page 16: new

KREK

KMAC

Device

License file

KREK

Content

KCEK

License file

Content

KMAC

KMAC

KCEKKCEK

EXAMPLE USE CASESEXAMPLE USE CASES

Page 17: new

ConclusionConclusion Our DRM framework is applicable to other devices

such as PDA, set-top box, automobile, or a PC Content could be seamlessly shared amongst all

devices through family domain There are many areas need to be complete before our

DRM system becomes a reality◦ Many use cases need to be explored◦ The Software block need to be more thoroughly described◦ Secure mechanism to extend the OS need to be developed◦ Hardware support to enable a trusted computing platform needs to be deployed

Page 18: new

Thank youThank you