1ECE 646: Project SpecificationSrividya ShanmughamI. PROPOSED TITLEOn Necessity and Sufficiency of Cryptography in Digital Rights ManagementII. INTRODUCTIONDigital Rights Management (DRM) broadly refers to a set of policies, techniques and tools that guidethe proper use of digital content [1]. We live in a digital age where digital content such as books, videos,music, games etc form an integral part.There are three entities associated with digital content: producer, publisher and consumer. If the contentis not adequately secured at the time of its release, then the publisher and producer can potentially incurheavy loss. Thus the need for an effective rights management system where only legitimate consumerscan have access to digital content.DRM techniques are therefore employed to protect digital content persistently. Such techniques include”description, identification, trading, protecting, monitoring and tracking of all forms of usages over bothtangible and intangible assets” [2].III. MOTIVATIONDRM uses secret keys to provide various security services like: integrity, authentication, confidentiality,non-repudiation and anonymity to secure licenses, protect content and consumer systems. The secret keysare stored in encrypted form along with the content. Nevertheless the keys are visible to the end user insome form or the other because the keys are necessary to unlock the content. In such a scenario, there isan implicit expectation that the end user would not act maliciously. End users may have legitimate needto copy content such as for creating backups or playing content on other devices. This might drive themto seek ways to break a DRM system or to avoid DRM content altogether. Thus, protecting the content(by hiding the secret key) while not alienating the end user is an important challenge for DRM.For the past decade, big companies like Microsoft, Apple, Adobe have invested heavily in developingDRM technologies. Every generation of DRM technology is sooner or later circumvented rendering thatDRM obsolete. Of late, even Apple is moving away from DRM in its iTunes store and Amazon hasstarted a new music service with DRM-free content.We shall thus seek to analyze the role of cryptography in DRM in this project.IV. PROPOSED SCOPEIn this project we shall investigate the following questions related to DRM:• Case studies of attacks on widely used DRM• Do recent developments indicate failure of cryptography in DRM?• Is there something inherent in DRM that is leading to its downfall?• Are there alternatives to existing DRM technologies?• Is cryptography necessary for DRM and if so, is it sufficient?• Can cryptography provide complete security to digital content?• Future applications of DRM : Cinema, HD-DVD Blue Ray2A. Tentative Table of Contents1) Abstract2) Introduction3) Case Studies in DRMa) Windows Media DRMb) Apple iTunes Store and Fairplay DRMc) Amazon Music Store4) Threat modelsa) Black-box and Gray-box attacksb) White-box attacks5) White-box cryptography in DRM6) Alternatives to DRMa) Security by obscurity (MediaSnap DRM)b) Light Weight DRM (LWDRM)c) Digital fingerprints/Watermarking7) Analysisa) Necessityb) Sufficiency8) ConclusionB. TimelineThe following table gives the tentative timeline for completing this project.TABLE ITIME SCHEDULETask Goals Due DateSpecification Consolidate references 10/03/07Progress report - I Case studies in DRM 10/19/07Progress report - II White-box cryptography applied to DRM, Alternatives 11/16/07Project report Analyse necessity and sufficiency of cryptography in DRM 12/05/07Presentation 12/19/07C. Potential changes to ScopeSince DRM techniques employed by Microsoft and Apple are proprietary, we may not be able to collectenough material for case studies. We will rely on material published by third party analysts. We will alsotry to include other popular DRM technologies in case studies.REFERENCES[1] S. Subramanya and B. Yi, “Digital rights management,” Potentials, IEEE, vol. 25, pp. 31–34, 2006.[2] N. Rump, “Definition, aspects, and overview,” Digital Rights Management, pp. 3–15, 2003. [Online]. Available: http://dx.doi.org/10.1007/10941270 2[3] M. Stamp, “Digital rights management: The technology behind the hype,” Journal of Electronic Commerce Research, vol. 4, no. 3,2003. [Online]. Available: http://www.csulb.edu/web/journals/jecr/issues/20033/paper3.pdf[4] S. Chow, P. Eisen, H. Johnson, and P. van Oorschot, “White-box cryptography and an AES implementation,” in Record of the 9thAnnual Workshop on Selected Areas in Cryptography (SAC 2002), 2002.[5] S. Chow, H. Johnson, P. van Oorschot, and P. Eisen, “A white-box DES implementation for DRM applications,” in In ACM CCS-9Workshop DRM 2002, 2002.3[6] H. E. Link and W. D. Neumann, “Clarifying obfuscation: Improving the security of white-box des,” International Conferenceon Information Technology: Coding and Computing (ITCC’05) - Volume I, vol. 1, pp. 679–684, 2005. [Online]. Available:http://eprint.iacr.org/2004/025.pdf[7] J. Nutzel and A. Beyer, “Emerging trends in information and communication security,” in How to Increase the Securityof Digital Rights Management Systems Without Affecting Consumers Security, 2006, pp. 368 – 380. [Online]. Available:http://dx.doi.org/10.1007/11766155 26[8] P. van Oorschot, “Information security,” in Revisiting Software Protection, 2003, pp. 1–13. [Online]. Available: http://dx.doi.org/10.1007/10958513 1[9] J. A. Halderman, “Evaluating new copy-prevention techniques for audio CDs,” in Proc. ACM Workshop on Digital Rights Management(DRM), Washington, D.C., November 2002. [Online]. Available: www.cs.princeton.edu/∼jhalderm/papers/drm2002.pdf[10] R. Grimm and P. Aichroth, “Privacy protection for signed media files: A separation-of-duty approach to the lightweightDRM (LWDRM) system,” in Proc. ACM Multimedia and Security Workshop 2004, September 2004. [Online]. Available:www.signcryption.net/publications/pdffiles/GrimmAichroth-MMSec04-p93.pdf[11] J. Dittmann, P. Wohlmacher, and K. Nahrstedt, “Using cryptographic and watermarking algorithms,” Multimedia, IEEE, vol. 8, no. 4,pp. 54–65, Oct-Dec 2001.[12] M. Peinado and F. Petitcolas, “Digital rights management for digital cinema,” Multimedia Systems, vol. 9, pp. 228 – 238, september2003. [Online]. Available: http://dx.doi.org/10.1007/s00530-003-0094-3[13] R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems.
View Full Document
Unlocking...