1On Necessity and Sufficiency of Cryptography inDigital Rights ManagementSrividya ShanmughamAbstract— In the present digital world Digital Rights Manage-ment (DRM) is essential to enforce persistent data protectionright from the moment it is published. Inspite of a need forDRM there are significant weaknesses in the current technology.We cite failures of WMDRM and Fairplay DRM to highlightthose weaknesses. In general, DRM technology is vulnerable toattacks because the decryption key must be made accessible tothe end-user from whom it is supposed to be secured. On thecontrary, in traditional cryptography the end-users themselvesensure the secrecy of the decryption keys. Any DRM technologyis only as strong as the technique used to hide the key as opposedto the cryptographic algorithm used in encrypting the content.We shall review a method that modifies DES implementationby embedding the key in the algorithm itself. We also reviewalternatives to strong DRM like MediaSnap DRM and Lightweight DRM. Finally we analyze the role of cryptography in thesuccess of DRM systems and present some future directions.I. INTRODUCTIONWe live in an era where digital content such as books [1],movies, music [3], games etc form an integral part. There arethree entities associated with any digital content: producer,publisher and consumer. If the content is not adequatelysecured at the time of its release, then the publisher andproducer can incur heavy loss. Thus the need for an effectiverights management system where only legitimate consumerscan have access to digital content [4]–[7].A Digital Rights Management (DRM) system comprises ofa content producer who submits the content to a publisher. Thepublisher uses DRM tools to encrypt the content and publishesthe protected content along with a license key(see Figure 1).The consumer uses the license key to decrypt the contentusing a DRM client tool. One can quickly note the conflictingobjectives here: provide the consumer with the license key todecrypt content while at the same time prevent the consumerfrom accessing the license key easily. Typically DRM systemsachieve these objectives by hiding the key from the consumer.Experience in real world has shown that such key hidingmethods are easily discovered even though the underlyingcryptographic algorithms are very secure. In this report weshall critically review the role played by cryptography in DRMsystems and draw conclusions on whether cryptography isnecessary and sufficient to the success of a DRM system.We begin by describing how cryptographic algorithms areessential for fulfilling the various security requirements im-posed in a DRM system. In section III, we present an overviewof a few commercial DRM technologies. We examine howeach of them fare poorly when it comes to hiding the decryp-tion key from the end user. In section IV, we discuss threemodels that are used to assess threats to a cryptographic systemFig. 1. Basic components of a DRM systemand how white-box threat model is the most appropriatemodel for designing foolproof DRM systems. In section V,we present the work of Chow et al [8] on modified DESimplementation for DRM based on white-box threat model.Their implementation of DES uses a variation of S-Box wherethe key input from each round of DES is embedded in theS-Box operation itself. Further Input/Output encodings areapplied to the DES operations effectively making the algorithmglobally secure. We analyze the effectiveness of their keyhiding strategy as opposed to the ones reviewed in section III.We also point out drawbacks to their approach. In section VIwe briefly present two alternatives to strong DRM that usecryptographic techniques effectively. Finally we analyze therole of cryptography in the success of DRM systems andpresent some future directions.II. SECURITY REQUIREMENTS IN A DRM SYSTEMWe shall now briefly list the various security requirementsthat are needed in a DRM system.A DRM system should verify the identity of content pro-ducer using certificates and digital signatures when content issubmitted (authentication). The DRM system should be able toprove any illegal submission (non-repudiation). Without thesetwo requirements, unwanted virus may be inserted into thesystem.DRM system should ensure that the content is tamperresistant (integrity). Trusted computing techniques should beused to ensure that the content is consumed only by thelicense owner(confidentiality). By using a combination ofdigital signatures and certificates mass abuse of the contentshould also be detected(non-repudiation).The license should be unforgeable. Any change in thelicense should make it invalid (integrity). The license shouldbe bound to its content by using a unique identifier of thecontent (eg. hash of the data).2All of the above requirements are fulfilled in a DRM systemusing cryptographic techniques. Table I summarizes the roleplayed by cryptography in enabling DRM technology.TABLE ICRYTOGRAPHIC SERVICES IN DRMContent Consumer Contracts LicenseIntegrity X X X XAuthentication X X X -Non-repudiation X X X -Confidentiality X X - -III. OVERVIEW OF DRM TECHNOLOGIESFor the past decade, software vendors like Microsoft, Apple,Adobe have invested heavily in developing DRM technologiesdue to demand from content producers. In this section, weshall review some of the leading DRM technologies. All ofthe DRM technologies employ sophisticated cryptographicalgorithms to encrypt content. However, the real weakness liesin the way the decryption key is hidden from the end user. Weshall primarily focus on this aspect in our review.A. Windows Media DRMWindows Media DRM (WMDRM) is a flexible platformthat protects and securely delivers content by subscription orindividual request for playback on a computer, portable device,or network device. WMDRM uses a combination of ellipticcurve cryptography key exchange, AES block cipher, a customblock cipher dubbed MultiSwap (for MACs only), the RC4stream cipher, and the SHA-1 hashing function for providingthe various cryptographic services outlined in the previoussection.Decryption capability is laid with the Individual Black-boX(IBX). IBX uses a combination of the elliptic curvecryptography key exchange, AES block cipher and the SHA-1 hashing function. It contains the code to parse licenses, toverify that it is running on the same hardware, to check thatthe system clock hasn’t been moved backwards and to validatesignature for the players. When things work perfectly,
View Full Document
Unlocking...