1 / 15

Digital Rights Management in a 3G Mobile Phone and Beyond

Digital Rights Management in a 3G Mobile Phone and Beyond. Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk. Contents. Introduction DRM Concepts and Strategies Our DRM System DRM Manager Trusted Application Agents Security Agent DRM Credential Security Issues

dard
Download Presentation

Digital Rights Management in a 3G Mobile Phone and Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Rights Management in a 3G Mobile Phone and Beyond Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk

  2. Contents • Introduction • DRM Concepts and Strategies • Our DRM System • DRM Manager • Trusted Application Agents • Security Agent • DRM Credential • Security Issues • Family Domain • Example Use Cases • Conclusion

  3. Introduction • 3G mobile phone • High communication rates • 144K ~ 2Mbps • Personal Area Networking capability • P2P sharing of digital item over short-range networks • High Internet Connectivity • Losses from piracy • Digital Rights Management(DRM) will be an important component for future Mobile phone

  4. DRM Concepts and Strategies- Overview of trusted DRM System • License File • Metadata • Usage Rules • Encrypted Key • Hash • Signature • Protected Content File • Encrypted Content • With key in license file • DRM System • Rendering Software • DRM Services

  5. DRM Concepts and Strategies- Open Mobile Alliance DRM

  6. DRM Concepts and Strategies- Open Mobile Alliance DRM Protected RO RO Rights Content Encryption Key (CEK) Permission Decrypt Digest of Content Content ID Digital Signature of Rights (optional) Right Encryption Key (REK) and MAC Key MAC of RO

  7. Our DRM System • How to interface the DRM and security S/W with the phone’s OS and applications • Two approaches of Schneck’s paper • Replace the I/O elements of OS with new modules • Hyperadvisor • Our approach • The OS is extended to support DRM functionality • Access these extended system services through API

  8. Our DRM System - DRM Manager • Authenticate Licenses and Content • Before use protected digital content • Need to verify the integrity and authenticity of the license file • Computation of hash in the license file • Verifying the signature of the license • Enforce Rights • Application can ask the DRM manager • To do Actions like Play, display, copy • Actions can be associated with 3 fundamental types of rights • Render rights, Transport rights, Derivative work rights • Some additional events • Need to use a secure database to track events • Rights to an action are assigned to a device • Decrypt Content

  9. Our DRM System - Trusted Application Agents • Access and manipulate decrypted content • Rendering Agents • Provide application to render the protected content • Provide the low-level driver • Convert the digital data • The execution of a DRM-protected software application is categorized as a rendering operation • Transport Agents • Provide services that move content from one location to another • The establishment of a Secure Authenticated Channel(SAC) with help of security agent • Derivative Work Agents • Used to extract and transform protected content into a different form • Installation of DRM-protected software or data

  10. Our DRM System- Security Agents • Memory and file management • Access-controlled file system • Store decrypted digital content • Store a secure database • Encrypted private keys and data • Memory separation system • Configure a hardware monitor to define available memory area to task • Secure memory system • Prevent critical data from leaking out of the system • Linked to tamper detection circuitry • Cryptographic operations • Symmetric key • Hash • Public key • Key/Certificate manager • Securely handling a database of the phone’s credentials (keys, certificates, ID)

  11. Our DRM System - DRM Credentials • Serial number • Unchangeable number that identifies the phone • Model number • Number that identifies HW and SW version • Root key • Check the authenticity and integrity of the credentials • Private keys and Certificates • KuPri and UniCert • Used for establishing Secure Authenticate Channel(SAC) to a phone • KdPri and DRMCert • Used for assigning content to a device • Content encryption key is encrypted with KdPub and decrypted with KdPri

  12. Security Issues • License • Four essential items • A hash value that links the license to the digital item • The rights allowed for that digital item • A key to decrypt the digital item • A signature of the license • Integrity and Authenticity • Established through a Public-Key Infrastructure(PKI) or a shared secret • Rights Enforcement • DRM manager needs to parse the license file and recognize rights expressions • DRM manager needs to be able to recognize the version of the license file • Content Protection • Privacy Issues • User information and identity in a license must not disclosed without the consent of the user

  13. Family Domain • Consumers wish to user content on any of their devices • Suitable for devices with limited or no networking capability • Device only needs to register with DA once and can access to all the content in a domain with domain private key

  14. Example Use Cases

  15. Conclusion • Our proposed DRM framework is also applicable to other devices • PDA, set-top box, automobile, or a PC • Family domain concepts could be make content be more seamlessly shared amongst all devices

More Related