1 / 14

USC CSci599 Trusted Computing Lecture Seven – Digital Rights Management February 23, 2007

USC CSci599 Trusted Computing Lecture Seven – Digital Rights Management February 23, 2007. Dr. Clifford Neuman University of Southern California Information Sciences Institute. Applications.

gavan
Download Presentation

USC CSci599 Trusted Computing Lecture Seven – Digital Rights Management February 23, 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. USC CSci599Trusted ComputingLecture Seven – Digital Rights ManagementFebruary 23, 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute

  2. Applications • Trusted computing is there to support specific applications with specific policies that might be hard to enforce on machines outside of the control of the entity needing the policies enforced. • The first of the applications we will discuss is the one most closely tied to trusted computing. • Digital rights management (DRM)

  3. TC Applications and Policy • The issues that are addressed by most applications are issues of policy. • TC is able to better support many of these policies than can be supported without TC. • DRM is all about policy • Who can access protected content. • What they can do with protected content. • How long they can do it for. • TC is what protects the content from being accessible to applications that will not enforce the policies.

  4. Protected Interests • DRM primarily protects the content provider or content owner. • That content will not be accessible to applications that do not enforce content provider specified restrictions on access. • Typical DRM does not consider protection for other interests that SHOULD be protected: • That the users private data is not disclosed or used for other than purposes agreed to. • That added software to which the user does not agree is not installed on their system. • That the user should be able to access content to which they have legitimate access even if the provider changes their mind.

  5. Negotiation of Interests • User’s can choose to relinquish some right in exchange for others: • Reduced cost • Ability to access needed data. • Such negotiation should be based on informed acceptance. • It should be based on balanced interests, though often it will not.

  6. DRM Today • Software • Usually through code obfuscation • Licensing keys • Hardware dongles • Media (audio / video) • Encryption • Embedded keys (obfuscated or hardware) • Programs or devices enforce policy • Problems with approaches • Often cracked • Special program embed extra behavior • Lack of portability across devices

  7. DRM Problems • Often cracked • Special program embed extra behavior • Lack of portability across devices • The Analog hole

  8. DRM Problems • Cracking of DRM • Often just a matter of de-obfuscation • Find keys embedded in software • Find keys embedded in hardware and distributed among others • Inability to distribute new keys means it is hard to revoke the keys that have been stolen • Inability to change encryption on existing instance of objects causes similar problem.

  9. Blu-Ray and HD-DVD Crack • The keys were discovered • Initially, just the keys for individual titles, which allowed decryption of the disks and dissemination of content. • More recently, the processing key discovered, that which enables decryption of all the disks made. • Determined by recording changes to certain parts of memory during startup. • Example of de-obfuscation.

  10. Bonus Code • DRM enabling application often • Collect usage information, sometimes for marketing purposes. • Slow down your system. • Like to stay resident when not using the protected content. • Report back about what else is installed. • Enable automatic updates (downloading of new versions). • Have been known to open your system to other malicious activities – whether intentionally or through carelessness.

  11. No Portability • Each content distributor has its own stack that works with its own content. • Doesn’t allow integrated management by users. • Requires lots of extra software. • But this is a standards issue, and isn’t necessary fixed by TC.

  12. The Analog Hole • Once content is “scanned” outside the protected devices, it can no longer be controlled. • Protections are removed. • Industry wants to make everything DRM enabling. • Whether for access to content or not. • Imposes costs on others. • No longer “negotiated”.

  13. User perceived DRM Problems • From Wired • Region coding – even though fair use, forces one to breach technical measures. • Disabling functionality in Verizon phones. • Subsequent changes to ability to access that which one has paid for.

  14. How TC can help • Reduce reliance on obfuscation. • Base policies can be enforced in common by OTS software, not different policies for each content stack. • Possibility to raise the point of commonality of policies to provide better portability. • But it is a hard human problem and might not be possible.

More Related