1 / 20

License Protection with a Tamper-Resistant Token

License Protection with a Tamper-Resistant Token. C.N. Chong ( Jordan ), B. Ren, J. Doumen, S. Etalle, P. H. Hartel and R. Corin. Faculty of EEMCS University of Twente The Netherlands. Overview. Introduction Objectives Security Requirements License Script License Protection Scheme

marcus
Download Presentation

License Protection with a Tamper-Resistant Token

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. License Protection with a Tamper-Resistant Token C.N. Chong (Jordan), B. Ren, J. Doumen, S. Etalle, P. H. Hartel and R. Corin Faculty of EEMCS University of Twente The Netherlands

  2. Overview • Introduction • Objectives • Security Requirements • LicenseScript • License Protection Scheme • Prototype • Evaluation • Conclusions and Future Work

  3. Introduction • Content protection is intended to enforce usage rights, which are specified by a license. • A license often carries content key, metadata of the content, and some other sensitive information of the user. • Therefore, it requires adequate protection.

  4. Objectives • To ensure confidentiality and integrity of a license or parts thereof, so that usage rights, keys, metadata can be protected. • To enforce different usage rights on different parts of the content and license. • To share and control the access on the content or license (or parts thereof) with other users, with flexibility.

  5. Security Requirements • We assume some of the system components can be trusted. • We define some requirements for our license protection scheme: • License integrity • Frequent token interaction • Key confidentiality

  6. LicenseScript Language • LicenseScript is based on multiset rewriting and logic programming. • Multiset rewriting can capture dynamic license evolution. • Logic programming can capture the static terms and conditions on the licenses.

  7. Primitive Prolog Programs Clauses (Prolog) Bindings LicenseScriptLicense license(stock_price, [(canreset(S,B1,B2) :- S==provider, set_value(B1,viewed,0,B2)), (canupdate(S,B1,B2) :- S==provider, get_curr_time(T), set_value(B1,updated,T,B2)), (canview(S,B1,B2) :- get_value(B1,subject,Ss), is_member(S,Ss), get_value(B1,viewed,X), get_value(B1,maxviews,Y), X<=Y, X=X+1, set_value(B1,viewed,X,B2))], [maxviews=10, viewed=0, updated=01012004, subjects=[broker]]) Content Identifier

  8. We use a key tree and a hardware token. 4 components: application, referencemonitor, token and provider. 2 protocols: Protocol A and Protocol B. License Protection Scheme Application Protocol B Reference Monitor Token Protocol A Provider

  9. Protected Storage Mechanism • Protected storage is a service to the host platform in which the trusted platform module (TPM) helps storing confidential data on unprotected storage media. • We use protected storage in a form of a key tree.

  10. A child node is encrypted using the parent node. The root key is the “master key” for the whole tree. Keys are not exposed when the license is in use. We can selectively deploy the information of the license with other entities by using a key tree. rootkey skey1 skey2 skey3 skey4 data1 data4 data2 data3 Key Tree

  11. license(stock_price, [(canreset(S,B1,B2) :- S==provider, set_value(B1,viewed,0,B2)), (canupdate(S,B1,B2) :- S==provider, get_curr_time(T), set_value(B1,updated,T,B2)), (canview(S,B1,B2) :- get_value(B1,subject,Ss), is_member(S,Ss), get_value(B1,viewed,X), get_value(B1,maxviews,Y), X<=Y, X=X+1, set_value(B1,viewed,X,B2))], [maxviews=10, viewed=0, updated=01012004, subjects=[broker]]) rootkey skey1 skey2 skey3 skey4 data1 data4 data2 data3 Protected License

  12. Predicate that stores the encrypted value with the key Storage keys Message Authentication Code Protected License license(stock_price, [(canreset(S,B1,B2) :- cipher(“CJ…”,skey1)), (canupdate(S,B1,B2) :- cipher(“XY…”,skey3)), (canview(S,B1,B2) :- cipher(“AB…”,skey4))], [maxviews=cipher(“12…”,skey4), viewed=cipher(“AC…”,skey4), updated=01012004, skey1=cipher(“89…”,rootkey), skey2=cipher(“aC…”,rootkey), skey3=cipher(“CC…”,skey1), skey4=cipher(“XA…”,skey2), mac=cipher(“JK…”,rootkey), subjects=[(provider,rootkey), (broker,skey2), (alice,skey4)]])

  13. Protocol A • To send a protected license to the application. • To send the public key of the application to the token. • A->T : {A,P,“name”} • T->A : {N,MAC(N,K(P,T)),A,P,T,“name”}_K+eP • A->P : {A,{N,MAC(N,K(P,T)),A,P,T,“name”}_K+eP} • P->A : {Lic,{N+1,A, K+eA}_K+eT} • A->T : {N+1,A, K+eA}_K+eT

  14. Protocols: Protocol B To use the protected license. • A->T : {A,Lic,MAC(Lic,K(P,T))} • T->A : {Kss1}_K+eA • A->T : {Key,{D}_Kst,“param”}_Kss1} • T->R : {{D,SIG(D,K-sT)}_Kss2,{Kss1, Kss2}_K+eR} • R->A : {D}_Kss1 • A->T : {D’}_Kss1 • T->A : {{D’}_ Kst}_Kss1 • A->T : {Lic’}_Kss1 • T->A : {MAC(Lic’,K(P,T))}_Kss1

  15. Security Analysis • CoProVe verification. • Security requirements are fulfilled: • License integrity: using MAC. • Frequent token interaction: different parts of the content/license are encrypted using different keys. • Key confidentiality: keys stored on the license are encrypted.

  16. License Interpreter acts as a reference monitor. ECLiPSe. Meta-Interpreter. Rewrite Rules. Prototype Token (Java iButton) Application (Java) Serial Reference Monitor (License Interpreter) Provider (Java) Socket

  17. Performance Evaluation • Test 1: Level of the key tree • It takes approximately 1.22 seconds to decrypt data of ≤128 bytes at level 10 of the key tree. • Test 2: License Reconstruction • It takes approximately 2.25 seconds to reconstruct the license for an arbitrary updated level in the key tree. • Conclusion: suitable for shallow key trees and small licenses.

  18. Conclusions • A license is an important element of digital rights management (DRM). • We propose a license protection scheme based on a tamper-resistant token and a key tree. • We apply it to the LicenseScript licenses. • A prototype is built by using the Java iButton. • Performance assessment and formal verification. • It is secure (w.r.t. assumptions) and practical (for shallow key trees and small licenses).

  19. Future Work • To extend our business model of one token per provider to one token and many providers. • To use a USB connection for performance improvement. • To extend the protection scheme for protecting fancy media.

  20. Thank you for your attention! Questions? Answers?…

More Related