1 / 11

A DRM Security Architecture for Home Network

A DRM Security Architecture for Home Network. Bogdan C. Popescu, Frank L.A.J Kamperman. Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05) – Volume 00 ICIS '05. Compliant Device. Make by CE Manufacturer. Given a public/private key pair

jered
Download Presentation

A DRM Security Architecture for Home Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A DRM Security Architecture for Home Network Bogdan C. Popescu, Frank L.A.J Kamperman Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05) – Volume 00 ICIS '05

  2. Compliant Device • Make by CE Manufacturer. • Given a public/private key pair • Private key stored in tamper-resistant memory • Public key certified by manufacturer by mean of a device certificate. • Identified by a unique Global Device ID( GDI ) • Include in device certificate. • Manufacturer-prefix + device serial number • Local Device ID( LDI ) • No cryptographic hardware accelerator

  3. Distribute revocation information Content Provider Content Provider License Manufacture Distribute content Certify device Content Manager Content Manager CE Manufacturer CE Manufacturer Exchange content Domain Manager Register device Compliant Device Compliant Device Compliant Device Compliant Device Certify device Authorized Domain Authorized Domain Framework Licensing Authority

  4. Authorized Domain Creation • Generate a master device key list • Size is equal to maximum number of device allowed • Generate domain ID • As concatenation of the manager’s GDI and ever-increasing domain version number • At manufacture, domain version number is zero. • If AD manager reset, domain version number is incremented.

  5. Notation 5

  6. certA, { NA, GDIM } XA certM , { NM, GDIA , NA , { kS }YA }xM certA, { NM, GDIM } XA [ LDIA, KA , credentialsSetA ] ks Compliant device A Domain manager Device Registration

  7. LDIA , NA LDIB, NB, authenticationTicketBA { NB}K , authenticationTicketAB { NA}K Compliant device A Compliant device B Device Authorization K = SHA-1(KAB, KBA, NA, NB) • Authentication credential set • authentication key that is symmetric key • Share between device with in same AD domain. • authentication ticket associate with authentication key

  8. Local Revocation List • Generate by AD Manager • Consists of the GDIs of domain device • Revoked • Removed from domain • Revoked device cannot receive new data digital content, so that eventually become useless.

  9. Device removal • Voluntary leave • Damaged / Stolen Devices • Domain manager to identify the device to be removed • Device Revocation • Compliant are revoke by the licensing organization by having their GDLs listed on the global revocation list. • Distributed by content providers together with the data content items. • Content manager also report the identify of the domain manager to the providers. • content manager attempt to connect to domain manager • If AD Manager is reachable, Forward it the GDRL, process and return a Local Revocation List ( LRL ), • If AD manager is not reachable. The content manager keep the original GDRL attached to the data content

  10. Key Update • If too many device are removed from the domain, the domain manager may run out of master key to assign to new device • Terminate domain and re-create a new master key list. • Not user-friendly • Re-use the LDIs of removed device and assign to new device

  11. LDIB , NB LDIC, NC, authenticationTicketCA { KCB,authenticationTicketCB}KC , authenticationTicketBC { NB}K , authenticationTicketCB { NC}K Compliant device B Assigned device A that has been removal Compliant device C Key Update K = SHA-1(KBC, KBC, NC, NB)

More Related