1 / 18

Key Challenges in DRM: An Industry Perspective

Key Challenges in DRM: An Industry Perspective. Brian A. LaMacchia (Microsoft Corporation) Lecture Notes in Computer Science ACM DRM 2002. Outline. Three key challenges in DRM Authoring policy expression Expressiveness, comprehensiveness, interoperability

wbyers
Download Presentation

Key Challenges in DRM: An Industry Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Key Challenges in DRM: An Industry Perspective Brian A. LaMacchia (Microsoft Corporation) Lecture Notes in Computer ScienceACM DRM 2002

  2. Outline • Three key challenges in DRM • Authoring policy expression • Expressiveness, comprehensiveness, interoperability • Current rights-language initiatives • Evaluating policy expression • Usability vs. complexity • Projecting policy expressions with confidence into remote environment • Attestable TCB (trusted computation bases) • Current TCB initiatives Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  3. Digital Management of Rights Management of Digital Rights Building Blocks of A DRM System Digital Rights Management (DRM) Integrity Checking Access Control Credential Authentication Copy Control Transaction Tracking Rule Specification Cryptography Watermarking Rights Language • Hashes and protocols • Block cipher • Public-key encryption/decryption • Media specific techniques • Fingerprinting • REL • XrML DRM Policy Management System Rights Language Rights Evaluator Trusted Computing Base Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  4. Why a Rights Languages Is a Must? • Requirements of policy expression • The language must be sufficiently expressive to allow users (content owners, distributors and consumers) to write the types of policies they wish • The language must be easy enough for reason about and communicate content policies. • Statements from many different sources must preserve a certain level of interoperability • A general-purpose rights expression languages is what we want • A type of policy authorization language where the focus of the language is on expression and transferring rights from one party to another in an interoperable format Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  5. Various Rights Language Initiatives • XrML - XML Rights Management Language • http://www.xrml.org • Rights Expression Language (REL) and Rights Definition Dictionary (RDD) in MPEG-21 • RLTC in OASIS • ODRL - Open Digital Rights Language • http://www.odrl.net • Adopted by OMA (Open Mobile Alliance) • XACML – OASIS eXtensible Access Control Markup Language • XMCL – the eXtensible Media Commerce Language Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  6. XrML • Descendant of Dr. M. Stefik’s DPRL (Digital Property Rights Language) • In 2000, the data model of DPRL was converted to XML. The resulting language, together with some language extensions, was named XrML 1.0 • ContentGuard released XrML 2.0 in November 2001 Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  7. XrML 2.0 Data Model: Grant • Principle – the identification of a party to whom rights are granted. • Resource – the object to which the Principle can be granted a Right • Right – the verb that a Principle can exercise against some Resource under some Condition • Condition – terms, conditions and obligations under which rights can be exercised Grant Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  8. XrML 2.0 Data Model: License • A set of Grants • Identification information of license issuers • Additional information • Description of the License • Validity date Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  9. XrML 2.0: Structures Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  10. XrML 2.0: A Minimal Example The holder of the key possess the name of Alice Richardson Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  11. XrML 2.0: Features • Trust Model • patterns, variables and quantifiers are included • prerequisite rights • Confidentiality • Web service specification • Pattern matching Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  12. The Most Challenging Issue • Using rights languages to represent liability-based systems through explicit expressions of rights • Policy evaluators always want expressions can be evaluated and determined to be true facts or false statements • Evaluating laws often needs a fact-finder to balance competing interests Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  13. Evaluating Policy Expressions • A DRM policy evaluator • decides for each requested access whether the relevant policy allows it to occur • Is just an instance of a robust-general purpose trust management engine • The set of the resources to be protected is the entire set of content potentially available to the client over the network • The set of objects that a DRM system want to manage is unbounded, thus human reasoning suffers and the implementation cost is too high. • The need for good user interface for describing and configuring trust management policies is still an open work area for DRM system policy evaluators. Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  14. Projecting Policy Expressions with Confidence into Remote Environments • Most DRM systems have to operate on multiple nodes in a network • Content provider will not distribute their works to “hostile” platforms • Users will never reveal their private information to suspicious remote system • Solutions • Security protocols grounded in trusted computing bases Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  15. Trusted Computing Bases • Trusted computing platforms • Platforms that will operate correctly and behave in accordance with their design parameters • A TCB cannot violate the policy it is supposed to enforce • Attestability • An attestable TCB is a TCP that is able to convince a remote party that its is running and behaving according to some specification • Current industry initiatives • Trusted Computing Group – many vendors • Palladium – Microsoft • Both initiatives adopted HW-based public-key cryptography to generate attestations about software Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  16. TCG • Trusted Computing Group • https://www.trustedcomputinggroup.org/ • An industry standards body, comprised of computer and device manufacturers, software vendors, and others with a stake in enhancing the security of the computing environment across multiple platforms and devices • The TCPA (the former name of TCG) was founded 1999 by Compaq, HP, IBM, Intel and Microsoft. • In the meantime around 200 companies joined them. You will find Adobe, AMD, Fujitsu-Siemens, Gateway, Motorola, Samsung, Toshiba and many other well known companies. IBM already sells first desktops and notebooks with integrated TPM. Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  17. Implementations of Trusted Platform • Every computer will have a hardware component , built-in on the motherboard, computing SHA1 hash values of software stack of interest. • TCG: Trusted Platform Module, also known as Fritz-Chip • Palladium: Security Support Component • A RSA-based digital signature over the hash function is then created. • The digital signature together with whatever certifications the third party provided for the signing key forms the attestation. • The integrity of the hardware is important Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

  18. Another Viewpoint: Against-TCPA • Consequence of Trusted Computing Base • The informational self-determination will never exist anymore. It is not possible to save, copy, create, program, ..., the data like you want. This applies for privates as for companies • The free access to the IT/Software market is completely prevented for anyone except the big companies • Restrictions in the usage of owned hardware would apply • The liberty of opinion and the free speech on the internet would finally be eliminated • The national self-determination of the particular countries would be fully in the hands of the USA • Probably the world would break into two digital parts (Countries that express against TCPA) Chun-Hsiang Huang ,DSP Group, CMLab, Dept. of Computer Science and Information Engineering, NTU 

More Related