effective protection of intellectual property with drm ...€¦ · outsourcing increasing risks ......
Post on 20-Oct-2020
2 Views
Preview:
TRANSCRIPT
-
Effective protection of intellectual propertywith DRM technology
Dr. Gunter BitzSAP Fraud Prevention Competence Center
Teletrust Roundtable
Feb, 5th 2007, San Francisco
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 2
The Need for Enterprise RM
The dissolving enterprise perimeter
The data itself must be secured and controlled
Outsourcing increasing risksExternal sharing of intellectual propertyWorking with partners that work with your competitors
Actions of employeesCareless usage of e-mail & large distribution listsIntentional forwarding of information
-
Collaboration with Externals
Security & Trusted Computing
Rights Management Technology overview
Concept for Enterprise Rights Management
Local Policy Enforcement: An Alternative
Collaboration with Externals
Security & Trusted Computing
Rights Management Technology overview
Concept for Enterprise Rights Management
Local Policy Enforcement: An Alternative
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 5
RM - How local Policy Enforcement works
EncryptSet Policy
AuthenticateRetrieve key
Content policy and key stored
Portal
Repository
E-mail
Owner RecipientDataExchange
Central control by Information owner
Recipient cannot modify rights
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 6
DRM use cases / BC considerations
Fulfill compliance requirements: SOX, HIPAA, Japan data & privacy act, …
Data protection in outsourced business processes (e.g. 4R)
Industrial espionage
Disgruntled employees / Change of employment to competitors
E-mails leaving company environment
Cooperation with Externals (customer, partner)
Board and Supervisory board meetings
Insider information
E-learning and documentation
Admin password distribution
Contract drafts, merger & acquisition
IP and trade secrets
Strategic development information
HR data (salary, address)
CRM data (opportunity pipeline)
All data in content management systems
Most use cases focus on small target groups
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 7
Gartner’s Security Technology Hype Cycle
Less than two years
Two to five years
Five to 10 years
Key: Time to Plateau
Technology Trigger
Peak of Inflated
Expectations
Trough of Disillusionment
Slope of Enlightenment
Plateau of Productivity
Maturity
Visibility
As of 15 February 2005
Content Monitoringand Filtering
Biometrics
Security Compliance Tools
Database Security
Deep-Packet Inspection Firewalls
EnterpriseDigital Rights Management
Enterprise Federated Identity
IAM
Instant Messaging Security
Managed Security Service Providers
Patch Management
EnterpriseReduced Sign-On
NAC
SSL VPNsSSL or Trusted-Link Security
SEM andSIM
SmartTokens
Antispyware
Trusted Computing Group
Vulnerability Management
Web Services Security Standards
WPA Security
Hardware Tokens
Role Management
Data-at-Rest Appliances
Antiphishing
Public Key Operations
Business Continuity Software
E-Signature
Host IPS
Network IPS
Spam Filtering
E-Mail Encryption
Acronym KeyIAM = identity and access management SEM = security event management VPN = virtual private networkIPS = intrusion prevention system SIM = security incident management WPA = Wi-Fi Protected AccessNAC = network access contol SSL = Secure Sockets Layer
Collaboration with Externals
Security & Trusted Computing
Rights Management Technology overview
Concept for Enterprise Rights Management
Local Policy Enforcement: An Alternative
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 9
Enterprise RM: Integration ideas
Editing RM Policies and assigning them to documents is time consuming!
RM Policy depends on employee’s role & document type
Identity Management System: Predefined roles for all document classification levels and
document types
Other Integration Points:Storage location of document in content management system
Policy depends on initial storage location (data room concept)
Dynamically generated contend (by ERP Systems)Keep existing authorization objects RM Policy
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 10
Integration: IAM with RM Policy Server
Identity & AccessManagement
• Business Intelligence• Data Warehouse
RM Policy Server
• ERP Applications• CRM• SCM
• ContentManagement• Portals• File shares• Local Storage
Client• strong Authentication required
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 11
Identity Management Infrastructure with RM
Email
B2B Web
ServiceDirectoryERPOffice
DataAccess
Pro-visioning
Enterprise Network
Directory Security
Infrastructure Access
End User Applications
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 12
Role based authorization model for RM
Office-Applications
Directory
Service (IAM)
Other
Attributes
Users
Document
Access-Rights
RM Security Policy
Documents
Roles or
Groups
• Classification Level
• Document Type
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 13
Integration of Document Classification technologies
Challenge: Automatic document classificationType of document and data
Recipient / Target Group
Classification level
Employee’s role and position
Possible Solution: Linguistic content scannersNo mature products available yet
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 14
Example: Integration with content management systems
Content Management System
1. check-in unprotected document
2. authorization objects
DRM policy server
3. DRM policy
Client(authorized)
4. DRM protected document stored in
system
Client(authorized)
5. client receives protected document
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 15
A Typical Document lifecycle
Archive /Destroy
Publish
EditCreate
EachCycle:Triggerfor new
DRMPolicy
Set
Point of Integration:
Portal or ContentManage-
mentSystem
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 16
Example: Integration with ERP Systems
Application Serverwith DRM extension
1. Data Export Request
Client(authorized)
2. Authorization Objects
DRM Policy Server
3. DRM Policy
4. DRM protected data
5. data forwarded to other clients (e.g. via email) Client
(authorized)
Client(not
authorized)
7. Read ok –Decryption Key issued
8. Readnot ok
6. read requests
-
Collaboration with Externals
Security & Trusted Computing
Rights Management Technology overview
Concept for Enterprise Rights Management
Local Policy Enforcement: An Alternative
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 18
Collaboration with Externals
DocumentsAuthor: Company A
• Company A is Author• Company B gets writeaccess• Company B gets no further rights
Company A Company B
• Company B can modifydocuments as defined in the collaboration• Company B cannot disclose information to 3rd party
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 19
Challenges: 1. Interoperability
2 PartnersMutual agreement vs.
Law of the strongest
Multiple Partners???
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 20
Smallsuppliercompany
Interoperability between multiple customers
Customer KRM Solution K
Customer BRM Solution B
Customer ERM Solution E
Customer IRM Solution I
Customer FRM Solution F
Customer HRM Solution H
Customer ARM Solution A
Customer LRM Solution L
Customer DRM Solution D
Customer CRM Solution C
Customer JRM Solution J
Customer GRM Solution G
HELP !!!!…we need aStandard!
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 21
Interoperability: RM Standards
XrML (eXtensible rights Markup Language),
ODRL (Open Digital Rights Language) and
XMCL (Extensible Media Commerce Language)
BUT
No interoperability between heterogeneous Policy Servers!
No interoperability between Policy Server and non-native clientKey material (for document access) is stored on policy server of issuing entity
Policy servers issue “read licenses” to their native clients only
Collaboration with Externals
Security & Trusted Computing
Rights Management Technology overview
Concept for Enterprise Rights Management
Local Policy Enforcement: An Alternative
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 23
Security: Attack Vectors 1
Black Box Attack:Direct Attack to RM protected and encrypted document
Direct Attack to RM Policy Server
Both methods are Very difficult, require high skills
If encryption is implemented flawlessly brute force onlyAES 128 is believed to be secure the next 50 – 60 years
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 24
Security: Attack Vectors 2
Hardware & I/O
Kernel
Application / RM Client
Drivers
Prevent Policy Enforcement
Grab output data
Copy or modify memory
All sort of bus attacks & “Analog Hole” problems
Client AttacksClient Components
Application / RM Client
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 25
Microsoft: Protected Infrastructure for Multimedia
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 26
Trusted Computing: A possible solution
Trusted Computing defines the secure and non-forgeable measurement of the state of a node.
The node can change it’s status at will (from “secure” to “insecure”) but it can not deny of having done so.
Attestation is performed for each part of code from start-up Integrity Measurement (of the node)
This form of attestation can be performed remotely via network.
Digital signatures proof correctness of measurement
As of today: Available only for “secure startup”.
Lack of a trusted operating system
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 27
Rights Management with Trusted Computing
TNC Specification of the Trusted Computing Group
Collaboration with Externals
Security & Trusted Computing
Rights Management Technology overview
Concept for Enterprise Rights Management
Local Policy Enforcement: An Alternative
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 29
Local Policy Enforcement
DGServer
DGComm (with IIS): Receives the activity data from Agents.The data are inserted into the DG Database.
DGMC: DG Management Web interface.Database: Stores information for reporting, events, activities
and other necessary functions of the DG system.
DG Agent (Client PC)
Administrator
DGMC access1080/tcp to the server
Communication requirement1080/tcp from the client to the server
AD
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 30
Findings from Verdasys reports
Activity – File Copy to Removable Media 1/2 Duration: 9/26-10/24
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 31
Findings from Verdasys reports
Application activity – file copy to removable media 2/2
1. There were 8 activities detected by Verdasys on 10/15/2006
2. Breakdown 7 explorer activities
3. Break down the activity recordThe user seems backup D: and E: drive to external storage
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 32
Findings from Verdasys reports
Activity – Network Upload of Files
3. Break down the activity recordThe user seems to upload a completeweb page to a web server
Duration: 9/26-10/24
2. Breakdown ftpte activities
1. There were 10,000 activities detected by Verdasys on 09/13/2006
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 33
Pilot project: Process flow for file movement analysis
Identification Monitoring Analysis Filtering Reporting
Identification of
confidential
data sources
(by folder level)
by business
owner
(Mangers).
A final report
and a risk
exposure
estimation is
produced
Results (here:
23,000 files)
are (manually)
filtered to
identify critical
files, which
could endanger
SAP’s business
when disclosed
Data is
analyzed for
files from
confidential
data sources
which end up
on insecure
media (USB,
CDR, Network)
Digital
Guardian tool
records all file
movement
activity over a
period of 2
months for 500
users
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 34
86%
14%
95%
65%
5%
35%
0%
20%
40%
60%
80%
100%
120%
Files ending up on
insecure devices
compared to all file
movements
How many of the files
ending up on insecure
devices are
confidential?
Of all confidential files
that are copied or
moved, how many end
up on insecure
devices?
All Files, secure Media
All Files ending up on
insecure media
Confidential* files ending
up on insecure media
Confidential* Files,
secure Media
*Confidentiality is defined in terms of location, not content
35% of accesses involving confidential shares lead to files ending up on insecure media
File Movement Observed (qualitative)
-
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 35
Conclusion & Outlook
Trusted Computing will help to maintain control when sharing confidential information with partners / externals – but: not supported yet.
Lack of Trusted Operating System weakens TC capabilities
Interoperability of Rights Management Solutions required
Integration of RM is key to success for mass usageIdentity & Access Management
Content Management Systems
ERP Systems
Start with high risk areas today!
Local Policy Enforcement as alternative for internal use
SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 36
Effective Protection of IP (!?)
-
Thank you for your attention !Any questions ?
Effective protection of intellectual propertywith DRM technology
Dr. Gunter Bitz
gunter “dot” bitz “at” sap “dot” com
(E-Mails are welcome - SPAM is not)
top related