CONTENT PROTECTIONAND DIGITAL RIGHTS

MANAGMENT

What is missing?

Here we see scheme of networked multimedia system, red part is hardware, blue is content, green is software for running it.

WHAT IS MISSING IN THIS PICTURE?

The missing part is CONTENT PROTECTION AND DRM

• DIGITAL CONTENT (AUDIO,

VIDEO, GRAPHICS, IMAGES)

CAN BE EASILY COPIED, TRANSMITTED AND DISTRIBUTED

THIS HAS GREAT ADVANTAGES AND

BUSINESS POTENTIAL

• BUT DIGITAL MEDIA CAN ALSO MAKE BIG PROBLEMS FOR CONTENT OWNERS DUE TO UNAUTHORIZED USE. THEY CAN EASILY LOSE THEIR PROPERTY

• CONTENT OWNERS NEED THUS STRONG PROTECTION

• THUS DIGITAL CONTENT SHOULD

BE PROTECTED AGAINST

UNAUTHORIZED USE

THIS PROBLEM IS KNOWN CURRENTLY

UNDER THE NAME DRM

DIGITAL

RIGHTS

MANAGEMENT

Digital Rights Management (DRM)

= technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device

• can be used – to protect high-value digital assets

– control their distribution and usage

• Ultimate goal:

– persistent content protection against unauthorized access to the digital content,

limiting access to only those with the proper authorization – to manage usage rights for different kinds of digital content (e.g.music files,

video streams, digital books, images)

– different platforms (e.g. PCs, laptops, PDAs, mobile phones)

– control access to content delivered on physical media or any other distribution method (e.g., CD-ROMs, DVDs)

Digital Rights Management (DRM)

• Different methods for- Audio- Video- Internet stores- Documents (Enterprise DRM)

• Digital licenses– the consumer purchases a license with certain rights– A license is a digital data file that specifies certain usage rules (frequency of access,expiration date,

restriction of transfer to other devices, copy permission etc., may combined to try-before-buy) for the digital content

• Several players involved in– E.g. online distribution:

content provider, distributor,

consumer, clearing house - DVD’s manufacturer, replicator, player…

- Consumer: privacy, fair use (research, education..), usability (compatibility, seamless, updates)

EXAMPLE: Apple music store

Buying music from thenetwork means that thecontent has to be protectedagainst copying

• WHAT ARE THE REQUIREMENTS FOR DRM?

- IT SHOULD PREVENT COPYING- IT SHOULD AUTHORIZE ACCESS LIMITED TO: PARTICULAR USER, SPECIFIC TIME, SPECIFIC NUMBER USAGE AND COPIES, ETC.- IT SHOULD FACILITATE PAYMENT FOR CONTENT (E.G. RENEWAL OF RIGHTS)

• ALL REQUIREMENTS FOR DRM ARE VERY DIFFICULT TO SATISFY

• IN PARTICULAR THEY ARE DIFFICULT IF THE DRM SYSTEM WOULD BE STANDARDIZED, THAT IS

IS STRUCTURE IS KNOWN

• THIS IS BECAUSE STANDARDIZED SYSTEM MIGHT BE EASIER TO BREAK THAN SECRET SYSTEM

• IN PRINICPLE DIGITAL CONTENT CAN BE EASILY (?) PROTECTED

BY ENCRYPTION

WHAT IS ENCRYPTION?

THE CONTENT BITS ARE MANIPULATED IN SECRET WAY

BY SOME ALOGRITHM.

• THE ORIGINAL BITS CAN BE

RECOVERED BY REVERSING

THE OPERATION OF THE

ALGORITHM

CONTENT ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

CONTENT

• BUT SUCH SYSTEM HAS PROBLEMS1. IF ALGORITHM IS KNOWN, EVERYBODY WILL USE IT2. HOW TO CONTROL ACCESS? THAT IS USERS MAY BUY ACCESS FOR SOME TIME AND FOR SOME CONTENT ONLY 3. WHAT TO DO WITH USERS WHICH WILL USE PROPER ACCESS FOR ILLEGAL COPYING?

• THUS THE DRM CONTENT PROTECTION MUST BE MORE CLEVER IT HAS TO BE BASED ON

1. CONDITIONAL ACCESS

2. ENCRYPTION ALGORITHMS

and the newest addition is:

3. REVOCATION OF RIGHTS

• WHAT IS CONDITIONAL ACCESS?

IT IS ACCESS GIVEN ON LIMITED

CONDITIONS, E.G. TIME, CONTENT,

PAYMENT

CONTENT ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

CONDITIONAL ACCESS

CONDITIONAL ACCESS CAN BE A CARD GIVENTO THE USER, OR CERTIFICATE SEND VIA INTERNET

• EXAMPLE – THE SYSTEM USED IN DIGITAL TELEVISION FOR

WATCHING PAY PROGRAMS IN THIS SYSTEM CA HAS A FORM OF SUBSCRIPTION CARDS HOWEVER, THERE ARE SEVERAL ENCRYPTION ALGORITHMS USED. FOR DECRYPTION, THERE ARE DIFFERENT HARDWARE CAM’s CONDITIONAL ACCESS MODULES

CAM MODULESUBSCRIPTION CARD

RECEIVER FOR DIGITAL TELEVISION

• ONE RECEIVER CAN HAVE SEVERAL CAM’s FOR RECEIVING

PAY PACKAGES WITH DIFFERENT SUBSCRIPTION CARDS. SUCH

SYSTEMS ARE WIDELY USED IN TELEVISION.

BUT MANY SYSTEMS WERE ALSO BROKEN SINCE ONE CAN ANALYZE PROGRAM ON THE CARD AND

TRACE TRAFFIC BETWEEN CARD AND CAM.

• BUT WHAT TO DO IF A USER HAS

VALID SUBSCRIPTION BUT USES

IT FOR RECORDING AND DISTRIBUTING CONTENT ILLEGALLY?

ONE SOLUTION IS TO PREVENT

RECORDING AND/OR TO PREVENT

GETTING THE RECORDING OUT

OF THE DEVICE

• IN MEDIA TERMINAL USER CAN

RECORD DIGITAL TV PROGRAMS

ON INTERNAL HARD DISC

• BUT RECORDED CONTENT IS

ENCRYPTED AND THERE IS NO

WAY OF GETTING IT OUT OF THE

TERMINAL

REVOCATION OF RIGHTS

• Revocation means that grants given once

are removed from the user who breached the contract.

We shall explain revocation on the new

example of High Definition DVD discs

Current DRM systems for DVD

Standard Definition

CSS= Content Scramble System

DVD

Legacy Format Advanced Format

High Definition

AACS= Advanced Access Content System

HD DVD Blu-ray DiscOther

formats

DVD ContentProtection is broken

HD DVD is a new system with muchimproved protection and REVOCATION

Content Scramble System (CSS)Protection for DVD

• A data encryption and authentication scheme to prevent copying video files from the disks

• Several keys included in: authentication key, disc key, player key, title key, second disk key set, and/or encrypted key

• a weak 40-bit stream cipher algorithm• Brute Force Attact, possible to find the keys, only 2^40 options,

attacts to the hash codes

• Published 1996, but only usable in licensed DVD playbacks (Windows, MAC), not in Linux

1999 DeCSS

Advanced Access Content System (AACS) for HD DVD

• = a standard for content distribution and digital rights management, intended to restrict access to and copying of the next generation of optical discs and DVDs.

• “ a specification for managing content stored on the next generation of prerecorded and recorded optical media for consumer use with PCs and CE devices. “

• “will complement new innovations in the next-generation of optical discs, and enable consumers to enjoy next-generation content, including high-definition content.”

• The specification released in April 2005

AACS – Design criteria• Meet the content owners’ requirements for robustness and system

renewability– Content encryption based on a published cryptographic algorithm.– Limit access to protected content to only licensed compliant

implementations.– Support revocation of individual compromised devices’ keys.

• Suitable for implementation on both general-purpose computer and fixed-function consumer electronics platforms.• Applicable to both audio and video content, including high-definition video.• Applicable to various optical media formats.• Transparent to authorized use by consumers.

• Basic technical elements:- Robust encryption of protected content using the AES cipher.- Key management and revocation using advanced Media Key Block

technology.

AACS - Usage Scenarios

AACS : Content validation and revocation

Content Owner

Content Owner

Licensing Entity

Licenced Player

AACS: System overview – pre-recorded video

CONTENT OWNER

LICENSING ENTITY

LICENCED REPLICATOR

LICENCED PLAYER

ContentUsage rules

Device revocation data [MEDIA KEY BLOCK]Content revocatio list [CRL]Content sertificate

Sequence Key BlockSecret keys

Device keys (unique for the device /application)

Entity public keys (to check the content revocation data and content sertificate)

PRE-RECORDED VIDEOTitle keys - Encrypted content - Usage rules of content

-Content certificate -Conten hash-Device revocation data [MKB]-Content revocation list [CRL]-Sequence key block

SERVCE PROVIDER

Enhanced uses enabled via online authentication

AACS: Content encryption and decryption

AACS: Revoking the keys – in practice

In practice the operation of revocation in AACS is as follows:

- Each content (e.g. movie disc) release gets special key-Each type of player (hardware and software) gets special key

Now let’s think that somebody has broken protection of thismovie disc and released illegal copies or has modified player so it can play illegally the content.

Then those discs and players will be put on the revocation list.The list is updated on all new discs, so the when new disc is played on the player, playback of the broken disc will be disabledor the player is disabled!

AACS: Revoking the keys – in practice

• Feb 2007. 128-bit string of keys was published

– Compromises the part of AACS

– Common keys for software players (Cyberlink, Intervideo)

• Revocation started

– HD DVD’s with New Media Block’s on markets in May

Customers not able to play any disks released after may 2007 until the sofware versions are released

- Sofware updates = lots of work, not available yet?

Summary• DMR

= technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device

– to protect high-value digital assets

– control their distribution and usage

• AACS– Cross-industry collaboration to facilitate next generation content distribution

– Enables new, flexible ways to enjoy content while protecting copyrighted works

– Technical specifications and licensing