content protection and digital rights managment. what is missing? here we see scheme of networked...
Post on 22-Dec-2015
214 views
TRANSCRIPT
CONTENT PROTECTIONAND DIGITAL RIGHTS
MANAGMENT
What is missing?
Here we see scheme of networked multimedia system, red part is hardware, blue is content, green is software for running it.
WHAT IS MISSING IN THIS PICTURE?
The missing part is CONTENT PROTECTION AND DRM
• DIGITAL CONTENT (AUDIO,
VIDEO, GRAPHICS, IMAGES)
CAN BE EASILY COPIED, TRANSMITTED AND DISTRIBUTED
THIS HAS GREAT ADVANTAGES AND
BUSINESS POTENTIAL
• BUT DIGITAL MEDIA CAN ALSO MAKE BIG PROBLEMS FOR CONTENT OWNERS DUE TO UNAUTHORIZED USE. THEY CAN EASILY LOSE THEIR PROPERTY
• CONTENT OWNERS NEED THUS STRONG PROTECTION
• THUS DIGITAL CONTENT SHOULD
BE PROTECTED AGAINST
UNAUTHORIZED USE
THIS PROBLEM IS KNOWN CURRENTLY
UNDER THE NAME DRM
DIGITAL
RIGHTS
MANAGEMENT
Digital Rights Management (DRM)
= technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device
• can be used – to protect high-value digital assets
– control their distribution and usage
• Ultimate goal:
– persistent content protection against unauthorized access to the digital content,
limiting access to only those with the proper authorization – to manage usage rights for different kinds of digital content (e.g.music files,
video streams, digital books, images)
– different platforms (e.g. PCs, laptops, PDAs, mobile phones)
– control access to content delivered on physical media or any other distribution method (e.g., CD-ROMs, DVDs)
Digital Rights Management (DRM)
• Different methods for- Audio- Video- Internet stores- Documents (Enterprise DRM)
• Digital licenses– the consumer purchases a license with certain rights– A license is a digital data file that specifies certain usage rules (frequency of access,expiration date,
restriction of transfer to other devices, copy permission etc., may combined to try-before-buy) for the digital content
• Several players involved in– E.g. online distribution:
content provider, distributor,
consumer, clearing house - DVD’s manufacturer, replicator, player…
- Consumer: privacy, fair use (research, education..), usability (compatibility, seamless, updates)
EXAMPLE: Apple music store
Buying music from thenetwork means that thecontent has to be protectedagainst copying
• WHAT ARE THE REQUIREMENTS FOR DRM?
- IT SHOULD PREVENT COPYING- IT SHOULD AUTHORIZE ACCESS LIMITED TO: PARTICULAR USER, SPECIFIC TIME, SPECIFIC NUMBER USAGE AND COPIES, ETC.- IT SHOULD FACILITATE PAYMENT FOR CONTENT (E.G. RENEWAL OF RIGHTS)
• ALL REQUIREMENTS FOR DRM ARE VERY DIFFICULT TO SATISFY
• IN PARTICULAR THEY ARE DIFFICULT IF THE DRM SYSTEM WOULD BE STANDARDIZED, THAT IS
IS STRUCTURE IS KNOWN
• THIS IS BECAUSE STANDARDIZED SYSTEM MIGHT BE EASIER TO BREAK THAN SECRET SYSTEM
• IN PRINICPLE DIGITAL CONTENT CAN BE EASILY (?) PROTECTED
BY ENCRYPTION
WHAT IS ENCRYPTION?
THE CONTENT BITS ARE MANIPULATED IN SECRET WAY
BY SOME ALOGRITHM.
• THE ORIGINAL BITS CAN BE
RECOVERED BY REVERSING
THE OPERATION OF THE
ALGORITHM
CONTENT ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
CONTENT
• BUT SUCH SYSTEM HAS PROBLEMS1. IF ALGORITHM IS KNOWN, EVERYBODY WILL USE IT2. HOW TO CONTROL ACCESS? THAT IS USERS MAY BUY ACCESS FOR SOME TIME AND FOR SOME CONTENT ONLY 3. WHAT TO DO WITH USERS WHICH WILL USE PROPER ACCESS FOR ILLEGAL COPYING?
• THUS THE DRM CONTENT PROTECTION MUST BE MORE CLEVER IT HAS TO BE BASED ON
1. CONDITIONAL ACCESS
2. ENCRYPTION ALGORITHMS
and the newest addition is:
3. REVOCATION OF RIGHTS
• WHAT IS CONDITIONAL ACCESS?
IT IS ACCESS GIVEN ON LIMITED
CONDITIONS, E.G. TIME, CONTENT,
PAYMENT
CONTENT ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
CONDITIONAL ACCESS
CONDITIONAL ACCESS CAN BE A CARD GIVENTO THE USER, OR CERTIFICATE SEND VIA INTERNET
• EXAMPLE – THE SYSTEM USED IN DIGITAL TELEVISION FOR
WATCHING PAY PROGRAMS IN THIS SYSTEM CA HAS A FORM OF SUBSCRIPTION CARDS HOWEVER, THERE ARE SEVERAL ENCRYPTION ALGORITHMS USED. FOR DECRYPTION, THERE ARE DIFFERENT HARDWARE CAM’s CONDITIONAL ACCESS MODULES
CAM MODULESUBSCRIPTION CARD
RECEIVER FOR DIGITAL TELEVISION
• ONE RECEIVER CAN HAVE SEVERAL CAM’s FOR RECEIVING
PAY PACKAGES WITH DIFFERENT SUBSCRIPTION CARDS. SUCH
SYSTEMS ARE WIDELY USED IN TELEVISION.
BUT MANY SYSTEMS WERE ALSO BROKEN SINCE ONE CAN ANALYZE PROGRAM ON THE CARD AND
TRACE TRAFFIC BETWEEN CARD AND CAM.
• BUT WHAT TO DO IF A USER HAS
VALID SUBSCRIPTION BUT USES
IT FOR RECORDING AND DISTRIBUTING CONTENT ILLEGALLY?
ONE SOLUTION IS TO PREVENT
RECORDING AND/OR TO PREVENT
GETTING THE RECORDING OUT
OF THE DEVICE
• IN MEDIA TERMINAL USER CAN
RECORD DIGITAL TV PROGRAMS
ON INTERNAL HARD DISC
• BUT RECORDED CONTENT IS
ENCRYPTED AND THERE IS NO
WAY OF GETTING IT OUT OF THE
TERMINAL
REVOCATION OF RIGHTS
• Revocation means that grants given once
are removed from the user who breached the contract.
We shall explain revocation on the new
example of High Definition DVD discs
Current DRM systems for DVD
Standard Definition
CSS= Content Scramble System
DVD
Legacy Format Advanced Format
High Definition
AACS= Advanced Access Content System
HD DVD Blu-ray DiscOther
formats
DVD ContentProtection is broken
HD DVD is a new system with muchimproved protection and REVOCATION
Content Scramble System (CSS)Protection for DVD
• A data encryption and authentication scheme to prevent copying video files from the disks
• Several keys included in: authentication key, disc key, player key, title key, second disk key set, and/or encrypted key
• a weak 40-bit stream cipher algorithm• Brute Force Attact, possible to find the keys, only 2^40 options,
attacts to the hash codes
• Published 1996, but only usable in licensed DVD playbacks (Windows, MAC), not in Linux
1999 DeCSS
Advanced Access Content System (AACS) for HD DVD
• = a standard for content distribution and digital rights management, intended to restrict access to and copying of the next generation of optical discs and DVDs.
• “ a specification for managing content stored on the next generation of prerecorded and recorded optical media for consumer use with PCs and CE devices. “
• “will complement new innovations in the next-generation of optical discs, and enable consumers to enjoy next-generation content, including high-definition content.”
• The specification released in April 2005
AACS – Design criteria• Meet the content owners’ requirements for robustness and system
renewability– Content encryption based on a published cryptographic algorithm.– Limit access to protected content to only licensed compliant
implementations.– Support revocation of individual compromised devices’ keys.
• Suitable for implementation on both general-purpose computer and fixed-function consumer electronics platforms.• Applicable to both audio and video content, including high-definition video.• Applicable to various optical media formats.• Transparent to authorized use by consumers.
• Basic technical elements:- Robust encryption of protected content using the AES cipher.- Key management and revocation using advanced Media Key Block
technology.
AACS - Usage Scenarios
AACS : Content validation and revocation
Content Owner
Content Owner
Licensing Entity
Licenced Player
AACS: System overview – pre-recorded video
CONTENT OWNER
LICENSING ENTITY
LICENCED REPLICATOR
LICENCED PLAYER
ContentUsage rules
Device revocation data [MEDIA KEY BLOCK]Content revocatio list [CRL]Content sertificate
Sequence Key BlockSecret keys
Device keys (unique for the device /application)
Entity public keys (to check the content revocation data and content sertificate)
PRE-RECORDED VIDEOTitle keys - Encrypted content - Usage rules of content
-Content certificate -Conten hash-Device revocation data [MKB]-Content revocation list [CRL]-Sequence key block
SERVCE PROVIDER
Enhanced uses enabled via online authentication
AACS: Content encryption and decryption
AACS: Revoking the keys – in practice
In practice the operation of revocation in AACS is as follows:
- Each content (e.g. movie disc) release gets special key-Each type of player (hardware and software) gets special key
Now let’s think that somebody has broken protection of thismovie disc and released illegal copies or has modified player so it can play illegally the content.
Then those discs and players will be put on the revocation list.The list is updated on all new discs, so the when new disc is played on the player, playback of the broken disc will be disabledor the player is disabled!
AACS: Revoking the keys – in practice
• Feb 2007. 128-bit string of keys was published
– Compromises the part of AACS
– Common keys for software players (Cyberlink, Intervideo)
• Revocation started
– HD DVD’s with New Media Block’s on markets in May
Customers not able to play any disks released after may 2007 until the sofware versions are released
- Sofware updates = lots of work, not available yet?
Summary• DMR
= technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device
– to protect high-value digital assets
– control their distribution and usage
• AACS– Cross-industry collaboration to facilitate next generation content distribution
– Enables new, flexible ways to enjoy content while protecting copyrighted works
– Technical specifications and licensing