drm digital rights managment-june2014-tarek gaber

2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014

Dr. Tarek Gaber

Faculty of Computers & Informatics Suez Canal University , Ismailia, Egypt

andSRGE (www.scienceegypt.net)Email: [email protected]

http://www.scienceegypt.net/


Before the digital era, one's ability to do various things with content were limited.

The Internet (digital age) makes it possible to nearly do anything with digital content.


Digital contents, e.g. Music, Movies, documents, are:

very easy and cheap to copy

Essentially no “resistance” from duplication

This led to:

Loss of billion dollars a year for world trade.


Cryptographic Techniques could help butnot enough

4


Can content be protected even after its decryption?

Copying by persistent pirate would always be succeed.

Current technology can potentially minimize the scale of copying:

“keeping honest people honest”

Digital Rights Management (DRM)technologies can be help in this issue.


It is a set of technologies (encryption, watermarking, hash function, signature, etc.) enabling content owners to identify and control:

the access to their content and

the conditions under which this access is given.


DRM includes:

Persistent Protection: License to be always checked before using a content

Access tracking: Capability of tracking access to and operations on content

Rights licensing: Capability of defining specific rights to content and making them available by contract


Government Agencies

• Interested in controlled viewing and sharing of highly secure and confidential documents, audio and video data.

Private Corporations

• Want to limit the sharing of their proprietary information

• Track accesses and any modifications made to it.

• E.g. news agencies like Reuters

Owners of commercial content

• Content owners, artists, and publishers want to gain revenue through sale and promotions


DRM can help to ensure companies that:

• Rights are tracked at consumption

• Access is controlled during production processes

• Protection for the content extends throughout product lifecycles


DRM can be integrated with content management (collection, managing, and publishing of information in any form or medium) to ensure: Proper business practices

Implementation of new business models

Compliance with regulatory requirements in industries such as financial services, healthcare, and government


The process of drafting a law is circulated among committee members (e.g. judges and lawyers).

Using DRM technology, this becomes a closed circulation.

Also, the drafting law is in a tamper-proof format, with print-only user-rights,

limited to a pre-determined timeframe, after which the draft is withdrawn and replaced by the final law.

The judges and lawyers can withdraw, alter, or grant permissions related to the content

at any time.


Systems should be able to update rights and usage as needed to accommodate new distribution models, E.g. allowing content to be accessed by to 2, 3, or 5 devices

Otherwise cost a lot of money and be a disincentive to customers.

DRM, in such case, can facilitate collaboration, by creating the ‘trusted environment’ by persistently protecting critical Intellectual Property (IP).


Piracy, whether of software, music, images, or text, costs billions of dollars each year.

It takes time and resources to detect and deter theft.

This could lead to counterproductive to developing new business models for digital content.

DRM could also help to provide protection throughout the distribution and consuming of content.


Licensing The process of packaging and delivering protected

bits with un-forgeable terms of usage (“digital license”) useable only by authenticated user/environment

Enforcement The process of insuring that the use of the digital

work adheres to enumerated use, privacy and operating restrictions stated in a digital license


Content is encrypted

So, unusable without authorization

Content license

Specifies authentication information, DRM client and OS.

Specifies usage/access control rules

Contains the “sealed” key for the content.

Content License 938473

Machine 02345 Running

Program 1 (with hash 0x7af33)

Can view Document 3332 on 2014-20-01

Sealed Key: 0x445635

Signed by ACCD Company


At initialization, Trusted Program says:

1. Isolate me from other rendering programs

2. Authenticate me

After Initialization completes successfully, Bob’s PC

1. Makes Private key available for use

When consuming content, Trusted Program:

1. Retrieves license and encrypted content file

2. Authenticates license by checking digital signature

3. Checks rule compliance (e.g. out-of-date)

4. Uses private key to unseal the content key

5. Decrypts and uses content within Trusted Program

Trusted ProgramAuthenticating Public Key

(“Root of Trust”)

0x7af33 PK: 8374505

Bob’s PC

Bob’s PC


License Server

Content License 938473



Can view Document 3332

on 2014-20-01

Sealed Key: 0x445635

Signed ACCD Company

Machine License 83874



Has access to a private key

Whose public key is 0x2231

Signed Microsoft

2) Response

Here’s your license

Customer benefits

Licenses can be used offline

Simple management of authorization (no central authority)

Very simple and flexible distribution (a server can distribute to “any” client)

1 2

Bob’s PC

1) Request

I want document 2346.

Here’s my Machine License

to show you can trust my

machine


Each “rights expression” may specify a combination of rules such as:

what rights are available,

for whom,

for how many times,

within what time period,

under what access conditions,

for what fees,

within which territory, and

with what obligations,

Etc.


• Mass Market Content• Books

• Audio

• Video

• Software

• Much more flexible use and better content

management

– But there are “Fair Use” and privacy concerns which

can be mitigated … maybe


Library/archive

Roaming

“Active” content

Premium releases

Price discrimination

I hear it. I want it. I get it.

Lower manufacturing costs

More variety?

Most popular use of DRM

I don’t get it

Pay per view movies

Web distributedsongs

Ring tones

E-Books


Windows Media Player Apple DRM Macrovision LexMark Xbox Sony Playstation


Break Once Break Everywhere Degree of isolation

Transducer Problem

I/O Privacy and Interoperability Flexibility (transfer, etc)

Multiple devices

Multiple users

Migration User Control/Backup


• “Fair Use”• Monopoly “Lock-in”• Erosion of copyright in favor of “contracts”• Archive• “Information wants to be free”• Consumer expectations• severe licensing policies


It is essential for DRM systems to provide interoperable services.

DRM could enable a big amounts of new content to be made available in safe, open, and trusted environments.

DRM can be expected to be heavily used in the future to support

digital library collections,

code and software development,

distance education, and

networked collaboration, among other applications.


Thanks

drm digital rights managment-june2014-tarek gaber

Technology