Notes
Slide Show
Outline
1
DRM Technology Tutorial
  • February 27, 2003
  • Berkeley Conference on Law and Technology of DRM Systems
2
Speakers
  • Barbara Fox:  Senior Fellow, KSG, Harvard University and Software Architect, Microsoft
  • Drew Dean: Computer Scientist, Stanford Research Institute
  • Brian LaMacchia: Software Architect, Windows Trusted Platforms Technologies, Microsoft
3
Agenda
  • Introduction to DRM Technologies and Their Applications (Barb: 30 min)
  • DRM : A Contrarian’s View (Drew: 35 min)
  • DRM Policy and Rights Expression on the Trusted Platforms of the Future (Brian: 35 min)
  • Panel discussion/Q and A (all: 20 min)
4
Digital Rights Management
      • Infrastructure to support secure promotion, sale, and delivery of digital content.
      • DRM Systems always incorporate cooperating, autonomous components
5
Core Technologies
  • Encryption
  • Authentication
  • Secure Execution Environments
6
Encryption
  • Goal: prevent tampering during distribution
    • E.g CSS for DVDs, Pay-per-view
  • Symmetric ciphers: same (secret) key to encrypt and decrypt a block of content
  • Key wrapping is the technique
  • Key sharing is the hard part
7
Authentication
  • Process of establishing confidence in the truth of some claim
  • Goals in DRM systems:
    • Content authenticity
    • Device authentication -> authorization
    • User authentication -> authorization
8
Authentication Technologies
9
Secure Execution Environments
  • Hardware Closed Systems
    • Purpose-built boxes with “trusted” software, no programmability, and controlled outputs
    • E.g. eBook reader
  • Software Analog
    • “Trusted” subsystem within a PC
    • Use of “containerized” content controlled by permissions derived from machine-readable licenses
    • E.g. Printing along with personal annotations allowed in an eBook on a PC
10
DRM Taxonomy
11
Permissions-based Systems
  • Encrypted content
  • End-user device authentication
  • Rights expression languages (to create licenses)
  • Policy Engines (to evaluate license terms and create permissions)
  • Secure execution environments (to enforce policy)
12
Permissions-based Systems
13
 Sample Rights
  • Playcount
  • AllowBackupRestore
  • AllowBurnToCD
  • AllowPlayOnPC
  • BeginDate, ExpirationDate
  • DeleteOnClockRollback
  • DisableOnClockRollback
14
Threat Model
  • Theft of service:
    • Clone the smartcard
    • Create a distribution channel and sell it
    • E. g. DirecTV cards
  • Theft of content:
    • Crack the crypto
    • Publish the tools rather than the content
    • E.g. DeCSS, ConvertLit
15
Risk Analysis
  • Digital content = a replica of the original work
  • Unauthorized re-distribution via the Internet is the sum of all fears for content owners
  • Technology trend line: better compression, improved P2P networking protocols, ubiquitous net access and proven broad-based intent to copy