Upload
rohit7853
View
215
Download
0
Embed Size (px)
Citation preview
8/8/2019 18-drm
1/51
Digital Rights Management
John Mitchell
CS 155 Spring 2006
8/8/2019 18-drm
2/51
2
Next Tuesday
Aaron SigelApple Security Team
8/8/2019 18-drm
3/51
3
Basic Problem
Joey writes and records a song Song distributed on some sort of media
Joey (and music company) want to sell recordings
But digital info is easy to copy, on most media
What can Joey (and Music Inc.) try to do? Look for copies?
Mark recording to make it easier to find copies? Restrict media so only certain devices can play it?
All of these approaches have problems; no perfect solution (yet?)
8/8/2019 18-drm
4/51
4
Outline
Legal landscape Copyright law, fair use, DMCA
Examine or modify content Content hashing and copyright crawling
Watermarking
Fingerprinting
Regulate use through special content players Apply complex policies, need tamper-proof platform
Some examples MediaMax CD3: restrict access on software players
DVDs: CSS encryption and hardware/software players
Windows Media Rights Management
Office Information Rights Management
8/8/2019 18-drm
5/51
5
Basis for U.S. Copyright Law
U.S. Constitution (A1, S8, C8): "Congress shall have power . . . to promote the
progress of science and useful arts, by securing
for limited times to authors and inventors theexclusive right to their respective writings anddiscoveries
Intro of printing press in England in 1400s
control (censor) publication of books maintain registry of legal books
1710 law to protect authors works
prevent another person from re-producing a book
and putting their name on it
8/8/2019 18-drm
6/51
6
U.S. Copyright Law
Balance two competing objectives Protect works so the author gets financial reward
Promote access: progress of science, arts
Gives exclusive rights for limited time Reproduce the work, derive new works, distribute copies,
perform or display it publicly
Extends to life of author plus 70 years
Applies to original works of authorship fixed in tangible medium of
expression
literary, dramatic, artistic, musical, pictorial, architecturalworks software? hyperlinks?
8/8/2019 18-drm
7/51
7
Fair Use
Legal use of copyrighted works for education,research, reporting, etc. must provide transformative value
Determined by four factors purpose and character of the use
nature of the copyrighted work
amount of the copyrighted work used effect on market value of copyrighted work
8/8/2019 18-drm
8/51
8
Enforcement of copyright law
Anyone here get a letter? Music industry monitors file sharing
Law specifies high minimum penalties Recipients usually offered a chance to settle for ~$3000
See:http://www.eff.org/wp/how-not-get-sued-file-sharing
Limitations of copyright law Coarse-grained protection, hard to enforce
Next topic Technology used to help enforce copyright
8/8/2019 18-drm
9/51
9
Content hashing
Suppose we had a content-aware hash function:
H: {music} p {short strings}
satisfying: 1. If M1 and M2 are two music clips (e.g. MP3 files) that
play the same song then H(M1) = H(M2)
2. Given a clip M a pirate cannot create an acceptable clip M such that H(M) { H(M)
Is this realistic? Hash function must resist all signal processing tricks
Do not know such hash functions exist
some claim to have them
8/8/2019 18-drm
10/51
10
Copyright Crawler
Web crawler looks for copyright violations Use list of hashes of all copyrighted content
Scans all web sites, file-sharing networks, etc.
For every music file found, compute hash and compare
If match is found, call the lawyers
Problems: H
ash functions unlikely to exist for music Does not protect against anonymous postings:publius
Very high workload
8/8/2019 18-drm
11/51
11
Examples
DigiMarc MarcSpider Crawls web looking for pirated images
May use watermarking? (next topic)
MOSS (Measure Of Software Similarity) Detect plagiarism in programming assignments, web pages
http://www.cs.berkeley.edu/~aiken/moss.html
SCAM: N. Shivakumar, Stanford. Crawls web looking for academic plagiarism
Several success stories:
http://www-db.stanford.edu/~shiva/SCAM/scamInfo.html
8/8/2019 18-drm
12/51
12
Improvement: watermarking
Embed hidden watermark at the recording studio Embed( M, I ): outputs a watermarked version of music M with
the information I embedded in it
Retrieve( M ): takes a watermarked music file M and outputsthe embedded watermark I
Watermark requirements (not necessarily achievable): Watermark must be inaudible (music) or invisible (video)
Watermark should be robust: Given M1 = Embed(M,I),pirate cannot create an acceptable M2 with Retrieve(M2) { I
To do this, watermark must resist all signal processing tricks -resampling, cropping, low-pass filtering,
8/8/2019 18-drm
13/51
13
Example Watermarked File
Second image has watermark inserted by DOS softwareWhite Noise Storm
8/8/2019 18-drm
14/51
14
Watermark-based enforcement
Copyright crawler uses Retrieve algorithm
Benefits: Copyright crawler does not need list of all
copyrighted material
No need for content aware hash Watermarking music seems to be an easier problem.
But, some of the same problems as before
Does not defend against anonymous postings
High workload
Need to mark with buyer or trace copy to culprit
8/8/2019 18-drm
15/51
15
Robust watermarks??
Embed & Retrieve algs are usually kept secret Security by obscurity not a successful
approach
Do robust watermarking systems exist? We dont know the answer
StirMark Generic tool for removing image watermarks
Oblivious to watermarking scheme
SDMI challenge: Broken: Felten, et al.
Obj1Obj1mark
??Obj2
markSee: http://cryptome.org/sdmi-attack.htm
8/8/2019 18-drm
16/51
16
Fingerprinting
Basic idea: Embed a unique user ID into each sold copy
If user posts copy to web or file-sharing network,
embedded user ID identifies userProblem: Need ability to create distinct and indistinguishable
versions of object
Collusion:
two users can compare their objects tofind parts of the fingerprint
8/8/2019 18-drm
17/51
17
Watermarking Images (>200 papers)
DigiMarc: embeds creators serial number. Add or subtract small random quantities from each
pixel. Embedded signal kept secret.
Signafy (NEC). Add small modifications to random frequencies of
entire Fourier Spectrum.
Embedded signal kept secret.
Caronni: Embed geom. shapes in background
SigNum Tech. (SureSign).
8/8/2019 18-drm
18/51
18
Watermarking Music (>200 papers)
Aris Tech (MusicCode):Rate: 100 bits/sec of music
Solana (E-DNA)
Used by LiquidAudio.
Argent:
Embed full text information.FrameBased: info. inserted at random areas of signal
Secret key determines random areas.
Merged to formVerance
Used by SDMI
8/8/2019 18-drm
19/51
8/8/2019 18-drm
20/51
8/8/2019 18-drm
21/51
21
My Story (cont.)
Music industry (RIAA, SDMI, Verance)threatens lawsuit if we publish Conference organizers also threatened. We
withdraw paper because of threats.We file lawsuit seeking right to publish
After legal wrangling, paper is published
We managed to publish, but: Months of effort by researchers lost Hundreds of lawyer-hours spent ($$$)
Member of our team loses his job
Eight-month delay in release of our results
8/8/2019 18-drm
22/51
22
Outline
Legal landscape
Examine or modify content Content hashing and copyright crawling
Watermarking Fingerprinting
Regulate use through special content players Apply complex policies, need tamper-proof platform
Some examples MediaMax CD3: restrict access for software players
DVDs: CSS encryption and hardware/software players
Windows Media Rights Management
Office Information Rights Management
8/8/2019 18-drm
23/51
23
DRM Player threat model
Traditional access control Owner of computer sets discretionary access
controls
DRM controls Owner of content sets usage rights
Player owned by untrusted user must enforceusage rights
Additional issue: copyright law allows fair use
8/8/2019 18-drm
24/51
24
Passive vs Active Protection
8/8/2019 18-drm
25/51
25
MediaMax CD3 (SunnComm)
Goal Restrict use of music CD on computer
Method CD contains autorun file that causes Windows to launch
LaunchCD.exe, installs SbcpHid driver Driver prevents copying of restricted CDs
Failures LaunchCD.exe will not run on Linux
On Windows: hold shift key while loading CD
Digital Millennium Copyright Act (DMCA) Forbids circumvention of copy protection mechanisms, and
circumvention tools and technologies
http://www.cs.princeton.edu/~jhalderm/cd3/
8/8/2019 18-drm
26/51
26
Sony XCP
CD contains copy protection software
Copy protection software protected by rootkit
Rootkit detected by RootkitRevealer
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
8/8/2019 18-drm
27/51
27
Content protection via encryption
Basic idea: Content distributor encrypts content before releasing it
Release: C = EK[content]
Decryption key embedded in all players.
Player will only decrypt if policy is satisfied.
Note: cannot prevent copying after decryption User can probe bus to sound card
Unlike watermarking: watermark is embedded in content
Propagates in cleartext copies of content
Problem: what if one pirate uses reverse engineering toexpose global key k ??
8/8/2019 18-drm
28/51
28
Example: CSS
CSS: Content Scrambling System Used to protect DVD movies
Each DVD player manufacturer i has key Ki Embed same key Ksony in all players from Sony.
Every DVD movie M is encrypted as follows:
1. enc-content = EK[M] where K is a random key
2. EKsony[k] , EKphilips[K] ,
About400 manufacturer keys
8/8/2019 18-drm
29/51
29
Problems with CSS
DeCSS: Extracted key from Xing software player
Could decrypt any DVD playable on the Xing player
MPAA revoked Xing key: disabled all Xing players!
Bigger problem: Encryption algorithm in CSS is based on LFSRs
Very fast: video rate decryption on weak DVD player
Very weak: given one manuf. key, can get all keys
8/8/2019 18-drm
30/51
30
Better revocation technique
Embed a distinct key in every player
Every node v has an associated key Kv.
Every player corresponds to leaf node.
Key for player i: all keys on path from root to leaf i.
Players: i
8/8/2019 18-drm
31/51
31
Revocation
Initially Encrypt all content with key at root
Any player can decrypt content.
When player i is revoked Encrypt content-key so only players other than i can decrypt.
8/8/2019 18-drm
32/51
8/8/2019 18-drm
33/51
33
Player
Digital Distribution Dream ( )
Artist Distributor Consumer
Package
Content Package
Content
Content
MoviesBooksMusic
Secure network transactions
Software player
8/8/2019 18-drm
34/51
34
Digital rights management players
Distribute information in specific format
Player that knows this format controls action
Control reading, playing, or copying content
Guarantee payment in proportion to use Count number of times content is used
Transfer payment to distributor
No end run
Must be impossible to use content without player
Player must be tamper resistant
Problem: Computer files are easy to duplicateCan software player on general-purpose computer achieve goals?
8/8/2019 18-drm
35/51
35
Two separate problems
Attaching rights and making authorizationdecisions
Enforcing decisions in a tamper-resistantsoftware and hardware
8/8/2019 18-drm
36/51
36
DRM Reference ArchitectureRosenblatt, et al.
Content ServerClient
License Server
Contentrepository DRM
packager
Encryption
Content
Metadata
Package
Encryption
Keys
Rights
License
Productinformation
Rights
Encryptionkeys
DRM
controller
Renderingapplication
Identity
Financial transaction
Identities
License
generator
8/8/2019 18-drm
37/51
37
Windows Media Rights Manager
Input file
.wav, .mp3, .avi
encode
Win Media file
.wma, .wmv, .asf
Packaged WinMedia file
Key ID, license
acquisition URL
package
Web site, CD,email message, etc
License
Rights
license URL
Packaged WindowsMedia file
Content ownerDistributor License issuer
Windows MediaLicense Service
Packager
Consumer (player)
8/8/2019 18-drm
38/51
38
WindowsKey and LicenseManagement
8/8/2019 18-drm
39/51
39
XrML Summary
Vocabulary Principals: Alice, Bob
Resources: movie, picture, song
Rights: play, edit, print
Properties: manager, employee, trustedLicenses and grants license ::= (grant, principal)
Principal p issues/says grant g
grant::= x1xn (cond conc)
If cond holds, then conc holds conc ::= Pr(p) | Perm(p, r, s)
Pr(p) means principal p has property Pr
Perm(p, r, s) means p is permitted to exercise right r overresource s
8/8/2019 18-drm
40/51
40
HDCP, Secure Audio Path
High-bandwidth Digital Content Protection HDCP is a specification developed by Intel
Corporation to protect digital entertainment
content across the DVI/HDMI interface
http://www.digital-cp.com/home
8/8/2019 18-drm
41/51
41
FreeMe breaks Windows Media RM
http://www....com/crypt/drm/freeme/READMEThe software distributed with this README file removes contentprotection from any Windows Media Audio file (.wma file) that usesDRM version 2 (as implemented in Windows Media Player version 7).
http://www...com/crypt/drm/freeme/TechnicalThis document describes version 2 of the Microsoft Digital RightsManagement (MS-DRM), as applied to audio (.wma files). Thesources for this material are varied ...
The basic components of MS-DRM involve use of elliptic curvecryptography (ECC) for public key cryptography, DES for a blockcipher, RC4 for a stream cipher, and SHA-1 for a hash function.There is also a block cipher which I haven't seen before, used in theMS-DRM system to build a MAC, or keyed hash function.
8/8/2019 18-drm
42/51
42 Q: Will users download fix if only player needs upgrade? (DRM threat model)
8/8/2019 18-drm
43/51
43
Further details
Implementation Details:It is imperative to execute the following steps to neutralize the Freeme software breach
1. Update the Content HeaderThis procedure is performed by the organizations that package content. In this step thecontent packager will add an attribute to the header of the protected Windows Mediafile.
2. Update the License Server(s)Each license issuer must update its license server configuration to ensure that:
It does not issue licenses to users who have the compromised security component ontheir PCs
It can issue licenses to users who have updated the security component on their PCs.
NOTE: if the license server is not updated (with the steps above) and an updated client (aclient that has been updated with the new security component) makes a request to thelicense server, the license server will fail and generate an error to the client.
3. Trigger update of the new security component on the server sideThis step updates the license server so it can detect the version number of the DRMsecurity component that is making the license request, and redirect it to an upgrade Webpage if the security component version is less than "2.2.0.1".
http://www.microsoft.com/windows/windowsmedia/forpros/drm/freeme.aspx
8/8/2019 18-drm
44/51
44
Continuing controversy over DRM
8/8/2019 18-drm
45/51
45
MicrosoftOffice Rights Management
8/8/2019 18-drm
46/51
46
Apples FairPlay Technology
Restricts playing, recording, sharing of files Allows media to be shared among devices
Allows others to listen to (but not copy) music
Can burn audio CD, eliminates DRM protection
How it works (overview) iTunes uses encrypted MP4 audio files
Acquire decryption key by trying to play song
player generates a unique ID, sends ID to iTunes server if not over authorization limit, server sends decryption key
Decryption key is encrypted in iTunes to prevent transferto another machine
8/8/2019 18-drm
47/51
47
iTunes Accounts and Authorizations
Prior to buying content from iTunes Store User creates an account with Apple's servers and
then authorizes a PC or Mac running iTunes
iTunes creates a globally unique ID for device,sends to server, assigned to user's iTunes account
Five different machines can be authorized.
www.roughlydrafted.com/RD/RDM.Tech.Q1.07/...
8/8/2019 18-drm
48/51
48
Buying and playing songs
When a user buys a song A user key is created for the purchased file
Encrypted using master key included in protected song file Master key encrypted with user key, held by iTunes and server
Playing a song iTunes does not need to connect to server
iTunes has keys for all tracks in its library
8/8/2019 18-drm
49/51
49
Additional user devices
When a new computer is authorized it generates a globally unique ID number
Stores ID on Apple server (up to 5 devices)
Server sends new machine entire set of user keys
for all the tracks purchased under the account
8/8/2019 18-drm
50/51
50
Cracking iTunes
Discovered attacks while building iTunes clientfor Linux: QTFairUse grabs song data
After unlocked and uncompressed by iTunes, dumps rawstream into container file,
VLC media player, PlayFair, Hymn, JHymn intercept unlocked but not yet uncompressed song files,
creating a small, ready to play, unencrypted AAC file.
PyMusique, a Linux client for the iTunes Store requests songs from Apple servers and downloads them
without locking them
FairKeys simulates iTunes client
requests a user keys from server, unlocks purchased songs
DVD John
8/8/2019 18-drm
51/51
51