8/8/2019 18-drm

1/51

Digital Rights Management

John Mitchell

CS 155 Spring 2006

8/8/2019 18-drm

2/51

2

Next Tuesday

Aaron SigelApple Security Team

8/8/2019 18-drm

3/51

3

Basic Problem

Joey writes and records a song Song distributed on some sort of media

Joey (and music company) want to sell recordings

But digital info is easy to copy, on most media

What can Joey (and Music Inc.) try to do? Look for copies?

Mark recording to make it easier to find copies? Restrict media so only certain devices can play it?

All of these approaches have problems; no perfect solution (yet?)

8/8/2019 18-drm

4/51

4

Outline

Legal landscape Copyright law, fair use, DMCA

Examine or modify content Content hashing and copyright crawling

Watermarking

Fingerprinting

Regulate use through special content players Apply complex policies, need tamper-proof platform

Some examples MediaMax CD3: restrict access on software players

DVDs: CSS encryption and hardware/software players

Windows Media Rights Management

Office Information Rights Management

8/8/2019 18-drm

5/51

5

Basis for U.S. Copyright Law

U.S. Constitution (A1, S8, C8): "Congress shall have power . . . to promote the

progress of science and useful arts, by securing

for limited times to authors and inventors theexclusive right to their respective writings anddiscoveries

Intro of printing press in England in 1400s

control (censor) publication of books maintain registry of legal books

1710 law to protect authors works

prevent another person from re-producing a book

and putting their name on it

8/8/2019 18-drm

6/51

6

U.S. Copyright Law

Balance two competing objectives Protect works so the author gets financial reward

Promote access: progress of science, arts

Gives exclusive rights for limited time Reproduce the work, derive new works, distribute copies,

perform or display it publicly

Extends to life of author plus 70 years

Applies to original works of authorship fixed in tangible medium of

expression

literary, dramatic, artistic, musical, pictorial, architecturalworks software? hyperlinks?

8/8/2019 18-drm

7/51

7

Fair Use

Legal use of copyrighted works for education,research, reporting, etc. must provide transformative value

Determined by four factors purpose and character of the use

nature of the copyrighted work

amount of the copyrighted work used effect on market value of copyrighted work

8/8/2019 18-drm

8/51

8

Enforcement of copyright law

Anyone here get a letter? Music industry monitors file sharing

Law specifies high minimum penalties Recipients usually offered a chance to settle for ~$3000

See:http://www.eff.org/wp/how-not-get-sued-file-sharing

Limitations of copyright law Coarse-grained protection, hard to enforce

Next topic Technology used to help enforce copyright

8/8/2019 18-drm

9/51

9

Content hashing

Suppose we had a content-aware hash function:

H: {music} p {short strings}

satisfying: 1. If M1 and M2 are two music clips (e.g. MP3 files) that

play the same song then H(M1) = H(M2)

2. Given a clip M a pirate cannot create an acceptable clip M such that H(M) { H(M)

Is this realistic? Hash function must resist all signal processing tricks

Do not know such hash functions exist

some claim to have them

8/8/2019 18-drm

10/51

10

Copyright Crawler

Web crawler looks for copyright violations Use list of hashes of all copyrighted content

Scans all web sites, file-sharing networks, etc.

For every music file found, compute hash and compare

If match is found, call the lawyers

Problems: H

ash functions unlikely to exist for music Does not protect against anonymous postings:publius

Very high workload

8/8/2019 18-drm

11/51

11

Examples

DigiMarc MarcSpider Crawls web looking for pirated images

May use watermarking? (next topic)

MOSS (Measure Of Software Similarity) Detect plagiarism in programming assignments, web pages

http://www.cs.berkeley.edu/~aiken/moss.html

SCAM: N. Shivakumar, Stanford. Crawls web looking for academic plagiarism

Several success stories:

http://www-db.stanford.edu/~shiva/SCAM/scamInfo.html

8/8/2019 18-drm

12/51

12

Improvement: watermarking

Embed hidden watermark at the recording studio Embed( M, I ): outputs a watermarked version of music M with

the information I embedded in it

Retrieve( M ): takes a watermarked music file M and outputsthe embedded watermark I

Watermark requirements (not necessarily achievable): Watermark must be inaudible (music) or invisible (video)

Watermark should be robust: Given M1 = Embed(M,I),pirate cannot create an acceptable M2 with Retrieve(M2) { I

To do this, watermark must resist all signal processing tricks -resampling, cropping, low-pass filtering,

8/8/2019 18-drm

13/51

13

Example Watermarked File

Second image has watermark inserted by DOS softwareWhite Noise Storm

8/8/2019 18-drm

14/51

14

Watermark-based enforcement

Copyright crawler uses Retrieve algorithm

Benefits: Copyright crawler does not need list of all

copyrighted material

No need for content aware hash Watermarking music seems to be an easier problem.

But, some of the same problems as before

Does not defend against anonymous postings

High workload

Need to mark with buyer or trace copy to culprit

8/8/2019 18-drm

15/51

15

Robust watermarks??

Embed & Retrieve algs are usually kept secret Security by obscurity not a successful

approach

Do robust watermarking systems exist? We dont know the answer

StirMark Generic tool for removing image watermarks

Oblivious to watermarking scheme

SDMI challenge: Broken: Felten, et al.

Obj1Obj1mark

??Obj2

markSee: http://cryptome.org/sdmi-attack.htm

8/8/2019 18-drm

16/51

16

Fingerprinting

Basic idea: Embed a unique user ID into each sold copy

If user posts copy to web or file-sharing network,

embedded user ID identifies userProblem: Need ability to create distinct and indistinguishable

versions of object

Collusion:

two users can compare their objects tofind parts of the fingerprint

8/8/2019 18-drm

17/51

17

Watermarking Images (>200 papers)

DigiMarc: embeds creators serial number. Add or subtract small random quantities from each

pixel. Embedded signal kept secret.

Signafy (NEC). Add small modifications to random frequencies of

entire Fourier Spectrum.

Embedded signal kept secret.

Caronni: Embed geom. shapes in background

SigNum Tech. (SureSign).

8/8/2019 18-drm

18/51

18

Watermarking Music (>200 papers)

Aris Tech (MusicCode):Rate: 100 bits/sec of music

Solana (E-DNA)

Used by LiquidAudio.

Argent:

Embed full text information.FrameBased: info. inserted at random areas of signal

Secret key determines random areas.

Merged to formVerance

Used by SDMI

8/8/2019 18-drm

19/51

8/8/2019 18-drm

20/51

8/8/2019 18-drm

21/51

21

My Story (cont.)

Music industry (RIAA, SDMI, Verance)threatens lawsuit if we publish Conference organizers also threatened. We

withdraw paper because of threats.We file lawsuit seeking right to publish

After legal wrangling, paper is published

We managed to publish, but: Months of effort by researchers lost Hundreds of lawyer-hours spent ($$$)

Member of our team loses his job

Eight-month delay in release of our results

8/8/2019 18-drm

22/51

22

Outline

Legal landscape

Examine or modify content Content hashing and copyright crawling

Watermarking Fingerprinting

Regulate use through special content players Apply complex policies, need tamper-proof platform

Some examples MediaMax CD3: restrict access for software players

DVDs: CSS encryption and hardware/software players

Windows Media Rights Management

Office Information Rights Management

8/8/2019 18-drm

23/51

23

DRM Player threat model

Traditional access control Owner of computer sets discretionary access

controls

DRM controls Owner of content sets usage rights

Player owned by untrusted user must enforceusage rights

Additional issue: copyright law allows fair use

8/8/2019 18-drm

24/51

24

Passive vs Active Protection

8/8/2019 18-drm

25/51

25

MediaMax CD3 (SunnComm)

Goal Restrict use of music CD on computer

Method CD contains autorun file that causes Windows to launch

LaunchCD.exe, installs SbcpHid driver Driver prevents copying of restricted CDs

Failures LaunchCD.exe will not run on Linux

On Windows: hold shift key while loading CD

Digital Millennium Copyright Act (DMCA) Forbids circumvention of copy protection mechanisms, and

circumvention tools and technologies

http://www.cs.princeton.edu/~jhalderm/cd3/

8/8/2019 18-drm

26/51

26

Sony XCP

CD contains copy protection software

Copy protection software protected by rootkit

Rootkit detected by RootkitRevealer

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

8/8/2019 18-drm

27/51

27

Content protection via encryption

Basic idea: Content distributor encrypts content before releasing it

Release: C = EK[content]

Decryption key embedded in all players.

Player will only decrypt if policy is satisfied.

Note: cannot prevent copying after decryption User can probe bus to sound card

Unlike watermarking: watermark is embedded in content

Propagates in cleartext copies of content

Problem: what if one pirate uses reverse engineering toexpose global key k ??

8/8/2019 18-drm

28/51

28

Example: CSS

CSS: Content Scrambling System Used to protect DVD movies

Each DVD player manufacturer i has key Ki Embed same key Ksony in all players from Sony.

Every DVD movie M is encrypted as follows:

1. enc-content = EK[M] where K is a random key

2. EKsony[k] , EKphilips[K] ,

About400 manufacturer keys

8/8/2019 18-drm

29/51

29

Problems with CSS

DeCSS: Extracted key from Xing software player

Could decrypt any DVD playable on the Xing player

MPAA revoked Xing key: disabled all Xing players!

Bigger problem: Encryption algorithm in CSS is based on LFSRs

Very fast: video rate decryption on weak DVD player

Very weak: given one manuf. key, can get all keys

8/8/2019 18-drm

30/51

30

Better revocation technique

Embed a distinct key in every player

Every node v has an associated key Kv.

Every player corresponds to leaf node.

Key for player i: all keys on path from root to leaf i.

Players: i

8/8/2019 18-drm

31/51

31

Revocation

Initially Encrypt all content with key at root

Any player can decrypt content.

When player i is revoked Encrypt content-key so only players other than i can decrypt.

8/8/2019 18-drm

32/51

8/8/2019 18-drm

33/51

33

Player

Digital Distribution Dream ( )

Artist Distributor Consumer

Package

Content Package

Content

Content

MoviesBooksMusic

Secure network transactions

Software player

8/8/2019 18-drm

34/51

34

Digital rights management players

Distribute information in specific format

Player that knows this format controls action

Control reading, playing, or copying content

Guarantee payment in proportion to use Count number of times content is used

Transfer payment to distributor

No end run

Must be impossible to use content without player

Player must be tamper resistant

Problem: Computer files are easy to duplicateCan software player on general-purpose computer achieve goals?

8/8/2019 18-drm

35/51

35

Two separate problems

Attaching rights and making authorizationdecisions

Enforcing decisions in a tamper-resistantsoftware and hardware

8/8/2019 18-drm

36/51

36

DRM Reference ArchitectureRosenblatt, et al.

Content ServerClient

License Server

Contentrepository DRM

packager

Encryption

Content

Metadata

Package

Encryption

Keys

Rights

License

Productinformation

Rights

Encryptionkeys

DRM

controller

Renderingapplication

Identity

Financial transaction

Identities

License

generator

8/8/2019 18-drm

37/51

37

Windows Media Rights Manager

Input file

.wav, .mp3, .avi

encode

Win Media file

.wma, .wmv, .asf

Packaged WinMedia file

Key ID, license

acquisition URL

package

Web site, CD,email message, etc

License

Rights

license URL

Packaged WindowsMedia file

Content ownerDistributor License issuer

Windows MediaLicense Service

Packager

Consumer (player)

8/8/2019 18-drm

38/51

38

WindowsKey and LicenseManagement

8/8/2019 18-drm

39/51

39

XrML Summary

Vocabulary Principals: Alice, Bob

Resources: movie, picture, song

Rights: play, edit, print

Properties: manager, employee, trustedLicenses and grants license ::= (grant, principal)

Principal p issues/says grant g

grant::= x1xn (cond conc)

If cond holds, then conc holds conc ::= Pr(p) | Perm(p, r, s)

Pr(p) means principal p has property Pr

Perm(p, r, s) means p is permitted to exercise right r overresource s

8/8/2019 18-drm

40/51

40

HDCP, Secure Audio Path

High-bandwidth Digital Content Protection HDCP is a specification developed by Intel

Corporation to protect digital entertainment

content across the DVI/HDMI interface

http://www.digital-cp.com/home

8/8/2019 18-drm

41/51

41

FreeMe breaks Windows Media RM

http://www....com/crypt/drm/freeme/READMEThe software distributed with this README file removes contentprotection from any Windows Media Audio file (.wma file) that usesDRM version 2 (as implemented in Windows Media Player version 7).

http://www...com/crypt/drm/freeme/TechnicalThis document describes version 2 of the Microsoft Digital RightsManagement (MS-DRM), as applied to audio (.wma files). Thesources for this material are varied ...

The basic components of MS-DRM involve use of elliptic curvecryptography (ECC) for public key cryptography, DES for a blockcipher, RC4 for a stream cipher, and SHA-1 for a hash function.There is also a block cipher which I haven't seen before, used in theMS-DRM system to build a MAC, or keyed hash function.

8/8/2019 18-drm

42/51

42 Q: Will users download fix if only player needs upgrade? (DRM threat model)

8/8/2019 18-drm

43/51

43

Further details

Implementation Details:It is imperative to execute the following steps to neutralize the Freeme software breach

1. Update the Content HeaderThis procedure is performed by the organizations that package content. In this step thecontent packager will add an attribute to the header of the protected Windows Mediafile.

2. Update the License Server(s)Each license issuer must update its license server configuration to ensure that:

It does not issue licenses to users who have the compromised security component ontheir PCs

It can issue licenses to users who have updated the security component on their PCs.

NOTE: if the license server is not updated (with the steps above) and an updated client (aclient that has been updated with the new security component) makes a request to thelicense server, the license server will fail and generate an error to the client.

3. Trigger update of the new security component on the server sideThis step updates the license server so it can detect the version number of the DRMsecurity component that is making the license request, and redirect it to an upgrade Webpage if the security component version is less than "2.2.0.1".

http://www.microsoft.com/windows/windowsmedia/forpros/drm/freeme.aspx

8/8/2019 18-drm

44/51

44

Continuing controversy over DRM

8/8/2019 18-drm

45/51

45

MicrosoftOffice Rights Management

8/8/2019 18-drm

46/51

46

Apples FairPlay Technology

Restricts playing, recording, sharing of files Allows media to be shared among devices

Allows others to listen to (but not copy) music

Can burn audio CD, eliminates DRM protection

How it works (overview) iTunes uses encrypted MP4 audio files

Acquire decryption key by trying to play song

player generates a unique ID, sends ID to iTunes server if not over authorization limit, server sends decryption key

Decryption key is encrypted in iTunes to prevent transferto another machine

8/8/2019 18-drm

47/51

47

iTunes Accounts and Authorizations

Prior to buying content from iTunes Store User creates an account with Apple's servers and

then authorizes a PC or Mac running iTunes

iTunes creates a globally unique ID for device,sends to server, assigned to user's iTunes account

Five different machines can be authorized.

www.roughlydrafted.com/RD/RDM.Tech.Q1.07/...

8/8/2019 18-drm

48/51

48

Buying and playing songs

When a user buys a song A user key is created for the purchased file

Encrypted using master key included in protected song file Master key encrypted with user key, held by iTunes and server

Playing a song iTunes does not need to connect to server

iTunes has keys for all tracks in its library

8/8/2019 18-drm

49/51

49

Additional user devices

When a new computer is authorized it generates a globally unique ID number

Stores ID on Apple server (up to 5 devices)

Server sends new machine entire set of user keys

for all the tracks purchased under the account

8/8/2019 18-drm

50/51

50

Cracking iTunes

Discovered attacks while building iTunes clientfor Linux: QTFairUse grabs song data

After unlocked and uncompressed by iTunes, dumps rawstream into container file,

VLC media player, PlayFair, Hymn, JHymn intercept unlocked but not yet uncompressed song files,

creating a small, ready to play, unencrypted AAC file.

PyMusique, a Linux client for the iTunes Store requests songs from Apple servers and downloads them

without locking them

FairKeys simulates iTunes client

requests a user keys from server, unlocks purchased songs

DVD John

8/8/2019 18-drm

51/51

51