Skip to main content
Springer Nature Link
Log in

Towards Multilateral-Secure DRM Platforms

  • Conference paper
Information Security Practice and Experience (ISPEC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3439))

  • 1006 Accesses

Abstract

Digital Rights Management (DRM) systems aim at providing the appropriate environment for trading digital content while protecting the rights of authors and copyright holders. Existing DRM systems still suffer from a variety of problems that hamper their deployment: they (i) cannot guarantee policy enforcement on open platforms such as today’s PCs, (ii) offer only unilateral security, i.e., focus mainly on requirements of the content owners/providers and not on those of consumers such as privacy, and (iii) restrict users regarding many legally authorized uses (fair use), e.g., disallow consumers to make backups.

In this paper we present a security architecture for computing platforms that, in the sense of multilateral security, is capable of enforcing policies defined by end-users and content providers. Our model provides methods and principles to practitioners to model and construct such systems based on a small set of assumptions. Further, we show how such a platform can be implemented based on a microkernel, existing operating system technology, and trusted computing hardware available today. Moreover, the platform’s functionality can be extended with a mechanism called property-based attestation to prevent discrimination of open-source software and to protect the consumers’ privacy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Alkassar, A., Sadeghi, A.-R., Stüble, C.: Secure object identification - or: Solving the chess grandmaster problem. In: Proceedings of the New Security Paradigm Workshow (NSPW), pp. 77–86 (2003)

    Google Scholar 

  2. Altmeyer, O., Sadeghi, A.-R., Selhorst, M., Stüble, C.: Enhancing security of computing platforms with TC-technology. In: Information Security Solutions Europe (ISSE 2004), pp. 346–361. Vieweg Verlag (2004)

    Google Scholar 

  3. Anderson, R.J.: Security in open versus closed systems — the dance of Boltzmann, Coase and Moore. Technical report, Cambridge University, England (2002)

    Google Scholar 

  4. Arbaugh, W.A., Farber, D.J., Smith, J.M.: A reliable bootstrap architecture. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1997, pp. 65–71. IEEE Computer Society, Los Alamitos (1997), Technical Committee on Security and Privacy

    Google Scholar 

  5. Buhse, W.: Implication of digital rights management for online music – a business perspective. In: ACM DRM Workshop, pp. 201–212 (2001)

    Google Scholar 

  6. Burk, D.L., Cohen, J.E.: Fair use infrastructure for rights management systems. Harward Journal of Law and Technology 15(1) (2001)

    Google Scholar 

  7. ElcomSoft. ebook security: theory and practice (July 2001), http://www.download.ru/defcon.ppt

  8. Erickson, J.S.: Fair use, DRM, and trusted computing. Communications of ACM 46(4) (2003)

    Google Scholar 

  9. Fox, B.L., LaMacchia, B.: Encouraging recognition of fair uses in DRM systems. Communications of ACM 46(4) (2003)

    Google Scholar 

  10. Gleb Nauvomich, N.M.: Preventing piracy, reverse engineering, and tampering. Computer 37(7), 64–71 (2003)

    Google Scholar 

  11. Group, T.C.: TPM main specification. Version 1.2 (November 2003), http://www.trustedcomputinggroup.org

  12. Guth, S.: A sample DRM system. In: Digital Rights Management, Technological, Economics, Legal and Political Aspects, pp. 150–161 (2003)

    Google Scholar 

  13. Itoi, N., Arbaugh, W.A., Pollack, S.J., Reeves, D.M.: Personal secure booting. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 130–144. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Liedke, J.: On u-kernel construction. In: Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP 1995), Copper Mountain Resort, Colorado (December 1995), Appeared as ACM Operating Systems Review 29.5.

    Google Scholar 

  15. Liedke, J.: Towards real micro-kernels. Communications of the ACM 39(9) (1996)

    Google Scholar 

  16. Lynch, N.A., Tuttle, M.R.: An introduction to Input/Output automata. CWI-Quarterly 2(3), 219–246 (1989)

    MATH  MathSciNet  Google Scholar 

  17. Mulligan, D.K.: Digital rights management and fair use by design. Communications of the ACM 46(4), 31–33 (2003)

    Article  Google Scholar 

  18. National Research Council. The Digital Dilemma, Intellectual Property in the Information Age. National Academy Press, Washington DC (2000)

    Google Scholar 

  19. Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research Division, Zurich Laboratory (April 2001)

    Google Scholar 

  20. Pfitzmann, B., Schunter, M., Waidner, M.: Cryptographic security of reactive systems. In: Electronic Notes in Theoretical Computer Science (ENTCS). Workshop on Secure Architectures and Information Flow, Royal Holloway, University of London, December 1 - 3 (1999)

    Google Scholar 

  21. Pfitzmann, B., Schunter, M., Waidner, M.: Provably secure certified mail. Research Report RZ 3207 (#93253), IBM Research (August 2000)

    Google Scholar 

  22. Poritz, J., Schunter, M., Herreweghen, E.V., Waidner, M.: Property attestation—scalable and privacy-friendly security assessment of peer computers. Technical Report RZ 3548, IBM Research (May 2004)

    Google Scholar 

  23. Rosenblatt, W., Trippe, W., Mooney, S.: Digital Rights Management: Business and Technology. John Wiley & Sons, Chichester (2001)

    Google Scholar 

  24. Sadeghi, A.-R., Stüble, C.: Bridging the gap between TCPA/Palladium and personal security. Technical report, Saarland University, Germany (2003)

    Google Scholar 

  25. Sadeghi, A.-R., Stüble, C.: Taming “trusted computing” by operating system design. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 286–302. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  26. Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: The 2004 New Security Paradigms Workshop. ACM SIGSAC, Virginia Beach, VA, USA, September 2004. ACM Press, New York (2004)

    Google Scholar 

  27. Sadeghi, A.-R., Stüble, C.: Towards multilateral-secure drm platforms. Technical report, Horst Görtz Institute, Ruhr-University Bochum (January 2005)

    Google Scholar 

  28. Samuelson, P.: DRM, AND, OR, VS, The Law. Communications of ACM 46(4), 41–45 (2003)

    Article  Google Scholar 

  29. Trusted Computing Platform Alliance (TCPA). Main specification, Version 1.1b (February 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany

    Ahmad-Reza Sadeghi & Christian Stüble

Authors
  1. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Stüble
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Systems, Singapore Management University, Singapore

    Robert H. Deng

  2. Institute for Infocomm Research, 119613, Singapore

    Feng Bao

  3. School of Information Systems, Singapore Management University,  

    HweeHwa Pang

  4. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sadeghi, AR., Stüble, C. (2005). Towards Multilateral-Secure DRM Platforms. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31979-5_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25584-0

  • Online ISBN: 978-3-540-31979-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics