Skip to main content
Springer Nature Link
Log in

Enabling Fairer Digital Rights Management with Trusted Computing

  • Conference paper
Information Security (ISC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4779))

Included in the following conference series:

  • 1075 Accesses

Abstract

Today, digital content is routinely distributed over the Internet, and consumed in devices based on open platforms. However, on open platforms users can run exploits, reconfigure the underlying operating system or simply mount replay attacks since the state of any (persistent) storage can easily be reset to some prior state. Faced with this difficulty, existing approaches to Digital Rights Management (DRM) are mainly based on preventing the copying of protected content thus protecting the needs of content providers. These inflexible mechanisms are not tenable in the long term since their restrictiveness prevents reasonable usage scenarios, and even honest users may be tempted to circumvent DRM systems.

In this paper we present a security architecture and the corresponding reference implementation that enables the secure usage and transfer of stateful licenses (and content) on a virtualized open platform. Our architecture allows for openness while protecting security objectives of both users (flexibility, fairer usage, and privacy) and content providers (license enforcement). In particular, it prevents replay attacks that is fundamental for secure management and distribution of stateful licenses. Our main objective is to show the feasibility of secure and fairer distribution and sharing of content and rights among different devices. Our implementation combines virtualization technology, a small security kernel, trusted computing functionality, and a legacy operating system (currently Linux).

Full version appears as a technical report HGI-TR-2007-002 in [24].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Adelsbach, A., Sadeghi, A.-R., Rohe, M.: Towards multilateral secure digital rights distribution infrastructures. In: Proceedings of the ACM Workshop on Digital Rights Management (2005)

    Google Scholar 

  2. Apple Computer, Inc. FairPlay DRM, www.apple.com/itunes/

  3. Asokan, N., Ekberg, J.-E.: Mobile digital rights management. In: Professional Mobile Internet Technical Architecture – Visions & Implementations (2002)

    Google Scholar 

  4. Aura, T., Gollmann, D.: Software license management with smart cards. In: Proceedings of the First USENIX Workshop on Smartcard Technology (1999)

    Google Scholar 

  5. Authentica, Inc. Authentica active rights management, www.authentica.com

  6. Baek, K.-H., Smith, S.W.: Preventing theft of quality of service on open platforms. IEEE/CREATE-NET Workshop on Security and QoS in Communications Networks (September 2005)

    Google Scholar 

  7. Council, N.R.: The Digital Dilemma, Intellectual Property in the Information Age. National Academy Press, Washington, DC (2000)

    Google Scholar 

  8. Dierks, T., Allen, C.: RFC2246 - the TLS protocol version 1.0 (January 1999), www.ietf.org/rfc/rfc2246.txt

  9. Epsilon Squared, Inc. InstallRite Version 2.5., www.epsilonsquared.com

  10. Freitas, M., Roitzsch, M., Melanson, M., and Mattern, T.: The xine free multimedia player, www.xinehq.de

  11. Hohmuth, M.: Linux-Emulation auf einem Mikrokern. Master’s thesis, Dresden University of Technology, Dept. of Computer Science (1996)

    Google Scholar 

  12. Koenen, R., Lacy, J., MacKay, M., Mitchell, S.: The long march to interoperable digital rights management. Proceedings of the IEEE 92(V) (2004)

    Google Scholar 

  13. Liedtke, J.: Towards real microkernels. Communications of the ACM 39 (September 1996)

    Google Scholar 

  14. Liu, Q., Safavi-Naini, R., Sheppard, N.P.: A license-sharing scheme in digital rights management. Tech. rep., Cooperative Research Centres - Smart Internet Technology, Australia (2004)

    Google Scholar 

  15. Marchesini, J., Smith, S., Wild, O., Barsamian, A., Stabiner, J.: Open-source applications of TCPA hardware. In: 20th Annual Computer Security Applications Conference (2004)

    Google Scholar 

  16. Marchesini, J., Smith, S.W., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG hardware, or: How I learned to stop worrying and love the bear. Tech. Rep. TR2003-476, Dartmouth College (2003)

    Google Scholar 

  17. Microsoft Corporation. 60 days trial program, us1.trymicrosoftoffice.com

  18. Microsoft Corporation. Windows media rights manager 10, www.microsoft.com/windows/windowsmedia/drm/default.aspx

  19. Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Tech. Rep. RZ 3335 (#93381), IBM Research Division, Zurich Laboratory (April 2001)

    Google Scholar 

  20. Pruneda, A., Travis, J.: Metering the use of digital media content with Windows Media DRM 10, http://msdn.microsoft.com/library/en-us/dnwmt/html/meteringcontentusage10.asp

  21. Robin, J.S., Irvine, C.E.: Analysis of the intel pentium’s ability to support a secure virtual machine monitor. In: Proceedings of the 9th USENIX Security Symposium (2000)

    Google Scholar 

  22. Russinovich, M.: Sony, rootkits and digital rights management gone too far (October 2005), http://blogs.technet.com/markrussinovich/

  23. Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: The New Security Paradigms Workshop (2004)

    Google Scholar 

  24. Sadeghi, A.-R., Wolf, M., Stüble, C., Asokan, N., Ekberg, J.-E.: Enabling Fairer Digital Rights Management with Trusted Computing. Tech. Rep. HGI-TR-2007-002, Horst-Görtz-Institute for IT-Security, Ruhr-University Bochum (June 2007)

    Google Scholar 

  25. Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure hypervisor approach to trusted virtualized systems. Tech. Rep. RC23511, IBM Research Division (2005)

    Google Scholar 

  26. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium (2004)

    Google Scholar 

  27. Shapiro, W., Vingralek, R.: How to manage persistent state in DRM systems. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, Springer, Heidelberg (2002)

    Google Scholar 

  28. Singaravelu, L., Pu, C., Helmuth, C., Härtig, H.: Reducing TCB complexity for security-sensitive applications: Three case studies. In: Eurosys Conference Proceedings, Leuven, Belgium (2006)

    Google Scholar 

  29. Starz Entertainment Group. Video on demand service, www.vongo.com

  30. Tanenbaum, A.: Keynote at linux.conf.au (January 2007)

    Google Scholar 

  31. TCG Infrastructure Workgroup. Tcg infrastructure workgroup subject key attestation evidence extension specification version 1.0 revision 7

    Google Scholar 

  32. The Hymn Project. Free your iTunes Music Store purchases from their DRM restrictions (March 2007), www.hymn-project.org

  33. The Register. DVD Jon hacks Media Player file encryption (October 2005), www.theregister.co.uk/2005/09/02/dvd_jon_mediaplayer/

  34. TrouSerS. The open-source TCG software stack, trousers.sourceforge.net

  35. Trusted Computing Group, www.trustedcomputinggroup.org

  36. Trusted Computing Group. TPM main specification. Tech. rep., www.trustedcomputinggroup.org/specs/TPM/

  37. Tygar, J., Yee, B.: Dyad: a system using physically secure coprocessors. In: Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst-Görtz-Institute for IT-Security, Ruhr-University Bochum, Germany

    Ahmad-Reza Sadeghi & Marko Wolf

  2. Sirrix AG security technologies, Germany

    Christian Stüble

  3. Nokia Research Center, Helsinki, Finland

    N. Asokan & Jan-Erik Ekberg

Authors
  1. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marko Wolf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Stüble
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. N. Asokan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jan-Erik Ekberg
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Juan A. Garay Arjen K. Lenstra Masahiro Mambo René Peralta

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sadeghi, AR., Wolf, M., Stüble, C., Asokan, N., Ekberg, JE. (2007). Enabling Fairer Digital Rights Management with Trusted Computing. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds) Information Security. ISC 2007. Lecture Notes in Computer Science, vol 4779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75496-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75496-1_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75495-4

  • Online ISBN: 978-3-540-75496-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics