Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2002 | Buch

Discouraging Software Piracy Using Software Aging Kapitel lesen Erstes Kapitel lesen

Security and Privacy in Digital Rights Management

ACM CCS-8 Workshop DRM 2001 Philadelphia, PA, USA, November 5, 2001 Revised Papers

herausgegeben von: Tomas Sander

Verlag: Springer Berlin Heidelberg

Buchreihe : Lecture Notes in Computer Science

Enthalten in: Professional Book Archive

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

The ACM Workshop on Security and Privacy in Digital Rights Management is the ?rst scienti?c workshop with refereed proceedings devoted solely to this topic. The workshop was held in conjunction with the Eighth ACM Conference on Computer and Communications Security (CCS-8) in Philadelphia, USA on November 5, 2001. Digital Rights Management technology is meant to provide end-to-end so- tions for the digital distribution of electronic goods. Sound security and privacy features are among the key requirements for such systems. Fifty papers were submitted to the workshop, quite a success for a ?rst-time workshop. From these 50 submissions, the program committee selected 15 papers for presentation at the workshop. They cover a broad area of relevant techniques, including cryptography, system architecture, and cryptanalysis of existing DRM systems. Three accepted papers are about software tamper resistance, an area about which few scienti?c articles have been published before. Another paper addresses renewability of security measures. Renewability is another important security technique for DRM systems, and I hope we will see more publications about this in the future. I am particularly glad that three papers cover economic and legal aspects of digital distribution of electronic goods. Technical security measures do not exist in a vacuum and their e?ectiveness interacts in a number of ways with the environment for legal enforcement. Deploying security and an- piracy measures adequately requires furthermore a good understanding of the business models that they are designed to support.

Inhaltsverzeichnis

Frontmatter

Renewability

Discouraging Software Piracy Using Software Aging
Abstract
Most people consider frequent software updates a nuisance. However, we show how this common phenomenon can be turned into a feature that protects against software piracy. We define a protocol for “drop-in” upgrades of software that renders a large class of software piracy more traceable. A novel feature of our approach is a software aging technique by which we force the updates to occur, or else the software becomes decreasingly useful over time.
Markus Jakobsson, Michael K. Reiter

Fuzzy Hashing

New Iterative Geometric Methods for Robust Perceptual Image Hashing
Abstract
We propose a novel and robust hashing paradigm that uses iterative geometric techniques and relies on observations that main geometric features within an image would approximately stay invariant under small perturbations. A key goal of this algorithm is to produce sufficiently randomized outputs which are unpredictable, thereby yielding properties akin to cryptographic MACs. This is a key component for robust multimedia identification and watermarking (for synchronization as well as content dependent key generation). Our algorithm withstands standard benchmark (e.g Stirmark) attacks provided they do not cause severe perceptually significant distortions. As verified by our detailed experiments, the approach is relatively media independent and works for audio as well.
M. Kıvanç Mıhçak, Ramarathnam Venkatesan

Cryptographic Techniques, Fingerprinting

On Crafty Pirates and Foxy Tracers
Abstract
Piracy in digital content distribution systems is usually identified as the illegal reception of the material by an unauthorized (pirate) device. A well known method for discouraging piracy in this setting is the usage of a traitor tracing scheme that enables the recovery of the identities of the subscribers who collaborated in the construction of the pirate decoder (the traitors). An important type of tracing which we deal with here is “black-box traitor tracing” which reveals the traitors’ identity using only black-box access to the pirate decoder. The only existing general scheme which is successful in general black-box traitor tracing was introduced by Chor Fiat and Naor. Still, this scheme employs a pirate decoder model that despite its generality it is not intended to apply to all settings. In particular it is assumed that (1) the pirate decoder is “resettable”, i.e. the tracer is allowed to reset the pirate decoder to its initial state after each trial (but in many settings this is not possible: the pirate decoder is “history-recording”), and that (2) the pirate decoder is “available”, i.e. it does not employ an internal reactive mechanism that, say, disables the tracing process (such as shutting down) — we will call such reactive decoders “abrupt”.
In this work we discuss pirate-decoders of various types which we categorize according to their capabilities: resettable vs. history recording, and available vs. abrupt. These (crafty) pirate decoders of “enhanced capabilities” (compared to the model of Chor et al.) appear in many plausible piracy scenarios. We then present new (foxy) black-box traitor tracing schemes which cope with such pirate decoders. We present a generic black box traitor tracing technique against any abrupt/resettable decoder. This generic tracing method can be implemented readily in a linear ciphertext size traitor tracing scheme. By employing a new relaxation technique, which we call list-tracing, we describe a traitor tracing scheme with sublinear ciphertext size that is successful against abrupt/resettable pirate decoders. Finally, we present the first black-box traitor-tracing scheme and techniques that are successful against abrupt/history-recording pirate decoders (in the multimedia transmission setting).
Aggelos Kiayias, Moti Yung
Efficient State Updates for Key Management
Abstract
Encryption is widely used to enforce usage rules for digital content. In many scenarios content is encrypted using a group key which is known to a group of users that are allowed to use the content. When users leave or join the group the group key must be changed. The LKH (Logical Key Hierarchy) algorithm is a very common method of managing these key changes. In this algorithm every user keeps a personal key composed of log n keys (for a group of n users). A key update message consists of O(logn) keys.
A major drawback of the LKH algorithm is that users must update their state whenever users join or leave the group. When such an event happens a key update message is sent to all users. A user who is offline during t key updates, and which needs to learn the keys sent in these updates as well as update its personal key, should receive and process the t key update messages, of total length O(tlogn) keys. In this paper we show how to reduce this overhead to a message of O(logt) keys. We also note that one of the methods that are used in this work to reduce the size of the update message can be used is other scenarios as well. It enables to generate n pseudo-random keys of length k bits each, such that any successive set of t keys can be represented by a string log(t) · k bits, without disclosing any information about the other keys.
Benny Pinkas
Collusion Secure q-ary Fingerprinting for Perceptual Content
Abstract
We propose a q-ary fingerprinting system for stored digital objects such as images, videos and audio clips. A fingerprint is a q-ary sequence. The object is divided into blocks and each symbol of the fingerprint is embedded into one block. Colluders construct a pirate object by assembling parts from their copies. They can also erase some of the marks or cut out part of the object resulting in a shortened fingerprint with some unreadable marks. We give constructions of codes that can identify one of the colluders once a pirate object is found.
Reihaneh Safavi-Naini, Yejing Wang

Privacy, Architectures

Privacy Engineering for Digital Rights Management Systems
Abstract
Internet-based distribution of mass-market content provides great opportunities for producers, distributors, and consumers, but it may seriously threaten users’ privacy. Some of the paths to loss of privacy are quite familiar (e.g., mining of credit-card data), but some are new or much more serious than they were in earlier distribution regimes. We examine the contributions that digital-rights-management (DRM) technology can make to both compromising and protecting users’ privacy. We argue that the privacy-enhancing technology (e.g., encryption, anonymity, and pseudonymity) that absorbs most of the attention of the security R&D community cannot by itself solve the privacy problems raised by DRM, although it can play a role in various solutions. Finally, we provide a list of “privacy engineering” principles for DRM systems, some of which are easy to implement and potentially quite effective.
Joan Feigenbaum, Michael J. Freedman, Tomas Sander, Adam Shostack
Secure Open Systems for Protecting Privacy and Digital Services
Abstract
This paper describes and analyzes a system architecture that enables consumers to access services and content from multiple providers without jeopardizing the privacy interests of consumers or the intellectual property rights of providers. In order to satisfy these highly desirable objectives, we argue for the necessity of a Trust Server that mediates the conferral and revocation of trust relationships between consumers and providers. The system also calls for the deployment of programmable security coprocessors at vulnerable sites requiring protection, namely at the Trust Server and at each consumer. We define the specific requirements of consumer-side Coprocessors, and their server-side counterparts denoted as Hardware Security Modules (HSMs). A single Coprocessor serves multiple providers by allocating to each of them a virtualized trusted computing environment for software execution and data manipulation. Bearing in mind that the tamper-resistance offered by Coprocessors is subject to more stringent economic pressures than that offered by HSMs, we include in our architecture containment capabilities that prevent compromised Coprocessors from causing damage disproportionate to their numbers. We explain the specific challenges faced with providing containment capabilities while protecting consumer privacy, given that a single Coprocessor must serve the needs of multiple providers. The simultaneous attainment of these goals is one of the highlights of our architecture.
David Kravitz, Kim-Ee Yeoh, Nicol So
MPEG-4 IPMP Extensions
Abstract
MPEG has further progressed its specification for interoperable Intellectual Property Management and Protection (IPMP) to Committee Draft. This paper describes the MPEG IPMP Extensions as a mapping into an MPEG-4 player. In the future there will also be mappings to both MPEG-7 and MPEG-2. The concepts explained in this paper are to be the basis for content protection throughout the whole of the MPEG family of standards. Detailed within are the reasons for their implementation by MPEG, how these extensions integrate into the current MPEG-4 IM-1 IPMP ‘hooks’ and the functionality they add to the current standard.
James King, Panos Kudumakis

Software Tamper Resistance

Dynamic Self-Checking Techniques for Improved Tamper Resistance
Abstract
We describe a software self-checking mechanism designed to improve the tamper resistance of large programs. The mechanism consists of a number of testers that redundantly test for changes in the executable code as it is running and report modifications. The mechanism is built to be compatible with copy-specific static watermarking and other tamper-resistance techniques. The mechanism includes several innovations to make it stealthy and more robust.
Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan
Protecting Software Code by Guards
Abstract
Protection of software code against illegitimate modifications by its users is a pressing issue to many software developers. Many software-based mechanisms for protecting program code are too weak (e.g., they have single points of failure) or too expensive to apply (e.g., they incur heavy runtime performance penalty to the protected programs). In this paper, we present and explore a methodology that we believe can protect program integrity in a more tamper-resilient and flexible manner. Our approach is based on a distributed scheme, in which protection and tamper-resistance of program code is achieved, not by a single security module, but by a network of (smaller) security units that work together in the program. These security units, or guards, can be programmed to do certain tasks (checksumming the program code is one example) and a network of them can reinforce the protection of each other by creating mutual-protection. We have implemented a system for automating the process of installing guards into Win32 executables. It is because our system operates on binaries that we are able to apply our protection mechanism to EXEs and DLLs. Experimental results show that memory space and runtime performance impacts incurred by guards can be kept very low (as explained later in the paper).
Hoi Chang, Mikhail J. Atallah
How to Manage Persistent State in DRM Systems
Abstract
Digital Rights Managements (DRM) systems often must manage persistent state, which includes protected content, an audit trail, content usage counts, certificates and decryption keys. Ideally, persistent state that has monetary value should be stored in a physically secure server. However, frequently the persistent state may need to be stored in a hostile environment. For example, for good performance and to support disconnected operation, recent audit records may be stored on a consumer device. The device’s user may have an incentive to alter the audit trail and thus obtain content for free. In this paper we explain the need for persistent state in DRM systems, describe several methods for maintaining persistent state depending on the system requirements, and then focus on the the special case of protecting persistent state in hostile environments.
William Shapiro, Radek Vingralek

Cryptanalysis

A Cryptanalysis of the High-Bandwidth Digital Content Protection System
Abstract
We describe a weakness in the High Bandwidth Digital Content Protection (HDCP) scheme which may lead to practical attacks. HDCP is a proposed identity-based cryptosystem for use over the Digital Visual Interface bus, a consumer video bus used to connect personal computers and digital display devices. Public/private key pairs are assigned to devices by a trusted authority, which possesses a master secret. If an attacker can recover 40 public/private key pairs that span the module of public keys, then the authority’s master secret can be recovered in a few seconds. With the master secret, an attacker can eavesdrop on communications between any two devices and can spoof any device, both in real time. Additionally, the attacker can produce new key pairs not on any key revocation list. Thus the attacker can completely usurp the trusted authority’s power. Furthermore, the protocol is still insecure even if all devices’ keys are signed by the central authority.
Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song, David Wagner

Economics, Legal Aspects

Implications of Digital Rights Management for Online Music – A Business Perspective
Abstract
This paper will examine and categorize potential business model scenarios for online music. The virtualization of music leads to market uncertainties. On the supply side, the offering party might not be able to sufficiently privatize online music by using digital rights management technologies. On the demand side, with a changing cost structure for digital goods, consumers might not be willing to pay directly for digital goods so that revenues would have to be collected indirectly by public or private entities. As a result, business models for online music can be categorized into four scenarios. In the first scenario, online music is used to promote the traditional offline business while in the second scenario, consumers are willing to pay for additional services to access online music. The third scenario is significantly different from the first two scenarios as music providers are expected to be able to protect their content by using digital rights management technology. In the fourth scenario peer-to-peer technologies allow consumers to use a mechanism called super distribution with which they can share and recommend songs. The paper concludes with a recommendation to music companies regarding privacy and strategic positioning.
Willms Buhse
From Copyright to Information Law – Implications of Digital Rights Management
Abstract
Digital Rights Management (DRM) promises to enable a secure electronic marketplace where content providers can be remunerated for the use of their digital content. In the last few years, countless research efforts have been devoted to DRM technologies. However, DRM systems are not only technological phenomena: they pose complex legal, business, organizational and economic problems. This article tries to show that from a lawyer’s perspective some of the innovativeness and potential of DRM can only be understood when one looks at it from a multidisciplinary viewpoint. The article gives an overview of the various ways by which digital content is protected in a DRM system. The intertwining protection by technology, contracts, technology licenses and anti-circumvention regulations could lead to a new “property right” making copyright protection obsolete. However, there is a danger of over-protection: questions of fair use and other limitations to traditional copyright law have to be addressed. If competition is not able to solve this tension between the interests of content providers and the interests of users or the society at large - which seems to be doubtful at least - it is the law that has to provide a solution. The legislators in the U.S. and Europe use different approaches to address this problem. By looking at DRM in this way, several patterns can be observed which are characteristic of many areas of Internet law.
Stefan Bechtold
Taking the Copy Out of Copyright
Abstract
Under current U.S. law and common understanding, the fundamental right granted by copyright is the right of reproduction — of making copies. Indeed, the very word “copyright” appears to signify that the right to control copying must be a fundamental part of any system of copyright. Nonetheless, we claim that this assumption is incorrect. The advent of digital documents has illuminated this issue: In the digital realm, copying is not a good predictor of intent to infringe; moreover, copying of digital works is necessary for normal use of those works. We argue that the right to control copying should be eliminated as an organizing principle of copyright law. In its place, we propose as an organizing principle the right to control public distribution of the copyrighted work.
Ernest Miller, Joan Feigenbaum
Backmatter
Metadaten
Titel
Security and Privacy in Digital Rights Management
herausgegeben von
Tomas Sander
Copyright-Jahr
2002
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-540-47870-6
Print ISBN
978-3-540-43677-5
DOI
https://doi.org/10.1007/3-540-47870-1