Nuovo DRM - satoss.uni.lusatoss.uni.lu/seminars/srm/pdfs/hugo-nuovo.pdfNuovo...

Nuovo DRMIntroducing Fair Exchange in Digital Rights Management

Hugo Jonker, Mohammad Torabi Dashti, Srijith Krishnan NairSaToSS group, University of Luxembourg

FM group, Eindhoven University of Technology

DRM & Fairness-DRM-requirements-fair exchange

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Model checking

Conclusions

SRM, 28 Apr 2009 Nuovo DRM - p. 2/21

Digital Rights Management

idea: trade digital “content”

problem: unlimited, perfect copying

generalisation: access control needed

DRM: bundle access control with content

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Model checking

Conclusions

Requirements of DRM systems

G1. effectiveness

G2. secrecy

G3. resist content masquerading

G4. strong fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Model checking

Conclusions

fair exchange

Alice: A ←→ Bob: B

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Model checking

Conclusions

fair exchange

Alice: A ←→ Bob: B

Two fair endings:- Alice: B; Bob: A- Alice: A; Bob: B

recovery protocol

TTP needed

optimistic fair exchange: TTP hardly needed

DRM & Fairness

Fairness in DRM-P2P exchange-NPGCT05 issues

Nuovo DRM

Formalising Nuovo

Model checking

Conclusions

P2P exchange

Buying content c with rights r′:

1. d2 → d1 : Request content2. d1 ↔ d2 : Mutual authentication3. d1 → d2 : cK′ , K′pk(d2), Rd1 (c), r′, σ,Λ,Λ′

Λ′ = h(d1 , d2 , c, σ, r′)sk(d1)

4. d2 : Verifies σ, Λ′ and Rd1 (c) using Λ

5. d2 → d1 : ψ, [payment]

ψ = h(d1 , P, cK′ , σ, r′)sk(d2)

— from [NPGCT05]

DRM & Fairness

Fairness in DRM-P2P exchange-NPGCT05 issues

Nuovo DRM

Formalising Nuovo

Model checking

Conclusions

NPGCT05 issues

replay of rights

no fairness

DRM & Fairness

Fairness in DRM

Nuovo DRM-concept-assumptions-fair exchange-recovery

Formalising Nuovo

Model checking

Conclusions

concept

address NPGCT05’s flaws

verified security

practical security

DRM & Fairness

Fairness in DRM

Formalising Nuovo

Model checking

Conclusions

assumptions and limits

A1. trusted devices

A2. resilient communication

A3. PKI hierarchy

A4. price negotiations

DRM & Fairness

Fairness in DRM

Formalising Nuovo

Model checking

Conclusions

fair exchange

1. owner(d2 )→ d2 : d1 , h(c), r′

2. d2 → d1 : d2 , nd2

3. d1 → d2 : n′d1 , nd2 , d2sk(d1)

4. d2 → d1 : nd2 , n′

d1 , h(c), r′, d1sk(d2)

5. d1 → d2 : cK′ , K′pk(d2), r′, nd2sk(d1)

where:

d1 , d2 : devices h(c): hash of content c nx: nonce of X r′: rights

DRM & Fairness

Fairness in DRM

Formalising Nuovo

Model checking

Conclusions

recovery

1. owner(d2 )→ d2 : d1 , h(c), r′

2. d2 → d1 : d2 , nd2

3. d1 → d2 : n′d1 , nd2 , d2sk(d1 )

4. d2 → d1 : nd2 , n′

d1 , h(c), r′, d1sk(d2)

5r. d2 : resolves(d2 )

6r. d2 → P : d2 , n′d27r. P → d2 : n′

P, n′d2 , d2sk(P )

8r. d2 → P : n′d2 , n′P , 〈nd2 , n′

d1 , h(c), r′, d1 〉, r′′, Psk(d2)

9r. P → d2 : cK′′ , K′′pk(d2), r′′, n′d2SK(P )

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo-approach-abstract actions-fair exchange-recovery-intruder model

Model checking

Conclusions

approach

formalise processes in µCRLabstract actions highlight processing steps

Intruder model that respects RCC

formalise goals in regular µ-calculus

finite model checking: limited instance2 scenario’s.

DRM & Fairness

Fairness in DRM

Nuovo DRM

Model checking

Conclusions

abstract actions

request() start of exchange for receiving device

update() successful termination of exchange

lastttp no more TTP available

fair exchange

d1(Ω, nd1 ) =X

r∈Rgtsc∈Cont

recv(d2 ; d2 , h(c), r) · send(d2 ; d1 , nd1 ) ·

n∈Nonce

recv(d2 ; n, nd1 , d1sk(d2)) · send(d2 ; nd1 , n, h(c), r, d2sk(d1)) ·

request(d1 , h(c), r, d2 ) ·

K∈Key

recv(d2 ; cK , Kpk(d1), r, nd1sk(d2)) ·

update(d1 , h(c), r, d2 ) · d1(Ω ∪ 〈c, r〉,nxt(nd1 ))

+ RESOLVE(Ω, nd1 , (nd1 , n, h(c), r, d2 ))

recovery

RESOLVE(Ω, nd1 , (nd1 , n, h(c), r, d2 )) = resolves(d1 ) ·

r∈Rgtsc∈Cont

send(P ; d1 , nd1 ) ·

n′∈Nonce

recv(P ; n′, nd1 , d1sk(P )) ·

send(P ; nd1 , n′, (nd1 , n, h(c), r, d2 ), Psk(d1)) ·

request(d1 , h(c), r, P ) ·

K∈Key

recv(P ; cK , Kpk(d1), r, nd1sk(P )) ·

update(d1 , c, r, P ) · d1 (Ω ∪ 〈c, r〉, nxt(nd1 ))

DRM & Fairness

Fairness in DRM

Nuovo DRM

Model checking

Conclusions

intruder model

I(X,Y ) =X

p∈Agentm∈Msg

recv(p, m, I) · I(X ∪ m, Y ∪ m) +

p∈Agentm∈Msg

send(I,m, p) · I(X, Y \ m) ⊳ m ∈ Y ⊲ δ +

p∈Agentm∈Msg

send⋄(I, m, p) · I(X,Y ) ⊳ m ∈ synth(X) \ Y ⊲ δ +

c∈Cont

revealed(c) · δ ⊳ c ∈ synth(X) ⊲ δ

— From [CT06]

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Model checking-Scenarios-goals-fairness-results

Conclusions

Scenarios

S0: one provider P , d1 , d2 , trusted network, no intruder.

S1: three providers, d1 , d2 , untrusted network, intrudercontrols d1 .

content: c1, c2, c3

rights: r1, r2, r1 allows resale of r2

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

G1. effectiveness

[T∗ · request(d1 , c, r, P )] µX.(〈T〉T ∧ [¬update(d1 , c, r, P )]X)

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

G1. effectiveness

G2. secrecy[T∗ · revealed(c)]F

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

G1. effectiveness

G2. secrecy[T∗ · revealed(c)]F

G3. resist content masquerading

[(¬request(d1 , c, r, P ))∗ · update(d1 , c, r, P )]F

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

fairness

for provider for d2 when buying from provider for d2 when reselling

for d2 when buying from d1

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

fairness

[T∗ · request(d2 , c, r, d1 ) · (¬(resolves(d2 ) ∨ update(d2 , c, r, d1 )))∗]

〈(¬com⋄(−,−,−))∗ · (resolves(d2 ) ∨ update(d2 , c, r, d1 ))〉T

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

fairness

[T∗ · request(d2 , c, r, d1 ) · (¬(resolves(d2 ) ∨ update(d2 , c, r, d1 )))∗]

〈(¬com⋄(−,−,−))∗ · (resolves(d2 ) ∨ update(d2 , c, r, d1 ))〉T

[(¬lastttp)∗ · request(d2 , c, r, d1 ) · (¬lastttp)∗ · resolves(d2 )·

(¬(update(d2 , c, r, P ) ∨ lastttp))∗]

〈(¬com⋄(−,−,−))∗ · update(d2 , c, r, P )〉T

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

results

G1. effectiveness:√

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

results

G2. secrecy:√

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

results

G2. secrecy:√

G3. resist content masquerading:√

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

results

G2. secrecy:√

G4. strong fairness:

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

results

G2. secrecy:√

G4. strong fairness:- for provider:

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

results

G2. secrecy:√

√- for d2 when buying from provider:

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

results

G2. secrecy:√

√- for d2 when reselling:

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Conclusions

results

G2. secrecy:√

√- for d2 when reselling:

√- for d2 when buying from d1 :

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Model checking

Conclusions-final remarks

final remarks

Nuovo beyond this talk:

attention to practical security proof-of-concept implementation

Closing remarks:

fair exchange in DRM seems possible formal modelling & verification helps only finite instances checked DRM also needs practical security (done for Nuovo)

DRM & Fairness

Fairness in DRM

Nuovo DRM

Formalising Nuovo

Model checking

Conclusions-final remarks

last slide

Thank you for your attention.

Questions?

Nuovo DRM - satoss.uni.lusatoss.uni.lu/seminars/srm/pdfs/hugo-nuovo.pdfNuovo...

Documents

Transcript of Nuovo DRM - satoss.uni.lusatoss.uni.lu/seminars/srm/pdfs/hugo-nuovo.pdfNuovo...

DRM Manual

Digital Rights Management. 2 Introduction of DRM Technology of DRM International DRM Market Korean DRM Market International DRM Companies

DRM+ the efficient solution for digitising FM ABU2009 · DRM+ transmitter diversity Conclusion . DRM+ The Efficient Solution for Digitising FM ... DRM+ The Efficient Solution for

Cat. No. R132-ES2-02...21. Edición online Funciones útiles ... FQM1-CM001/MMA21 / MMP21 C200PC-ISA03-SRM (C200HG-CPU43 *3) C200PC-ISA13-DRM (C200HX-CPU64 *3) C200PC-ISA13-SRM (C200HX-CPU64

SRM-2605 SRM-2605 EN

DRM + Information

CHAPTER 3 — COLLISION AVOIDANCEmorse.uml.edu/Activities.d/Summer-05/PAPERS/KC/310ch3-radar.pdf · (DRM-SRM) vector end to end as in ﬁgure 3.9. In ﬁgure 3.9, own ship’s true

SRM Catalog SRM EBP Configuration

Copyright © 2005 KENWOOD All rights reserved. May not be copied or reprinted without prior written approval. Il nuovo standard radio DRM (Digital Radio.

· PDF filephp-4.3.7-sapi/sapi / . /sapi srm srm s /ext / . /php srm srm s configure /buildconf /php-4.3.7/ext / . /php srm srm s 11/28 eZ publish Compiling

DRM Presentation

DRM - Mamposteria

Evaluating DRM

Planning Parameters for DRM Mode E (‘DRM+’) Parameters for DRM Mode E (‘DRM+’) V 3.0 - 4 - 04/05/2011 1 Scope Digital Radio Mondiale TM (DRM) was originally designed by the

Drm. Script

NIST PCR‐Based DNA Profiling Standard (SRM 2391d) · PCR‐based DNA profiling SRM 2391d Brief history of SRM 2391 series… SRM 2391c SRM 2391 SRM 2391a SRM 2391b SRM 2390 DNA

OMA DRM 2.0 을 적용한 경량화된 DRM 서비스 구현

Drm scouncilpresentation

Planning Parameters for DRM Mode E (‘DRM+’) · 2011-05-04 · German DRM Platform - DRM+ Technical Expert Group - Planning Parameters for DRM Mode E (‘DRM+’) concerning the

Cluster Drm

Cat. No. R132-ES2-02...21. Edición online Funciones útiles ... FQM1-CM001/MMA21 / MMP21 C200PC-ISA03-SRM (C200HG-CPU43 3) C200PC-ISA13-DRM (C200HX-CPU64 3) C200PC-ISA13-SRM (C200HX-CPU64