Axmedis2007 Presentation
-
Upload
carlos-serrao -
Category
Economy & Finance
-
view
1.153 -
download
0
Transcript of Axmedis2007 Presentation
Key Management in open DRM platforms*Carlos Serrão, *Miguel Dias and **Jaime Delgado
carlos.serrao, miguel.dias {@iscte.pt}, [email protected]
*ISCTE/DCTI/ADETTILisboa, Portugal
**UPC/AC/DMAGBarcelona, Spain
Summary
• DRM interoperability
• open DRM interoperability
• Key Management
• Key Management Life Cycle
• Key Management LC on open DRM
• OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA DRM, Sun DReaM
• Comparison
• Conclusions and Future Work
2
DRM interoperability
• DRM involves the:
• description, layering, analysis, valuation, trading and monitoring of rights over an individual or organisation's assets, in digital format;
• DRM is:
• the chain of hardware and software services and technologies governing the authorised use of digital objects and managing any consequences of that use throughout the entire life cycle of the object.
3
DRM interoperability
• Different DRM systems do not interoperate
• DRM-A governed content is incompatible with other DRM systems
• Users hate it!
• Different formats, protocols, security mechanisms, content protection mechanisms, and others...
• Vertical solutions lead to non-interoperability
4
DRMA
DRMC
DRMB
DRMD
???
??????
???
??? ???
DRM interoperability
• Solvable problem?
• Yes, but...
• Although technologically complex, it is not only a technical problem
• It is also a business problem!
5
DRM interoperability
• 3 different strategies based on International standards
• Full-format interoperability
• requires everyone using the same format
• Connected interoperability
• brokering between different DRM regimes
• Configuration driven interoperability
• DRM regimes use tools to adapt to other regimes
6
open DRM interoperability
• open DRM interoperability
• requires DRM solutions that provide open specifications and/or are open-source based
• true connected interoperability can only be achieved using this approach
7
open DRM interoperability
• Connected DRM interoperability:
• DRM P2P connected interoperability
• specific individual connectors between each of the different DRM functions
• DRM broker-based connected interoperability
• generic function broker between the different DRM functions
8
open DRM interoperability
• DRM P2P connected interoperability
9
open DRM interoperability
• DRM broker-based connected interoperability
10
open DRM interoperability
11
open DRM interoperability
• Approach for DRM interoperability study
11
open DRM interoperability
• Approach for DRM interoperability studyI. Select a group of different open-DRM systems;
11
open DRM interoperability
• Approach for DRM interoperability studyI. Select a group of different open-DRM systems;
II. Identify the major functionalities inside the particular open-DRM systems;
11
open DRM interoperability
• Approach for DRM interoperability studyI. Select a group of different open-DRM systems;
II. Identify the major functionalities inside the particular open-DRM systems;
III. Identify commonalities between the functionalities of the different open-DRM systems;
11
open DRM interoperability
• Approach for DRM interoperability studyI. Select a group of different open-DRM systems;
II. Identify the major functionalities inside the particular open-DRM systems;
III. Identify commonalities between the functionalities of the different open-DRM systems;
IV. Create a brokerage functionality in a common generic DRM broker, that maps to the specific open-DRM functionalities;
11
open DRM interoperability
• Approach for DRM interoperability studyI. Select a group of different open-DRM systems;
II. Identify the major functionalities inside the particular open-DRM systems;
III. Identify commonalities between the functionalities of the different open-DRM systems;
IV. Create a brokerage functionality in a common generic DRM broker, that maps to the specific open-DRM functionalities;
V. Define an orchestration model, in the DRM-broker, between the same functionalities of the different open-DRM systems.
11
Some DRM concepts
• One of the functions that modern DRM involves the use of several security technologies:
• Public-key cryptography
• Secret-key cryptography
• Digital signatures
• Digital certificates
• ... and others.
• All this keying material should be properly managed, to avoid security breaches...
• ... and this brings us to Key Management.12
Key Management
• What is Key Management?
• Key Management is the set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorised parties.
• Key Management encompasses techniques and procedures supporting:
• Initialisation of system users within a domain;
• Generation, distribution and installation of keying material;
• Controlling the use of keying material;
• Update, revocation and destruction of keying material;
13
Key Management in DRM
• Key Management and DRM
• DRM uses keying material in several situations:
• Entities (content providers, users, ...) registration and management
• Software applications and components registration and management
• Content security
• Rights management and enforcement (licenses)
14
Key Management in DRM
• Key Management Life Cycle
15
• User Registration• System and User initialisation• Key generation
• Key installation• Key registration• Normal usage• Key backup• Key update• Key recovery
• Archival• Key revocation
• Key de-registration and destruction
pre-
oper
atio
nal
oper
atio
nal
post
-ope
ratio
nal
obso
lete
Key Management in DRM
• Key Management Life Cycle
16
Key Management in DRM
• Key Management Life Cycle
• It is important to study on the different DRM solutions handle this functionalities
• Establish a common secure license and key management life-cycle
• Implementing a broker-based interoperable key management system
• As a mechanism for DRM interoperability
17
Key Management in open DRM
• Key management analysis on open DRM
• a set of open DRM platforms were selected
• OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA DRM, Sun DReaM
• and the key management cycle has been studied
• available specifications
• in some cases, open-source code (OpenSDRM, OpenIPMP, DMP Chillout and Sun DReaM)
18
Key Management in open DRM
• OpenSDRM
• not very well documented
• source-code is available
• relies on XML certificates and X509 certificates
• key management life cycle
• handles key material creation, registration and normal usage
• revocation, archival, or destruction of obsolete key material is not handled
19
Key Management in open DRM
• OpenIPMP
• not very well documented
• source-code is available
• relies on X509 certificates
• key management life cycle
• handles key material creation, registration and normal usage
• handles key and certificate revocation
• archival, or destruction of obsolete key material is not handled
20
Key Management in open DRM
• DMAG MIPAMS
• some limited documentation exists
• no source-code available
• makes usage of X509 mechanisms
• key life cycle management
• handles key material creation, registration and normal usage
• handles (partly) key and certificate revocation
• archival, or destruction of obsolete key material is not handled
21
Key Management in open DRM
• DMP Chillout
• extensive and detailled documentation is available
• source-code is well organized and available
• makes usage of X509
• key management life cycle
• handles key material creation, registration and normal usage
• revocation, archival, or destruction of obsolete key material is not handled
22
Key Management in open DRM
• OMA DRM
• OMA has an extensive available documentation with several specifications
• No source-code is available
• Details specific security details, like algorithms to be used, protocols, ...
• key management life cycle
• handles key material creation, registration and normal usage
• handles key and certificate revocation
• archival, or destruction of obsolete key material is not handled
23
Key Management in open DRM
• Sun DReaM
• has some specifications available, although very limited
• source-code is available (it is still under heavy development)
• key management life cycle
• it is hard to analyse this due to early development
• handles key material creation, registration and normal usage
• revocation, archival, or destruction of obsolete key material is not handled
24
Comparison
25
DMAGMIPAMS
User Registration
System and User Initialization
Key generation
Key installation
Key registration
Normal usage
Key backup
Key update
Key recovery
Key de-registration and destruction
Key archival
Key revocation
Comparison
26
DMAGMIPAMS
User Registration
System and User Initialization
Key generation
Key installation
Key registration
Normal usage
Key backup
Key update
Key recovery
Key de-registration and destruction
Key archival
Key revocation
pre-
oper
atio
nal
oper
atio
nal
post
-op
erat
iob
sol
et
Conclusions
• Key management is important in DRM for:
• confidentiality
• entity authentication
• data origin authentication
• data integrity
• and digital signatures.
• Managing correctly the keying material and its life cycle is important in DRM security design.
27
Conclusions
• The analysis conducted to open DRM platforms revealed that important aspects of the key management life cycle are poorly considered:
• key backup
• key update
• key recovery
• key archival
• key revocation
• key de-registration and destruction.
28
Conclusions
• The lack of an appropriate key management scheme in DRM could lead to some serious security problems, such as:
• the compromise of confidentiality of secret keys;
• compromise of authenticity of private or public keys, and;
• the unauthorized usage of private or public keys.
• This is an aspect to be further considered on the design of DRM solutions.
29
Q & A
• It’s time for some questions...
• ... and (maybe) some answers.
30