Axmedis2007 Presentation

Key Management in open DRM platforms*Carlos Serrão, *Miguel Dias and **Jaime Delgado

carlos.serrao, miguel.dias {@iscte.pt}, [email protected]

*ISCTE/DCTI/ADETTILisboa, Portugal

**UPC/AC/DMAGBarcelona, Spain

mailto:[email protected]

mailto:[email protected]

Summary

• DRM interoperability

• open DRM interoperability

• Key Management

• Key Management Life Cycle

• Key Management LC on open DRM

• OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA DRM, Sun DReaM

• Comparison

• Conclusions and Future Work

2

DRM interoperability

• DRM involves the:

• description, layering, analysis, valuation, trading and monitoring of rights over an individual or organisation's assets, in digital format;

• DRM is:

• the chain of hardware and software services and technologies governing the authorised use of digital objects and managing any consequences of that use throughout the entire life cycle of the object.

3


• Different DRM systems do not interoperate

• DRM-A governed content is incompatible with other DRM systems

• Users hate it!

• Different formats, protocols, security mechanisms, content protection mechanisms, and others...

• Vertical solutions lead to non-interoperability

4

DRMA

DRMC

DRMB

DRMD

???

??????

???

??? ???


• Solvable problem?

• Yes, but...

• Although technologically complex, it is not only a technical problem

• It is also a business problem!

5


• 3 different strategies based on International standards

• Full-format interoperability

• requires everyone using the same format

• Connected interoperability

• brokering between different DRM regimes

• Configuration driven interoperability

• DRM regimes use tools to adapt to other regimes

6

open DRM interoperability

• open DRM interoperability

• requires DRM solutions that provide open specifications and/or are open-source based

• true connected interoperability can only be achieved using this approach

7


• Connected DRM interoperability:

• DRM P2P connected interoperability

• specific individual connectors between each of the different DRM functions

• DRM broker-based connected interoperability

• generic function broker between the different DRM functions

8


• DRM P2P connected interoperability

9


• DRM broker-based connected interoperability

10


11


• Approach for DRM interoperability study

11


• Approach for DRM interoperability studyI. Select a group of different open-DRM systems;

11



II. Identify the major functionalities inside the particular open-DRM systems;

11




III. Identify commonalities between the functionalities of the different open-DRM systems;

11





IV. Create a brokerage functionality in a common generic DRM broker, that maps to the specific open-DRM functionalities;

11





IV. Create a brokerage functionality in a common generic DRM broker, that maps to the specific open-DRM functionalities;

V. Define an orchestration model, in the DRM-broker, between the same functionalities of the different open-DRM systems.

11

Some DRM concepts

• One of the functions that modern DRM involves the use of several security technologies:

• Public-key cryptography

• Secret-key cryptography

• Digital signatures

• Digital certificates

• ... and others.

• All this keying material should be properly managed, to avoid security breaches...

• ... and this brings us to Key Management.12

Key Management

• What is Key Management?

• Key Management is the set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorised parties.

• Key Management encompasses techniques and procedures supporting:

• Initialisation of system users within a domain;

• Generation, distribution and installation of keying material;

• Controlling the use of keying material;

• Update, revocation and destruction of keying material;

13

Key Management in DRM

• Key Management and DRM

• DRM uses keying material in several situations:

• Entities (content providers, users, ...) registration and management

• Software applications and components registration and management

• Content security

• Rights management and enforcement (licenses)

14



15

• User Registration• System and User initialisation• Key generation

• Key installation• Key registration• Normal usage• Key backup• Key update• Key recovery

• Archival• Key revocation

• Key de-registration and destruction

pre-

oper

atio

nal

oper

atio

nal

post

-ope

ratio

nal

obso

lete



16



• It is important to study on the different DRM solutions handle this functionalities

• Establish a common secure license and key management life-cycle

• Implementing a broker-based interoperable key management system

• As a mechanism for DRM interoperability

17

Key Management in open DRM

• Key management analysis on open DRM

• a set of open DRM platforms were selected

• OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA DRM, Sun DReaM

• and the key management cycle has been studied

• available specifications

• in some cases, open-source code (OpenSDRM, OpenIPMP, DMP Chillout and Sun DReaM)

18


• OpenSDRM

• not very well documented

• source-code is available

• relies on XML certificates and X509 certificates

• key management life cycle

• handles key material creation, registration and normal usage

• revocation, archival, or destruction of obsolete key material is not handled

19


• OpenIPMP

• not very well documented

• source-code is available

• relies on X509 certificates



• handles key and certificate revocation

• archival, or destruction of obsolete key material is not handled

20


• DMAG MIPAMS

• some limited documentation exists

• no source-code available

• makes usage of X509 mechanisms

• key life cycle management


• handles (partly) key and certificate revocation


21


• DMP Chillout

• extensive and detailled documentation is available

• source-code is well organized and available

• makes usage of X509




22


• OMA DRM

• OMA has an extensive available documentation with several specifications

• No source-code is available

• Details specific security details, like algorithms to be used, protocols, ...



• handles key and certificate revocation


23


• Sun DReaM

• has some specifications available, although very limited

• source-code is available (it is still under heavy development)


• it is hard to analyse this due to early development



24

Comparison

25

DMAGMIPAMS

User Registration

System and User Initialization

Key generation

Key installation

Key registration

Normal usage

Key backup

Key update

Key recovery

Key de-registration and destruction

Key archival

Key revocation

Comparison

26

DMAGMIPAMS

User Registration

System and User Initialization

Key generation

Key installation

Key registration

Normal usage

Key backup

Key update

Key recovery

Key de-registration and destruction

Key archival

Key revocation

pre-

oper

atio

nal

oper

atio

nal

post

-op

erat

iob

sol

et

Conclusions

• Key management is important in DRM for:

• confidentiality

• entity authentication

• data origin authentication

• data integrity

• and digital signatures.

• Managing correctly the keying material and its life cycle is important in DRM security design.

27

Conclusions

• The analysis conducted to open DRM platforms revealed that important aspects of the key management life cycle are poorly considered:

• key backup

• key update

• key recovery

• key archival

• key revocation

• key de-registration and destruction.

28

Conclusions

• The lack of an appropriate key management scheme in DRM could lead to some serious security problems, such as:

• the compromise of confidentiality of secret keys;

• compromise of authenticity of private or public keys, and;

• the unauthorized usage of private or public keys.

• This is an aspect to be further considered on the design of DRM solutions.

29

Q & A

• It’s time for some questions...

• ... and (maybe) some answers.

30

Axmedis2007 Presentation

Economy & Finance

Transcript of Axmedis2007 Presentation