iDRM – Interoperability Mechanisms for Open Rights Management Platforms

iDRM – Interoperability mechanisms for Open Rights Management platforms

Ph.D. Dissertation Lecture

Professor Jaime Delgado*, Professor Miguel Dias** *UPC/AC/DMAG, Barcelona, Spain *IUL-ISCTE/DCTI/ADETTI, Lisboa, Portugal

UPC - Universitat Politecnica de Calalunya 3rd. December, 2008

Carlos Serrão *[email protected] **[email protected] [email protected]

*http://www.upc.edu **http://www.iscte.pt

Summary

3rd. December 2008 [iDRM] - Ph.D. Lecture Dissertation 2

  Context and State of the Art   Specific Contributions

  Rights Management interoperability and SOA

  Using PKI towards Rights Management interoperability

  Open Rights Management as a mean for interoperability

  Secure Key and License management for open RM platforms

  The OpenSDRM open RM platform

  Wallet Rights Management interoperability middle-ware

  License Templates

  OpenSDRM use-cases and experiences

  Conclusions and Future Work

  Questions

Context and State of the Art

Content


Content

Com

pression

Content


  Advantages and Opportunities

  Better content

  New and better delivery channels

  New customers

  Fast delivery

  ...

  Disadvantages and Challenges

  Piracy and Uncontrolled distribution

  ...

Content


  Answer from content industry

  Digital

  Rights

  Management

  and

  Copy

  Protection/Prevention

DRM interoperability


  DRM involves the:

  description

  layering

  analysis

  valuation

  trading

  and monitoring of rights

  over an individual or organization's assets, in digital format.

Digital Content Value-Chain


Creator Publisher Aggregator Distributor Retailer Consumer

Content Creation, Capture Content Rights Establishment

Content Rights Validation Content Packaging

Content Repository Content Trading

Content Distribution

Content Trading Content Distribution

Content Payment Content Trading Permission Management


remixed r/w

culture

Digital Content Value-Chain


  Consumers are “active” not “passive”

  Consumers take other roles on DCVC

  Changes the established rights management logic

Creator Publisher Aggregator Distributor Retailer Consumer Consumer is Creator Consumer is Publisher Consumer is Aggregator Consumer is Distributor

Consumer is Retailer


interoperability

Digital Rights Management


  DRM 1.0 failure

  Vulnerable DRM systems

  Limitations to user experience

  Limited availability

  Offer limited protection

  Imposition to end-users

  Lack of interoperability

  DRM 2.0 must solve these issues



DRM 1.0 DRM 1.5 DRM 2.0



  DRM Layers

Rights Management

Rights Enforcement

Copy Protection



  DRM Layers – non-interoperable

Rights Management

Rights Enforcement

Copy Protection DR

M A

Rights Management

Rights Enforcement

Copy Protection

DR

M B

X X X



  DRM Layers - interoperable

Rights Management

Rights Enforcement

Copy Protection

Rights Management

Rights Enforcement

Copy Protection



  Interoperability strategies (International Standards):

  Full format interoperability

  Connected interoperability

  Configuration driven interoperability

[Koenen et al., 2004] [Kalker et al., 2007]



DRM 1.0 DRM 1.5 DRM 2.0

Interoperability

Contributions

Contributions


  Motivations/Objectives

  Study the applicability of SOA to the creation of interoperable rights management services

  Use PKI-based solutions to create common trust environments between different RM solutions/services

  Design and implement an open, distributed, service-based architecture for interoperable rights management infrastructure

  Based on the key management life cycle, create a generic model for secure license and key management for rights management solutions

  Create an open and interoperable RM services-based platform (OpenSDRM)

  Study and develop a mechanism to provide interoperability between different content rendering applications and abstraction from REL

  Evaluate the flexibility and adaptation of OpenSDRM to multiple use-cases and scenarios

Rights Management Interoperability and Service Oriented Architectures

Contributions

RM interoperability and SOA


  SOA and Web-Services allow an easy and standard decoupling mechanisms for application integration

  This decoupling works based on three pillars:

  Service Provider (WSDL)

  Service Requester (SOAP)

  Service Broker (UDDI)

  Allows the distribution of services through an open network, using open standards – such as HTTP



  Idea/Objective

  Identification of most relevant rights management services

  “Abstract” its proprietary implementation, through a well-defined and public interface using WSDL

  Interaction between services, can be performed via:

  Proprietary communication channels, if they are internal to the same rights management solution

  Open SOA channels, if they are to be interoperable between different rights management solutions



  Service decoupling

WSDL Service

Interface

Service proprietary

implementation

Other internal Services Proprietary

communication Services

WSDL Service

Interface

Service proprietary

implementation

Other internal Services Proprietary

communication Services

Service Broker

Request service

Open communication services (SOAP/HTTP)‏



UDDI Service Broker

DRM Governed content

SOAP Communication with the specific RM service

Publish the RM service description Ask for service

location and description



  Relevant papers   Serrão C., Dias M., Delgado J., “Using Service-oriented Architectures

towards Rights Management interoperability”, in Proceedings of the International Joint Conferences on computer, Information and Systems Sciences and Engineering (CISSE06), University of Bridgeport, USA, 4-14 December, 2006

  Serrão C., Fonseca P., Dias M., Delgado J., “The Web-Services growing importance for DRM interoperability”, in Proceedings of the IADIS International Conference WWW/Internet 2006, Múrcia, Spain, 5-8 October, 2006

  Serrão C., Dias M., Delgado J., “Using Web-Services to Manage and Control Access to Multimedia Content”, in Proceedings of The 2005 International Symposium on Web Services and Applications (ISWS05), Las Vegas, USA, 2005

Using PKI towards Rights Management interoperability

Contributions

PKI and RM interoperability


  From a security point of view, two major aspects need to be considered in any DRM solution:

  the digital object protection, in which the digital object is packaged in a specific container that is locked, preventing non-authorized copies or modifications, making usage of strong cryptographic algorithms.

  and the fact that through the entire object life cycle a trustworthy environment must be established between the different actors, devices and software components.



  Trust Environment

  In a common DRM system, trust must be established between the different elements

  The way this trust environment is accomplished differs from DRM implementation to implementation

  There is no common trust system

  This creates interoperability problems



Trust Mechanism A

Trust Mechanism B

Trust Mechanism C

Trust Mechanism D

DRM A DRM B DRM C DRM D

Non-Interoperability points

Users Content Users Content Users Content Users Content



  Public-Key Infrastructures (PKI) are important for trust environment establishment

  PKIX (PKI for X.509) is currently one of the most deployed PKI technologies, present in many security solutions

  PKI offers functions/services that are crucial to the establishment of trust environments:

  Certification Authority

  Registration Authority

  Repository

  Archive



  PKIX supports most of the security and trust functions that DRM needs

  DRM systems can “deliver” their security and trust requirements “in the hands” of an underlying PKIX system

  This would simplify the task of DRM interoperability



  Two approaches for DRM interoperability through PKI:

  Use a single PKI service shared by all DRM systems;

  Each DRM use their own PKI service, and brokering mechanisms are used between them



All the different DRM systems use the same PKI solution, to establish the necessary trust environment between the different actors, devices or software components.



The different DRM systems have their own PKI, and a PKI broker is used to build interoperable trust environments between the different actors, devices and software components of the different DRM systems.



  1st Scenario

  The same PKI offers to the different DRM components, trust credentials, that can be immediately trusted between different DRM systems

  This is however a low probability scenario. DRM systems will adopt their own PKI solutions



  2nd Scenario

  Reflects what is happening now – each DRM chooses its own PKI solution

  “Local” and “External” interoperability

  “Local” - the internal components of a DRM system rely on the trust provided by their own PKI

  “External” - the components of different DRM systems, have to build trust relationships using a PKI broker



  Relevant papers

  Serrão C., Torres V., Delgado J., Dias M., “Interoperability Mechanisms for registration and authentication on different open DRM platforms”, in International Journal of Computer Science and Network Security, Vol. 6, Number 12, Pages 291-303, December, 2006

  Serrão, C., Serra A., Dias M., Delgado J., “PKI as a way to leverage DRM interoperability”, In Proceedings of the IADIS International Conference on Telecommunications, Networks and Systems 2007 (TNS2007), Lisboa, Portugal, 3-5 July, 2007

Open Rights management as a mean for interoperability

Contributions

Open RM and Interoperability


  “open” is an important key in interoperability

  “open”, in RM has three dimensions

  open specifications

  open interfaces

  open-source



  Open-source DRM platforms

  Media-S

  OpenIPMP

  DReaM

  Chillout

  OpenSDRM

  Open-specification DRM platforms

  MIPAMS

  OMA-DRM



  Open-source DRM platforms comparison   Organisation

  License

  Activity

  Base components

  Development status

  Deployment

  Number of Developers

  Fields of Applicability

  REL Support

  Content Support



  Open RM SWOT analysis



  Two dimensions for the Interoperability problem:   DRM complexity:

  protection (encryption, decryption, watermarking, key distribution, etc.);

  authorization based on licenses (rights expressions, verification, license distribution, etc.);

  Metadata;

  Enforcement;

  Governance;

  Authorities;

  and others.

  How we try to get interoperability -> definition of different DRM interoperability levels:   Proprietary systems;

  Standards and architectures;

  Software framework based;

  Open Source.



  Broker-based open RM interoperability



  Relevant papers

  Serrão C., Torres V., Delgado J., Dias M., “ How Open DRM platforms can shape the future of DRM”, in IEEE Multimedia

  Serrão C., Marques J., Dias M., Delgado J., “Open-Source Software as a Driver for Digital Content E-Commerce and DRM interoperability”, in Proceedings of the Europe-China Conference on Intellectual Property in Digital Media – Optimisation of Intellectual Property in Digital Media (IPDM06), Shangai, China, 18-19 October, 2006

Secure Key and License Management for open Rights Management platforms

Contributions

Secure key and license management


  Some of the functions of modern DRM involves the use of several security technologies:

  Public-key cryptography

  Secret-key cryptography

  Digital signatures

  Digital certificates

  ... and others.

  All this keying material should be properly managed, to avoid security breaches...

  ... and this brings us to Key Management.



  Key Management Life Cycle



  Key Management Life Cycle

  It is important to study on the different DRM solutions handle this functionalities

  Establish a common secure license and key management life-cycle

  Implementing a broker-based interoperable key management system

  As a mechanism for DRM interoperability



  Key Management and DRM

  DRM uses keying material in several situations:

  Entities (content providers, users, ...) registration and management

  Software applications and components registration and management

  Content security

  Rights management and enforcement (licenses)



  Rights Expression Languages (REL)

  Allow the expression of copyright

  Allow the expression of contracts or license agreements

  Allow to control over access and/or use

  Mostly used to express DRM-governed content licenses

  Licenses express how a governed-content can be used

  Expressed in a specific format/notation (XML, Text, Graph theory, ...)

  XrML and ODRL are two of the most used

  May contain protected keying material information to be used with the protected digital content



  Depending on the DRM scenario and implementation licenses can be used or not

  This gives 6 different scenarios:   Licenses are used in DRM

  License contains CEK   License is inside digital content

  License is outside the digital content

  License don't have CEK   License is inside digital content

  License is outside the digital content

  Licenses are not used in DRM   CEK is inside digital content

  CEK is not inside the digital content



  License topology



  Analysis of key management in open RM platforms



  Relevant papers   Serrão, C., Serra A., Dias M., Delgado J., "Key Management in open DRM

Platforms”, in the Proceedings of the 3rd. International Conference of Automated Production of Cross Media Content for Multi-channel Distribution (AXMEDIS2007), Barcelona, Spain, 28-30 November, 2007

  Serrão, C., Serra A., Dias M., Delgado J., “Secure License Management - Management of Digital Object Licenses in a DRM environment”, In Proceedings of the International Conference on Security and Cryptography (SECRYPT2007), Barcelona, Spain, 28-31 July, August, 2007

  Serrão, C., Serra A., Dias M., Delgado J., "Protection of MP3 Music Files Using Digital Rights Management and Symmetric Ciphering", in the Proceedings of the 2nd. International Conference of Automated Production of Cross Media Content for Multi-channel Distribution (AXMEDIS2006), Leeds, United Kingdom, 13-15 December, 2006

The OpenSDRM open rights management platform

Contributions

OpenSDRM


  What is OpenSDRM?

  Distributed DRM architecture

  Each of the functionalities is implemented has an independent distributed service

  There can exist multiple instances of the same service provided by different entities

  incorporate the previous contributions

OpenSDRM


  OpenSDRM is open:

  open-source

  open specifications

  open interfaces

  open to different types of content

  open to support many different business models

  open to interoperability

OpenSDRM


OpenSDRM


  Relevant papers

  Serrão C., Dias M., Kudumakis P., “From OPIMA to MPEG IPMP-X - A standard’s history across R&D projects”, in Special Issue on European Projects in Visual Representation Systems and Services, Image Communications, Volume 20, Issue 9-10, Pages 972-994, Elsevier, 2005

  Serrão C., "Open Secure Infrastructure to control User Access to multimedia content", in Proceedings of the 4th. International Conference on Web Delivering of Music (WEDELMUSIC2004), Barcelona, Spain, 2004

  Serrão C., Neves D., Kudumakis P., Barker T., Balestri M., "OpenSDRM – An Open and Secure Digital Rights Management Solution", in Proceedings of the IADIS International Conference e-Society 2003, Lisboa, Portugal, 3-6 June, 2003

Wallet Rights Management interoperability middleware

Contributions

Wallet RM interoperability middle-ware




  DRM-governed content life cycle



  Relevant papers

  Serrão C., Dias M., Delgado J., “Digital Object Rights Management – Interoperable client-side DRM middleware”, In Proceedings of the International Conference on Security and Cryptography (SECRYPT2006), Setúbal, Portugal, 7-10 August, 2006

  Serrão C., Dias M., Delgado J., “Bringing DRM interoperability to digital content rendering applications”, in Proceedings of the CISSE05 – The International Joint Conferences on Computer, Information, and System Sciences, and Engineering, Springer, ISBN: 978-1-4020-5260-6, University of Bridgeport, USA, 10-20 Dezembro, 2005

License Templates

Contributions

License Templates


  Complex RM environments

  Content Provider - License Provider - User CRA

  Support for multiple license format is *not* assured

  Possible solutions

  REL translation

  License in one format is translated to other format

  Templates

  Specific REL license templates created “a priori”, and instantiated when the license is to be issued

License Templates


  License template definition process

License Templates


  Relevant papers

  Serrão C., Dias M., Delgado J., “Using ODRL to express rights for different content usage scenarios”, in Proceedings of the ODRL2005 – 2nd International ODRL Workshop 2005, Lisboa, Portugal, 7-8 July, 2005

  Serrão C., Dias M., Delgado J., “Bringing DRM interoperability to digital content rendering applications”, in Proceedings of the CISSE05 – The International Joint Conferences on Computer, Information, and System Sciences, and Engineering, Springer, ISBN: 978-1-4020-5260-6, University of Bridgeport, USA, 10-20 Dezembro, 2005

OpenSDRM experiences and use-cases

Contributions



  OpenSDRM usage cases:

  Digital Music, MOSES FP5-IST project, Music-4You.com

  JPEG2000 digital images, HICOD2000 ESA RTD project

  Video-Surveillance, WCAM FP6-IST project

  Home Networking Digital Music, MediaNet FP6-IST project



  Relevant papers   Serrão C., “Music-4you.com – Digital Music E-Commerce Case Study”, in IADIS

International Journal on Internet/WWW, Volume 3, Issue 1, ISSN 1645-7641, 2005

  Carvalho H., Serrão C., Serra A., Dias M., “Flexible Access to ESA Earth Observation data using JPEG2000 and DRM”, in Proceedings of the Fourth Conference on Imaging Information Mining (ESA-EUSC2006), Madrid, Spain, 27-28 November, 2006

  Serrão, C., Dias M., Serra A., Carvalho H., "Accessing Earth Observation data using JPEG2000", in Proceedings of the Symposium on Computational Modelling of Objects Represented in Images (CompImage2006), Coimbra, Portugal, 20-21 October, 2006

  Serrão, C., Dias L., Serra A., Dias M., "JPEG2000 Image Compression and Visualization for Desktop and Mobile Clients", in Proceedings of the Atlantic Europe Conference on Remote Imaging and Spectroscopy (AECRIS2006), International Journal of Internet Protocol Technology, Preston, United Kingdom, 11-12 September, 2006

Conclusions and Future Work

Conclusions


  The objective of this work was to present several mechanisms to improve the RM non-interoperable panorama

  Some specific mechanisms were selected to study its applicability to RM interoperability

  RM interoperability is not an easy problem

  This thesis does not solve it!!!

  However, it contributes with some mechanisms to make the problem less complex.

  But, more work needs to be done!

Conclusions


  Rights Management and Service-Oriented Architectures

  SoA has a huge impact on the software and service distribution (SaaS)

  RM can benefit from service distribution, to create heterogeneous RM environments

  RM providers decouple RM services

  Published, and promoted on UDDI repositories

  Approach followed on the OpenSDRM implementation

Conclusions


  PKI and rights management interoperability

  RMS systems need to establish trust environments and to handle cryptographic material

  Most current RM solutions do not rely on existing PKI services – they implement their own proprietary services

  Contributed with PKI-based interoperability solution to establish trust – PKI-broker to establish trust between different RM solutions

  Design and establishment of protocols to create trust environments between different RM solutions

Conclusions


  Open rights management towards interoperability

  Commercial RM solutions are vertical, closed and non-interoperable – alternative is an open model

  Open RM solutions were identified, classified and included in three categories: open-source, open specifications and open interfaces

  A SWOT analysis was conducted to identify the major advantages and drawbacks of having open RM solutions

Conclusions


  Secure key and license management for open rights management

  Security is central to RM systems

  Appropriate secure management of rights and key management are of extreme importance

  Scenarios between the REL, the digital object and the CEK were identified

  Description of the license management life cycle

  Identify how the different RM handle the key management life cycle

  Lack of support behind the pre-operational and operational stages

  Proper key management is crucial for security management

Conclusions


  OpenSDRM open rights management architecture

  Design and implementation of an open RM platform

  Based on a service oriented approach

  E2E RM services for the DCVC

  Detailed security mechanisms and protocols

Conclusions


  Wallet rights management interoperability middle-ware and license templates

  Establishment of a client-side RM middle-ware to provide interoperability between different CRA

  Abstraction layer between the CRA and DRM regime

  Request authorizations to the RM layer to render content

  Creation of and usage of license rights templates to offer RM interoperability between multiple content providers, license providers and user-devices

  Expression of particular business model using different license templates

  Facilitate the interoperation between different REL

Conclusions


  OpenSDRM use-cases

  Demonstrate the OpenSDRM applicability, adaptability and interoperability to:

  Multiple business models

  Multiple content types

  Multiple CRA

Conclusions


  Using of SoA to enable the RM services interoperability   Establishment of common trust environments, using PKI mechanisms, to

provide interoperability   Analyse how open RM can contribute to RM interoperability and define an

approach for open RM platforms based on SWOT analysis

  Define how to manage securely both keys and licenses throughout their life-cycle, across open RM platforms

  Creation of an open and services based RM platform that enables interoperability between different scenarios

  Design of an abstraction mechanism between content rendering and RM, and abstraction mechanism between the content provider business model and the REL used

  Evaluate the usage of contributed mechanisms on different usage scenarios

Conclusions


Conclusions


  Future work

  Interoperable RM brokerage

  Economic impact of OpenSDRM disintermediation

  Key and license management on super-distribution

  OpenSDRM development and improvement

Questions

Thank you for your time and your patience…

iDRM – Interoperability mechanisms for Open Rights Management platforms

Ph.D. Dissertation Lecture

Professor Jaime Delgado*, Professor Miguel Dias** *UPC/AC/DMAG, Barcelona, Spain *IUL-ISCTE/DCTI/ADETTI, Lisboa, Portugal

UPC - Universitat Politecnica de Calalunya 3rd. December, 2008

Carlos Serrão *[email protected] **[email protected] [email protected]

*http://www.upc.edu **http://www.iscte.pt

iDRM – Interoperability Mechanisms for Open Rights Management Platforms

Technology

Transcript of iDRM – Interoperability Mechanisms for Open Rights Management Platforms