This paper presents a security architecture for a pay-TV conditional access system, assuming the most challenging scenario from a designer's point of view; a pay-per-view business model in a broadcast-only environment. The starting point for the security architecture is a broadcast encryption scheme and a queueing network for injecting conditional access messages into the broadcast stream. Design constraints related to a conditional access client are taken into account in the design of the architecture, as well as a maximum amount of bandwidth available for the transmission of conditional access messages. In addition, commercial design objectives like quick content access and quick client activation are also addressed. A substantial part of the paper is devoted to the design and analysis of an efficient injector model based on queueing theory, defining the strategy for injecting conditional access messages into the broadcast stream. A numerical example with real-world values of the parameters is used to demonstrate the effectiveness of the presented approach.
{"title":"A security architecture for pay-per-view business models in conditional access systems","authors":"Bart Kirkels, Martijn Maas, Peter Roelse","doi":"10.1145/1314276.1314279","DOIUrl":"https://doi.org/10.1145/1314276.1314279","url":null,"abstract":"This paper presents a security architecture for a pay-TV conditional access system, assuming the most challenging scenario from a designer's point of view; a pay-per-view business model in a broadcast-only environment. The starting point for the security architecture is a broadcast encryption scheme and a queueing network for injecting conditional access messages into the broadcast stream. Design constraints related to a conditional access client are taken into account in the design of the architecture, as well as a maximum amount of bandwidth available for the transmission of conditional access messages. In addition, commercial design objectives like quick content access and quick client activation are also addressed. A substantial part of the paper is devoted to the design and analysis of an efficient injector model based on queueing theory, defining the strategy for injecting conditional access messages into the broadcast stream. A numerical example with real-world values of the parameters is used to demonstrate the effectiveness of the presented approach.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126430235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The MPEG-21 Intellectual Property Management and Protection ("IPMP") Components specify a framework for inter-operable and renewable digital rights management based on IPMP tools that implement proprietary digital rights management features. MPEG-21 defines the mechanism by which protected multimedia objects are associated with proprietary IPMP tools, but does not specify the interface through which IPMP tools and MPEG-21 terminals communicate.This paper describes an implementation of the IPMP components including an interface to IPMP tools based on the MPEG Rights Expression Language; dynamic construction of authorisation proofs that permit a principal to carry out an action; and a cryptographic architecture bound to the existence of authorisation proofs. This implementation has been applied to scenarios in copyright protection, privacy protection and corporate document protection, suggesting that ``IPMP'' may be useful in applications other than intellectual property.
{"title":"On implementing mpeg-21 intellectual property management and protection","authors":"N. Sheppard","doi":"10.1145/1314276.1314280","DOIUrl":"https://doi.org/10.1145/1314276.1314280","url":null,"abstract":"The MPEG-21 Intellectual Property Management and Protection (\"IPMP\") Components specify a framework for inter-operable and renewable digital rights management based on IPMP tools that implement proprietary digital rights management features. MPEG-21 defines the mechanism by which protected multimedia objects are associated with proprietary IPMP tools, but does not specify the interface through which IPMP tools and MPEG-21 terminals communicate.This paper describes an implementation of the IPMP components including an interface to IPMP tools based on the MPEG Rights Expression Language; dynamic construction of authorisation proofs that permit a principal to carry out an action; and a cryptographic architecture bound to the existence of authorisation proofs. This implementation has been applied to scenarios in copyright protection, privacy protection and corporate document protection, suggesting that ``IPMP'' may be useful in applications other than intellectual property.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127821170","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a new technique for generating biometric fingerprint hashes, or summaries of information contained in human fingerprints. Our method calculates and aggregates various key-determined metrics over fingerprint images, producing short hash strings that cannot be used to reconstruct the source fingerprints without knowledge of the key. This can be considered a randomized form of the Radon transform, where a custom metric replaces the standard line-based metric. Resistant to minor distortions and noise, the resulting fingerprint hashes are useful for secure biometric authentication, either augmenting or replacing traditional password hashes. This approach can help increase the security and usability of Web services and other client-server systems.
{"title":"Randomized radon transforms for biometric authentication via fingerprint hashing","authors":"Mariusz H. Jakubowski, R. Venkatesan","doi":"10.1145/1314276.1314293","DOIUrl":"https://doi.org/10.1145/1314276.1314293","url":null,"abstract":"We present a new technique for generating biometric fingerprint hashes, or summaries of information contained in human fingerprints. Our method calculates and aggregates various key-determined metrics over fingerprint images, producing short hash strings that cannot be used to reconstruct the source fingerprints without knowledge of the key. This can be considered a randomized form of the Radon transform, where a custom metric replaces the standard line-based metric. Resistant to minor distortions and noise, the resulting fingerprint hashes are useful for secure biometric authentication, either augmenting or replacing traditional password hashes. This approach can help increase the security and usability of Web services and other client-server systems.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124203810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
G. Heileman, Pramod A. Jamkhedkar, J. Khoury, Curtis J. Hrncir
In this paper we cast DRM in a setting that allows us to model a number of current approaches as games. The DRM game is partitioned into two subgames, one that considers the game associated with content acquisition, and a second that considers how a consumer uses the content, along with a vendor's response to this usage. Examples are provided in order to demonstrate how these subgames correspond to real situations associated with content industries, and the conditions under which Nash equilibria will exist. These subgames form the primary stage of a repeated game that models a number of important long-term interactions between consumers and vendors. We analyze current strategies that attempt to influence the outcome of the repeated game, and we also consider a new type of architectural infrastructure that makes novel use of a trust authority in order to create a suitable environment for constructing DRM games that may prove useful in the future.
{"title":"The drm game","authors":"G. Heileman, Pramod A. Jamkhedkar, J. Khoury, Curtis J. Hrncir","doi":"10.1145/1314276.1314287","DOIUrl":"https://doi.org/10.1145/1314276.1314287","url":null,"abstract":"In this paper we cast DRM in a setting that allows us to model a number of current approaches as games. The DRM game is partitioned into two subgames, one that considers the game associated with content acquisition, and a second that considers how a consumer uses the content, along with a vendor's response to this usage. Examples are provided in order to demonstrate how these subgames correspond to real situations associated with content industries, and the conditions under which Nash equilibria will exist. These subgames form the primary stage of a repeated game that models a number of important long-term interactions between consumers and vendors. We analyze current strategies that attempt to influence the outcome of the repeated game, and we also consider a new type of architectural infrastructure that makes novel use of a trust authority in order to create a suitable environment for constructing DRM games that may prove useful in the future.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114396814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The widespread applications of the digital rights management (DRM) in China now are challenging its traditional fair use doctrine. This paper gives an analysis of the existing Chinese laws and regulations that could be applied to protect fair use from DRM, focusing on the Chinese Copyright Act (CCA), the Regulations on the Protection of the Right of Communication through the Information Network (RPRCIN), Chinese Contract Law Code (CCLC), Chinese Consumer Rights and Interests Protection Law (CCRIPL), Chinese Anti-unfair Competition Law (CACL), explaining their meaning and application, and emphasizing their limitations. Against this background, the paper seeks to explore the possible approach that China could adopt to protect fair use from DRM, highlighting the CCA should shift the anti-circumvention legislation paradigm and incorporate standard contract terms as well as other pro-consumer regulations.
{"title":"Protecting fair use from digital rights management in china","authors":"Huijia Xie","doi":"10.1145/1314276.1314284","DOIUrl":"https://doi.org/10.1145/1314276.1314284","url":null,"abstract":"The widespread applications of the digital rights management (DRM) in China now are challenging its traditional fair use doctrine. This paper gives an analysis of the existing Chinese laws and regulations that could be applied to protect fair use from DRM, focusing on the Chinese Copyright Act (CCA), the Regulations on the Protection of the Right of Communication through the Information Network (RPRCIN), Chinese Contract Law Code (CCLC), Chinese Consumer Rights and Interests Protection Law (CCRIPL), Chinese Anti-unfair Competition Law (CACL), explaining their meaning and application, and emphasizing their limitations. Against this background, the paper seeks to explore the possible approach that China could adopt to protect fair use from DRM, highlighting the CCA should shift the anti-circumvention legislation paradigm and incorporate standard contract terms as well as other pro-consumer regulations.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123339703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the DRM setting, the attacker is a very powerful adversary, owning the software as well as the underlying hardware. This context is far different from the black-box attacker commonly considered in conventional cryptography.Therefore, cryptographers have tried to design new cryptographic tools fitting the DRM requirements. A related issuein cryptography is that of side-channel attacks, where theattacker is stronger than the black-box attacker, but usually weaker than a DRM attacker. In this paper, we aim toshow that the study of side-channel attacks can benefit fromDRM research, and in particular from the attacker modelsand solutions tailored to this specific setting. We focus ona specific issue, namely the cache attacks against the AES,and show how current counter-measures can be seen as restricted versions of a previous protection proposed in theDRM setting. We demonstrate that those kind of counter-measures are weak against cache-based side-channel attacks by reusing results from the DRM setting.
{"title":"Drm to counter side-channel attacks?","authors":"R. Benadjila, O. Billet, Stanislas Francfort","doi":"10.1145/1314276.1314282","DOIUrl":"https://doi.org/10.1145/1314276.1314282","url":null,"abstract":"In the DRM setting, the attacker is a very powerful adversary, owning the software as well as the underlying hardware. This context is far different from the black-box attacker commonly considered in conventional cryptography.Therefore, cryptographers have tried to design new cryptographic tools fitting the DRM requirements. A related issuein cryptography is that of side-channel attacks, where theattacker is stronger than the black-box attacker, but usually weaker than a DRM attacker. In this paper, we aim toshow that the study of side-channel attacks can benefit fromDRM research, and in particular from the attacker modelsand solutions tailored to this specific setting. We focus ona specific issue, namely the cache attacks against the AES,and show how current counter-measures can be seen as restricted versions of a previous protection proposed in theDRM setting. We demonstrate that those kind of counter-measures are weak against cache-based side-channel attacks by reusing results from the DRM setting.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124572765","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The goal of obfuscation is to transform a program, without affecting its functionality, such that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a form of reverse engineering which aims to abstract away a subset of program code based on a particular program point and is considered to be a potent program comprehension technique. Thus, slicing could be used as a way of attacking obfuscated programs. It is challenging to manufacture obfuscating transforms that are provably resilient to slicing attacks.We show in this paper how we can utilise the information gained from slicing a program to aid us in designing obfuscations that are more resistant to slicing. We extend a previously proposed technique and provide proofs of correctness for our transforms. Finally, we illustrate our approach with a number of obfuscating transforms and provide empirical results using software engineering metrics.
{"title":"Slicing obfuscations: design, correctness, and evaluation","authors":"A. Majumdar, Stephen Drape, C. Thomborson","doi":"10.1145/1314276.1314290","DOIUrl":"https://doi.org/10.1145/1314276.1314290","url":null,"abstract":"The goal of obfuscation is to transform a program, without affecting its functionality, such that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a form of reverse engineering which aims to abstract away a subset of program code based on a particular program point and is considered to be a potent program comprehension technique. Thus, slicing could be used as a way of attacking obfuscated programs. It is challenging to manufacture obfuscating transforms that are provably resilient to slicing attacks.We show in this paper how we can utilise the information gained from slicing a program to aid us in designing obfuscations that are more resistant to slicing. We extend a previously proposed technique and provide proofs of correctness for our transforms. Finally, we illustrate our approach with a number of obfuscating transforms and provide empirical results using software engineering metrics.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127677595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce a data structure for program execution under a limited oblivious execution model. For fully oblivious execution along the lines of Goldreich and Ostrovsky [2], one transforms a given program into a one that has totally random looking execution, based on some cryptographic assumptions and the existence of secure hardware. Totally random memory access patterns do not respect the locality of reference in programs to which the programs generally owe their efficiency. We propose a model that limits the obliviousness so as to enable efficient execution of the program; here the adversary marks a variable and tries to produce a list of candidate locations where it may be stored in after $T$-steps ofexecution. We propose a randomized algorithm based on splay trees,and prove a lower bound on such lists.
{"title":"Data structures for limited oblivious execution of programs while preserving locality of reference","authors":"A. Varadarajan, R. Venkatesan, C. Rangan","doi":"10.1145/1314276.1314289","DOIUrl":"https://doi.org/10.1145/1314276.1314289","url":null,"abstract":"We introduce a data structure for program execution under a limited oblivious execution model. For fully oblivious execution along the lines of Goldreich and Ostrovsky [2], one transforms a given program into a one that has totally random looking execution, based on some cryptographic assumptions and the existence of secure hardware. Totally random memory access patterns do not respect the locality of reference in programs to which the programs generally owe their efficiency. We propose a model that limits the obliviousness so as to enable efficient execution of the program; here the adversary marks a variable and tries to produce a list of candidate locations where it may be stored in after $T$-steps ofexecution. We propose a randomized algorithm based on splay trees,and prove a lower bound on such lists.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116988655","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital rights management (DRM) can be considered to be a mechanism to enforce access control over a resource without considering its location. There are currently no formal models for DRM, although there has been some work in analysing and formalising the interpretation of access control rules in DRM systems. A formal model for DRM is essential to provide specific access control semantics that are necessary for creating interoperable, unambiguous implementations. In this paper, we discuss how DRM differs as an access control model to the three well known traditional access control models - DAC, MAC and RBAC, and using these existing approaches motivate a set of requirements for a formal model for DRM. Thereafter, we present a formal description of LiREL, a rights expression language that is able to express access control policies and contractual agreement in a single use license. Our motivation with this approach is to identify the different components in a license contract and define how these components interact within themselves and with other components of the license. A formal notation allows for an uniform and unambiguous interpretation and implementation of the access control policies.
{"title":"Persistent access control: a formal model for drm","authors":"A. Arnab, A. Hutchison","doi":"10.1145/1314276.1314286","DOIUrl":"https://doi.org/10.1145/1314276.1314286","url":null,"abstract":"Digital rights management (DRM) can be considered to be a mechanism to enforce access control over a resource without considering its location. There are currently no formal models for DRM, although there has been some work in analysing and formalising the interpretation of access control rules in DRM systems. A formal model for DRM is essential to provide specific access control semantics that are necessary for creating interoperable, unambiguous implementations. In this paper, we discuss how DRM differs as an access control model to the three well known traditional access control models - DAC, MAC and RBAC, and using these existing approaches motivate a set of requirements for a formal model for DRM. Thereafter, we present a formal description of LiREL, a rights expression language that is able to express access control policies and contractual agreement in a single use license. Our motivation with this approach is to identify the different components in a license contract and define how these components interact within themselves and with other components of the license. A formal notation allows for an uniform and unambiguous interpretation and implementation of the access control policies.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131160214","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we look at the problem of interoperability of digital rights management (DRM)systems in home networks. We introduce an intermediate module called the Domain Interoperability Manager (DIM) to efficiently deal with the problem of content and license translation across different DRM regimes. We also consider the threat model specific to interoperability systems, and introduce threats such as the cross-compliancy and splicing attacks. We formalize the adversary model and define security of an interoperable DRM system with respect to this adversary. We finalize by proposing detailed protocols which achieve our security requirements. In order to achieve these requirements we provide novel applications of recently proposed proxy resignature and proxy re-encryption algorithms.
{"title":"Towards a secure and interoperable DRM architecture","authors":"Gelareh Taban, A. Cárdenas, V. Gligor","doi":"10.1145/1179509.1179524","DOIUrl":"https://doi.org/10.1145/1179509.1179524","url":null,"abstract":"In this paper we look at the problem of interoperability of digital rights management (DRM)systems in home networks. We introduce an intermediate module called the Domain Interoperability Manager (DIM) to efficiently deal with the problem of content and license translation across different DRM regimes. We also consider the threat model specific to interoperability systems, and introduce threats such as the cross-compliancy and splicing attacks. We formalize the adversary model and define security of an interoperable DRM system with respect to this adversary. We finalize by proposing detailed protocols which achieve our security requirements. In order to achieve these requirements we provide novel applications of recently proposed proxy resignature and proxy re-encryption algorithms.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128788509","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: