iDRM - Interoperability Mechanisms for Open Rights Management Platforms

Today’s technology is raising important challenges in the Intellectual Property (IP) field in general and to Copyright in particular [Arkenbout et al., 2004]. The same technology that has made possible the access to content in a ubiquitous manner, available to everyone in a simple and fast way, is also the main responsible for the challenges affecting the digital content IP of our days [Chiariglione, 2000]. Technological solutions and legal frameworks were created to meet these new challenges. From the technological point of view, Rights Management Systems (RMS) and Copy Protection Systems (CPS) have been developed and deployed to try to cope with them. At first, they seemed to work however, their closed and non-interoperable nature and a growing number of wrong strategic business decisions, soon lead to a strong opposition. One of the strongest negative points is the lack of rights management interoperability [Geer, 2004]. The work presented on this thesis primarily addresses the RMS interoperability problems. The objective of the thesis is to present some possible mechanisms to improve the interoperability between the different existing and emerging rights management platforms [Guth, 2003a]. Several different possible directions to rights management interoperability are pointed in this thesis. One of the most important is openness. Interoperability between different rights management mechanisms can only be achieved if they are open up to a certain level. Based on this concept, an open rights management platform is designed and presented in this thesis. Also, some of the interoperability mechanisms are presented and explained. This platform makes usage of the emerging service-oriented architectures to provide a set of distributed rights management services. Rights management solutions rely heavily on the establishment of authenticated and trust environments between its different elements. While considering different RMS, the establishment of such trust environments can be somehow complex. This thesis provides a contribution to the establishment of interoperable RMS trust environments through the usage of Public-Key Infrastructure (PKI) mechanisms. Modern rights management systems have to handle with both keying material and licenses which are used mostly to define how content is governed by the system. Managing this is a complex and hard task when different rights management solutions are considered. This thesis presents and describes a generic model to handle the key and license management life cycle, that can be used to establish a global interoperable management solution between different RMS

Platform Embedded Security Technology Revealed

Computer scienc

AXMEDIS 2008

The AXMEDIS International Conference series aims to explore all subjects and topics related to cross-media and digital-media content production, processing, management, standards, representation, sharing, protection and rights management, to address the latest developments and future trends of the technologies and their applications, impacts and exploitation. The AXMEDIS events offer venues for exchanging concepts, requirements, prototypes, research ideas, and findings which could contribute to academic research and also benefit business and industrial communities. In the Internet as well as in the digital era, cross-media production and distribution represent key developments and innovations that are fostered by emergent technologies to ensure better value for money while optimising productivity and market coverage

Enhancing cyber security using audio techniques: a public key infrastructure for sound

This paper details the research into using audio signal processing methods to provide authentication and identification services for the purpose of enhancing cyber security in voice applications. Audio is a growing domain for cyber security technology. It is envisaged that over the next decade, the primary interface for issuing commands to consumer internet-enabled devices will be voice. Increasingly, devices such as desktop computers, smart speakers, cars, TV’s, phones an Internet of Things (IOT) devices all have built in voice assistants and voice activated features. This research outlines an approach to securely identify and authenticate users of audio and voice operated systems that utilises existing cryptography methods and audio steganography in a method comparable to a PKI for sound, whilst retaining the usability associated with audio and voice driven systems

Securing openHAB Smart Home Through User Authentication and Authorization

Asjade Internet ehk värkvõrk on dünaamiline ja heterogeenne keskkond, kus asjad koguvad erinevate ülesannete täitmiseks keskkonnast andmeid. Värkvõrgu rakendusvaldkondades nagu näiteks tark kodu kasutatakse harilikult operatsioonide täitmisel kasutaja privaatandmeid. Kui sellised rakendused on turvamata võrkudele avatud, muutub turvalisus oluliseks probleemiks. OpenHAB on OSGi-põhine automatiseerimistarkvara, mis koondab kodukeskkonna seadmete andmeid. OpenHAB ei tee kasutajatele ligipääsu reguleerimismehhanismide kasutamist kohustuslikuks ning sõltub seega täielikult juhtmevaba võrgu turvalisusest. Käesolevas lõputöös uurisime ning arendasime JSON Web Token’i-põhist tõendi autenturit Eclipse SmartHome platvormile, millel põhineb ka openHAB. Tõendi autentur on baasiks ligipääsu reguleerimismehhanismile. Lisaks esitleme kasutatavat volitusmudelit, mis võimaldab hallata kasutajate ligipääsuõigusi asjadele. Saavutatud tulemused osutavad, et ligipääsu reguleerimismehhanismide rakendamine servlet-ide ja REST ressursside jaoks openHABi arhitektuuris on teostatav.The Internet of Things (IoT) is a dynamic and heterogenous environment where Things gather data from the real world to perform various tasks. Applications in IoT, such as the smart home, typically use private data derived from its users for its operations. Security becomes a concern when these applications are exposed to insecure networks. OpenHAB is an OSGi-based automation software that integrates the data from devices at home. OpenHAB does not enforce any access control mechanism for its users, and depends solely on the security of the wireless network. In this work, we studied and implemented a JSON Web Token-based authenticator for Eclipse SmartHome, the core of openHAB, as a base for access control mechanisms. Furthermore, we propose a fine-grained, yet usable authorization model to manage access permissions to things among legitimate users. The results obtained show that it is feasible to enforce access control mechanisms for servlet and REST resources in the architecture of openHAB

Proceedings of the Workshop on web applications and secure hardware (WASH 2013).

Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, ARM TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers. The First Workshop on Web Applications and Secure Hardware (WASH'13) focused on how secure hardware could be used to enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This included challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest were proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself

Specifications for a Componetised Digital Rights Management (DRM) Framework

This document lays out the specifications for a componentised DRM system. Requirements for a general DRM system are discussed, and we detail a set of components that address these requirements. This document also details the specific services that should be offered by each component and specifies the communication protocols and contents of these messages. Each of the components of the DRM system are fully fledged web services, and thus some of these components can be used in areas other than DRM. Furthermore, we envisage existing services, such as Certificate Authorities, easily fitting into our proposed framework

Separating Information Protection from Resource Management.

Securing information in a computer system is becoming an intractable problem. Exacerbating the situation is the current paradigm of trusting an operating system for both security and resource management. One solution to this problem is to separate the role of protecting information from managing resources. This thesis studies the design and implementation of a system architecture called Software-Privacy Preserving Platform (SP3). SP3 creates a new layer that is more privileged than the operating system and responsible for providing information secrecy to user applications. SP3 provides page-granular memory secrecy protection by augmenting memory paging and interrupt mechanisms of a computer system in such a way that physical memory pages for user applications are rendered encrypted to the operating system. The resulting SP3 system therefore provides secrecy protection for the information contained in the memory of user applications. SP3 is implemented by modifying a hypervisor, which efficiently emulates the augmented semantics of paging and interrupt mechanism introduced by SP3. The modified hypervisor employs a couple of optimization techniques to reduce the number of costly page-wide block cipher operations. In the page-frame replication technique, the hypervisor internally keeps both encrypted and decrypted images of a page and relies on shadow page table redirection to map the correct page. In the lazy synchronization technique, the needed synchronization between the replicated images of the page is deferred as long as possible so that the synchronization happens not when an image is modified, but when the other image is actually accessed. This thesis further explores the challenges and solutions in the new programming environment introduced by SP3. This thesis also presents an SP3-based digital rights-management solution that can protect both the copy-protected multimedia contents and a trusted multimedia player program without limiting the end-users' freedom. In conclusion, this thesis demonstrates the feasibility of separating information protection from resource management in systems software. This separation greatly reduces the size and complexity of the trusted part for information protection, resulting in a more resilient system that can tolerate a compromise in the operating system.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/75886/1/jisooy_1.pd