White-box implementation to advantage DRM

Digital Rights Management (DRM) is a popular approach for secure content distribution. Typically, DRM encrypts the content before delivers it. Most DRM applications use secure algorithms to protect content. However, executing these algorithms in an insecure environment may allow adversaries to compromise the system and obtain the key. To withstand such attack, algorithm implementation is modified in such a way to make the implementation unintelligible, namely obfuscation approach. White-box cryptography (WBC) is an obfuscation technique intended to protect secret keys from being disclosed in a software implementation using a fully transparent methodology. This mechanism is appropriate for DRM applications and able to enhance security for the content provider. However, DRM is required to provide a balanced protection for the content provider and users. We construct a protocol on implementing WBC to improve DRM system. The system does not only provide security for the content provider but also preserves privacy for users

Avoid illegal encrypted DRM content sharing with non-transferable re-encryption

Digital rights management (DRM) technology enables valuable electronic media content distribution while preserving content providers' rights and revenues. Traditional DRM system utilizes security techniques to restrict copying of media content or allow only a single copy to be made. However consumers are demanding for the right to make copies for personal use or the right to use content on any device. Several DRM infrastructures have been proposed for secure content sharing. These infrastructures usually require cooperation and participation of both DRM technology providers and content providers; however there is a popular flaw in these schemes: the malicious employees of DRM technology providers can distribute DRM enabled contents to any consumers or make copies of a purchased content accessible to any devices without letting content provider know, thus reducing content providers' benefit. In this paper, we propose a novel DRM infrastructure which is based on a non-transferable re-encryption scheme to solve the above problem inherent in existing DRM infrastructures. In the proposed infrastructure, DRM technology providers and content providers are required to cooperate to make a purchased digital content for a specific device accessible by other different devices, and get extra profit from providing such services. The system preserves DRM technology providers and content providers' security properties while achieving secure and mutual profitable DRM content sharing. Furthermore, we allow content providers to trace the content, and control the content sharing rights. Even when malicious employees in DRM technology providers and DRM agent collude, they cannot re-delegate access rights to any device without permission from content provider, thus preserving content provider's benefit. © 2011 IEEE.published_or_final_versionThe IEEE 13th International Conference on Communication Technology (ICCT 2011), Jinan, China, 25-28 September 2011. In Proceedings of the 13th ICCT, 2011, p. 703-70

Securing Mobile Access of Confidential Documents by Integrating Trusted Computing Platforms with Digital Rights Managements

The mature mobile network today empowers mobile employees to access Intranet documents via mobile devices and increases the productivity of company workers. Internal documents transmitted without encryption through the open mobile networks undoubtedly creates security holes for eavesdroppers. A common way to provide preliminary protections for an important document to be accessed outside the Intranet is to transmit the document after encryption. Such mechanisms, however, cannot assure the security of documents because the documents can be decrypted and then forwarded without protections once the ciphering keys were known. Therefore, we propose an approach to enhance the security of transmitted mobile documents, using the idea from digital rights managements. A confidential document is encrypted so that, except the targeted mobile user, none can read the confidential document without proper rights. The proposed approach utilizes the trusted computing platforms (TPM) technology to protect the rights object of a confidential document. A rights object can be as simple as a ciphering key of the document or as complicated as the usage-rules of the document. We use the public key in TPM to encrypt the rights object so that only the dedicated mobile device, i.e. the mobile user, may decrypt the rights object using the private key of the device. A malicious user can never decrypt the rights to access the transmitted document, which is encrypted. Moreover, the usage-rules in the rights object may specify whether the document can be further forwarded or be read more than once, and so on. Therefore, the proposed scheme provides maximum flexibilities for mobile employees to access confidential documents without compromising the security, in addition to the mobility and timeliness of mobile environments

EDU-DRM: A Digital Rights Management (DRM) system for K-12 education

The technological achievements in digital publishing have made paperless education possible even in K-12 education. Aside from high bandwidth distribution infrastructure, the main difficulties of digital publishing are preserving personal information and protecting the rights of copyrighted contents. Although specially designed Digital Rights Management (DRM) systems can be used to control distribution and usage of private and/or copyrighted contents in K-12 education, dealing with a large number of bursty concurrent access requests and changing the access rights of a large number of students from one content class to another at the end of each education period make the problem different from existing ones. This paper introduces a new DRM system, called EDU-DRM, which includes a novel bit based authorization approach to reduce the processing time for authorization requests and automatize the access right adjustments with predefined rules for K-12 education. During the study, an experimental framework is designed using Apache Bench to analyze the proposed approach and evaluate it. The system is compared with XML based authorization approach and the results are presented in the paper. (C) 2019 Sharif University of Technology. All rights reserved

Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations

The INDICARE project – the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe – has been set up to raise awareness about consumer and user issues of Digital Rights Management (DRM) solutions. One of the main goals of the INDICARE project is to contribute to the consensus-building among multiple players with heterogeneous interests in the digital environment. To promote this process and to contribute to the creation of a common level of understanding is the aim of the present report. It provides an overview of consumer concerns and expectations regarding DRMs, and discusses the findings from a social, legal, technical and business perspective. A general overview of the existing EC initiatives shows that questions of consumer acceptability of DRM have only recently begun to draw wider attention. A review of the relevant statements, studies and reports confirms that awareness of consumer concerns is still at a low level. Five major categories of concerns have been distinguished so far: (1) fair conditions of use and access to digital content, (2) privacy, (3) interoperability, (4) transparency and (5) various aspects of consumer friendliness. From the legal point of view, many of the identified issues go beyond the scope of copyright law, i.e. the field of law where DRM was traditionally discussed. Often they are a matter of general or sector-specific consumer protection law. Furthermore, it is still unclear to what extent technology and an appropriate design of technical solutions can provide an answer to some of the concerns of consumers. One goal of the technical chapter was exactly to highlight some of these technical possibilities. Finally, it is shown that consumer acceptability of DRM is important for the economic success of different business models based on DRM. Fair and responsive DRM design can be a profitable strategy, however DRM-free alternatives do exist too.Digital Rights Management; consumers; Intellectual property; business models

Unified Model for Data Security -- A Position Paper

One of the most crucial components of modern Information Technology (IT) systems is data. It can be argued that the majority of IT systems are built to collect, store, modify, communicate and use data, enabling different data stakeholders to access and use it to achieve different business objectives. The confidentiality, integrity, availability, audit ability, privacy, and quality of the data is of paramount concern for end-users ranging from ordinary consumers to multi-national companies. Over the course of time, different frameworks have been proposed and deployed to provide data security. Many of these previous paradigms were specific to particular domains such as military or media content providers, while in other cases they were generic to different verticals within an industry. There is a much needed push for a holistic approach to data security instead of the current bespoke approaches. The age of the Internet has witnessed an increased ease of sharing data with or without authorisation. These scenarios have created new challenges for traditional data security. In this paper, we study the evolution of data security from the perspective of past proposed frameworks, and present a novel Unified Model for Data Security (UMDS). The discussed UMDS reduces the friction from several cross-domain challenges, and has the functionality to possibly provide comprehensive data security to data owners and privileged users

Framework for privacy-aware content distribution in peer-to- peer networks with copyright protection

The use of peer-to-peer (P2P) networks for multimedia distribution has spread out globally in recent years. This mass popularity is primarily driven by the efficient distribution of content, also giving rise to piracy and copyright infringement as well as privacy concerns. An end user (buyer) of a P2P content distribution system does not want to reveal his/her identity during a transaction with a content owner (merchant), whereas the merchant does not want the buyer to further redistribute the content illegally. Therefore, there is a strong need for content distribution mechanisms over P2P networks that do not pose security and privacy threats to copyright holders and end users, respectively. However, the current systems being developed to provide copyright and privacy protection to merchants and end users employ cryptographic mechanisms, which incur high computational and communication costs, making these systems impractical for the distribution of big files, such as music albums or movies.El uso de soluciones de igual a igual (peer-to-peer, P2P) para la distribución multimedia se ha extendido mundialmente en los últimos años. La amplia popularidad de este paradigma se debe, principalmente, a la distribución eficiente de los contenidos, pero también da lugar a la piratería, a la violación del copyright y a problemas de privacidad. Un usuario final (comprador) de un sistema de distribución de contenidos P2P no quiere revelar su identidad durante una transacción con un propietario de contenidos (comerciante), mientras que el comerciante no quiere que el comprador pueda redistribuir ilegalmente el contenido más adelante. Por lo tanto, existe una fuerte necesidad de mecanismos de distribución de contenidos por medio de redes P2P que no supongan un riesgo de seguridad y privacidad a los titulares de derechos y los usuarios finales, respectivamente. Sin embargo, los sistemas actuales que se desarrollan con el propósito de proteger el copyright y la privacidad de los comerciantes y los usuarios finales emplean mecanismos de cifrado que implican unas cargas computacionales y de comunicaciones muy elevadas que convierten a estos sistemas en poco prácticos para distribuir archivos de gran tamaño, tales como álbumes de música o películas.L'ús de solucions d'igual a igual (peer-to-peer, P2P) per a la distribució multimèdia s'ha estès mundialment els darrers anys. L'àmplia popularitat d'aquest paradigma es deu, principalment, a la distribució eficient dels continguts, però també dóna lloc a la pirateria, a la violació del copyright i a problemes de privadesa. Un usuari final (comprador) d'un sistema de distribució de continguts P2P no vol revelar la seva identitat durant una transacció amb un propietari de continguts (comerciant), mentre que el comerciant no vol que el comprador pugui redistribuir il·legalment el contingut més endavant. Per tant, hi ha una gran necessitat de mecanismes de distribució de continguts per mitjà de xarxes P2P que no comportin un risc de seguretat i privadesa als titulars de drets i els usuaris finals, respectivament. Tanmateix, els sistemes actuals que es desenvolupen amb el propòsit de protegir el copyright i la privadesa dels comerciants i els usuaris finals fan servir mecanismes d'encriptació que impliquen unes càrregues computacionals i de comunicacions molt elevades que fan aquests sistemes poc pràctics per a distribuir arxius de grans dimensions, com ara àlbums de música o pel·lícules

Regaining control through Digital Rights Management (DRM): What\u27s in store for the music industry?

This paper, as part of the final requirement for the completion of a Master of Science in Information Technology at the Rochester Institute of Technology, will examine the current state of digital media content and its inherent problems with regard to rendering and distribution. Discussions will focus on the protection and sales of digitalized intellectual property through Digital Rights Management (DRM) while also concentrating on how these technologies can be employed to acquire copyright protection. Though much of the discussion may apply to a wide range of media types, e.g. - movies, software and digital books, the primary focus will be on music content. Part 1 of the paper will explore the current state of the music industry and the problems it faces, while building a case for the application of digital protection technologies that will ensure the integrity of digital music copyright ownership. The concept of DRM will then be presented in Part 2, with a focused discussion on several of the underpinning technologies. Strong emphasis will be placed on how these technologies can be utilized to reach the final goal, secure sales of online music content. The final section, Part 3, will examine how DRM can be applied by the music industry to safeguard their interests while promoting an online business. Case studies will be presented in an attempt to gain an understanding of the current state of the industry