Framework for privacy-aware content distribution in peer-to- peer networks with copyright protection

The use of peer-to-peer (P2P) networks for multimedia distribution has spread out globally in recent years. This mass popularity is primarily driven by the efficient distribution of content, also giving rise to piracy and copyright infringement as well as privacy concerns. An end user (buyer) of a P2P content distribution system does not want to reveal his/her identity during a transaction with a content owner (merchant), whereas the merchant does not want the buyer to further redistribute the content illegally. Therefore, there is a strong need for content distribution mechanisms over P2P networks that do not pose security and privacy threats to copyright holders and end users, respectively. However, the current systems being developed to provide copyright and privacy protection to merchants and end users employ cryptographic mechanisms, which incur high computational and communication costs, making these systems impractical for the distribution of big files, such as music albums or movies.El uso de soluciones de igual a igual (peer-to-peer, P2P) para la distribución multimedia se ha extendido mundialmente en los últimos años. La amplia popularidad de este paradigma se debe, principalmente, a la distribución eficiente de los contenidos, pero también da lugar a la piratería, a la violación del copyright y a problemas de privacidad. Un usuario final (comprador) de un sistema de distribución de contenidos P2P no quiere revelar su identidad durante una transacción con un propietario de contenidos (comerciante), mientras que el comerciante no quiere que el comprador pueda redistribuir ilegalmente el contenido más adelante. Por lo tanto, existe una fuerte necesidad de mecanismos de distribución de contenidos por medio de redes P2P que no supongan un riesgo de seguridad y privacidad a los titulares de derechos y los usuarios finales, respectivamente. Sin embargo, los sistemas actuales que se desarrollan con el propósito de proteger el copyright y la privacidad de los comerciantes y los usuarios finales emplean mecanismos de cifrado que implican unas cargas computacionales y de comunicaciones muy elevadas que convierten a estos sistemas en poco prácticos para distribuir archivos de gran tamaño, tales como álbumes de música o películas.L'ús de solucions d'igual a igual (peer-to-peer, P2P) per a la distribució multimèdia s'ha estès mundialment els darrers anys. L'àmplia popularitat d'aquest paradigma es deu, principalment, a la distribució eficient dels continguts, però també dóna lloc a la pirateria, a la violació del copyright i a problemes de privadesa. Un usuari final (comprador) d'un sistema de distribució de continguts P2P no vol revelar la seva identitat durant una transacció amb un propietari de continguts (comerciant), mentre que el comerciant no vol que el comprador pugui redistribuir il·legalment el contingut més endavant. Per tant, hi ha una gran necessitat de mecanismes de distribució de continguts per mitjà de xarxes P2P que no comportin un risc de seguretat i privadesa als titulars de drets i els usuaris finals, respectivament. Tanmateix, els sistemes actuals que es desenvolupen amb el propòsit de protegir el copyright i la privadesa dels comerciants i els usuaris finals fan servir mecanismes d'encriptació que impliquen unes càrregues computacionals i de comunicacions molt elevades que fan aquests sistemes poc pràctics per a distribuir arxius de grans dimensions, com ara àlbums de música o pel·lícules

Interoperability mechanisms for registration and authentication on different open DRM platforms

The DRM interoperability problem is a very complex problem. Even big software companies have already admitted that DRM as it is today is too complex ? complex for end-users, complex for content providers and complex for content handling devices manufactures. There are different approaches to deal with this problem and there are different levels to address the problem. This article addresses the DRM interoperability issues from a security point of view, and as an example the authors take two open-specification DRM architectures ? MIPAMS and OpenSDRM ? to identify a strategy to interoperate some of the basic security mechanisms. In this article the authors will concentrate in the DRM components and user’s registration, authentication and verification process and will derive a mechanism to handle and support both

Handling confidentiality and privacy on cloud-based health information systems

Health-related data include not only the patient’s personal information, but also specific information about the patient health problems, supplementary diagnostic examination results, and much more. All this information is extremely sensitive and should only be accessed by the proper entities and actors, for special specific purposes. Described herein is an approach to address security and privacy of health-related data based on rights management technologies, with an architecture to minimize security risks and privacy conerns. This approach consists of the reutilisation of an open-source and open-specifications rights management system, and designing and adapting the necessary components to address the specific security and privacy requirements that must be faced when managing health and patient data.info:eu-repo/semantics/acceptedVersio

iDRM - Interoperability Mechanisms for Open Rights Management Platforms

Today’s technology is raising important challenges in the Intellectual Property (IP) field in general and to Copyright in particular [Arkenbout et al., 2004]. The same technology that has made possible the access to content in a ubiquitous manner, available to everyone in a simple and fast way, is also the main responsible for the challenges affecting the digital content IP of our days [Chiariglione, 2000]. Technological solutions and legal frameworks were created to meet these new challenges. From the technological point of view, Rights Management Systems (RMS) and Copy Protection Systems (CPS) have been developed and deployed to try to cope with them. At first, they seemed to work however, their closed and non-interoperable nature and a growing number of wrong strategic business decisions, soon lead to a strong opposition. One of the strongest negative points is the lack of rights management interoperability [Geer, 2004]. The work presented on this thesis primarily addresses the RMS interoperability problems. The objective of the thesis is to present some possible mechanisms to improve the interoperability between the different existing and emerging rights management platforms [Guth, 2003a]. Several different possible directions to rights management interoperability are pointed in this thesis. One of the most important is openness. Interoperability between different rights management mechanisms can only be achieved if they are open up to a certain level. Based on this concept, an open rights management platform is designed and presented in this thesis. Also, some of the interoperability mechanisms are presented and explained. This platform makes usage of the emerging service-oriented architectures to provide a set of distributed rights management services. Rights management solutions rely heavily on the establishment of authenticated and trust environments between its different elements. While considering different RMS, the establishment of such trust environments can be somehow complex. This thesis provides a contribution to the establishment of interoperable RMS trust environments through the usage of Public-Key Infrastructure (PKI) mechanisms. Modern rights management systems have to handle with both keying material and licenses which are used mostly to define how content is governed by the system. Managing this is a complex and hard task when different rights management solutions are considered. This thesis presents and describes a generic model to handle the key and license management life cycle, that can be used to establish a global interoperable management solution between different RMS

Dynamic block encryption with self-authenticating key exchange

One of the greatest challenges facing cryptographers is the mechanism used for key exchange. When secret data is transmitted, the chances are that there may be an attacker who will try to intercept and decrypt the message. Having done so, he/she might just gain advantage over the information obtained, or attempt to tamper with the message, and thus, misguiding the recipient. Both cases are equally fatal and may cause great harm as a consequence. In cryptography, there are two commonly used methods of exchanging secret keys between parties. In the first method, symmetric cryptography, the key is sent in advance, over some secure channel, which only the intended recipient can read. The second method of key sharing is by using a public key exchange method, where each party has a private and public key, a public key is shared and a private key is kept locally. In both cases, keys are exchanged between two parties. In this thesis, we propose a method whereby the risk of exchanging keys is minimised. The key is embedded in the encrypted text using a process that we call `chirp coding', and recovered by the recipient using a process that is based on correlation. The `chirp coding parameters' are exchanged between users by employing a USB flash memory retained by each user. If the keys are compromised they are still not usable because an attacker can only have access to part of the key. Alternatively, the software can be configured to operate in a one time parameter mode, in this mode, the parameters are agreed upon in advance. There is no parameter exchange during file transmission, except, of course, the key embedded in ciphertext. The thesis also introduces a method of encryption which utilises dynamic blocks, where the block size is different for each block. Prime numbers are used to drive two random number generators: a Linear Congruential Generator (LCG) which takes in the seed and initialises the system and a Blum-Blum Shum (BBS) generator which is used to generate random streams to encrypt messages, images or video clips for example. In each case, the key created is text dependent and therefore will change as each message is sent. The scheme presented in this research is composed of five basic modules. The first module is the key generation module, where the key to be generated is message dependent. The second module, encryption module, performs data encryption. The third module, key exchange module, embeds the key into the encrypted text. Once this is done, the message is transmitted and the recipient uses the key extraction module to retrieve the key and finally the decryption module is executed to decrypt the message and authenticate it. In addition, the message may be compressed before encryption and decompressed by the recipient after decryption using standard compression tools

An investigation into tools and protocols for commercial audio web-site creation

This thesis presents a feasibility study of a Web-based digital music library and purchasing system. It investigates the current status of the enabling technologies for developing such a system. An analysis of various Internet audio codecs, streaming audio protocols, Internet credit card payment security methods, and ways for accessing remote Web databases is presented. The objective of the analysis is to determine the viability and the economic benefits of using these technologies when developing systems that facilitate music distribution over the Internet. A prototype of a distributed digital music library and purchasing system named WAPS (for Web-based Audio Purchasing System) was developed and implemented in the Java programming language. In this thesis both the physical and the logical component elements of WAPS are explored in depth so as to provide an insight into the inherent problems of creating such a system, as well as the overriding benefits derived from the creation of such a system

Mobile e-commerce: study and model generation, implementation issues and analysis

Not availabl

Copyright, Mass Use and Exclusivity : On the Industry Initiated Limitations to Copyright Exclusivity, Especially Regarding Sound Recording and Broadcasting

The study concentrates on the introduction and background motive of technology related change of copyright law as reflected mainly in the Berne Convention due to the technological and economic necessities experienced in the early 20th century. The purpose of this study is to understand a development which has led to the adaptation of licensing regimes that are not based on traditional exclusivity approach. Voice recording, broadcasting, rebroadcasting, and photocopying serve as main examples of the development. Also the impact of internet and mobile technologies are discussed. The method is based on institutional theory of law, and makes broad use of both economic analysis and historical documentation. The problem of the legislator's choice on how to structure copyright law between the two alternatives, exclusive property or liability approach, has risen constantly throughout the 20th century. The main conflict of interest seems to be between the exclusive right of the copyright holder, and the interests of users, that is, both the commercial and end users. The secondary use of copyright material is a rapidly growing form of copyright use. This creates controversies arising in that particular field of commercial use. Exclusivity is often regarded as the essence of copyright. However, the development of communication technology has allowed new forms of use that are not as well directly controllable by the relevant parties as was the publishing and sale of books. The new technology-enabled phenomenon is mass use in its different forms. Mass use means use of copyright protected works in large quantities in a manner that is either impossible or prohibitively costly to trace, identify and bill. This development which is common to practically all technological innovations of the 20th century questions the accuracy of the exclusivity approach to copyright. This study explores technology related change of the copyright institution, and how copyright is developing from a system based on exclusivity towards a system of compensation increasingly adopting elements of compulsory - that is, involuntary - licensing and its variants. Secondly, on a more general level, the study attempts to formulate a conclusion concerning the impact of technological change on copyright. Exclusivity remains the theoretical and logical starting point of copyright legislation and nearly any analysis of copyright, scientific or within legal practice. Anyhow, the 20th century development has introduced a new set of regulations attempting to limit overly powerful legal positions and thus to protect interests relating to development of new technologies and businesses. This has largely taken place by some form of compulsory licensing. The broad use of platform fees is an illustration of this development in its extreme. The origin of this development is in the belief to scientific progress and innovation in the early 20th century (the development motive). The study suggests that a more coherent approach towards copyright may be reached by studying copyright as a system of compensation, rather than a system of full control of the use of copyright protected matter. This also corresponds to the evolving set of beliefs of the copyright ideology. Exclusivity has not disappeared from the overall picture, but shall be reserved to those forms of use where it is applicable. That is, where copyright is directly controllable by the author or other copyright holder without prohibitive overall consequences as to other right holders, users, businesses, or the society.Tutkimus keskittyy teknologisen muutoksen ja tekijänoikeuden vuorovaikutukseen pääasiassa sellaisena kuin se heijastuu Bernin konvention muutoksissa. Tutkimuksen tarkoituksena on ymmärtää kehitystä, joka on johtanut muiden kuin perinteisten yksinoikeuspohjaisten lisensiointijärjestelmien kehitykseen. Äänilevy, yleisradiotoiminta, edelleen lähettäminen ja valokopiointi ovat keskeisiä esimerkkejä tästä kehityksestä. Tutkimuksessa arvioidaan myös internet - ja mobiiliteknologioiden merkitystä tekijänoikeusjärjestelmän kehityksen kannalta. Metodi perustuu institutionaaliseen oikeusteoriaan, ja hyödyntää sekä taloudellista että historiallista analyysia. Lainsäätäjän valinta kahden pääasiallisen vaihtoehdon, yksinoikeusmallin tai korvausoikeuden välillä, on noussut 1900-luvulla esiin lukuisia kertoja. Merkittäväin intressikonflikti on syntynyt oikeudenhaltijoiden ja suojatun materiaalin käyttäjien välille, jolla tarkoitetaan myös tekijänoikeudellisesti suojatun materiaalin kaupallisia käyttäjiä. Tekijänoikeudellisesti suojatun materiaalin toissijainen käyttö on myös kasvamassa. Yksinoikeutta pidetään usein tekijänoikeuden ytimenä. On kuitenkin ilmeistä että viestintäteknologian kehitys on tuonut mukanaan sellaisia käyttömuotoja, joita oikeudenhaltijoiden on ollut vaikeata kontrolloida, toisin kuin perinteistä kirjan kustannussopimusta. On kehittynyt tekijänoikeudellisesti suojatun materiaalin massakäyttö eri muodoissaan. Massakäytöllä tarkoitetaan tutkimuksessa tekijänoikeudellisesti suojatun materiaalin käyttöä niin, että yksittäisiä käyttötapahtumia on joko mahdotonta tai kustannusten vuoksi tehotonta jäljittää, tunnistaa ja laskuttaa. Tämä kehitys on ollut niin tavanomaista ja leimaa lähes kaikkia viestintätekniikan innovaatioita 1900-luvulla, että voidaan perustellusti esittää kysymys tekijänoikeuden yksinoikeusluonteen muuttumisesta. Tutkimuksessa selvitetään teknologian aiheuttamaa tekijänoikeusinstituution muutosta, ja miten tekijänoikeus on kehittynyt yksinoikeusjärjestelmästä kohti korvausoikeutta erilaisten ei-vapaaehtoisten pakkolisenssijärjestelmien kehittymisen myötä. Toiseksi, ja yleisemmällä tasolla, haetaan vastausta siihen, voidaanko teknologian vaikutusta tekijänoikeuteen luonnehtia yleisluontoisilla johtopäätöksillä. Yksinoikeus pysyy teoreettisena ja loogisena lähtökohtana tekijänoikeuslainsäädännössä ja tekijänoikeuden tieteellisessä ja käytännöllisessä analyysissa. Kuitenkin 1900-luvun kehitys on tuonut mukaan uusia tapoja rajoittaa liian vahvoiksi koettuja oikeusasemia ja tällä tavoin suojata muita tärkeiksi koettuja intressejä, kuten uusien teknologioiden ja niihin perustuvien liiketoimintojen kehitystä. Keskeisenä ratkaisumallina on ollut pakkolisensiointi eri muodoissaan. Laaja teknisiin alustoihin sidottujen laitemaksujen käyttö on ääriesimerkki tästä. Kehitys on saanut alkunsa 1900-luvun alun voimakkaasta uskosta tieteelliseen ja tekniseen kehitykseen, josta tutkimuksessa käytetään nimitystä kehitysmotiivi (development motive). Tutkimuksessa ehdotetaan tekijänoikeusjärjestelmän kuvaamisen yksinkertaistamiseksi sen lähestymistä korvausjärjestelmänä, jossa yksinoikeus on tiettyihin tilanteisiin soveltuva poikkeus. Nämä ovat tilanteita, joissa tekijänoikeuden haltija kykenee välittömästi kontrolloimaan tekijänoikeuden käyttöä ilman liiallisia rajoittavia vaikutuksia muiden oikeudenhaltijoiden, käyttäjien, taloudellisten hyödyntäjien tai yhteiskunnan näkökulmasta

Digital watermarking and novel security devices

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

E-commerce protocol supporting automated online dispute resolution

E-commerce now constitutes a significant part of all commercial activity; however the increase in transactions is also leading to more disputes. These disputes are becoming more frequent, more technologically complicated and more difficult in terms of traceability . This thesis focuses specifically on dispute problems related to soft products, i.e. those that are intangible and therefore requiring no physical delivery. With the growing demand for these types of products, e.g. downloadable films, music, software, and prepaid calling time, the prevention of fraudulent transactions is becoming increasingly important. Reasons for the rise in the number of fraudulent transactions include merchants being unable to see the customer to verify an ID or signature and E-commerce enabling soft-products and services to be acquired via soft delivery methods: email, download or logging in. The introductory section provides a critique of current e-commerce fraud detection and prevention techniques and shows that not all are suitable for e-commerce, especially soft-products, and therefore unable to provide complete protection against fraud. The future relating to the detection and prevention of e-commerce fraud is then discussed, leading to suggestions regarding the improvement of the current state-of-the-art technique, the Address Verification Service (AVS), which is used to accommodate the introduction of soft-products. Apart from the exchange process problems, i.e. those involving money and goods, attention is also paid to other important factors such as timing and quality that are usually neglected in these detection and prevention techniques. Dispute scenarios from many different perspectives have been analysed, viz. computer science, business, legal and that of the participants themselves. From the analyses, all possible dispute cases have been formally listed using the 'Truth Table' approach. This analysis has then led to the design of a comprehensive taxonomy framework for dispute in e-commerce. The term Online Dispute Resolution (ODR), is the online technology applied to Alternative Dispute Resolution (ADR) which is resolving disputes other than via litigation in the courts. Current ODR systems and their suitability for the e-commercial world have been examined, concluding that not all are appropriate for e-commerce situations (since most still involve a human element and often make the resolution process more costly than the actual item under dispute). The proposed solution to the problem is by automating the online dispute resolution process. The total solution is described in two parts (i) an E-commerce Transaction Protocol (ETP) forming the infrastructure where the transaction will take place and be able to accommodate any new improvements in the future, and (ii) an Automated Online Dispute Resolution (AODR) system which should automatically resolve any dispute occurring within the proposed e-commerce model. In order for the AODR to resolve any dispute, a product/payment specific plug-in (add-on) has been incorporated into the system. For illustration purposes, credit cards as a payment method has been selected and the appropriate plug-in specification for soft products and credit cards created. The concept of providing every soft product with a quality certificate has also been discussed. A concluding case study of e-commerce in Saudi Arabia has been used to test the viability of both the e-commerce dispute taxonomy and the proposed model. The case study shows the suitability of using ETP with AODR in order to resolve soft-product disputes automatically. Limitations of the work and further research possibilities have then been identified.EThOS - Electronic Theses Online ServiceDepartment of Computing Science, Newcastle UniversityGBUnited Kingdo