Conceptual Model and Security Requirements for DRM Techniques Used for e-Learning Objects Protection

This paper deals with the security problems of DRM protected e-learning content. After a short review of the main DRM systems and methods used in e-learning, an examination is made of participators in DRM schemes (e-learning object author, content creator, content publisher, license creator and end user). Then a conceptual model of security related processes of DRM implementation is proposed which is improved afterwards to reflect some particularities in DRM protection of e-learning objects. A methodical way is used to describe the security related motives, responsibilities and goals of the main participators involved in the DRM system. Taken together with the process model, these security properties are used to establish a list of requirements to fulfill and a possibility for formal verification of real DRM systems compliance with these requirements

An Evaluation Framework for DRM

There have been numerous evaluations of DRM systems, and most of these evaluations have focused on the end user experience of DRM systems. However, some of the problems identified by these evaluations are not simply a result of business strategies by the various vendors, but caused by the underlying deficiencies in the DRM architectures themselves. For this reason, in addition to evaluating the user experience, there is a need to evaluate each DRM systemas a software system. In this paper, we present 27 requirements, divided into three categories, drawn up from a number of different sources (from consumer requirements to DRM standardisation programmes) to create an evaluation framework for DRM. We then benchmark four different DRM systems (two media systems, two enterprise systems) against this framework, and identify some of the universal problems in current DRM systems. In our analysis, we find 4 major flaws with current DRM systems: the lack of user authentication, lack of device and platform portability due to the reliance of device based authentication, poor support for revocation and modification of access rights and a poor understanding of legal and social requirements from the developers of the DRM systems

Digital Rights Management - An Overview of current challenges and solutions

Digital Rights Management (DRM) systems aim to create a secure framework to control access and actions that can be performed by users (both human and machine). DRM technologies have become very important in an increasingly networked world because it promises the owner of the file persistent control over the file even when the file leaves the owner's machine. It is not only useful in combating piracy (which is currently the main use of DRM systems) but also for protecting sensitive documents in enterprises. DRM systems can be seen to fit at various levels on a computer system - at an application layer, which is currently seen in applications like Apple iTunes; at an operating system level like Microsoft's Rights Management System (RMS) in Windows Server 2003 or at a hardware level like Content Scramble System (CSS) in DVD players. However, current DRM systems are mostly not interoperable and in most cases either do not provide the all requirements expected by the customer or do not provide a totally secure framework. DRM systems that are used for copyright enforcement give rise to many legal questions mostly revolving on the amount of control the copyright holder has over their creations once they have been distributed. Many of the legal questions do not affect DRM systems for enterprises, but most of the technical requirements are the same. This paper gives a broad overview of the current state of DRM systems and their strengths and weaknesses. It starts by examining the legal requirements of the system to satisfy both the right holders and the end consumers. We then discuss the structure of DRM systems, their characteristics and how well they satisfy the legal requirements. Finally we review three DRM systems and look at how well they satisfy the requirements desired in a DRM system

Digital Rights Management - A current review

Digital Rights Management (DRM) systems aim to create a secure framework to control access and actions that can be performed by users (both human and machine). DRM technologies have become very important in an increasingly networked world because it promises the owner of the file persistent control over the file even when the file leaves the owner's machine. It is not only useful in combating piracy (which is currently the main use of DRM systems) but also for protecting sensitive documents in enterprises. DRM systems can be seen to fit at various levels on a computer system - at an application layer, which is currently seen in applications like Apple iTunes; at an operating system level like Microsoft's Rights Management System (RMS) in Windows Server 2003 or at a hardware level like Content Scramble System (CSS) in DVD players. However, current DRM systems are mostly not interoperable and in most cases either do not provide all the requirements expected by the customer or do not provide a totally secure framework. DRM systems that are used for copyright enforcement give rise to many legal questions mostly revolving on the amount of control the copyright holder has over their creations once they have been distributed to the users. Many of the legal questions do not affect DRM systems for enterprises, but most of the technical requirements are the same. This report gives a broad overview of current state of DRM systems and their strengths and weaknesses. It starts by looking at the legal requirements of the system to satisfy both the right holders and the end consumers. We then discuss the structure of DRM systems, their characteristics and how well they satisfy the legal requirements. Finally we review three types of DRM systems and how well they satisfy the requirements desired in a DRM system

Ticket based Identity System for DRM

One of the major stumbling blocks in achieving interoperability in DRM systems is due to the variety of different user authentication systems utilised by DRM systems. For example, in [6], the authors detailed how Microsoft's Rights Management System fails in fulfilling its requirements mainly because of a lack of its user identity system. The authors discussed how, because one DRM system cannot authenticate users from another DRM system, it cannot offer interoperability, even if they shared the same data formats. Furthermore, interoperability for user authentication in DRM systems is further hampered by the wide range of devices that need to support DRM enabled data, but do not necessarily offer the same features. Decoupling of user identity from the main DRM system also reduces the chances of correlating users' access patterns of protected works. This improves the privacy of users of DRM systems, another major criticisms of current DRM systems. In this paper we discuss the requirements for user identity in a DRM system and then introduce a Kerberos like reusable ticket based user identity system. This system allows multiple systems to be authenticated by the use of time limited authentication tickets, without requiring online authentication. Tickets can be stored at a central controlling point, which is also responsible for acquiring tickets from authentication servers and redistributing tickets to the devices that need the tickets. In our experience, our approach fulfils all the requirements and is a more scalable and inter-operable approach when compared to existing DRM systems

Requirement Analysis of Enterprise DRM systems

Digital Rights Management or DRM has been mainly used to provide access control protection for multimedia products marketed to consumers, like music and movies. There are also a number of DRM products, like Authentica and Microsoft's RMS, that aim to protect documents for enterprises. However, none of these products provide for all the needs of an enterprise, and furthermore these products do not offer all the benefits that DRM potentially offers to an enterprise. In this paper we discuss what DRM offers to enterprises, examine the base requirements for an enterprise DRM system and then analyse how well three existing enterprise DRM products satisfy the requirements of an enterprise DRM system. We have found that enterprise DRM systems have yet to mature with many requirements not satisfied

Distributed DRM System

There is no standardised framework for digital rights management (DRM). With the proliferation of DRM systems, there is an increasing need for portability across multiple platforms and DRM systems. Current DRM systems can also be considered incomplete. Some DRM systems are not scalable enough; some are too focused on a particular application/file format and most do not have adequate mechanisms to address all the needs of the end users of the DRM protected works. In this paper we outline a proposal for an open, componentized rights management framework. This framework includes the architecture and a set of features that we believe solves the requirements for a DRM system

PrivDRM : a privacy-preserving secure Digital Right Management system

Digital Right Management (DRM) is a technology developed to prevent illegal reproduction and distribution of digital contents. It protects the rights of content owners by allowing only authorised consumers to legitimately access associated digital content. DRM systems typically use a consumer's identity for authentication. In addition, some DRM systems collect consumer's preferences to obtain a content license. Thus, the behaviour of DRM systems disadvantages the digital content consumers (i.e. neglecting consumers' privacy) focusing more on securing the digital content (i.e. biased towards content owners). This paper proposes the Privacy-Preserving Digital Rights Management System (PrivDRM) that allows a consumer to acquire digital content with its license without disclosing complete personal information and without using any third parties. To evaluate the performance of the proposed solution, a prototype of the PrivDRM system has been developed and investigated. The security analysis (attacks and threats) are analysed and showed that PrivDRM supports countermeasures for well-known attacks and achieving the privacy requirements. In addition, a comparison with some well-known proposals shows that PrivDRM outperforms those proposals in terms of processing overhead

Persistent Protection in Multicast Content Delivery

Computer networks make it easy to distribute digital media at low cost. Digital rights management (DRM) systems are designed to limit the access that paying subscribers (and non-paying intruders) have to these digital media. However, current DRM systems are tied to unicast delivery mechanisms, which do not scale well to very large groups. In addition, the protection provided by DRM systems is in most cases not persistent, i.e., it does not prevent the legitimate subscriber from re-distributing the digital media after reception. We have collected the requirements for digital rights management from various sources, and presented them as a set of eleven requirements, associated with five categories. Several examples of commercial DRM systems are briefly explained and the requirements that they meet are presented in tabular format. None of the example systems meet all the requirements that we have listed. The security threats that are faced by DRM systems are briefly discussed. We have discussed approaches for adapting DRM systems to multicast data transmission. We have explored and evaluated the security protocols of a unicast distribution model, published by Grimen, et al.\, that provides ``persistent protection''. We have found two security attacks and have provided the solution to overcome the discovered attacks. Then we have proposed a more scalable architecture based on the modified model. We call the resulting architecture persistent protection in multicast content delivery. We present and formally validate the protocol for control and data exchange among the interacting parties of our proposal

Proposed CTV design reference missions in support of Space Station Freedom

Use of design reference missions (DRM's) for the cargo transfer vehicle (CTV) in support of Space Station Freedom (SSF) can provide a common baseline for the design and assessment of CTV systems and mission operations. These DRM's may also provide baseline operations scenarios for integrated CTV, Shuttle, and SSF operations. Proposed DRM's for CTV, SSF, and Shuttle operations envisioned during the early post-PMC time frame and continuing through mature, SSF evolutionary operations are described. These proposed DRM's are outlines for detailed mission definition; by treating these DRM's as top-level input for mission design studies, a range of parametric studies for systems/operations may be performed. Shuttle flight design experience, particularly rendezvous flight design, provides an excellent basis for DRM operations studies. To begin analysis of the DRM's, shuttle trajectory design tools were used in single case analysis to define CTV performance requirements. A summary of these results is presented