The MediaSnap - PowerPoint PPT Presentation

About This Presentation
Title:

The MediaSnap

Description:

'Whoever thinks his problem can be solved using cryptography, doesn't understand ... Electronic Commerce Research, http://home.earthlink.net/~mstamp1/papers/DRM.doc ... – PowerPoint PPT presentation

Number of Views:142
Avg rating:3.0/5.0
Slides: 15
Provided by: marks9
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: The MediaSnap


1
The MediaSnap Digital Rights Management System
  • Priti Sabadra and Mark Stamp
  • Department of Computer Science
  • San Jose State University

2
This talk
  • MediaSnap, Inc.
  • What is DRM?
  • Overview of MediaSnap DRM system
  • Conclusions

3
What is DRM?
  • Remote control problem
  • Digital book example
  • Digital music, video, documents, etc.
  • Privacy

4
Persistent Protection
  • Restrictions on use after delivery
  • No copying
  • Limited number of reads
  • Time limits
  • No forwarding
  • etc.

5
What to do?
  • The honor system (The Plant)
  • Give up (HIPAA, etc.)
  • Lame software-based DRM
  • Better software-based DRM
  • Tamper-resistant hardware http//www.cl.cam.ac.uk/
    7Erja14/tcpa-faq.html

6
Current state of DRM
  • Security by obscurity (at best)
  • Secret designs (Kerckhoffs Principle?)
  • Is crypto the answer?
  • Whoever thinks his problem can be solved using
    cryptography, doesnt understand his problem and
    doesnt understand cryptography. --- Attributed
    by Roger Needham and Butler Lampson to each other

7
MediaSnaps DRM system
  • Secure Document Server (SDS)
  • PDF plugin (or reader)
  • Security stuff

8
Protecting a document
encrypt
Sender
persistent protection
Recipient
SDS
9
Security issues
  • Server (SDS)
  • Protect keys, authentication data, etc.
  • Apply persistent protection
  • Client (Reader/PDF plugin)
  • Protect keys, authenticate, etc.
  • Enforce persistent protection

10
Document reader security
Tamper-resistance
Obscurity
11
Obscurity
  • Key management
  • Authentication
  • Caching (keys, authentication, etc.)
  • Encryption and scrambling
  • Key parts (data and code)
  • Multiple keys

12
Other security features
  • Module tamper checking (hashing)
  • Anti-screen capture
  • Watermarking
  • Unique-ification
  • Code fragilization
  • OS issues

13
Conclusions
  • Current DRM systems are weak
  • Ideal software-based DRM features
  • Individual content is non-trivial to attack
  • Overall system survives repeated attacks
  • Is this possible?

14
More info
  • M. Stamp, Digital rights management The
    technology behind the hype, to appear in Journal
    of Electronic Commerce Research,
    http//home.earthlink.net/mstamp1/papers/DRM.doc
  • M. Stamp, Risks of digital rights management,
    Communications of the ACM, http//www.csl.sri.com/
    users/neumann/insiderisks.html147
  • M. Stamp, Digital rights management For better
    or for worse?, ExtremeTech, http//www.extremetech
    .com/article2/0,3973,1051610,00.asp
Write a Comment
User Comments (0)
About PowerShow.com