Skip to main content
SpringerLink
Log in

How to Increase the Security of Digital Rights Management Systems Without Affecting Consumer’s Security

  • Conference paper
Emerging Trends in Information and Communication Security (ETRICS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3995))

Abstract

The paper starts with a description of the fundamental principles of modern Digital Rights Management Systems. This is the basis for the discussion of their most important security aspects from the provider’s view on the one hand and the customer’s view on the other hand. The second half of the paper focuses the new DRM standard from the Open Mobile Alliance (OMA) and its implementation on “open” systems like Windows. The security anchor of the OMA DRM is the device private key. As long as no trusted storage facilities for open systems work effectively, techniques for software obfuscation could be a solution. Therefore the obfuscation of the device private key and its secure download is described. Currently on Windows PCs there is no chance for a full tamper-proof solution, but the authors try to make the job of an attacker as hard as possible, without affecting the consumer’s security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Website of the Open Mobile Alliance, http://www.openmobilealliance.org

  2. Rosenblatt, B., Trippe, B., Mooney, S.: Digital Rights Management, Business and Technology. M&T Books, New York (2002)

    Google Scholar 

  3. Nützel, J.: Die informatorischen Aspekte virtueller Güter und Waren, Habilitationsschrift (venia legendi), Technische Universität Ilmenau (2006), http://www.juergen-nuetzel.de/habilitation.html

  4. Schmidt, A.U., Tafreschi, O., Wolf, R.: Interoperability Challenges for DRM Systems. In: 2nd Virtual Goods Workshop, Ilmenau (May 2004), http://virtualgoods.tu-ilmenau.de/2004/Interoperability_Challenges_for_DRM_Systems.pdf

  5. Website of the ODRL initiative, http://www.odrl.org

  6. Iannella, R.: Digital Rights Management (DRM) Architectures. D-Lib Magazine 7(6) (June 2001), www.dlib.org/dlib/june01/iannella/06iannella.html

  7. Niels, R.: Managing Meaning - How can standards help? 2nd Virtual Goods Workshop, Ilmenau (May 2004), http://virtualgoods.tu-ilmenau.de/2004/VirtualGoodsRump.pdf

  8. Grimm, R.: Digital Rights Management: technisch-organisatorische Lösungsansätze. In: Kreis, M. (ed.) Digital Rights Management, Picot, Arnold, pp. 93–106. Springer, Heidelberg (2004)

    Google Scholar 

  9. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

    Google Scholar 

  10. Müller, G., Pfitzmann, A.: Sicherheit, insbesondere mehrseitige IT-Sicherheit in: Mehrseitige Sicherheit in der Kommunikationstechnik – Verfahren, Komponenten, Integration; pp. 21–29, Addison-Wesley-Longman, Bonn (1997)

    Google Scholar 

  11. Röhrig, S., Knorr, K., Noser, H.: Sicherheit von E-Business-Anwendungen - Struktur und Quantifizierung. WIRTSCHAFTSINFORMATIK 42(6), 499–507 (2000)

    Article  Google Scholar 

  12. Russinovich, M., http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html (published October 31, 2005)

  13. World of warcraft hackers using Sony BMG rootkit, http://www.securityfocus.com/brief/34

  14. Website of Common Criteria, http://www.commoncriteriaportal.org

  15. OMA Digital Rights Management V1.0, DRM Specification, Approved Enabler (Release Date: June 25, 2004), http://www.openmobilealliance.org/release_program/drm_v1_0.html

  16. Nokia: DRM Developer’s Guide for Nokia Devices v2.1 (2004), http://sw.nokia.com/id/418a9cf9-9d49-44b7-911d-f6c24f9d77d2/DRM_Developers_Guide_For_Nokia_Devices_v2_1_en.pdf

  17. OMA Digital Rights Management V2.0, DRM Specification, Candidate Enabler (Release Date: September 15, 2005), http://www.openmobilealliance.org/release_program/drm_v2_0.html

  18. OMA Digital Rights Management V2.0, DRM Architecture, Candidate Enabler (Release Date: September 15, 2005), http://www.openmobilealliance.org/release_program/drm_v2_0.html

  19. The website of the Trusted Computing Group, http://www.trustedcomputinggroup.org

  20. Website of Microsoft’s Windows Vista, http://www.microsoft.com/windowsvista/

  21. Eilam, E.: Reversing: Secrets of Reverse Engineering. Wiley Publishing, Inc., Indianapolis (2005)

    Google Scholar 

  22. Cerven, P.: Crackproof Your Software. No Starch Press, San Francisco (2002)

    Google Scholar 

  23. Christian, C., Clark, T., Douglas, L.: A taxonomy of obfuscating transformation, Technical report #148, Department of Computer Science, University of Auckland, New Zealand (1997)

    Google Scholar 

  24. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of Obfuscating Programs (extended abstract) In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 1. Springer, Heidelberg (2001), http://www.eecs.harvard.edu/~salil/papers/obfuscate-abs.html

    Chapter  Google Scholar 

  25. Christian, C., Clark, T.: Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection, Department of Computer Science, University of Auckland, New Zealand (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Medien und Kommunikationswissenschaft, Technische Universität Ilmenau, D-98693, Ilmenau, Germany

    Jürgen Nützel & Anja Beyer

Authors
  1. Jürgen Nützel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anja Beyer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Informatik und Gesellschaft, Abt. Telematik, Albert-Ludwigs-Universität Freiburg, Friedrichstr. 50, 79098, Freiburg, Germany

    Günter Müller

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nützel, J., Beyer, A. (2006). How to Increase the Security of Digital Rights Management Systems Without Affecting Consumer’s Security. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_26

Download citation

  • DOI: https://doi.org/10.1007/11766155_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34640-1

  • Online ISBN: 978-3-540-34642-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation