Abstract
The paper starts with a description of the fundamental principles of modern Digital Rights Management Systems. This is the basis for the discussion of their most important security aspects from the provider’s view on the one hand and the customer’s view on the other hand. The second half of the paper focuses the new DRM standard from the Open Mobile Alliance (OMA) and its implementation on “open” systems like Windows. The security anchor of the OMA DRM is the device private key. As long as no trusted storage facilities for open systems work effectively, techniques for software obfuscation could be a solution. Therefore the obfuscation of the device private key and its secure download is described. Currently on Windows PCs there is no chance for a full tamper-proof solution, but the authors try to make the job of an attacker as hard as possible, without affecting the consumer’s security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Website of the Open Mobile Alliance, http://www.openmobilealliance.org
Rosenblatt, B., Trippe, B., Mooney, S.: Digital Rights Management, Business and Technology. M&T Books, New York (2002)
Nützel, J.: Die informatorischen Aspekte virtueller Güter und Waren, Habilitationsschrift (venia legendi), Technische Universität Ilmenau (2006), http://www.juergen-nuetzel.de/habilitation.html
Schmidt, A.U., Tafreschi, O., Wolf, R.: Interoperability Challenges for DRM Systems. In: 2nd Virtual Goods Workshop, Ilmenau (May 2004), http://virtualgoods.tu-ilmenau.de/2004/Interoperability_Challenges_for_DRM_Systems.pdf
Website of the ODRL initiative, http://www.odrl.org
Iannella, R.: Digital Rights Management (DRM) Architectures. D-Lib Magazine 7(6) (June 2001), www.dlib.org/dlib/june01/iannella/06iannella.html
Niels, R.: Managing Meaning - How can standards help? 2nd Virtual Goods Workshop, Ilmenau (May 2004), http://virtualgoods.tu-ilmenau.de/2004/VirtualGoodsRump.pdf
Grimm, R.: Digital Rights Management: technisch-organisatorische Lösungsansätze. In: Kreis, M. (ed.) Digital Rights Management, Picot, Arnold, pp. 93–106. Springer, Heidelberg (2004)
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Müller, G., Pfitzmann, A.: Sicherheit, insbesondere mehrseitige IT-Sicherheit in: Mehrseitige Sicherheit in der Kommunikationstechnik – Verfahren, Komponenten, Integration; pp. 21–29, Addison-Wesley-Longman, Bonn (1997)
Röhrig, S., Knorr, K., Noser, H.: Sicherheit von E-Business-Anwendungen - Struktur und Quantifizierung. WIRTSCHAFTSINFORMATIK 42(6), 499–507 (2000)
Russinovich, M., http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html (published October 31, 2005)
World of warcraft hackers using Sony BMG rootkit, http://www.securityfocus.com/brief/34
Website of Common Criteria, http://www.commoncriteriaportal.org
OMA Digital Rights Management V1.0, DRM Specification, Approved Enabler (Release Date: June 25, 2004), http://www.openmobilealliance.org/release_program/drm_v1_0.html
Nokia: DRM Developer’s Guide for Nokia Devices v2.1 (2004), http://sw.nokia.com/id/418a9cf9-9d49-44b7-911d-f6c24f9d77d2/DRM_Developers_Guide_For_Nokia_Devices_v2_1_en.pdf
OMA Digital Rights Management V2.0, DRM Specification, Candidate Enabler (Release Date: September 15, 2005), http://www.openmobilealliance.org/release_program/drm_v2_0.html
OMA Digital Rights Management V2.0, DRM Architecture, Candidate Enabler (Release Date: September 15, 2005), http://www.openmobilealliance.org/release_program/drm_v2_0.html
The website of the Trusted Computing Group, http://www.trustedcomputinggroup.org
Website of Microsoft’s Windows Vista, http://www.microsoft.com/windowsvista/
Eilam, E.: Reversing: Secrets of Reverse Engineering. Wiley Publishing, Inc., Indianapolis (2005)
Cerven, P.: Crackproof Your Software. No Starch Press, San Francisco (2002)
Christian, C., Clark, T., Douglas, L.: A taxonomy of obfuscating transformation, Technical report #148, Department of Computer Science, University of Auckland, New Zealand (1997)
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of Obfuscating Programs (extended abstract) In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 1. Springer, Heidelberg (2001), http://www.eecs.harvard.edu/~salil/papers/obfuscate-abs.html
Christian, C., Clark, T.: Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection, Department of Computer Science, University of Auckland, New Zealand (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nützel, J., Beyer, A. (2006). How to Increase the Security of Digital Rights Management Systems Without Affecting Consumer’s Security. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_26
Download citation
DOI: https://doi.org/10.1007/11766155_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)