How to Increase the Security of Digital Rights Management Systems Without Affecting Consumer's Security

The paper starts with a description of the fundamental principles of modern Digital Rights Management Systems. This is the basis for the discussion of their most important security aspects from the provider's view on the one hand and the customer's view on the other hand. The second half of the paper focuses the new DRM standard from the Open Mobile Alliance (OMA) and its implementation on “open” systems like Windows. The security anchor of the OMA DRM is the device private key. As long as no trusted storage facilities for open systems work effectively, techniques for software obfuscation could be a solution. Therefore the obfuscation of the device private key and its secure download is described. Currently on Windows PCs there is no chance for a full tamper-proof solution, but the authors try to make the job of an attacker as hard as possible, without affecting the consumer's security.

[1]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[2]  Amy Friedlander,et al.  D-Lib Magazine: Publishing as the Honest Broker , 1998 .

[3]  Renato Iannella,et al.  Digital Rights Management (DRM) Architectures , 2001, D Lib Mag..

[4]  Ruben Wolf,et al.  INTEROPERABILITY CHALLENGES FOR DRM SYSTEMS , 2004 .

[5]  Konstantin Knorr,et al.  Sicherheit von E-Business-Anwendungen — Struktur und Quantifizierung , 2000, Wirtschaftsinf..

[6]  Rüdiger Grimm Digital Rights Management: Technisch-organisatorische Lösungsansätze , 2003 .

[7]  Kai Rannenberg,et al.  Sicherheit, insbesondere mehrseitige IT-Sicherheit , 1996, Informationstechnik Tech. Inform..

[8]  Stephen Mooney,et al.  Digital Rights Management: Business and Technology , 2001 .

[9]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[10]  Eldad Eilam Reversing: The Hacker's Guide to Reverse Engineering , 2005 .

[11]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs : (Extended abstract) , 2001, CRYPTO 2001.

[12]  Eldad Eilam,et al.  Reversing: Secrets of Reverse Engineering , 2005 .

[13]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[14]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[15]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .