Security Attributes Based Digital Rights Management

Most real-life systems delegate responsibilities to different authorities. We apply this idea of delegation to a digital rights management system, to achieve high flexibility without jeopardizing the security. In our model, a hierarchy of authorities issues certificates that are linked by cryptographic means. This linkage establishes a chain of control, identity-attribute-rights, and allows flexible rights control over content. Typical security objectives, such as identification, authentication, authorization and access control can be realized. Content keys are personalized to detect illegal super distribution. We describe a working prototype, which we develop using standard techniques, such as standard certificates, XML and so forth. We present experimental results to evaluate the scalability of the system. A formal analysis demonstrates that our design is able to detect a form of illegal super distribution.

[1]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[2]  Hector Garcia-Molina,et al.  Copy detection mechanisms for digital documents , 1995, SIGMOD '95.

[3]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[4]  Hector Garcia-Molina,et al.  Building a scalable and accurate copy detection mechanism , 1996, DL '96.

[5]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[6]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[7]  Jason Hunter Java servlet programming , 1998, Java series.

[8]  Jean-Henry Morin,et al.  HyperNews: a MEDIA application for the commercialization of an electronic newspaper , 1998, SAC '98.

[9]  Jiri Fridrich,et al.  Robust Digital Watermarking Based on Key-Dependent Basis Functions , 1998, Information Hiding.

[10]  Jonathan Knudsen Java cryptography , 1998, Java series.

[11]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[12]  Bharat K. Bhargava,et al.  A fast MPEG video encryption algorithm , 1998, MULTIMEDIA '98.

[13]  Jörg Schwenk,et al.  Combining digital watermarks and collusion-secure fingerprints for digital images , 1999, Electronic Imaging.

[14]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[15]  Peter Henderson,et al.  Questions and Answers About Ten Formal Methods , 1999 .

[16]  John Linn,et al.  Attribute certification: an enabling technology for delegation and role-based controls in distributed environments , 1999, RBAC '99.

[17]  David Henry Who's got the key? , 1999, SIGUCCS.

[18]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[19]  Ernesto Damiani,et al.  Design and implementation of an access control processor for XML documents , 2000, Comput. Networks.

[20]  Jörg Schwenk,et al.  Combining digital watermarks and collusion secure fingerprints for digital images , 2000, J. Electronic Imaging.

[21]  Frank Hartung,et al.  Watermarking of multimedia content for m-commerce applications , 2000 .

[22]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[23]  Matthew K. Franklin,et al.  Distribution chain security , 2000, CCS.

[24]  S. Pereira,et al.  Attacks on digital watermarks: classification, estimation based attacks, and benchmarks , 2001, IEEE Communications Magazine.

[25]  Benny Pinkas,et al.  Escrow services and incentives in peer-to-peer networks , 2001, EC '01.

[26]  Elisa Bertino,et al.  Securing XML Documents with Author-X , 2001, IEEE Internet Comput..

[27]  Frank LaMonica,et al.  Streaming Media , 2001 .

[28]  Marco Pistoia,et al.  WebGuard: A System for Web Content Protection , 2001, WWW Posters.

[29]  Siu Man Lui,et al.  A License Management Model to Support B2C and C2C Music Sharing , 2001, WWW Posters.

[30]  Robert E. Tarjan,et al.  Dynamic Self-Checking Techniques for Improved Tamper Resistance , 2001, Digital Rights Management Workshop.

[31]  John Hunt,et al.  Java Server Pages , 2002 .

[32]  Boaz Gelbord,et al.  Access Control Based on Attribute Certificates , 2002, ICWI.

[33]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.