An adversary model to evaluate DRM protection of video contents on iOS devices

Adversary model for iOS app DRM protection for video contents.Circumvent or bypass DRM control for iOS apps.Vulnerabilities in popular Video-on-Demand (VOD) apps.Need for hardening of iOS device security to avoid device jailbreaking. Due to the increasing use of mobile devices and apps to view copyright protected content (e.g. movies) on the go, digital rights management (DRM) protections have primarily been used to protect the digital intellectual property and control their distribution and usage on mobile devices. Unsurprisingly, attackers have sought to circumvent or bypass DRM control in order to obtain unauthorised access to copyrighted content. Given the ongoing and rapidly changing nature of mobile device technologies, it is essential for DRM protection designer to have an in-depth understanding of an attacker's capabilities and the potential attack vectors (e.g. vulnerabilities that can be exploited to bypass DRM protection). In this paper, we propose an adversary model that formalizes the real world capabilities of a DRM attacker targeting Apple iOS devices. We then demonstrate its utility using four Video-on-Demand (VoD) apps, one live TV app, and a security DRM protection module. To avoid similar structural mistakes in future designs, we outline two recommendations.

[1]  Mohan S. Kankanhalli,et al.  Digital Rights Management Issues for Video , 2004 .

[2]  Dah-Ming Chiu,et al.  A measurement study of mobile video streaming by different types of devices , 2015, 2015 7th International Conference on Communication Systems and Networks (COMSNETS).

[3]  Thomas S. Messerges,et al.  Digital rights management in a 3G mobile phone and beyond , 2003, DRM '03.

[4]  Kim-Kwang Raymond Choo,et al.  The cyber threat landscape: Challenges and future research directions , 2011, Comput. Secur..

[5]  Zhiyong Zhang,et al.  A Method for Trusted Usage Control over Digital Contents Based on Cloud Computing , 2013 .

[6]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[7]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[8]  Larry Korba,et al.  Towards Meeting the Privacy Challenge: Adapting DRM , 2002, Digital Rights Management Workshop.

[9]  Bernhard Mitschang,et al.  Privacy Management for Mobile Platforms -- A Review of Concepts and Approaches , 2013, 2013 IEEE 14th International Conference on Mobile Data Management.

[10]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[11]  Jheng-jia Huang,et al.  Secure and efficient digital rights management mechanisms with privacy protection , 2014 .

[12]  Andrew S. Tanenbaum,et al.  Enforcing DRM policies across applications , 2008, DRM '08.

[13]  Frank Hartung,et al.  DRM protected dynamic adaptive HTTP streaming , 2011, MMSys.

[14]  Juan E. Tapiador,et al.  Evolution, Detection and Analysis of Malware for Smart Devices , 2014, IEEE Communications Surveys & Tutorials.

[15]  Kim-Kwang Raymond Choo,et al.  Exfiltrating data from Android devices , 2015, Comput. Secur..

[16]  Zhen Wang,et al.  An Approach to Mobile Multimedia Digital Rights Management Based on Android , 2013, ICGEC.

[17]  G. Kowsalya,et al.  An Efficient Fibonacci Based Content Distribution scheme for interactive VoD Streaming , 2013 .

[18]  Reihaneh Safavi-Naini,et al.  Digital Rights Management for Content Distribution , 2003, ACSW.

[19]  Sourav Mukhopadhyay,et al.  An anonymous and secure biometric-based enterprise digital rights management system for mobile environment , 2015, Secur. Commun. Networks.

[20]  Woei-Jiunn Tsaur Strengthening digital rights management using a new driver-hidden rootkit , 2012, IEEE Transactions on Consumer Electronics.

[21]  Georgios Kambourakis,et al.  A critical review of 7 years of Mobile Device Forensics , 2013, Digit. Investig..

[22]  Kim-Kwang Raymond Choo Refuting security proofs for tripartite key exchange with model checker in planning problem setting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[23]  Robert E. Tarjan,et al.  If Piracy Is the Problem, Is DRM the Answer? , 2003, Digital Rights Management.

[24]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[25]  Zhen Wang,et al.  A novel approach to rights sharing-enabling digital rights management for mobile multimedia , 2015, Multimedia Tools and Applications.

[26]  Pierfrancesco Bellini,et al.  Exploiting P2P scalability for grant authorization in digital rights management solutions , 2013, Multimedia Tools and Applications.

[27]  Songqing Chen,et al.  Investigating Redundant Internet Video Streaming Traffic on iOS Devices: Causes and Solutions , 2014, IEEE Transactions on Multimedia.

[28]  Jianfeng Ma,et al.  Security and Trust in Digital Rights Management: A Survey , 2009, Int. J. Netw. Secur..

[29]  Michele Garetto,et al.  Peer-Assisted VoD Systems: An Efficient Modeling Framework , 2014, IEEE Transactions on Parallel and Distributed Systems.

[30]  Jonathan Zdziarski Identifying back doors, attack points, and surveillance mechanisms in iOS devices , 2014, Digit. Investig..

[31]  Wang Xingjun,et al.  Combination of DRM and Mobile Code: A Practice to Protect TV Contents and Applications on Android Smartphone , 2013, 2013 Fourth International Conference on Networking and Distributed Computing.

[32]  Sergiy Vilkomir,et al.  Testing-as-a-Service for Mobile Applications: State-of-the-Art Survey , 2015 .

[33]  Chen-Yuan Chuang,et al.  Digital Right Management and Software Protection on Android Phones , 2010, 2010 IEEE 71st Vehicular Technology Conference.