CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Secure group communications using key graphs
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Computer security
Broadcast Encryption's Bright Future
Computer
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
A trustworthy end-to-end key management scheme for digital rights management
MULTIMEDIA '06 Proceedings of the 14th annual ACM international conference on Multimedia
Property-Based broadcast encryption for multi-level security policies
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Digital rights management systems allow copyrighted content to be commercialized in digital format without the risk of revenue loss due to piracy. Making such systems secure is no easy task, given that content needs to be protected while accessed through electronic devices in the hands of potentially malicious end-users; in this context, intrusion tolerance becomes a very useful system property. In this paper we point out a limitation shared by all current DRM architectures, namely their weakness in reacting to possible device compromise and confining the damage caused by such a compromise. As a solution, we propose a paradigm shift - moving from the original DRM system model where all devices are equally trustworthy and have discretionary control over all protected content, to a new model where information flow is controlled through a multi-level security policy that differentiates between devices based on their tamper-resistance properties. We show that besides improved intrusion-tolerance, supporting such policies has other advantages, such as the ability to define more flexible business models for supplying content. We also show that for a given DRM architecture, the type authentication protocol used when accepting new devices in the system has a big impact on how well multi-level security policies can be supported, and that a number of protocols currently being considered are not very well suited for this job.