WWW/Internet - Portal do Software Público Brasileiro

IADIS International Conference WWW/Internet 2010SOFTWARE-BASED PROTECTION FOR CONTENTMEDIA DISTRIBUTIONMalek Barhoush and J. William AtwoodDepartment of Computer Science and Software Engineering, Concordia University1455 de Maisonneuve Boulevard, West, Montreal, Quebec, H3G 1M8ABSTRACTSoftware-based protection for digital content is a promising and flexible solution for the content provider whosedistribution is to a community in which the majority of clients are computer and laptop users. In this paper, we explore anexample of software-based copy protection for temporal media distribution that has been published by Grimen, et al. Weevaluated the security protocols provided in the example and found two security attacks. We provide the solution toovercome the discovered attacks.KEYWORDSDRM, Tamper Resistant Software, Formal Validation.1. INTRODUCTIONWatching movies and TV channels through the Internet gives the client the flexibility to explore forinteresting programming, and then start viewing. The content provider (CP) on the other side has themotivation to use the Internet to deliver the content media because the cost of distributing the information islow. However, the problem is that the Internet does not facilitate access control for electronic goods.Digital rights management (DRM) is an application framework introduced to help a CP to control theaccess to electronic products and to enforce the usage according to the permissions and constraints stated bythe CP or the owner of the electronic product. The central component of a DRM system is a tamper resistantentity; this entity may be implemented in hardware or software. The whole security protection andenforcement mechanism of a DRM system depends on the fact that the tamper resistant element is guaranteedto be unbreakable [Stamp_digital].Tamperproof hardware provides physical protection and tries to hide the protection technologies used tosecure the content media. Because the end user may have hacking tools and the time to compromisetamperproof hardware, hiding protection technologies does not provide a permanent solution. It is typicallymore effective than a software solution, but it is harder to recover when the hardware is compromised. Adongle provides hardware copy protection and should be connected on one of the computer ports in order touse dongle-based software. Dongle-based software checks the presence of a token issued by the dongle. Ifthe software discovers that the dongle is not connected then it does not give the necessary signal to execute orto run the full version of the software. The security of this methodology depends on the difficulty of cloningdongles. The protection provided by a dongle is susceptible to reverse engineering and code modification[Maña-Framework].The Open Mobile Alliance DRM2.1 (OMA-DRM2.1) is a framework solution to control the access tomobile ringtones, pictures or songs. OMA-DRM2.1 enabled devices have tamper resistant hardware thatcontains a unique id for identification purposes and a unique private/public key pair as well as a certificate.This feature allows the operator or the rights issuer to easily authenticate the OMA-DRM2.1 enabled devices.Each right object issued to a specific device is cryptographically bound to that device. The whole security ofOMA depends on hiding the private key [Nützel-DRM, OMA-DRM2.1]. Hardware tamper resistant devicesare difficult to deploy, especially when the majority of viewers is using a personal computer or a laptop. Ifthe solution provided by tamper resistant hardware is compromised, then replacing the failed hardware is not65