1 / 9

DRM & Key Revocation

DRM & Key Revocation. By David Coleman. DRM & Key Revocation. Digital Rights Management – A system for controlling the use of content Key Revocation – The ability for content producers to “revoke” the ability of a given device/player to consume the content Important because…

clodia
Download Presentation

DRM & Key Revocation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DRM & Key Revocation By David Coleman

  2. DRM & Key Revocation • Digital Rights Management – A system for controlling the use of content • Key Revocation – The ability for content producers to “revoke” the ability of a given device/player to consume the content • Important because… • Digital content can be perfectly reproduced • CD Audio was a disaster from music studios’ perspective (the need for DRM) • DVD-Video wasn’t much better (the need for good DRM) • I’ll be discussing 3 systems: CSS (DVD-Video), Microsoft Windows Media DRM, and AACS

  3. DRM & Key Revocation Content Scramble System (CSS) • Used on DVD-Video discs • 40-bit keys using a secret encryption algorithm (2 LFSRs) • Keys • Disc key – Key that allows (indirectly) decrypting the content • Player key – Key that allows player to decrypt disc key • 400+ player keys • Key block • Disc key hashed with CSS hashing algorithm • Table containing disc key encrypted with all valid player keys • Player would decrypt the disc key and then hash it to compare against hashed value • Revocation • Removing the player key from the key block • Completely broken • Player key recovered from Xing software player • Remaining player keys were poorly chosen and quickly guessed • Encryption was very weak anyway (a few discrepencies allowed for an O(25) attack)

  4. DRM & Key Revocation Microsoft Windows Media DRM • My motivation for this topic • Widely used in online music services (not Apple) • Basics • StubLib – Certificate that is statically linked in to player • Encrypted content file • License – Contains key to decrypt the content file. Encrypted with player’s public key (from StubLib).

  5. DRM & Key Revocation Microsoft Windows Media DRM License acquisition

  6. DRM & Key Revocation Microsoft Windows Media DRM • Revocation • Certificate Revocation List (CRL) • Microsoft maintains the CRL and license servers are expected to pull and keep local copy current • CRL is included in the license • Works because API to play is a black box

  7. DRM & Key Revocation Advanced Access Control System (AACS) • Used on next generation DVD (blue laser) • Strong encryption based on published standards (AES-128, SHA-1, etc.) • Certificates • Not X.509 • Each player & drive have a certificate • Keys • Media key – necessary to decrypt content • Device keys • Each device given a set of keys • Sets overlap, but no two devices have the identical set • NNL Key Management • Keys actually organized in a binary tree where child keys of a node can be computed via a one-way function

  8. DRM & Key Revocation AACS • Revocation • Two methods • CRL • Every disc has a player CRL and a drive CRL • CRLs must be stored after reading • Player key revocation • Media key is encrypted with the minimal set of keys s.t. no revoked device’s key is used but one of every valid device’s key is used • Subset-difference • Tree structure helps

  9. DRM & Key Revocation Questions?

More Related