Digital Rights Management   

John Mitchell

CS 155 Spring 2006

2

Next Tuesday

Aaron SigelApple Security Team

3

Basic Problem

Joey writes and records a song Song distributed on some sort of media Joey (and music company) want to sell

recordings But digital info is easy to copy, on most media

What can Joey (and Music Inc.) try to do? Look for copies? Mark recording to make it easier to find copies? Restrict media so only certain devices can play

it?

All of these approaches have problems; no perfect solution (yet?)

4

Outline

Legal landscape Copyright law, fair use, DMCA

Examine or modify content Content hashing and copyright crawling Watermarking Fingerprinting

Regulate use through special content players Apply complex policies, need tamper-proof platform Some examples

MediaMax CD3: restrict access on software players DVDs: CSS encryption and hardware/software players Windows Media Rights Management Office Information Rights Management

5

Basis for U.S. Copyright Law

U.S. Constitution (A1, S8, C8): "Congress shall have power . . . to promote the

progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries”

Intro of printing press in England in 1400s control (censor) publication of books maintain registry of legal books

1710 law to protect authors’ works prevent another person from re-producing a

book and putting their name on it

6

U.S. Copyright Law

Balance two competing objectives Protect works so the author gets financial reward Promote access: progress of science, arts

Gives exclusive rights for limited time Reproduce the work, derive new works, distribute

copies, perform or display it publicly Extends to life of author plus 70 years

Applies to “original works of authorship” fixed in tangible

medium of expression literary, dramatic, artistic, musical, pictorial,

architectural works – software? hyperlinks?

7

Fair Use

Legal use of copyrighted works for education, research, reporting, etc. must provide transformative value

Determined by four factors purpose and character of the use nature of the copyrighted work amount of the copyrighted work used effect on market value of copyrighted work

8

Enforcement of copyright law

Anyone here get a letter? Music industry monitors file sharing Law specifies high minimum penalties

Recipients usually offered a chance to settle for ~$3000

See: http://www.eff.org/wp/how-not-get-sued-file-sharing

Limitations of copyright law Coarse-grained protection, hard to enforce

Next topic Technology used to help enforce copyright

9

Content hashing

Suppose we had a “content-aware” hash function:

H: {music} {short strings} satisfying:

1. If M1 and M2 are two music clips (e.g. MP3 files) that play the “same” song then H(M1) = H(M2)

2. Given a clip M a pirate cannot create an “acceptable” clip M’ such that H(M) H(M’)

Is this realistic? Hash function must resist all signal processing tricks Do not know such hash functions exist

some claim to have them

10

Copyright Crawler

Web crawler looks for copyright violations Use list of hashes of all copyrighted content Scans all web sites, file-sharing networks, etc. For every music file found, compute hash and

compare If match is found, call the lawyers

Problems: Hash functions unlikely to exist for music Does not protect against anonymous postings:

publius Very high workload

11

Examples

DigiMarc MarcSpider Crawls web looking for pirated images May use watermarking? (next topic)

MOSS (Measure Of Software Similarity) Detect plagiarism in programming assignments, web

pages http://www.cs.berkeley.edu/~aiken/moss.html

SCAM: N. Shivakumar, Stanford. Crawls web looking for academic plagiarism Several success stories:

http://www-db.stanford.edu/~shiva/SCAM/scamInfo.html

12

Improvement: watermarking

Embed hidden watermark at the recording studio Embed( M, I ): outputs a watermarked version of music

M with the information I embedded in it Retrieve( M’ ): takes a watermarked music file M’ and

outputs the embedded watermark I

Watermark requirements (not necessarily achievable):

Watermark must be inaudible (music) or invisible (video)

Watermark should be robust: Given M1 = Embed(M,I),

pirate cannot create an “acceptable” M2 with Retrieve(M2) I

To do this, watermark must resist all signal processing tricks - resampling, cropping, low-pass filtering, …

13

Example Watermarked File

Second image has watermark inserted by DOS software “White Noise Storm”

14

Watermark-based enforcement

Copyright crawler uses “Retrieve” algorithmBenefits: Copyright crawler does not need list of all

copyrighted material No need for content aware hash

Watermarking music “seems” to be an “easier” problem.

But, some of the same problems as before Does not defend against anonymous postings High workload Need to mark with buyer or trace copy to culprit

15

Robust watermarks??

Embed & Retrieve algs are usually kept secret “Security by obscurity” – not a successful

approach

Do robust watermarking systems exist? We don’t know the answer StirMark

Generic tool for removing image watermarks Oblivious to watermarking scheme

SDMI challenge: Broken: Felten, et al.

Obj1Obj1mark

??Obj2mark

See: http://cryptome.org/sdmi-attack.htm

16

Fingerprinting

Basic idea: Embed a unique user ID into each sold copy If user posts copy to web or file-sharing

network, embedded user ID identifies user

Problem: Need ability to create distinct and

indistinguishable versions of object Collusion: two users can compare their objects

to find parts of the fingerprint

17

Watermarking Images (>200 papers)

DigiMarc: embeds creator’s serial number. Add or subtract small random quantities from

each pixel. Embedded signal kept secret.

Signafy (NEC). Add small modifications to random frequencies

of entire Fourier Spectrum. Embedded signal kept secret.

Caronni: Embed geom. shapes in backgroundSigNum Tech. (SureSign).

18

Watermarking Music (>200 papers)

Aris Tech (MusicCode):Rate: 100 bits/sec of music

Solana (E-DNA)Used by LiquidAudio.

Argent:Embed full text information.FrameBased: info. inserted at random areas of signal

Secret key determines random areas.

Merged to form Verance

Used by SDMI

19

“My Story” by Ed Felten

Industry consortium (SDMI) considering four technologies for deployment in next-gen music and players.We (Princeton, Rice, Xerox researchers) study technologies, find that they don’t work very well.We write a paper detailing our findings.Paper accepted for publication at conference.

3 Slides from: http://csrc.ncsl.nist.gov/ispab/2002-06/Felten-06-2002.pdf

20

“Our Paper”

Music industry claims that our paper is a “technology” whose primary purpose is copyright circumvention Similar claim for oral presentation

Threatens to sue authors of paper, conference organizers, and employersSeeks control over contents of paper

21

“My Story (cont.)”

Music industry (RIAA, SDMI, Verance) threatens lawsuit if we publish Conference organizers also threatened. We

withdraw paper because of threats.

We file lawsuit seeking right to publishAfter legal wrangling, paper is publishedWe managed to publish, but: Months of effort by researchers lost Hundreds of lawyer-hours spent ($$$) Member of our team loses his job Eight-month delay in release of our results

22

Outline

Legal landscapeExamine or modify content Content hashing and copyright crawling Watermarking Fingerprinting

Regulate use through special content players Apply complex policies, need tamper-proof

platform Some examples

MediaMax CD3: restrict access for software players DVDs: CSS encryption and hardware/software players Windows Media Rights Management Office Information Rights Management

23

DRM Player threat model

Traditional access control Owner of computer sets discretionary

access controls

DRM controls Owner of content sets usage rights Player owned by “untrusted user” must

enforce usage rights

Additional issue: copyright law allows fair use

24

Passive vs Active Protection

25

MediaMax CD3 (SunnComm)

Goal Restrict use of music CD on computer

Method CD contains autorun file that causes Windows to

launch LaunchCD.exe, installs “SbcpHid” driver Driver prevents copying of restricted CDs

Failures LaunchCD.exe will not run on Linux On Windows: hold shift key while loading CD

Digital Millennium Copyright Act (DMCA) Forbids circumvention of copy protection mechanisms, and

circumvention tools and technologies

http://www.cs.princeton.edu/~jhalderm/cd3/

26

Sony XCP

CD contains copy protection softwareCopy protection software protected by rootkitRootkit detected by RootkitRevealer

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

27

Content protection via encryption

Basic idea: Content distributor encrypts content before releasing it

Release: C = EK[content]

Decryption key embedded in all players. Player will only decrypt if policy is satisfied.

Note: cannot prevent copying after decryption User can probe bus to sound card Unlike watermarking: watermark is embedded in content

Propagates in cleartext copies of content

Problem: what if one pirate uses reverse engineering to expose global key k ??

28

Example: CSS

CSS: Content Scrambling System Used to protect DVD movies

Each DVD player manufacturer i has key Ki

Embed same key Ksony in all players from Sony. Every DVD movie M is encrypted as follows:

1. enc-content = EK[M] where K is a random key

2. EKsony[k] , EKphilips[K] , … About 400 manufacturer keys

29

Problems with CSS

DeCSS: Extracted key from Xing software player Could decrypt any DVD playable on the Xing player MPAA revoked Xing key: disabled all Xing players!

Bigger problem: Encryption algorithm in CSS is based on LFSR’s Very fast: video rate decryption on weak DVD player Very weak: given one manuf. key, can get all keys

30

Better revocation technique

Embed a distinct key in every player

Every node v has an associated key Kv.

Every player corresponds to leaf node.Key for player i: all keys on path from root to leaf i.

Players: i

31

Revocation

Initially Encrypt all content with key at root Any player can decrypt content.

When player i is revoked Encrypt content-key so only players other than i can

decrypt.

32

How to tell which player to revoke?

When pirate publishes single key on Internet, MPAA knows which keys to revoke.

What if pirate sells pirated players? How can MPAA tell which keys embedded in player?

Solution: Tracing systems can interact with player and determine how to revoke that player. How? Take crypto class…

33

Player

Digital Distribution Dream ( )

Artist Distributor Consumer

Package

Content Package

Content

Content

MoviesBooks Music

Secure network transactions

Software player

34

Digital rights management players

Distribute information in specific formatPlayer that knows this format controls action Control reading, playing, or copying content Guarantee payment in proportion to use

Count number of times content is used Transfer payment to distributor

No end run Must be impossible to use content without

player Player must be tamper resistantProblem: Computer files are easy to duplicate

Can software player on general-purpose computer achieve goals?

35

Two separate problems

Attaching rights and making authorization decisions

Enforcing decisions in a tamper-resistant software and hardware

36

DRM Reference ArchitectureRosenblatt, et

al.

Content ServerClient

License Server

Content repository DRM

packager

Encryption

Content

Metadata

Package

Encryption

Keys

Rights

License

Product informatio

n

Rights

Encryption keys

DRMcontroller

Rendering

application

Identity

Financial transaction

Identities

License generator

37

Windows Media Rights Manager

Input file .wav, .mp3, .avi

encode

Win Media file .wma, .wmv, .asf

Packaged Win Media file

Key ID, license acquisition URL

package

Web site, CD, email message,

etc License Rights

license URL

Packaged Windows Media

file

Content owner Distributor License

issuer

Windows Media License Service

Packager

Consumer (player)

38

WindowsKey and License Management

39

XrML Summary

Vocabulary Principals: Alice, Bob Resources: movie, picture, song Rights: play, edit, print Properties: manager, employee, trusted

Licenses and grants license ::= (grant, principal)

Principal p issues/says grant g grant ::= ∀x1…∀xn (cond → conc)

If cond holds, then conc holds conc ::= Pr(p) | Perm(p, r, s)

Pr(p) means principal p has property Pr Perm(p, r, s) means p is permitted to exercise right r

over resource s

40

HDCP, Secure Audio Path

High-bandwidth Digital Content Protection HDCP is a specification developed by Intel

Corporation to protect digital entertainment content across the DVI/HDMI interface

http://www.digital-cp.com/home

41

FreeMe – breaks Windows Media RM

http://www....com/crypt/drm/freeme/README The software distributed with this README file removes

content protection from any Windows Media Audio file (.wma file) that uses DRM version 2 (as implemented in Windows Media Player version 7). …

http://www...com/crypt/drm/freeme/Technical This document describes version 2 of the Microsoft Digital

Rights Management (MS-DRM), as applied to audio (.wma files). The sources for this material are varied ...

The basic components of MS-DRM involve use of elliptic curve cryptography (ECC) for public key cryptography, DES for a block cipher, RC4 for a stream cipher, and SHA-1 for a hash function. There is also a block cipher which I haven't seen before, used in the MS-DRM system to build a MAC, or keyed hash function.

42 Q: Will users download “fix” if only player needs upgrade? (DRM threat model)

43

Further details Implementation Details: It is imperative to execute the following steps to neutralize the Freeme software breach…

1. Update the Content Header This procedure is performed by the organizations that package content. In this step the content packager will add an attribute … to the header of the protected Windows Media file.

2. Update the License Server(s) Each license issuer must update its license server configuration to ensure that:

It does not issue licenses to users who have the compromised security component on their PCs

It can issue licenses to users who have updated the security component on their PCs.

NOTE: if the license server is not updated (with the steps above) and an updated client (a client that has been updated with the new security component) makes a request to the license server, the license server will fail and generate an error to the client.

3. Trigger update of the new security component on the server side This step updates the license server so it can detect the version number of the DRM security component that is making the license request, and redirect it to an upgrade Web page if the security component version is less than "2.2.0.1".

http://www.microsoft.com/windows/windowsmedia/forpros/drm/freeme.aspx

44

Continuing controversy over DRM…

45

Microsoft Office Rights Management

46

Apple’s FairPlay Technology

Restricts playing, recording, sharing of files Allows media to be shared among devices Allows others to listen to (but not copy) music Can burn audio CD, eliminates DRM protection

How it works (overview) iTunes uses encrypted MP4 audio files Acquire decryption key by trying to play song

player generates a unique ID, sends ID to iTunes server if not over authorization limit, server sends decryption

key Decryption key is encrypted in iTunes to prevent

transfer to another machine

47

iTunes Accounts and Authorizations

Prior to buying content from iTunes Store User creates an account with Apple's

servers and then authorizes a PC or Mac running iTunes

iTunes creates a globally unique ID for device, sends to server, assigned to user's iTunes account

Five different machines can be authorized.

www.roughlydrafted.com/RD/RDM.Tech.Q1.07/...

48

Buying and playing songs

When a user buys a song A user key is created for the purchased file Encrypted using master key included in protected song file Master key encrypted with user key, held by iTunes and server

Playing a song iTunes does not need to connect to server iTunes has keys for all tracks in its library

49

Additional user devices

When a new computer is authorized it generates a globally unique ID number Stores ID on Apple server (up to 5 devices) Server sends new machine entire set of user keys for

all the tracks purchased under the account

50

Cracking iTunes

Discovered attacks while building iTunes client for Linux: QTFairUse grabs song data

After unlocked and uncompressed by iTunes, dumps raw stream into container file,

VLC media player, PlayFair, Hymn, JHymn intercept unlocked but not yet uncompressed song files,

creating a small, ready to play, unencrypted AAC file. PyMusique, a Linux client for the iTunes Store

requests songs from Apple servers and downloads them without locking them

FairKeys simulates iTunes client requests a user keys from server, unlocks purchased songs

“DVD John”

51