2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Dr. Tarek Gaber
Faculty of Computers & Informatics Suez Canal University , Ismailia, Egypt
andSRGE (www.scienceegypt.net)Email: [email protected]
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Before the digital era, one's ability to do various things with content were limited.
The Internet (digital age) makes it possible to nearly do anything with digital content.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Digital contents, e.g. Music, Movies, documents, are:
very easy and cheap to copy
Essentially no “resistance” from duplication
This led to:
Loss of billion dollars a year for world trade.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Cryptographic Techniques could help butnot enough
4
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Can content be protected even after its decryption?
Copying by persistent pirate would always be succeed.
Current technology can potentially minimize the scale of copying:
“keeping honest people honest”
Digital Rights Management (DRM)technologies can be help in this issue.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
It is a set of technologies (encryption, watermarking, hash function, signature, etc.) enabling content owners to identify and control:
the access to their content and
the conditions under which this access is given.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
DRM includes:
Persistent Protection: License to be always checked before using a content
Access tracking: Capability of tracking access to and operations on content
Rights licensing: Capability of defining specific rights to content and making them available by contract
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Government Agencies
• Interested in controlled viewing and sharing of highly secure and confidential documents, audio and video data.
Private Corporations
• Want to limit the sharing of their proprietary information
• Track accesses and any modifications made to it.
• E.g. news agencies like Reuters
Owners of commercial content
• Content owners, artists, and publishers want to gain revenue through sale and promotions
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
DRM can help to ensure companies that:
• Rights are tracked at consumption
• Access is controlled during production processes
• Protection for the content extends throughout product lifecycles
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
DRM can be integrated with content management (collection, managing, and publishing of information in any form or medium) to ensure: Proper business practices
Implementation of new business models
Compliance with regulatory requirements in industries such as financial services, healthcare, and government
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
The process of drafting a law is circulated among committee members (e.g. judges and lawyers).
Using DRM technology, this becomes a closed circulation.
Also, the drafting law is in a tamper-proof format, with print-only user-rights,
limited to a pre-determined timeframe, after which the draft is withdrawn and replaced by the final law.
The judges and lawyers can withdraw, alter, or grant permissions related to the content
at any time.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Systems should be able to update rights and usage as needed to accommodate new distribution models, E.g. allowing content to be accessed by to 2, 3, or 5 devices
Otherwise cost a lot of money and be a disincentive to customers.
DRM, in such case, can facilitate collaboration, by creating the ‘trusted environment’ by persistently protecting critical Intellectual Property (IP).
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Piracy, whether of software, music, images, or text, costs billions of dollars each year.
It takes time and resources to detect and deter theft.
This could lead to counterproductive to developing new business models for digital content.
DRM could also help to provide protection throughout the distribution and consuming of content.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Licensing The process of packaging and delivering protected
bits with un-forgeable terms of usage (“digital license”) useable only by authenticated user/environment
Enforcement The process of insuring that the use of the digital
work adheres to enumerated use, privacy and operating restrictions stated in a digital license
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Content is encrypted
So, unusable without authorization
Content license
Specifies authentication information, DRM client and OS.
Specifies usage/access control rules
Contains the “sealed” key for the content.
Content License 938473
Machine 02345 Running
Program 1 (with hash 0x7af33)
Can view Document 3332 on 2014-20-01
Sealed Key: 0x445635
Signed by ACCD Company
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
At initialization, Trusted Program says:
1. Isolate me from other rendering programs
2. Authenticate me
After Initialization completes successfully, Bob’s PC
1. Makes Private key available for use
When consuming content, Trusted Program:
1. Retrieves license and encrypted content file
2. Authenticates license by checking digital signature
3. Checks rule compliance (e.g. out-of-date)
4. Uses private key to unseal the content key
5. Decrypts and uses content within Trusted Program
Trusted ProgramAuthenticating Public Key
(“Root of Trust”)
0x7af33 PK: 8374505
Bob’s PC
Bob’s PC
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
License Server
Content License 938473
Machine 02345 Running
Program 1 (with hash 0x7af33)
Can view Document 3332
on 2014-20-01
Sealed Key: 0x445635
Signed ACCD Company
Machine License 83874
Machine 02345 Running
Program 1 (with hash 0x7af33)
Has access to a private key
Whose public key is 0x2231
Signed Microsoft
2) Response
Here’s your license
Customer benefits
Licenses can be used offline
Simple management of authorization (no central authority)
Very simple and flexible distribution (a server can distribute to “any” client)
1 2
Bob’s PC
1) Request
I want document 2346.
Here’s my Machine License
to show you can trust my
machine
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Each “rights expression” may specify a combination of rules such as:
what rights are available,
for whom,
for how many times,
within what time period,
under what access conditions,
for what fees,
within which territory, and
with what obligations,
Etc.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
• Mass Market Content• Books
• Audio
• Video
• Software
• Much more flexible use and better content
management
– But there are “Fair Use” and privacy concerns which
can be mitigated … maybe
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Library/archive
Roaming
“Active” content
Premium releases
Price discrimination
I hear it. I want it. I get it.
Lower manufacturing costs
More variety?
Most popular use of DRM
I don’t get it
Pay per view movies
Web distributedsongs
Ring tones
E-Books
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Windows Media Player Apple DRM Macrovision LexMark Xbox Sony Playstation
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Break Once Break Everywhere Degree of isolation
Transducer Problem
I/O Privacy and Interoperability Flexibility (transfer, etc)
Multiple devices
Multiple users
Migration User Control/Backup
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
• “Fair Use”• Monopoly “Lock-in”• Erosion of copyright in favor of “contracts”• Archive• “Information wants to be free”• Consumer expectations• severe licensing policies
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
It is essential for DRM systems to provide interoperable services.
DRM could enable a big amounts of new content to be made available in safe, open, and trusted environments.
DRM can be expected to be heavily used in the future to support
digital library collections,
code and software development,
distance education, and
networked collaboration, among other applications.
2e CONFÉRENCE -« Cybercriminalité & confiance numérique », Port-Saïd, Egypt., 19 June 2014
Thanks