A practical approach to impede key recovery and piracy in Digital Rights Management System (DRM) (original) (raw)
Related papers
A secure and traceable E-DRM system based on mobile device
Expert Systems with Applications, 2008
In recent years, intellectual property violation events have caused enterprise to respect digital content protection. Illegal copying digital content abuses become a serious problem. Because the mobile devices are more portable and individualized than personal computers, anyone can access the network resources at anytime from anywhere. However, valuable digital contents without proper protection make the content vulnerable to unauthorized copying, modification and redistribution , causing revenue losses to service providers. Thus, constructing an effective Digital Right Management (DRM) system has become an important issue. On the basis of the mobile device, we propose an efficient digital rights management protocol. We apply symmetrical cryptosystem, asymmetrical cryptosystem, digital signature and one-way hash function mechanisms in our scheme. To overcome * Corresponding author.
International Journal of Electronic Security and Digital Forensics, 2019
As the internet makes data transmission easy and fast, digital contents of all kinds can be spread all over the world at a shocking speed. Along with such amazing swiftness and convenience, however, modern computer and communication technologies have also brought various kinds of issues associated with digital rights management. Digital rights management (DRM) systems are access control technologies used to restrict the use, modification, and distribution of proprietary hardware and copyrighted works. Now, in view of modern people's heavy dependence on their mobile devices, we consider it a good idea to design a DRM scheme on the basis of elliptic curve cryptography (ECC). In this paper, we shall review Amin et al.'s (2016) scheme and point out some security weaknesses we have found. Then, with the security flaws mended, we shall propose an improved ECC-based protocol for DRM that is especially suitable for applications on mobile devices.
Software: Practice and Experience, 2017
With the rapid development of technology, digital multimedia has been widely utilized. Access of multimedia contents has become a daily routine. Although multimedia brings ease and convenience for content sharing, it also makes piracy more feasible. For example, it is easy to upload a copyrighted video to YouTube without the owners' permission. Authors and merchants are very much in need of protecting their intellectual property and commercial profits. Digital right management (DRM) systems are provided to fulfill this desire. DRM is a collection of techniques used to control access to copyrighted materials. Because current enterprise DRM solutions are not allowed for customized modification, they cannot fit in our considered scenario perfectly. As a result, we propose a secure DRM system with a design based on user demands, where a consumer can access contents only on authenticated devices until the authorization expires. Our DRM scheme involves a series of robust cryptosystems including AES, SHA-256, and RSA. Applications as DRM agents are implemented on Windows, Mac OS, Android, and iOS platforms. Moreover, we modularized the DRM components for easy extension and integration. For better performance on low-end devices, parameters of encryption are introduced, namely, the key size and the encryption density. We addressed the mask shift problem caused by random access and implemented the device identifier acquirement. The DRM system also proved to have high security and good performance in our analysis. Copyright
A secure mobile DRM system based on cloud architecture
Computer Science and Information Systems, 2014
Public cloud architecture offers a public access software service. Users can login to access the cloud resources via various devices. The main advantage of the SaaS (Software as a Service) cloud service is that it supports different software and devices, in order to open web browsers, to authenticate the users through the standard format. E-books are protected by digital rights management (DRM), and users can use mobile devices to read them. However, the users' identity need to be authenticated or the communication between the user and the cloud server will be at risk. The processes by which users submit their proof of identity to the cloud needs to be protected. In this paper, information security can be achieved efficiently via cloud server architecture and a cryptography mechanism. The proposed scheme focuses on using a mobile device to access the cloud service. The DRM mechanisms can protect digital content; once the mobile users pass the authentication they can access the c...
A system for digital rights management using key predistribution
International Conference on Multimedia Computing and Systems/International Conference on Multimedia and Expo, 2004
We propose a system for digital rights management (DRM) which facilitates large scale deployments of heterogeneous devices, manufactured by different vendors, to interact and authenticate with each other securely in order to ensure fairness of transactions. The proposed system allows for both pluggable (and transferable) security modules for end-user authentication and built-in (non-transferable) security modules for mutual authentication of compliant
We propose a secure content delivery system that is optimal for the P2P (Peer-to-Peer) network. Our proposed method is based on so-called separate delivery model, namely a peer can send encrypted content to the other peer over P2P network, and the other peer can decrypt the received content by use of the license information that is from the license administrator. An outstanding feature of our proposed method is that the license administrator only manages one master secret and only re-binds a content-key to the target peer on the request basis. Therefore, our proposed method is lightweight and scalable. Furthermore, for the purpose to show the feasibility, we have implemented a prototype system based on the proposed method. As the result of the evaluation, we show our proposed method is secure and practical.
Scenarios for Securing Content Delivery in the DRM Environment
In the DRM environment, content is usually distributed in an encrypted form. Typically, a secure encryption algorithm is utilized to accomplish such protection. However, executing this algorithm in an insecure environment may allow adversaries to compromise the system and obtain information about the decryption key. Keeping such a key secret is a major challenge for content distribution systems. We consider two solutions for securing content delivery. The first solution involves modifying the algorithm in such a way as to make implementation unintelligible. The second solution involves setting a buyer-seller protocol to communicate the key securely. In addition, the protocol can be set to achieve security for the content provider and privacy protection for user. This paper describes a study of these scenarios for DRM applications w.r.t securing content delivery.
DRM Mechanism without Third Party using System Verification Technique
International journal of engineering research and technology, 2015
The advance in computing and easy availability of technology has led to an increase in the consumption of digital content. It has also led to illegal replication and distribution of digital contents. This poses to huge threat to organizations dealing with highly confidential digital contents and could drastically affect its financial standing. Digital Rights Management (DRM) technologies aim to provide protection and secure distribution of the digital contents. The proposed DRM mechanism focusses on protecting and securing the distribution of digital content in a small organization. It aims to benefit the small organizations by providing security, privacy, accountability as well revocation of malicious users. It eliminates the need for third party by using the system details to provide controlled access and prevent illegal redistribution of the digital content. Various security layers have been proposed at each level that enhance the security of digital content and simultaneously ac...
Security and Communication Networks, 2015
Internet-based content distribution facilitates an efficient platform to sell the digital content to the remote users. However, the digital content can be easily copied and redistributed over the network, which causes huge loss to the right holders. On the contrary, the digital rights management (DRM) systems have been introduced in order to regulate authorized content distribution. Enterprise DRM (E-DRM) system is an application of DRM technology, which aims to prevent illegal access of data in an enterprise. Earlier works on E-DRM do not address anonymity, which may lead to identity theft. Recently, Chang et al. proposed an efficient E-DRM mechanism. Their scheme provides greater efficiency and protects anonymity. Unfortunately, we identify that their scheme does not resist the insider attack and password-guessing attack. In addition, Chang et al.'s scheme has some design flaws in the authorization phase. We then point out the requirements of E-DRM system and present the cryptanalysis of Chang et al.'s scheme. In order to remedy the security weaknesses found in Chang et al.'s scheme, we aim to present a secure and efficient E-DRM scheme. The proposed scheme supports the authorized content key distribution and satisfies the desirable security attributes. Additionally, our scheme offers low communication and computation overheads and user's anonymity as well. Through the rigorous formal and informal security analyses, we show that our scheme is secure against possible known attacks. Furthermore, the simulation results for the formal security analysis using the widely accepted Automated Validation of Internet Security Protocols and Applications tool ensure that our scheme is also secure.