Table Of ContentDigital Rights Management for
Personal Networks
Imad Mahmoud Aref Abbadi
Technical Report
RHUL–MA–2008–17
4 June 2008
Department of Mathematics
Royal Holloway, University of London
Egham, Surrey TW20 0EX, England
http://www.rhul.ac.uk/mathematics/techreports
Royal Holloway
University of London
Digital Rights Management
for Personal Networks
by
Imad Mahmoud Aref Abbadi
Thesis submitted to the University of London
for the degree of Doctor of Philosophy
Information Security Group
Royal Holloway, University of London
2008
Declaration
These doctoral studies were conducted under the supervision of Prof. Chris
Mitchell.
The work presented in this thesis is the result of original research carried out by
myself, in collaboration with others, whilst enrolled in the Information Security
Group as a candidate for the degree of Doctor of Philosophy. This work has
not been submitted for any other degree or award in any other university or
educational establishment.
Imad Mahmoud Aref Abbadi
2 Jun 2008
2
Abstract
The thesis is concerned with Digital Rights Management (DRM), and in particu-
lar with DRM for networks of devices owned by a single individual. This thesis
focuses on the problem of preventing illegal copying of digital assets without
jeopardising the right of legitimate licence holders to transfer content between
their own devices, which collectively make up what we refer to as an authorised
domain.
An ideal list of DRM requirements is specified, which takes into account the
points of view of users, content providers and copyright law. An approach is
then developed for assessing DRM systems based on the defined DRM require-
ments; the most widely discussed DRM schemes are then analysed and assessed,
where the main focus is on schemes which address the concept of an authorised
domain. Based on this analysis we isolate the issues underlying the content
piracy problem, and then provide a generic framework for a DRM system ad-
dressing the identified content piracy issues. The defined generic framework has
been designed to avoid the weaknesses found in other schemes.
The main contributions of this thesis include developing four new approaches
that can be used to implement the proposed generic framework for managing
an authorised domain. The four novel solutions all involve secure means for cre-
ating, managing and using a secure domain, which consists of all devices owned
by a single owner. The schemes allow secure content sharing between devices
in a domain, and prevent the illegal copying of content to devices outside the
domain. In addition, each solution incorporates a method for binding a domain
to a single owner, ensuring that only a single consumer owns and manages a
domain. This enables binding of content licences to a single owner, thereby
limiting illicit content proliferation.
In the first solution, domain owners are authenticated using two-factor authenti-
cation, which involves “something the domain owner has”, i.e. a master control
device that controls and manages consumers domains, and binds devices joining
a domain to itself, and “something the domain owner is or knows”, i.e. a bio-
metric or password/PIN authentication mechanism that is implemented by the
master control device. In the second solution, domain owners are authenticated
using their payment cards, building on existing electronic payment systems by
ensuring that the name and the date of birth of a domain creator are the same
for all devices joining a domain. In addition, this solution helps to protect con-
sumers’ privacy; unlike in existing electronic payment systems, payment card
details are not exposed to third parties. The third solution involves the use
of a domain-specific mobile phone and the mobile phone network operator to
3
authenticate a domain owner before devices can join a domain. The fourth so-
lution involves the use of location-based services, ensuring that devices joining
a consumer domain are located in physical proximity to the addresses registered
for this domain. This restricts domain membership to devices in predefined geo-
graphical locations, helping to ensure that a single consumer owns and manages
each domain.
4
Acknowledgements
I would like to thank my supervisor Prof. Chris Mitchell for his supervision, help,
support, and encouragement. I am grateful to Prof. Ahmad-Reza Sadeghi, Dr.
Jason Crampton and Prof. Peter Wild for their useful discussion and comments.
I would also like to thank Associated Newspapers for partially funding my re-
search, and providing me with all the required resources, flexible working pat-
terns, and time off to study that has enabled me to have a full time job and
simultaneously complete a research degree.
I would like to thank my parents, who have always encouraged and supported
me. Finally, I want to thank my wife for her support and patience throughout
the time I have worked on this thesis, as it would have been impossible, without
her help, to have a family, a full time job, and engage in full time study at the
same time.
5
Contents
1 Introduction 18
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.2 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.3 Organisation of the Thesis . . . . . . . . . . . . . . . . . . . . . . 21
2 Security Services and Mechanisms 23
2.1 Security Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.2 Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.3 Security Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.3.1 Cryptographic Hash Function . . . . . . . . . . . . . . . . 25
2.3.2 Symmetric Cryptography . . . . . . . . . . . . . . . . . . 26
2.3.3 Asymmetric Cryptography . . . . . . . . . . . . . . . . . 27
2.3.4 Nonces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.3.5 Process Isolation . . . . . . . . . . . . . . . . . . . . . . . 29
2.4 Public Key Infrastructures . . . . . . . . . . . . . . . . . . . . . . 29
3 Trusted Computing and DRM 31
3.1 The Importance of Trusted Computing . . . . . . . . . . . . . . . 32
3.2 Trusted Computing and DRM . . . . . . . . . . . . . . . . . . . . 33
3.3 Trusted Computing Group . . . . . . . . . . . . . . . . . . . . . . 34
3.4 Trusted Platform Module . . . . . . . . . . . . . . . . . . . . . . 35
6
CONTENTS
3.5 Establishment of Trust . . . . . . . . . . . . . . . . . . . . . . . . 38
3.6 Roots of Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.7 Integrity Reporting and Verification . . . . . . . . . . . . . . . . 40
3.8 Challenges in TCG Specifications . . . . . . . . . . . . . . . . . . 42
3.9 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4 Fundamentals of Digital Rights Management 45
4.1 What is DRM? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
4.2 DRM Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
4.3 DRM Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
4.4 Rights Expression Languages . . . . . . . . . . . . . . . . . . . . 51
4.5 DRM System Requirements . . . . . . . . . . . . . . . . . . . . . 52
4.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5 Authorised Domain Content Protection Systems 57
5.1 Analysis of Existing Schemes . . . . . . . . . . . . . . . . . . . . 58
5.1.1 OMA DRM . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.1.2 eXtensible Content Protection (xCP) . . . . . . . . . . . . 63
5.1.3 SmartRight . . . . . . . . . . . . . . . . . . . . . . . . . . 67
5.1.4 Apple Fairplay . . . . . . . . . . . . . . . . . . . . . . . . 73
5.1.5 DRM in a 3G Mobile Phone and Beyond . . . . . . . . . 77
5.1.6 DRM Security Architecture for Home Networks . . . . . . 81
5.2 Content Piracy Problem Definition . . . . . . . . . . . . . . . . . 87
5.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6 Authorised Domain Management Framework 91
6.1 Authorised Domain Concept . . . . . . . . . . . . . . . . . . . . . 92
6.2 Domain Device Requirements . . . . . . . . . . . . . . . . . . . . 93
6.3 Using TCG-conformant Devices . . . . . . . . . . . . . . . . . . . 96
7
CONTENTS
6.4 Role Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
6.5 General Framework . . . . . . . . . . . . . . . . . . . . . . . . . . 101
6.5.1 Domain Establishment . . . . . . . . . . . . . . . . . . . . 102
6.5.2 Adding a Device to a Domain . . . . . . . . . . . . . . . . 102
6.5.3 Removing a Device from a Domain . . . . . . . . . . . . . 103
6.5.4 Exchanging Content . . . . . . . . . . . . . . . . . . . . . 104
6.5.5 Backup and Recovery . . . . . . . . . . . . . . . . . . . . 107
6.6 Discussion and Analysis . . . . . . . . . . . . . . . . . . . . . . . 107
6.6.1 Controlling Content Sharing . . . . . . . . . . . . . . . . . 107
6.6.2 Controlling Domain Membership . . . . . . . . . . . . . . 109
6.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
7 Authorised Domain Management using a Master Control De-
vice 111
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
7.2 The Master Control Device . . . . . . . . . . . . . . . . . . . . . 113
7.3 Process Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
7.3.1 Domain Establishment . . . . . . . . . . . . . . . . . . . . 114
7.3.2 Adding a Device to a Domain . . . . . . . . . . . . . . . . 115
7.3.3 Removing a Device from a Domain . . . . . . . . . . . . . 119
7.3.4 Exchanging Content . . . . . . . . . . . . . . . . . . . . . 120
7.3.5 Backup and Recovery Procedure . . . . . . . . . . . . . . 122
7.4 Controlling Domain Membership . . . . . . . . . . . . . . . . . . 128
7.5 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
7.5.1 Security Threats . . . . . . . . . . . . . . . . . . . . . . . 129
7.5.2 Security Services and Mechanisms . . . . . . . . . . . . . 131
7.6 Implementing the Protocols Using Trusted Computing . . . . . . 134
7.7 Methods of User Authentication . . . . . . . . . . . . . . . . . . 136
8
CONTENTS
7.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
8 Authorised Domain Management Using an Electronic Payment
System 141
8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
8.2 System Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
8.2.1 Trusted Authority . . . . . . . . . . . . . . . . . . . . . . 144
8.2.2 Payment Cards and Banks . . . . . . . . . . . . . . . . . 145
8.3 Process Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
8.3.1 Domain Establishment . . . . . . . . . . . . . . . . . . . . 147
8.3.2 Adding a Device to a Domain . . . . . . . . . . . . . . . . 150
8.3.3 Removing a Device from a Domain . . . . . . . . . . . . . 153
8.3.4 Exchanging Content . . . . . . . . . . . . . . . . . . . . . 154
8.3.5 Backup and Recovery Procedure . . . . . . . . . . . . . . 154
8.4 Controlling Domain Membership . . . . . . . . . . . . . . . . . . 154
8.5 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
8.5.1 Security Threats . . . . . . . . . . . . . . . . . . . . . . . 156
8.5.2 Security Services and Mechanisms . . . . . . . . . . . . . 157
8.6 Implementing the Protocols Using Trusted Computing . . . . . . 159
8.7 Alternative Implementations . . . . . . . . . . . . . . . . . . . . 159
8.8 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
8.9 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
9 Authorised Domain Management Using a Mobile Phone 162
9.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
9.2 General Authentication Architecture . . . . . . . . . . . . . . . . 165
9.3 System Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
9.4 Process Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
9.4.1 Initialisation Procedure . . . . . . . . . . . . . . . . . . . 169
9
