Digital Rights Management – the other way around
Transcription
Digital Rights Management – the other way around
Digital Rights Management – the other way around Virtual Goods 2003 Prof. Dr.-Ing. Karlheinz Brandenburg TU Ilmenau, Institut für Medientechnik Fraunhofer IIS, Arbeitsgruppe Elektronische Medientechnologie Ilmenau [email protected] Prof. Dr. Karlheinz Brandenburg, [email protected] Page 1 Fraunhofer Institut Integrierte Schaltungen Overview Prof. Dr. Karlheinz Brandenburg, [email protected] • mp3 and the music industry: early experiences • Early DRM systems • Parts of the technology puzzle • What does not work ? • “the other way around”: • Conclusions Page 2 Fraunhofer Institut Integrierte Schaltungen LWDRM MP3 and the Digital Distribution of Music MP3 and the music industry Early DRM systems SDMI Prof. Dr. Karlheinz Brandenburg, [email protected] Page 3 Fraunhofer Institut Integrierte Schaltungen MP3: What it did to music on computers Prof. Dr. Karlheinz Brandenburg, [email protected] • With the arrival of MP3 encoding/decoding – 12 times more storage of music on computers – 12 times more music on a CD-ROM – cut download time of music by 12 • 1996/1997: students discover MP3 – several decoders are written – Web servers with pirated content pop up – June 97: The RIAA closes down three web sites and gets nation wide press coverage: – more pirated material, more usage of MP3 Page 4 Fraunhofer Institut Integrierte Schaltungen MP3 proliferation: A little bit of history Prof. Dr. Karlheinz Brandenburg, [email protected] • 1998: – The first flash memory based mp3 player shows up: The Saehan mpman – Diamond buys a company with rights to the design (the original developers of the mpman) – RIAA gives nation wide advertisement for the Diamond Rio by unsuccesfully trying to stop the sale via court orders • 1999: – Thomson licensing moves to San Diego – RealNetworks, Apple etc. license mp3 – Jukebox applications attract millions of users – 96 kbit/s free distribution is added as a business model – The RIAA announces the SDMI • 2002: – Music industry announces big drop in turnover Page 5 Fraunhofer Institut Integrierte Schaltungen Early DRM systems Did anybody ever think of “secure mp3” ? Prof. Dr. Karlheinz Brandenburg, [email protected] • 1995: MODE-consortium • Ricky Adar: “destroy the music industry” ? • mmp and other early systems – Secure envelope technology – Simple cryptografic methods – Low complexity – Simple key management • • Liquid Audio Intertrust Page 6 Fraunhofer Institut Integrierte Schaltungen SDMI (Secure Digital Music Intitiative) Prof. Dr. Karlheinz Brandenburg, [email protected] • Set up by RIAA, IFPI, RIAJ to establish a legal alternative to MP3 with no protection • 100s of companies from – music industry (record labels) – IT industry – CE industry – research labs • Short track – PDWG, looking for portable devices spec until June 30th., 1999: not enough interoperability • Work since July, 1999 – Screening (for keeping illegal files out) – Decision against interoperability (!! • Summer of 2001: SDMI goes dormant Page 7 Fraunhofer Institut Integrierte Schaltungen The Technology Puzzle Authentication Secure Envelope Technologies Watermarking Prof. Dr. Karlheinz Brandenburg, [email protected] Page 8 Fraunhofer Institut Integrierte Schaltungen Overview of Current Technologies Prof. Dr. Karlheinz Brandenburg, [email protected] • Authentication – Maintain the integrity of data by calculating hash sums etc. – Proof of identity via public key kryptography • Scrambling / Encryption – Modify the content to enable replay only if the correct decoding key is applied • Watermarking – Hide data in the audio signal itself – Can survive manipulation of the audio signal • Identification – Recognize music tracks even if modified/edited Page 9 Fraunhofer Institut Integrierte Schaltungen Protection by Authentication Prof. Dr. Karlheinz Brandenburg, [email protected] • Secure hash sums (e.g. MD5) are already in widespread use • Hash sums can be used to – show the integrity of a file – secure header information from tampering – find hints that unauthorized compression / decompression has happened • Copyright protection by authenticated header (for example Liquid Audio Genuine Music Mark) – Maintain compatibility with equipment playing unprotected content (e.g. .mp3) – User friendly, but not secure Page 10 Fraunhofer Institut Integrierte Schaltungen Secure Envelope Technologies Prof. Dr. Karlheinz Brandenburg, [email protected] • Modify the music in a way that only users with the right key have an undisturbed listening experience • Normal method: – scramble the compressed bit stream – only the right key gives the right descrambling • Fraunhofer Audio Scrambling: – scramble the signal but maintain decodability – gives a degrades preview if not descrambled • A number of secure envelope systems have been developed by: – Cerberus, A2B (AT&T), Liquid Audio, Fraunhofer, Intertrust, IBM, Sony, Microsoft etc. Page 11 Fraunhofer Institut Integrierte Schaltungen Security issues for scrambling technologies • • • • • • Prof. Dr. Karlheinz Brandenburg, [email protected] The presence of a master key would be a single point of failure Encryption technology may be needed: Export / usage restrictions may apply Simple encryption might be broken easily on tommorows computers Advanced encryption may add too much complexity to a system Moving music to a different system can imply decryption / encryption, putting the full technology on the users premises None of the systems described above has been broken yet Page 12 Fraunhofer Institut Integrierte Schaltungen Watermarking Prof. Dr. Karlheinz Brandenburg, [email protected] • Embed a (hopefully) inaudible / invisible signal into the audio • Perceptual encoding tries to transmit only the audible parts of a signal: – Watermarking lives only in the space left by less than ideal perceptual encoding • Spread spectrum techniques: – Derived from secure communications technology – Recover a signal from below the noise level – Susceptible to time domain modifications (wow & flutter, resampling etc.) – Can be combined with perceptual models Page 13 Fraunhofer Institut Integrierte Schaltungen Example of Watermark Insertion Audio Signal Source Masking Model Watermark Source Prof. Dr. Karlheinz Brandenburg, [email protected] Modulation Adaptive Filter Page 14 Fraunhofer Institut Integrierte Schaltungen Watermarked Audio Signal Watermark testing Prof. Dr. Karlheinz Brandenburg, [email protected] • Tests have been done by – MUSE project (coordinated by IFPI) – 4C companies for DVD audio – SDMI for update trigger and screening • Audibility tests: – Different music has different capability to carry watermarks without audibility – Inaudibility needs advanced perceptual models • Robustness tests: – Does the watermark survive signal modifications ? – Does the watermark survive attempts to erase it (malicious attacks) ? • Results have been positive (for SDMI criteria) • Malicious attacks are possible (Felten) Page 15 Fraunhofer Institut Integrierte Schaltungen Example of Watermark Detection Audio in whitening filter bandfilter low pass AGC ejwt FAIL No peak detection decimation Yes OK Prof. Dr. Karlheinz Brandenburg, [email protected] Page 16 Fraunhofer Institut Integrierte Schaltungen matched filter Watermarking for Access Control Prof. Dr. Karlheinz Brandenburg, [email protected] • Main idea: Screen all content entering the protected domain • Requirements for watermark based access control: – Needs watermark insertion on (nearly) all music – Needs standardized watermark technology • Attack scenarios: – Knowledge about the algorithm makes malicious attacks easier – Reissue of backlog content with watermark enables collusion attacks (isolate the watermark from the music) • The DVD video security breach (DECSS) has shown the problem of security systems with single points of failure Page 17 Fraunhofer Institut Integrierte Schaltungen Watermarking to trace illegal copies Prof. Dr. Karlheinz Brandenburg, [email protected] • Watermark contains information about origin / distribution information for the music • Use the watermark for forensic purposes only: find watermark if tampering / illegal copying is suspected • No need to standardize the watermark, new technical advances can be introduced at any time • No need to design the watermark for low decoding complexity • Give watermark decoding technology only according to "need to know" • Security is much higher than in the screening scenario Page 18 Fraunhofer Institut Integrierte Schaltungen Transactional Watermarking Prof. Dr. Karlheinz Brandenburg, [email protected] • Insert watermark "on the fly", onto the compressed signal • Watermark can be detected like other watermarks – even after D/A-A/D or signal modification – even after another round of compression / decompression • Watermark contains info on the vendor and/or customer of an EMD transaction • Transactional watermarking can be done for popular compression schemes like .mp3 or MPEG-2 Advanced Audio Coding (AAC) Page 19 Fraunhofer Institut Integrierte Schaltungen Requirements for Successful Systems or: what does not work ? Prof. Dr. Karlheinz Brandenburg, [email protected] Page 20 Fraunhofer Institut Integrierte Schaltungen Less successful systems: Prof. Dr. Karlheinz Brandenburg, [email protected] • Liquid Audio: money back to shareholders • a2b: no business • Intertrust: sold to Philips/Sony • IBM EMMS: used for promotion • Sony: got blasted by the press for SDMI conformance • Pressplay and the like: not really business Page 21 Fraunhofer Institut Integrierte Schaltungen Survivors: Prof. Dr. Karlheinz Brandenburg, [email protected] • Deutsche Telekom MOD – Reappiered as popfile.de • Emusic, mp3.com etc. – Not big business, but still around • Apple – The first big success ! Page 22 Fraunhofer Institut Integrierte Schaltungen Strategy to fight Internet Piracy Prof. Dr. Karlheinz Brandenburg, [email protected] • Education about copyright protection issues • Help legal distribution chains and legal applications • Establish a legal alternative – seamless security – advantages for the consumer: access to more music, better quality, longer playing time (possible with AAC) • Hunt down illegal music distribution sites. Page 23 Fraunhofer Institut Integrierte Schaltungen Requirements for successful applications: Prof. Dr. Karlheinz Brandenburg, [email protected] • Ease of use: – work everywhere, on all equipment = interoperability • Add value: – digital is more than just the same product add-on text / pictures / video / special sale etc. • Make illegal use more difficult – enough copy protection to make piracy a conscious decision Page 24 Fraunhofer Institut Integrierte Schaltungen User expectations Prof. Dr. Karlheinz Brandenburg, [email protected] • For – – – – personal use, music (on Redbook CD) can be moved (from home stereo to the car) copied (for example to tape) shared between family members lent to my best friend • All compliant CDs play on all equipment with the same physical form factor (interoperability) • Current technology (mp3) allows all of the above • Secure Electronic Music Distribution (EMD) has to meet these expectations Page 25 Fraunhofer Institut Integrierte Schaltungen Who compromises security ? Avoid piracy via Who are the pirates ? Warez scene etc. („hacker“) Hobbiest pirates Average people who sometimes copy Prof. Dr. Karlheinz Brandenburg, [email protected] Page 26 Fraunhofer Institut Integrierte Schaltungen Law enforcement Pirates who try to earn some money Technical means unauthorized distributors Thoughts • Might “less than maximum security” be still enough ? • Isn’t usability the more deciding property of a system ? Our answer: YES • Prof. Dr. Karlheinz Brandenburg, [email protected] Better usability removes reasons to get around the security measures Page 27 Fraunhofer Institut Integrierte Schaltungen Leight Weight Digital Rights Management LWDRM® • A new approach: – Look at the user requirements – Still provide some security against unauthorized use „Keep honest people honest“ Basic idea Prof. Dr. Karlheinz Brandenburg, [email protected] • Publishing is allowed if I show that I am responsible by signing • Unsigned content stays local (only playable locally) Page 28 Fraunhofer Institut Integrierte Schaltungen Implementation 2 formats • Secure, locally bound content – Bound to local equipment (PC etc.) – Encrypted with public key • Signed format – Can be played everywhere – Encrypted using the private key of the publisher (user) – Containes certificate of the user including public key – Private key and certificate are provided by some certification authority Prof. Dr. Karlheinz Brandenburg, [email protected] Page 29 Fraunhofer Institut Integrierte Schaltungen Properties Open standards Security Prof. Dr. Karlheinz Brandenburg, [email protected] • Data format compliant to: ISO Media File Format • Coding: MPEG-4 • Encryption: RSA, AES, ISMACryp • Does not inhibit copying, but reduces large scale unauthorized distribution • Certificate contains information about the user • Certificate contains keys for decryption • Watermark as second line of defense Page 30 Fraunhofer Institut Integrierte Schaltungen Profiles of LWDRM (1/5) Player Profile Prof. Dr. Karlheinz Brandenburg, [email protected] • Different profiles defined for replay, signing, authoring and conversion • Different profiles for different requirements of users and content providers • Does everything to play content according to LWDRM Inhalten • Needed for all equipment playing LWDRM • No certification of individual players necessary Page 31 Fraunhofer Institut Integrierte Schaltungen Profiles of LWDRM (2/5) Local Profile Prof. Dr. Karlheinz Brandenburg, [email protected] • Produces content which is just locally usable (secure, bound to local system) • No registration with certification authority necessary • This is the “test version” for new users, does not really fulfill our usability requirements Page 32 Fraunhofer Institut Integrierte Schaltungen Profiles of LWDRM (3/5) Signing Profile Prof. Dr. Karlheinz Brandenburg, [email protected] • Create signed format • Convert content from locally bound to signed (portable) format (possibly after buying a license to do so) • Only possible with valid certificate from certification authority (registration mandatory) • Content in signed format plays on all equipment Page 33 Fraunhofer Institut Integrierte Schaltungen Profiles of LWDRM (4/5) B2C Distribution Profile Prof. Dr. Karlheinz Brandenburg, [email protected] • Secure distribution of content, this is the profile for content providers • Independent of distribution chain • On the computer of the customer, content first is locally bound and encrypted • Encryption using the public key of the target PC (PC of the customer) • If allowed, conversion to signed media format (using the Signing Profile) is possible: content then playable everywhere Page 34 Fraunhofer Institut Integrierte Schaltungen Profiles of LWDRM (5/5) C2C Distribution Profile Prof. Dr. Karlheinz Brandenburg, [email protected] • Another option for users: Allows secured passing on of content (without risk) to less trustworthy friends • Content is passed as locally bound to the target computer • Encryption using public key of the target computer • Conversion requires additional license from the content provider Page 35 Fraunhofer Institut Integrierte Schaltungen Summary: LightWeight DRM (LWDRM) Prof. Dr. Karlheinz Brandenburg, [email protected] • No blocking of access to files • Enforcement like speeding rules: Everybody does it, but you may be caught, so people are cautious. • Like license plates, you have to identify yourself • Done via – Mandatory registration for tools allowing publishing – Put info about the publisher into digital content – Put info additionally into analog content (e.g. via watermarking) Page 36 Fraunhofer Institut Integrierte Schaltungen Conclusions: Prof. Dr. Karlheinz Brandenburg, [email protected] • Secure distribution using traditional secure envelope techniques faces user acceptance problems • Needed in the future: – Education of customers – Invisible security • One solution: do it “the other way around” • Less security seems to become acceptable to some in the media industry • I would like to have a crystal ball: What future is ahead ? Maximum security ? Page 37 Fraunhofer Institut Integrierte Schaltungen Sicherheit durch Lizenz (1/2) Lizenz • Trägt u.a. Information über Nutzungsrecht – Nur für privaten Gebrauch, d.h. nicht für Verteilung auf Tauschbörsen – Allgemeine Verteilung erlaubt Lizenzvergabe Prof. Dr. Karlheinz Brandenburg, [email protected] • Von einem Inhalteanbieter bei Kauf eines Titels • Von einer zentralen Instanz für Künstler zur allgemeinen Freigabe ihrer Titel Page 38 Fraunhofer Institut Integrierte Schaltungen Sicherheit durch Lizenz (2/2) Auswirkung Vorteile Prof. Dr. Karlheinz Brandenburg, [email protected] • P2P Software kann angepasst werden, dass Lizenz ausgewertet wird • Kein Tausch von Stücken, die nicht allgemein freigegeben sind • Bessere Akzeptanz von P2P Netzwerken von Seiten der Inhalteanbieter • Hersteller von P2P Software müssen keine rechtlichen Maßnahmen fürchten Page 39 Fraunhofer Institut Integrierte Schaltungen Gründe für den Einsatz von LWDRM Für Benutzer • Neue Möglichkeiten und bessere Qualität • Berücksichtigt die Belange der Benutzer Für Systemhersteller Plattformunabhängig • Einfach und erweiterbar Für Inhalteanbieter • Ermöglicht die großflächige Einführung von gesichertem Inhalt • Gewöhnt Benutzer an DRM durch Verwendung gemischter Inhalte Prof. Dr. Karlheinz Brandenburg, [email protected] Page 40 Fraunhofer Institut Integrierte Schaltungen