Security 4 EMedia A CE perspective

1
Security 4 E-Media(A CE perspective)

• Jean-Paul Linnartz, Wim Jonker, Ton Kalker
• PACMan _at_ Philips Research

2
Overview

• Problem description
• Areas of research
• Cryptography
• DRM
• Watermarking
• Secure physics
• Biometrics
• Summary

3
The Issue

• Content distribution in the good old days
• Physical distribution (VHS, Records, Tape, )
• Unauthorized distribution
• Cumbersome
• Content degradation
• Unauthorized distribution intrinsically
  constrained!

4
The Issue

• Content distribution in the Internet age
• E-Media
• Cyber distribution
• Push of a button
• Pressplay, MusicNet, Rhapsody, iTunes,
• (Napster), KaZaa, WinMX, Gnutella,
• Perfect copies
• Copy equals original
• No intrinsic constraints on authorized
  distribution!

5
The Issue

• Content industry position
• We want to be paid for our creations
• KaZaa means theft catch the thief!
• IT industry position
• PC is open platform
• No interest in ineffective solutions
• Darknet paper
• Cycle-intensive solutions no problem
• CE industry position
• CE devices are closed and relatively cheap boxes
• Were talking amusement, not military secrets!
• Favor cheap solutions that raise the threshold

6
Darknet
The Darknet and the Future of Content
Distribution Peter Biddle, Paul England, Marcus
Peinado, and Bryan Willman Microsoft Corporation
1 Abstract We investigate the darknet a
collection of networks and technologies used to
share digital content. The darknet is not a
separate physical network but an application and
protocol layer riding on existing networks.
Examples of darknets are peer-to-peer file
sharing, CD and DVD copying, and key or password
sharing on email and newsgroups. The last few
years have seen vast increases in the darknets
aggregate bandwidth, reliability, usability, size
of shared library, and availability of search
engines. In this paper we categorize and analyze
existing and future darknets, from both the
technical and legal perspectives. We speculate
that there will be short-term impediments to the
effectiveness of the darknet as a distribution
mechanism, but ultimately the darknet-genie will
not be put back into the bottle. In view of this
hypothesis, we examine the relevance of content
protection and content distribution architectures.
7
The Issue

• Consumer position
• I want to be able to do what I did in the old
  days
• Copying
• Play anywhere, anytime.
• CDs are outrageously expensive Ill be more
  honest when prices are fair
• Social Issue
• There seems to be no common opinion on the notion
  of fair with respect to enjoying and using
  content.

8
CE Industry

• Consumer oriented
• High volumes and low margins
• DRM solutions should
• Be simple and cheap to license and implement
• Be simple to understand
• Be simple to use
• Be standardized and long lived
• Not give unfair advantage to competitors
• Restrict the consumer as least as possible

9
Technologies

• Cryptography
• Authentication, integrity, obfuscation
• DRM (models)
• Protocols and rules for exchanging and using
  content
• Watermarking
• Hidden messages (embedded signaling)
• Secure physics
• Secure physical primitives
• Biometry
• Unobtrusive identification and authentication

10
Cryptography

• Crypto on a diet
• Low power
• Mobile handsets
• RFID tags
• Fast
• DVD disk authentication and session key
  generation
• Few square millimeter
• Silicon area is money
• Few storage and other resources
• Device and Key Revocation Lists

11
Models

• Conceptually simple DRM models
• Your grandpa and/or grandma will be using it
• For the most part unobtrusive
• Experienced as fair (not never-copy by
  default)
• (SDMI failure)
• Authorized domains (AD)
• Virtual closed wall environments where content
  may flow and be used freely
• Households
• Fixed, mobile, wireless devices
• Clear and simple rules when migrating content
  from one AD to another AD

12
Legacy Devices

• Non at all devices
• Are capable of implementing DRM technology
• Analog devices / ports do not allow cryptographic
  solutions
• Will play by the rules of DRM technology
• PCs and software are known to vulnerable to
  attacks
• Important category Legacy devices
• Non-crypto solutions
• Imperceptible hidden messages in content, i.e.
  watermarking
• Robust (copy bits, forensic tracking)
• Fragile (integrity verification)

13
Watermarking
14
Watermarking

• Watermarking status quo
• Until recently a fairly heuristic affair
• The only known method for non-compliant devices
  ports.
• Watermarking quo vadis
• Quantitative modeling of watermark security
• Tools for watermark security analysis
• Integration with cryptography
• (FP6 Ecrypt)

15
Secure Physics

• Physical phenomena that replace or assist
  algorithmic security protocols, e.g.
• Hidden and/or non-copyable channels on optical
  media
• Address wobble on recordable DVD disk
• Physical one-way functions
• Light dispersion through plastic filled miniscule
  air-bubbles
• Visual cryptography
• Medium recognition
• Optical disk recognition (physical biometry)

16
Biometry

• Methods that move away from device-centric access
  of content to person-centric access of content
  and data
• No more smartcards and pin-codes!
• Interest in
• Unobtrusive methods
• Holding a mobile phone will unlock it (if
  authorized).
• Security of biometric data
• Just as banks do not have your pincode, you dont
  want a bank to have a copy of your fingerprint.

17
Summary

• Security and DRM is an active area of research in
  the CE industry.
• There is a strong focus to be consumer friendly
  (fair) and inexpensive
• Security goes beyond cryptography and also
  involves DRM modeling, watermarking, physics and
  biometry.