DRM FOR USER GENERATED CONTENT AND P2P SCENARIOS

1
DRM FOR USER GENERATED CONTENT AND P2P SCENARIOS

• Daniel CatreinEricsson Research, Corporate Unit
  Ericsson GmbH, Eurolab Aachen, Germany

2
Overview

• Introduction
• Need for protection of User Generated Content
• DRM for UGC
• Scope of current DRM systems
• Protection of User Generated Content using OMA
  DRM 1.0
• Other alternatives OMA DRM 2.0
• Conclusions and Outlook

3
User Generated Content (UGC) Media content
produced by anyone

• Personal photo albums
• Content sharing sites
• User content paid downloads
• User-generated media
• Moblogs
• Social networking

4
Sharing User Generated Content

• Users shall have the freedom to decide with whom
  to share the content they created. Either with
• everyone or
• not everyone, but just
• a community,
• all their buddies or
• just a few friends.
• DRM provides the means to enforce this decision
• independent of the actually chosen content
  portal,
• from end-to-end and
• with a fine grained usage control.

5
Principles of DRM systems

• Media data are
• encrypted using symmetric cryptography (same key
  used for encryption and decryption)
• packaged into a special file format.
• This key is not bundled with content but rather
  packed into separate file called license or
  Rights Object (RO)
• ROs contains a description of the rights that the
  user has acquired to use the content, e.g., XML
  Rights Expression Language.
• User needs two different files to render the
  content
• the encrypted content file itself
• license/rights object containing key and rights
  description, giving access to the content.
• Value is not in the content the valuable asset
  is the RO

6
DRM System Architectures

• Examples of current DRM systems
• OMA DRM 1.0, 2.0/2.1
• Windows Media DRM
• Marlin DRM
• Scope
• Client-server and not person-to-person (P2P)
  scenarios
• Commonly not designed to support User Generated
  Content

Interface 2
Interface 1
Device
DRM Agent
RightsIssuer (RI)
Rights Object (RO)
Network
7
UGC and existing DRM systemsOMA DRM 1.0

• Overview
• Widely regarded as an entry level DRM
• Simple to implement
• Security / complexity tradeoff
• Widely supported in mobile phones
• gt 400 mobile phone models support OMA DRM 1.0
• virtually all new phones provide OMA DRM 1.0
• Three modes
• Forward Lock
• Combined Delivery
• Separate Delivery
• These three modes provide increasing levels of
  security.

OMA DRM 1.0
ContentIssuer (CI)
Device
DRM Agent
Content Rights Object (RO)
RightsIssuer (RI)
End user
8
P2P DRM for UGC

• Requirements
• Content protected and usage rights defined on the
  mobile
• Interoperability with / reuse of existing DRM
  systems
• Every device as possible recipient?
• Integrate into trust model of existing system
• Cope with different threat model

Interface 2
Interface 1
Interface 1
Device
Device
DRM Agent
DRM Agent
DRM content RO
Network
9
OMA DRM 1.0 for UGCForward Lock (FL) / Combined
Delivery (CD)
1
2
Sender
Receiver

• Generation of DRM Message (DM)
• Send MMS with DM

• P2P, e.g., MMS
• MMS sent between peers contains content and
  rights size restictions apply

10
OMA DRM 1.0 for UGCSeparate Delivery (SD)

• Encrypt content and generate DCF,Generate Rights
  Object (RO)
• Upload the DCF to HTTP server
• Notify receiver
• P2P, e.g., via SMS
• Content sharing portal
• Get DCF
• Request RO
• Forward RO request via SMS
• Send WAP Push SMS with RO

HTTP server
2
4
6
5
7
1
3
Sender
Receiver

• HTTP WAP Push
• Content transferred via server may have arbitrary
  size
• Rights are transferred p2p

11
OMA DRM 1.0 for UGCSample Implementation on a
Mobile
12
UGC and existing DRM systemsReview and
alternatives

• OMA DRM 1.0 for UGC
• Sufficiently secure for many applications.
• Can be implemented for existing clients
• But
• Does not provide mutual authentication between
  sender and receiver.
• Relies on a secure channel for Forward Lock,
  Combined Delivery and Rights Objects (ROs) in
  Separate Delivery.
• Alternative OMA DRM 2.0/2.1 for UGC
• ROs are secured using public key encryption
• Mutual authentication using Private Key
  Infrastrukture
• But
• Necessity of adaptations currently under
  investigation
• Necessity of integration into existing trust
  models, e.g., CMLAs.

13
Conclusions

• Features of existing standardized DRM solutions
  can be exploited to protect User Generated
  Content.
• User can specify who can use the content and be
  sure that the restrictions are enforced.
• DRM for UGC gives a real added value to the user
  and may help to increase overall acceptance of
  DRM.

14
(No Transcript)