| home / multimedia / video / 1 |    [previous][next] |
|
|
|
All DRM systems look something like the system shown in Figure 7-10.
How is encryption used to implement DRM?
Figure 7-10: An idealized DRM system.
The concept of licensing instead of outright sale is critical to the acceptance of DRM. If you sold the consumer your content, there would be no question of their fair use rights to make backup copies, watch it on other devices, and so on--copyright law would be the only restriction. DRM, combined with licensing click-throughs, gives content owners the ability to constrain activities that would otherwise be allowed under copyright law, such as "fair uses."
Licensing is not required to make piracy illegal; piracy is already outlawed (check the FBI warning at the beginning of any videotape or DVD). DRM is used in an attempt to stop illegal activities before they occur under the theory that pirated content would soon spawn all over the Internet and that serious financial damage would be done to the content owner, which is a reasonable concern.
One risk of DRM is that in the quest to protect content, the content owners prevent many legal uses of information granted by copyright law. Eventually, DRM technology, combined with content licensing will effectively put media distribution companies, instead of lawmakers, in charge of public rights to media. It is a subject of much debate whether this is a good thing.
Because the file is usually encrypted only once, the same key works for any user. Thus, that key needs to be protected from users like Jack (in our movie earlier in the chapter) who are too happy to pay once and share the key with everyone.
In order to make sure Jack doesn't give the encryption key to anyone, it is retrieved only as needed from a secure Internet media server and is sent directly to the consumer's secure media player. Both the server and the player are obedient participants in the system, and must understand the encryption used. They also understand the rules that accompany the content and are able to enforce them (such as limits on copying). To do this safely without threat of compromise, the key itself is encrypted using a different password for each consumer of the content.
To be clear, in this example the content is encrypted only once: The same key works for everyone. The key itself is encrypted separately for every user. As an analogy, consider real estate combination key lock boxes that have a key to the house inside. Each user has his own key lock box combination, but the key inside (to the house) is the same.
For maximum security, this decryption key is ideally stored only on the media server and retrieved whenever the user wants to play the content. The key itself is carefully transferred between the streaming server (which has presumably not been hacked) over the Internet to the client software (which hopefully has not been hacked), which carefully looks at the key, keeps it in computer memory (without writing to the hard disk), and uses it immediately to decrypt the video file. When the user is finished watching, the key is erased from computer memory so there is no trace, and the still-encrypted file remains on the user's hard drive. Each time the user wants to watch the video, he has to re-download the key, and thus their credentials (right to watch the movie and payment status) are re-verified, as shown in Figure 7-11.
Figure 7-11: Each time the subscriber wishes to access the media, he must request a key and wait for it to download.
Most users want to play the content even if they are not connected to the Internet, however, so the license (the decryption key and rules about the content) must be stored securely on the user's machine, as shown in Figure 7-12.
Figure 7-12: The media player has a key to unlock the license, which contains the key to unlock the media.
The license is usually stored by the media player program somewhere on the user's computer, in such a way that it is (hopefully) not practical to try to copy it to another computer. The key is usually encrypted so that it works only on that computer for that user.
Unfortunately--and this is the weak link in current encryption systems--the key is on the computer! No matter how obscure it may be, if everything that is needed to play the content is on the computer, it is potentially discoverable. DRM systems generally do not fail because the encryption ceases to function; they fail because one of the many pieces in the chain of control is compromised. Just as a yellow sticky note with a password stuck to the monitor can make it very easy to compromise a system, having the encryption keys somewhere on the computer is close to having no encryption at all.
If the device that received the keys is not a personal computer but a non-programmable entertainment device, this system would be a lot stronger. "Any code made by man can be broken by man," as the saying goes, but your average consumer is not going to break out their soldering iron and electronic test equipment to analyze a piece of hardware. And even if he did and extracted the key that unlocks the content, how would other consumers use the key in their non-programmable hardware media playback devices?
Computers, however, are agreeable when it comes to user requests. This is the reason why initiatives exist to make certain sections of a computer inaccessible to the user. These sections are where only special software--software approved by a manufacturer consortium--is obeyed. Such a scheme can work because it would be implemented in hardware, which is hard to tamper with--not software, which is eminently hackable. Theoretically, hardware is also hackable, but the number of people with the skill and will to do hardware hacking is much lower than the vast numbers of programmers willing to spend a weekend analyzing the latest media DRM.
So far, this discussion involves a high-level explanation of what encryption is; we have overlooked most of the details. The next section goes over DRM in more detail.
DRM consists of the capability of a content producer to specify conditions for the use of content, and the capability to enforce those conditions. Enforcement is the purview of encryption technology, so we spend some time explaining encryption technology.
Following are some possible conditions:
To enforce any of these conditions, DRM systems invoke a type of encryption scheme to allow a given legitimate user access to the content, but prevent unauthorized uses. Encryption, of course, is the science of encoding a message that can be read by the intended user but not by others. At a basic level, encryption involves transforming original content into encrypted (unreadable) content by the application of some set of rules.
For a truly basic example, consider an encryption system that simply offsets the alphabet by 13 letters, such as:
A=N, B=O, Z=M
The original message follows:
FOUR SCORE AND SEVEN YEARS AGO
It is encrypted as follows:
SBHE FPBER NAQ FRIRA LRNEF NTB
When someone figures out the rule, either by guesswork (not difficult in this case) or spy work, the encryption is compromised. Even if the algorithm were much more sophisticated than this, the problem remains: If the algorithm is compromised, all bets are off. This algorithm is about as secure as a safe with only one combination--once the secret is out, it's not a safe.
A way to improve upon this is to use a key, or a string of text or bytes that you scramble with the original message in some way. In what way, you ask? That's defined in the algorithm, the way the encryption "lock" works. Thus, if the algorithm is exposed--and in fact, it's considered advantageous for the algorithm to be public--the message is not compromised. This can be compared to a safe manufacturer being so confident in its safe, the company publishes the blueprints and challenges people to crack it. To decode the message, you have to possess the key.
Again, take a simple example. Imagine the following simple encryption system:
Here is the original message:
FOUR SCORE AND SEVEN YEARS AGO
Here is the key:
YIRNTNQP
For the first character, F=6 and Y=25. So the encrypted character is 31 or E (on the second pass through the alphabet, A=27, and so on). When you get to the end of the key, you repeat it. Continuing like this, the encrypted message is:
EXMF GTEQN OHR IDEWB MVQQB OAC
Thus, although someone might have the encrypted message and the algorithm may be public, the code is still unbreakable unless you know the key, right? Not quite. Given the simple algorithm and the short key, how long would it take a computer to run through all the possibilities of our encrypted message? Not long. In addition, the pattern of spaces in the message lets the cracker program work on guessing single words at a time, a strong hint. After the key has been discovered, all future messages encrypted with that key are compromised.
Implementing a robust and crack-resistant data security system requires the use of a variety of encryption techniques. Different problems can be solved in a complete solution, such as locking the data, getting keys to the users safely, changing the locks from time to time, and even knowing when to change the locks. This section describes the various tools involved in building a DRM system or any secure data delivery solution.
The ideal situation from a no-one-will-ever-guess-the-key perspective would be to use the key only once, and to have the key larger than the text that you want to encode (so that it doesn't repeat and possibly leave clues). This is called a one-time pad (shown in Figure 7-13), and is an ideal form of encryption, although not necessarily practical for gigabyte-size movies.
If both parties use a long key, change every single character in the message in an unpredictable way, and throw away the password after it is used (and move onto a new one), intercepting the message serves no good. But arranging this idealized situation can be difficult.
Figure 7-13: With a one-time pad, a large encryption key is used once and never again. The strength relies in how secretly the pad was conveyed to the recipient beforehand.
Although the illustrations in this chapter have been based on readable characters, computers work in the binary world. Let's take a more real-world example: a two-hour long video. That's a lot of data. In computer encryption, we take a key of a certain number of bits, say 64 bits, and scramble those bits with the same number of bits from the original content. We then repeat the process on each 64-bit chunk of plaintext.
This is called symmetric encryption because the same key is used to lock and to unlock the message. Figure out the key, and you have the message and all other messages encoded with the key. If the algorithm is strong, the "enemy" won't be able to figure out your key simply by analyzing it.
How does symmetric encryption work? There are many different ways to scramble up data. In all symmetric encryption, the key is combined with the data, or used as input to a scrambling procedure. In good encryption systems, the strength of the system depends on the length of the key and not the complexity of the scrambling. In practice, the scrambling approach is publicly known, but is designed so that it gives no clues or shortcuts to figuring out what the key is. In our safecracking analogy, a strong algorithm is like a safe without many weaknesses--you can't hook a stethoscope up to the front and listen for the tumblers to fall; you simply have to try all the combinations or you aren't getting into that safe.
Following is a description of the Data Encryption Standard (DES), an algorithm developed by IBM, evaluated by the National Security Agency, and adopted as a federal standard in 1976:
DES operates on a 64-bit block of plaintext. After an initial permutation, the block is broken into a right half and a left half, each 32 bits long. Then there are 16 rounds of identical operations... in which the data is combined with the key. After the sixteenth round, the right and left halves are joined and a final permutation (the inverse of the initial permutation) finishes off the algorithm.
--Applied Cryptography by Bruce Schneier (Copyright 1995, John Wiley & Sons)
Because the algorithm itself is very unlikely to be broken, the only way to attack a message is through brute-force, or attempting to guess every possible key. If the key is too short, computers can break it in a reasonable amount of time. The ultimate line of defense is having a long key. DES uses a 56-bit key. In other words there are 256 possible keys. That is seemingly a big number, but a specialized machine that cost $1 million in 1995 can crack DES in 3 1Ú2 hours. Moore's Law, (that computers double in power every 18 months) suggests instead that a $10,000 machine in 2005 could do it in the same amount of time. Time to solve 112-bit keys, by comparison, are measured in thousands of years.
"If the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."
--Applied Cryptography by Bruce Schneier (Copyright 1996, John Wiley & Sons)
As we've seen, virtually foolproof symmetric encryption is possible. You can en-crypt your content in such a way that the coding is not broken by any known technology: That is, your video is theoretically secure. You can encrypt it so the key can never be broken, and if humans leak it, it will not be compromised.
But this raises the question, "How do you give the key to the legitimate user without exposing it to private eyes?" This is where we turn to asymmetric or public key encryption.
Asymmetric encryption involves a pair of matched keys: one key to lock and another key to unlock the data. Usually both keys can lock and unlock; Key A can unlock only things locked with Key B, and Key B can unlock only things locked with Key A.
Asymmetric encryption is best used for authentication and the initial handshake--starting the conversation with the media server and exchanging information securely. The key used to lock the data is kept private (the private key), and the unlocking key is made public (the public key). This is a great way to ensure that only the person who had the private key can encrypt the message, as shown in Figure 7-14.
Figure 7-14: If you encrypt with a private key, anyone can decrypt with a public key--but only the holder of the private key could have sent it.
And it works both ways; things that are locked with the public key can only be unlocked with the private key. This allows people to send messages to someone with the guarantee that only the receiver can read them, assuming that the person hasn't shared his private key with anyone.
Figure 7-15: If you encrypt with a public key, only the holder of the private key can decrypt.
Asymmetric encryption solves the problem of getting the key to the recipient. However, this procedure becomes more interesting when both parties have a private and public key (for a total of four keys), as shown in Figure 7-16.
If someone wants to send a message to someone else, he encrypts it with his own private key and then the recipient's public key. This does two things:
| home / multimedia / video / 1 | [previous][next] |
The Network for Technology Professionals
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers
|
Video: How System Center Helps Reduce IT Costs IBM Cloud Computing for Developers Virtual Event, April 6-8 |
Microsoft Video: OCS and Exchange: Platform Futures MORE WEBCASTS, PODCASTS, AND VIDEOS |
Created: March 27, 2003
Revised: May 24, 2004
URL: http://webreference.com/programming/xsltweb2/1
