Category Archives: DRM

Secure Data Management 2012

Posted on by
Reply

The ninth workshop on secure data management (SDM’12) has extended its submission deadline to June 1, 2012.

The topics of interest are:

  • Secure Data Management
  • Database Security
  • Data Anonymization/Pseudonymization
  • Data Hiding
  • Metadata and Security
  • XML Security
  • Authorization and Access Control
  • Data Integrity
  • Privacy Preserving Data Mining
  • Statistical Database Security
  • Control of Data Disclosure
  • Private Information Retrieval
  • Secure Stream Processing
  • Secure Auditing
  • Data Retention
  • Search on Encrypted Data
  • Digital and Enterprise Rights Management
  • Multimedia Security and Privacy
  • Private Authentication
  • Identity Management
  • Privacy Enhancing Technologies
  • Security and Semantic Web
  • Security and Privacy in Ubiquitous Computing
  • Security and Privacy of Health Data
  • Web Service Security
  • Trust Management
  • Policy Management
  • Applied Cryptography

Securing Digital Video: the text is final and frozen

Posted on by
Reply

About one year ago, I informed you that the final draft of my book was sent to Springer, my editor.  Today, a new step:  after several copy edit rounds, the text is final.   We enter now the final stage:  layout and printing.  In other words, the book should be now soon available in the stores (before end of this quarter).

The book will have inserts entitled “Devil’s in the Details”.  These short sections will deeply dive in some naughty details highlighting the difference between theoretical schemes and actual robust security.  For instance, you will learn some details on the Black Sunday, or on how AACS was hacked.

I will keep you informed about the next steps.

Online video security 101

Posted on by
Reply

Brightcove proposes an interesting whitepaper describing the spectrum of solutions available to secure video. The section describing the security spectrum is a good high-level introduction to the existing problems. It tackles:

  • Unlimited access
  • Watermarking (both visible burn-in and invisible forensics watermark)
  • Geo-restriction; you limit the geographical zone where your content may be viewed. This is why non-US residents cannot access the free episodes on sites such as ABC
  • Domain restriction
  • IP restriction
  • RTMPE for protecting video during transfer
  • Protected page; the usual restriction by an access control to the web page
  • SWF restriction; this is a characteristics of Flash Access, Adobe’s DRM, where you can define the list of AIR players allowed to access a content
  • Anonymous DRM; using a dedicated mode of Flash Access
  • Advanced DRM; using more complex features of Flash Access
  • Secure HLS; the format defined by Apple to securely stream content to an iOS device.
  • User authentication

The beginning of the list is well done. They are generic enough to be able to extrapolate to other solutions than the ones proposed by Brightcove. The last ones (in italic in this post) are very specific either to a solution, or to the offer of Brightcove. They are mostly based on the use of Adobe Flash Access for non-Apple devices, and HLS for Apple devices.

The last section, Security across channels, is not focusing on security challenges in the different environments and may be confusing for the non-specialists.

The document is available here and requires registration.

Is Google moving towards paid distribution of content?

Posted on by
Reply

End of 2010, Google acquired Widevine.  At that time, I was forecasting that the acquisition of a DRM provider was the preparation of paid distribution of content.   This prediction seems to be correct.

The initial trial would occur in Kansas City.

 

Apple, Google, Amazon: the future giants of content distribution?

UV has reached 800,000 accounts

Posted on by
Reply

The industry analyst company IHS has claimed that UltraViolet (UV) has reached 800,000 user accounts in the US.   At CES 2012, UV announced to already have 750,000 user accounts.   Each account has in average 1.25 titles.   This low value can have several explanations:

  • The catalog of available title is currently small (I found last week about 30 BD titles on Amazon which could be redeemed).  Most probably, the majority of new released BD titles will be UV ready
  • The first UV title appeared only end of 2011 (Warner’s Horrible Bosses).  In view of this short period, 800,000 seems impressive to me.
  • Many people experiment.  If ever you purchased a BD/DVD that is UV ready, why would you not try it.  Its for free.

 

The interesting trend to monitor is the number of average titles per account.  As more new titles will be available, this will show the people buy-in to the concept.  If the depth increases, then UV may become successful.

A cloud over ownership

Posted on by
Reply

This is the title of an excellent article of Simson Garfinkel in Technology Review.  He explores the consequences of the switch from physical cultural goods to digital cultural goods stored in the cloud.  It is nothing really new but it has the advantage to be clearly stated.

The first point is about privacy.  When you purchased a physical book or a CD, the merchant has no way to profile you.  Of course, if you purchase it on  a digital store such as Amazon, the merchant will be able to profile some of your preferences.  but with a digital good stored in the cloud, the merchant will be able also to analyze how you consume this digital good.  And this is even more interesting.  he will know what is you prefered book among the ones you purchased.  For the same result with a physical book, you need to look for the more worned book in my library.

The second point is really about persistence.  When I purchase a book, it is mine until I destroy it, or give it away.  With a e-book in the cloud, it is mine as long as the cloud operator accepts (or survives).  This si a massive difference.  I am not sure that the legislation has taken into account this shift.   I do not even tackle the issue of DRM that may shape the ways I can consume the digital good.

Thus, the notion of ownership of a digital cultural good is changing.  As the good itself, the ownership seems to become more ethereal.  Is it good or bad?  I don’t know.  It is most probably useless to look for the answer, I’m afraid it is an unavoidable shift.  We will have to adapt for the best and the worst.

 

 

Android Movie Rental and rooted devices

Posted on by
Reply

In May 2011, Google launched its new service of Video rental market for Android phones.  Soon, people discovered that the service was not available for rooted devicesRooting an Android device means giving yourself root permissions on the device.  In other words having FULL control of your phone.  This is not often the case with phones provided by operators.  Rooting is  equivalent to jailbreaking a device.  As Android is an open source system, very attractive to homebrew lovers, it is often the first thing they do to be able to create new apps.

The video app checks if the device is rooted and then refuses to play the content.  Why does Google do such a limitation?   The Video Rental Market uses a DRM to enforce the rental conditions.  One of the strong assumptions of software based DRM is that it runs in a rather trusted environment.  It is obvious that a rooted device does not fit with the definition of a trusted environment.  For instance, the app has no way to be sure that its system calls are not hijacked, or even if the system calls will act as expected.  Thus, it was obvious that Google had to take this measure.

Nevertheless, this limitation does upset the users who believe that open source means full control of their device.  Unfortunately, Open source and DRM are antagonist concepts.

As we could expect, the cat and mouse race has started.  It seems that a patched version of the app is available.  This version may not check the rooted device and accept to play the movie.  The movie is still protected by the DRM and you need a proper license to access your rented movie.