Category Archives: DRM

Alea Jacta Est

Posted on by
Reply

The die has been cast. I did not go across Rubicon. Nevertheless, this Sunday, I finalized one achievement: my first book. After more than two years of work, I have sent the final version of the manuscript to Springer.

The title is Securing Digital Video: Techniques for DRM and Content Protection. I give a detailed overview of the current landscape of content protection. If you’re interested to know how PlayReady, Fair Play, AACS, DTCP, or DVB-CPCM works, this book may be of interest. I consistently describe many systems. The book highlights the similarity of all these systems.

I will describe its content more in details later.

The book should be available this summer.

Google’s anti-piracy new step

Posted on by
1

Without any official announcement, Google has made a new movement towards fighting content piracy. The auto complete function, i.e. the feature that proposes guessed choices while you type your query, does not anymore propose some proposals that may be related to piracy. For instance, when typing “Black Swan T”, it does not anymore propose Black Swan Torrent. Nevertheless, the filtering is not consistent. “Black Swan S” proposes “Black Swan Streaming” as seventh choice. When I type “pi”, I’m still proposed as second choice “Pirate bay”! TorrentFreak has analysed more in details the strategy of filtering. This new filtering does only impact the auto-completion, and not the query, i.e. “Black Swan torrent” gives links to torrents.

Obviously, this is one additional goodwill towards content owners. This is part of a larger strategy (see Google acquires Widevine)

Will it have any impact for users? No! It is just theater security as good will for studios.

Google acquired Widevine

Posted on by
1

Last Friday, Google acquired Widevine for an unknown sum . Widevine is one of the many DRM technology vendors. Widevine was the first company to coin the concept of Virtual Smart Card, which was just a tamper resistant based software.

Clearly, Google is moving in the direction to deliver copyrighted content. Several security-related clues show that:

  • Google announced an initiative for faster action on copyright infringement on YouTube.
  • Yesterday, Google has relaxed the limitations of 15mn for the clips uploaded on YouTube. This limitation was to satisfy the content owners. It was expected that having the movie in slices would be a deterrent. Google announced that their proprietary fingerprinting tool Content ID was becoming better and better. Thus, they were confident to spot illegal content on upload link.
  • Widevine provides Google with a DRM technology, approved by studios, for the delivery of movie. Furthermore, Widevine is one of the DRM technologies approved by UltraViolet (aka DECE). The other approved DRMs are Adobe Flash Access, Marlin, Microsoft PlayReady, and OMA.
    It was wiser to purchase an approved technology rather than build their own because it already got the studios’ blessing.

All these hints show that Google attempts to be nice to content owners. The next NetFlix?

ACM DRM 2010

Posted on by
Reply

Thursday, October 28, 2010

The 9th ACM Workshop on Digital Rights Management was held in Chicago on October 4, 2010. The conference was sponsored by Microsoft and Technicolor.

Following is a short highlights of my preferred papers:

  • The privacy of tracing traitors , Moni NaorHe presented mainly issues about privacy in the case of statistical analysis of largely populated databases. He presented his recent works (2008) on how to sanitize such databases while maintaining differential privacy. The idea is to present a fake database that should have the same answers than the real one but without the actual data. This is extremely computing hungry.

    The link with traitor tracing was dim. The conclusion was that traitor tracing is possible if and only if sanitizing is hard. The not surprising conclusion is that traitor tracing and privacy are contradictory.

  • A General Model for Hiding Control Flow, Jan Cappaert (UKL)This presentation was about software tamper resistance, more specifically obfuscation. The idea is to enhance the flattening Control Flow Graph with relative values rather than local values plus the use hash. They propose a switch function as template.
    Worthwhile to read. It was most probably one of the best paper of this workshop (at least according to me).
  • Is the Internet a Foe or a Friend to Theatrical Releases and the Motion Picture Industry?, Warren LieberfarbHe presented the history of the video distribution highlighting that each threat ended up as an opportunity. Then, he pleaded for a standard endorsed by all studios that would encompass a removable tiny storage media (NAND flash based) and a robust DRM with forensics capabilities. In other words, vertical interoperability.
    The audience was captivated. Warren is a pionneer of video and knows perfectly the history of video distribution being one of its early actors. I am sure that many people in the audience discovered several interesting stories.
  • An Interoperable Usage Management Framework, Pramod JamkhedkarA framework that attempts to unify the different RELs independently from the execution platform. It should unify both declarative RELs and logical RELs. The approach is object oriented and focus on the REL and not the enforcement.
    Highly theoretical work.

I presented a paper, co-authored with ROBERT Arnaud (Disney) about Interoperable Digital Rights Locker.

The full program is available here.

UltraViolet

Posted on by
Reply

End of July, DECE made a new move: the creation of a trademark name that should identify the interoperable products defined by DECE. The trademark is UltraViolet.

Since several years, a large consortium of companies known as DECE defines the specifications of an interoperable solution for content delivery based using the concept of digital rights locker. With UltraViolet, DECE starts to educate consumers.

Is UltraViolet already in the shop? No. Will it be soon? I don’t know, but I will let you make your guess with this quote from the official site about the roadmap.

Ambitious undertakings like UltraViolet take time to be fully deployed in the global market. Keep an eye out as key components are introduced on the ”Road to UltraViolet”

The previous site http://www.decellc.com/ points now directly to the new address of UltraViolet

If you want to learn more about Digital Rights Locker, meet me and Arnaud Robert (Disney) at ACM DRM workshop where we will present a paper describing the basics of rights locker.

IEEE P1817: a new DRM standard?

Posted on by
Reply

In February, I reported about a new concept Digital Personal Property. IEEE is launching a project to develop this DRM, so called Consumer-ownable Digital Personal Property. It is P1817.

The main goal is to mimic the features of a physical good. In other words, if you would be able to enforce the uniqueness of the instance of a digital good, then there would be no serious reason to limit drastically. In other words, you would be able to act like with a physical book. You could lend it, or sell it. In economic terminology, the challenge is to turn a digital good into an excludable good. By nature, digiatl goods are non-rival and non-excludable.

The main technical concept is that the piece of content is encrypted and can be distributed freely. But the decryption key will be

moveable but uncopiable

. Actually, the decryption key, so called playkey, will be double, one in a server repository and the other one for the user. To lend a piece of content, Alice will hand herplaykey to Bob… To return the piece of content,Bob will send back her playkey. Meanwhile, Alice should not have anymore her playkey.

I see several issues with this proposal.

  • – There must be only two instances of the playkey (one in a server, and one at the consumer). The technical challenge will be the moveable but uncopiableplaykey. One of our Holy Grails. Some enforcements are foreseen.

    Counterfeit Handling
    The playkey banking system facilitates the identification of counterfeited playkeys.
    Playkey pair synchronization occurs, during which the system checks the validity of the playkeys with the issuer and the registrar. There are at least two approaches to handling counterfeits: (1) The consumerʼs player is notified, after which the user interface always highlights the item as counterfeited, and (2) the consumerʼs playkey vault is directed to
    invalidate the device playkey, notify players of its invalid status, and refuse to provide further services for that playkey. The first approach leaves the counterfeit usable, and depends on the social stigma of owning and using forged goods to discourage its further use and encourage reporting of the forgery to vendors and publishers. The second approach prejudges intent and guarantees that the consumer victim pays the price of
    the illegal activity. Either way, there exists the opportunity for vendors or publishers to offer rewards for information leading to the identification of the counterfeiters.

  • How to handle the multi format issue? Today, many customers complain about non compatible format protected by DRM content. For instance, if you use different resolution or codec. Take as an example a Blu-Ray disc and a SD file for Windows player. This does not nicely map in the physical world. A book has no incompatibility of format with your eyes. If we would like to push the comparison, the challenge would be to be able to provide the same book but with different languages.Currently, the foreseen answer by the industry is the digital rights locker.

Will it succeed? I don’t know. In any case, I will be very interested to study the solution making a digital data structure “moveable but uncopiable”.

UBISOFT re-torpedoed

Posted on by
Reply

The use of a new type of DRM for its new games “Silent Hunter 5” and “Assassin Creed II” raised a violent reaction against Ubisoft. The software was cracked in less than 24 hours.

But this time, the story did not stop there. Last week, Ubisoft was under a serious Denial Of Service (DOS) attack. Thus, the legitimate gamers were not able to play! These games require online connection for initial authentication but also to save the game! It seems that this weekend a new salvo of DOS was launched from Russia against Ubisoft’s servers. These DOS attacks make the hacked version more attractive (that’s the limit!  :Sad: )

Furthermore, some players confirmed on forums that the hacked game was complete (which initially Ubisoft denied).

Lesson: When designing a DRM, we should check what occurs if some context environments fail (such as network connection. The impact should be minimal for the legit customer.