SlideShare ist ein Scribd-Unternehmen logo

Axmedis2007 Presentation

Carlos Serrao
Carlos Serrao
Wirtschaft & FinanzenTechnologie
1 von 36
Downloaden Sie, um offline zu lesen
Key Management in open DRM platforms *Carlos Serrão, *Miguel Dias and **Jaime Delgado carlos.serrao, miguel.dias {@iscte.pt}, jaime.delgado@ac.upc.edu *ISCTE/DCTI/ADETTI **UPC/AC/DMAG Lisboa, Portugal Barcelona, Spain
Summary • DRM interoperability • open DRM interoperability • Key Management • Key Management Life Cycle • Key Management LC on open DRM • OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA DRM, Sun DReaM • Comparison • Conclusions and Future Work 2
DRM interoperability • DRM involves the: • description, layering, analysis, valuation, trading and monitoring of rights over an individual or organisation's assets, in digital format; • DRM is: • the chain of hardware and software services and technologies governing the authorised use of digital objects and managing any consequences of that use throughout the entire life cycle of the object. 3
DRM interoperability • Different DRM systems do not interoperate • DRM-A governed content is incompatible DRM ??? A with other DRM systems DRM • B Users hate it! ??? • Different formats, ??? ??? ??? protocols, security mechanisms, content DRM protection mechanisms, C ??? and others... DRM • Vertical solutions lead to D non-interoperability 4
DRM interoperability • Solvable problem? • Yes, but... • Although technologically complex, it is not only a technical problem • It is also a business problem! 5
DRM interoperability • 3 different strategies based on International standards • Full-format interoperability • requires everyone using the same format • Connected interoperability • brokering between different DRM regimes • Configuration driven interoperability • DRM regimes use tools to adapt to other regimes 6
open DRM interoperability • open DRM interoperability • requires DRM solutions that provide open specifications and/or are open-source based • true connectedthis approach can only be interoperability achieved using 7
open DRM interoperability • Connected DRM interoperability: • DRM P2P connected interoperability • specific individual connectors between each of the different DRM functions • DRM broker-based connected interoperability • generic function broker between the different DRM functions 8
open DRM interoperability • DRM P2P connected interoperability 9
open DRM interoperability • DRM broker-based connected interoperability 10
open DRM interoperability 11
open DRM interoperability • Approach for DRM interoperability study 11
open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; 11
open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; II. Identify the major functionalities inside the particular open-DRM systems; 11
open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; II. Identify the major functionalities inside the particular open-DRM systems; III. Identify commonalities between the functionalities of the different open-DRM systems; 11
open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; II. Identify the major functionalities inside the particular open-DRM systems; III. Identify commonalities between the functionalities of the different open-DRM systems; IV. Create a brokerage functionality in a common generic DRM broker, that maps to the specific open-DRM functionalities; 11
open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; II. Identify the major functionalities inside the particular open-DRM systems; III. Identify commonalities between the functionalities of the different open-DRM systems; IV. Create a brokerage functionality in a common generic DRM broker, that maps to the specific open-DRM functionalities; V. Define an orchestration model, in the DRM-broker, between the same functionalities of the different open- DRM systems. 11
Some DRM concepts • One of the functions that modern DRM involves the use of several security technologies: • Public-key cryptography • Secret-key cryptography • Digital signatures • Digital certificates • ... and others. • All this keying material should be properly managed, to avoid security breaches... • ... and this brings us to Key Management. 12
Key Management • What is Key Management? • Key Management is the set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorised parties. • Key Management encompasses techniques and procedures supporting: • Initialisation of system users within a domain; • Generation, distribution and installation of keying material; • Controlling the use of keying material; • Update, revocation and destruction of keying material; 13
Key Management in DRM • Key Management and DRM • DRM uses keying material in several situations: • Entities (content providers, users, ...) registration and management • Software applications and components registration and management • Content security • Rights management and enforcement (licenses) 14
Key Management in DRM • Key Management Life Cycle Key installation • pre-operational Key registration operational • User Registration • Normal usage • System and User initialisation • Key backup • Key generation • Key update • Key recovery • post-operational obsolete Key de-registration and • Archival • destruction Key revocation • 15
Key Management in DRM • Key Management Life Cycle 16
Key Management in DRM • Key Management Life Cycle • It is important to study on the different DRM solutions handle this functionalities • Establish a common secure license and key management life-cycle • Implementing a broker-based interoperable key management system • As a mechanism for DRM interoperability 17
Key Management in open DRM • Key management analysis on open DRM • a set of open DRM platforms were selected • OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA DRM, Sun DReaM • and the key management cycle has been studied • available specifications • in some cases, open-source code (OpenSDRM, OpenIPMP, DMP Chillout and Sun DReaM) 18
Key Management in open DRM • OpenSDRM • not very well documented • source-code is available • relies on XML certificates and X509 certificates • key management life cycle • handles key material creation, registration and normal usage • revocation, archival, or destruction of obsolete key material is not handled 19
Key Management in open DRM • OpenIPMP • not very well documented • source-code is available • relies on X509 certificates • key management life cycle • handles key material creation, registration and normal usage • handles key and certificate revocation • archival, or destruction of obsolete key material is not handled 20
Key Management in open DRM • DMAG MIPAMS • some limited documentation exists • no source-code available • makes usage of X509 mechanisms • key life cycle management • handles key material creation, registration and normal usage • handles (partly) key and certificate revocation • archival, or destruction of obsolete key material is not handled 21
Key Management in open DRM • DMP Chillout • extensive and detailled documentation is available • source-code is well organized and available • makes usage of X509 • key management life cycle • handles key material creation, registration and normal usage • revocation, archival, or destruction of obsolete key material is not handled 22
Key Management in open DRM • OMA DRM • OMA has an extensive available documentation with several specifications • No source-code is available • Details specific security details, like algorithms to be used, protocols, ... • key management life cycle • handles key material creation, registration and normal usage • handles key and certificate revocation • archival, or destruction of obsolete key material is not handled 23
Key Management in open DRM • Sun DReaM • has some specifications available, although very limited • source-code is available (it is still under heavy development) • key management life cycle • it is hard to analyse this due to early development • handles key material creation, registration and normal usage • revocation, archival, or destruction of obsolete key material is not handled 24
Comparison DMAG MIPAMS User Registration System and User Initialization Key generation Key installation Key registration Normal usage Key backup Key update Key recovery Key archival Key revocation Key de-registration and destruction 25
Comparison DMAG MIPAMS User Registration operational System and User pre- Initialization Key generation Key installation Key registration operational Normal usage Key backup Key update Key recovery olet operati Key archival obs post- Key revocation Key de-registration and destruction 26
Conclusions • Key management is important in DRM for: • confidentiality • entity authentication • data origin authentication • data integrity • and digital signatures. • Managing correctlyinthe keying material and its life cycle is important DRM security design. 27
Conclusions • The analysis conducted to open of the platforms DRM revealed that important aspects key management life cycle are poorly considered: • key backup • key update • key recovery • key archival • key revocation • key de-registration and destruction. 28
Conclusions • The lackin DRM could lead keysome serious of an appropriate management scheme to security problems, such as: • the compromise of confidentiality of secret keys; • compromise of authenticity of private or public keys, and; • the unauthorized usage of private or public keys. • This is of DRM solutions. considered on the an aspect to be further design 29
Q &A • It’s time for some questions... • ... and (maybe) some answers. 30

Empfohlen

7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
OpenSDRM Panel
OpenSDRM PanelOpenSDRM Panel
OpenSDRM PanelCarlos Serrao
 
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"Carlos Serrao
 
InfoSecurity Magazine - Data Loss Prevention
InfoSecurity Magazine - Data Loss PreventionInfoSecurity Magazine - Data Loss Prevention
InfoSecurity Magazine - Data Loss PreventionSimon Perry
 
XS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishXS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishThe Linux Foundation
 
E Shared Services Effort
E Shared Services EffortE Shared Services Effort
E Shared Services EffortArturo Saavedra
 
Soa R 7 16 08 Appistry Private Clouds Etc Bob Lozano
Soa R 7 16 08 Appistry Private Clouds Etc Bob LozanoSoa R 7 16 08 Appistry Private Clouds Etc Bob Lozano
Soa R 7 16 08 Appistry Private Clouds Etc Bob LozanoGovCloud Network
 
Ajax World West I Phone Summit
Ajax World West I Phone SummitAjax World West I Phone Summit
Ajax World West I Phone Summitrajivmordani
 

Empfohlen

7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
OpenSDRM Panel
OpenSDRM PanelOpenSDRM Panel
OpenSDRM PanelCarlos Serrao
 
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"
Prevenir o "ransomware" - Guia da OWASP para prevenção do "ransomware"Carlos Serrao
 
InfoSecurity Magazine - Data Loss Prevention
InfoSecurity Magazine - Data Loss PreventionInfoSecurity Magazine - Data Loss Prevention
InfoSecurity Magazine - Data Loss PreventionSimon Perry
 
XS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishXS Japan 2008 Ganeti English
XS Japan 2008 Ganeti EnglishThe Linux Foundation
 
E Shared Services Effort
E Shared Services EffortE Shared Services Effort
E Shared Services EffortArturo Saavedra
 
Soa R 7 16 08 Appistry Private Clouds Etc Bob Lozano
Soa R 7 16 08 Appistry Private Clouds Etc Bob LozanoSoa R 7 16 08 Appistry Private Clouds Etc Bob Lozano
Soa R 7 16 08 Appistry Private Clouds Etc Bob LozanoGovCloud Network
 
Ajax World West I Phone Summit
Ajax World West I Phone SummitAjax World West I Phone Summit
Ajax World West I Phone Summitrajivmordani
 
Samuel Asher Rivello - PureMVC Hands On Part 2
Samuel Asher Rivello - PureMVC Hands On Part 2Samuel Asher Rivello - PureMVC Hands On Part 2
Samuel Asher Rivello - PureMVC Hands On Part 2360|Conferences
 
PCDW For Owners
PCDW For OwnersPCDW For Owners
PCDW For Ownerscbrandon
 
Challenges In Managing Embedded Product Development
Challenges In Managing Embedded Product DevelopmentChallenges In Managing Embedded Product Development
Challenges In Managing Embedded Product DevelopmentAtul Nene
 
Technology Roadmaps
Technology RoadmapsTechnology Roadmaps
Technology RoadmapsAREA Science Park
 
Three Uses Of JIRA Beyond Bug Tracking
Three Uses Of JIRA Beyond Bug TrackingThree Uses Of JIRA Beyond Bug Tracking
Three Uses Of JIRA Beyond Bug TrackingAtlassian
 
Open Source CMS 2009
Open Source CMS 2009Open Source CMS 2009
Open Source CMS 2009Coin Academy
 
Open Source Cms 2009
Open Source Cms 2009Open Source Cms 2009
Open Source Cms 2009water&stone
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
Seminar - JBoss Migration
Seminar - JBoss MigrationSeminar - JBoss Migration
Seminar - JBoss MigrationXebia IT Architects
 
Practical Uses of SharePoint a Redengine Webinar
Practical Uses of SharePoint a Redengine WebinarPractical Uses of SharePoint a Redengine Webinar
Practical Uses of SharePoint a Redengine WebinarJohn Beauchamp
 
Practical Uses of SharePoint - Webinar January 27, 2009
Practical Uses of SharePoint - Webinar January 27, 2009Practical Uses of SharePoint - Webinar January 27, 2009
Practical Uses of SharePoint - Webinar January 27, 2009NormanMendoza
 
How to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleHow to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleDevOps.com
 
Embrace private cloud with confidence
Embrace private cloud with confidenceEmbrace private cloud with confidence
Embrace private cloud with confidenceManageEngine, Zoho Corporation
 
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeries
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeriesIBM zUniversity 2004 : ILOG JRules on IBM eServer zSeries
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeriesDan Selman
 
Qbit Systems
Qbit SystemsQbit Systems
Qbit SystemsQbitsystemsindia
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPKZhi Guan
 
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1Ruud Ramakers
 
A Generative Programming Approach to Developing Pervasive Computing Systems
A Generative Programming Approach to Developing Pervasive Computing SystemsA Generative Programming Approach to Developing Pervasive Computing Systems
A Generative Programming Approach to Developing Pervasive Computing SystemsDamien Cassou
 
Detailed Total Enrollment
Detailed Total EnrollmentDetailed Total Enrollment
Detailed Total Enrollmenttreyreeves1953
 
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...Carlos Serrao
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10Carlos Serrao
 

Weitere ähnliche Inhalte

Ähnlich wie Axmedis2007 Presentation

Samuel Asher Rivello - PureMVC Hands On Part 2
Samuel Asher Rivello - PureMVC Hands On Part 2Samuel Asher Rivello - PureMVC Hands On Part 2
Samuel Asher Rivello - PureMVC Hands On Part 2360|Conferences
 
PCDW For Owners
PCDW For OwnersPCDW For Owners
PCDW For Ownerscbrandon
 
Challenges In Managing Embedded Product Development
Challenges In Managing Embedded Product DevelopmentChallenges In Managing Embedded Product Development
Challenges In Managing Embedded Product DevelopmentAtul Nene
 
Three Uses Of JIRA Beyond Bug Tracking
Three Uses Of JIRA Beyond Bug TrackingThree Uses Of JIRA Beyond Bug Tracking
Three Uses Of JIRA Beyond Bug TrackingAtlassian
 
Open Source CMS 2009
Open Source CMS 2009Open Source CMS 2009
Open Source CMS 2009Coin Academy
 
Open Source Cms 2009
Open Source Cms 2009Open Source Cms 2009
Open Source Cms 2009water&stone
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
Practical Uses of SharePoint a Redengine Webinar
Practical Uses of SharePoint a Redengine WebinarPractical Uses of SharePoint a Redengine Webinar
Practical Uses of SharePoint a Redengine WebinarJohn Beauchamp
 
Practical Uses of SharePoint - Webinar January 27, 2009
Practical Uses of SharePoint - Webinar January 27, 2009Practical Uses of SharePoint - Webinar January 27, 2009
Practical Uses of SharePoint - Webinar January 27, 2009NormanMendoza
 
How to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleHow to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleDevOps.com
 
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeries
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeriesIBM zUniversity 2004 : ILOG JRules on IBM eServer zSeries
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeriesDan Selman
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPKZhi Guan
 
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1Ruud Ramakers
 
A Generative Programming Approach to Developing Pervasive Computing Systems
A Generative Programming Approach to Developing Pervasive Computing SystemsA Generative Programming Approach to Developing Pervasive Computing Systems
A Generative Programming Approach to Developing Pervasive Computing SystemsDamien Cassou
 
Detailed Total Enrollment
Detailed Total EnrollmentDetailed Total Enrollment
Detailed Total Enrollmenttreyreeves1953
 

Ähnlich wie Axmedis2007 Presentation (20)

Samuel Asher Rivello - PureMVC Hands On Part 2
Samuel Asher Rivello - PureMVC Hands On Part 2Samuel Asher Rivello - PureMVC Hands On Part 2
Samuel Asher Rivello - PureMVC Hands On Part 2
 
PCDW For Owners
PCDW For OwnersPCDW For Owners
PCDW For Owners
 
Challenges In Managing Embedded Product Development
Challenges In Managing Embedded Product DevelopmentChallenges In Managing Embedded Product Development
Challenges In Managing Embedded Product Development
 
Technology Roadmaps
Technology RoadmapsTechnology Roadmaps
Technology Roadmaps
 
Three Uses Of JIRA Beyond Bug Tracking
Three Uses Of JIRA Beyond Bug TrackingThree Uses Of JIRA Beyond Bug Tracking
Three Uses Of JIRA Beyond Bug Tracking
 
Open Source CMS 2009
Open Source CMS 2009Open Source CMS 2009
Open Source CMS 2009
 
Open Source Cms 2009
Open Source Cms 2009Open Source Cms 2009
Open Source Cms 2009
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Seminar - JBoss Migration
Seminar - JBoss MigrationSeminar - JBoss Migration
Seminar - JBoss Migration
 
Practical Uses of SharePoint a Redengine Webinar
Practical Uses of SharePoint a Redengine WebinarPractical Uses of SharePoint a Redengine Webinar
Practical Uses of SharePoint a Redengine Webinar
 
Practical Uses of SharePoint - Webinar January 27, 2009
Practical Uses of SharePoint - Webinar January 27, 2009Practical Uses of SharePoint - Webinar January 27, 2009
Practical Uses of SharePoint - Webinar January 27, 2009
 
How to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleHow to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at Scale
 
Embrace private cloud with confidence
Embrace private cloud with confidenceEmbrace private cloud with confidence
Embrace private cloud with confidence
 
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeries
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeriesIBM zUniversity 2004 : ILOG JRules on IBM eServer zSeries
IBM zUniversity 2004 : ILOG JRules on IBM eServer zSeries
 
Qbit Systems
Qbit SystemsQbit Systems
Qbit Systems
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPK
 
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
Cloudcomputing Nivo Consultancy 26 Mei 2009 Versie 1
 
A Generative Programming Approach to Developing Pervasive Computing Systems
A Generative Programming Approach to Developing Pervasive Computing SystemsA Generative Programming Approach to Developing Pervasive Computing Systems
A Generative Programming Approach to Developing Pervasive Computing Systems
 
Detailed Total Enrollment
Detailed Total EnrollmentDetailed Total Enrollment
Detailed Total Enrollment
 

Mehr von Carlos Serrao

OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...Carlos Serrao
 
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]Carlos Serrao
 
A OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a WebA OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a WebCarlos Serrao
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisCarlos Serrao
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisCarlos Serrao
 
OWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a WebOWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a WebCarlos Serrao
 
Principios básicos de segurança on-line
Principios básicos de segurança on-linePrincipios básicos de segurança on-line
Principios básicos de segurança on-lineCarlos Serrao
 
To DRM or not to DRM?
To DRM or not to DRM?To DRM or not to DRM?
To DRM or not to DRM?Carlos Serrao
 
OWASP presentation on FISTA2011
OWASP presentation on FISTA2011OWASP presentation on FISTA2011
OWASP presentation on FISTA2011Carlos Serrao
 
Análise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web NacionalAnálise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web NacionalCarlos Serrao
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisCarlos Serrao
 
OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.Carlos Serrao
 
Owasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidadesOwasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidadesCarlos Serrao
 
OWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHPOWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHPCarlos Serrao
 
OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010Carlos Serrao
 
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)Carlos Serrao
 
OWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPOWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPCarlos Serrao
 
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP PortugalOWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP PortugalCarlos Serrao
 

Mehr von Carlos Serrao (20)

OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
OWASP Mobile Top 10 - Principais Riscos no Desenvolvimento Seguro de Aplicaçõ...
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
Vamos tirar uma selfie? [... como a privacidade morreu e ninguém nos avisou]
 
A OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a WebA OWASP e a Segurança Aplicacional para a Web
A OWASP e a Segurança Aplicacional para a Web
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
OWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a WebOWASP e o desenvolvimento seguro de aplicações para a Web
OWASP e o desenvolvimento seguro de aplicações para a Web
 
Principios básicos de segurança on-line
Principios básicos de segurança on-linePrincipios básicos de segurança on-line
Principios básicos de segurança on-line
 
To DRM or not to DRM?
To DRM or not to DRM?To DRM or not to DRM?
To DRM or not to DRM?
 
OWASP presentation on FISTA2011
OWASP presentation on FISTA2011OWASP presentation on FISTA2011
OWASP presentation on FISTA2011
 
Análise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web NacionalAnálise de Vulnerabilidades em Aplicações na Web Nacional
Análise de Vulnerabilidades em Aplicações na Web Nacional
 
Segurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes SociaisSegurança e Privacidade em Redes Sociais
Segurança e Privacidade em Redes Sociais
 
OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.OWASP, PT.OWASP, IBWAS'10 & Cia.
OWASP, PT.OWASP, IBWAS'10 & Cia.
 
Is the Web at Risk?
Is the Web at Risk?Is the Web at Risk?
Is the Web at Risk?
 
Owasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidadesOwasp@iscte iul ferramentas-analise_vulnerabilidades
Owasp@iscte iul ferramentas-analise_vulnerabilidades
 
OWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHPOWASP@ ISCTE-IUL, Segurança em PHP
OWASP@ ISCTE-IUL, Segurança em PHP
 
OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010OWASP @ ISCTE-IUL, OWASP Top 10 2010
OWASP @ ISCTE-IUL, OWASP Top 10 2010
 
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
OWASP @ ISCTE-IUL - OWASP Top 10 (v2010)
 
OWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPOWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHP
 
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP PortugalOWASP @ ISCTE-IUL, OWASP e OWASP Portugal
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal
 

Kürzlich hochgeladen

Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfGale Pooley
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...Suhani Kapoor
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceanilsa9823
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxhiddenlevers
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesMarketing847413
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingMaristelaRamos12
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfGale Pooley
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...ssifa0344
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Delhi Call girls
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...ssifa0344
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfGale Pooley
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Roomdivyansh0kumar0
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdfAdnet Communications
 

Kürzlich hochgeladen (20)

Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdf
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
 
Q3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast SlidesQ3 2024 Earnings Conference Call and Webcast Slides
Q3 2024 Earnings Conference Call and Webcast Slides
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of Marketing
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
 

Axmedis2007 Presentation

  • 1. Key Management in open DRM platforms *Carlos Serrão, *Miguel Dias and **Jaime Delgado carlos.serrao, miguel.dias {@iscte.pt}, jaime.delgado@ac.upc.edu *ISCTE/DCTI/ADETTI **UPC/AC/DMAG Lisboa, Portugal Barcelona, Spain
  • 2. Summary • DRM interoperability • open DRM interoperability • Key Management • Key Management Life Cycle • Key Management LC on open DRM • OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA DRM, Sun DReaM • Comparison • Conclusions and Future Work 2
  • 3. DRM interoperability • DRM involves the: • description, layering, analysis, valuation, trading and monitoring of rights over an individual or organisation's assets, in digital format; • DRM is: • the chain of hardware and software services and technologies governing the authorised use of digital objects and managing any consequences of that use throughout the entire life cycle of the object. 3
  • 4. DRM interoperability • Different DRM systems do not interoperate • DRM-A governed content is incompatible DRM ??? A with other DRM systems DRM • B Users hate it! ??? • Different formats, ??? ??? ??? protocols, security mechanisms, content DRM protection mechanisms, C ??? and others... DRM • Vertical solutions lead to D non-interoperability 4
  • 5. DRM interoperability • Solvable problem? • Yes, but... • Although technologically complex, it is not only a technical problem • It is also a business problem! 5
  • 6. DRM interoperability • 3 different strategies based on International standards • Full-format interoperability • requires everyone using the same format • Connected interoperability • brokering between different DRM regimes • Configuration driven interoperability • DRM regimes use tools to adapt to other regimes 6
  • 7. open DRM interoperability • open DRM interoperability • requires DRM solutions that provide open specifications and/or are open-source based • true connectedthis approach can only be interoperability achieved using 7
  • 8. open DRM interoperability • Connected DRM interoperability: • DRM P2P connected interoperability • specific individual connectors between each of the different DRM functions • DRM broker-based connected interoperability • generic function broker between the different DRM functions 8
  • 9. open DRM interoperability • DRM P2P connected interoperability 9
  • 10. open DRM interoperability • DRM broker-based connected interoperability 10
  • 12. open DRM interoperability • Approach for DRM interoperability study 11
  • 13. open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; 11
  • 14. open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; II. Identify the major functionalities inside the particular open-DRM systems; 11
  • 15. open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; II. Identify the major functionalities inside the particular open-DRM systems; III. Identify commonalities between the functionalities of the different open-DRM systems; 11
  • 16. open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; II. Identify the major functionalities inside the particular open-DRM systems; III. Identify commonalities between the functionalities of the different open-DRM systems; IV. Create a brokerage functionality in a common generic DRM broker, that maps to the specific open-DRM functionalities; 11
  • 17. open DRM interoperability • Approach for DRM interoperability study I. Select a group of different open-DRM systems; II. Identify the major functionalities inside the particular open-DRM systems; III. Identify commonalities between the functionalities of the different open-DRM systems; IV. Create a brokerage functionality in a common generic DRM broker, that maps to the specific open-DRM functionalities; V. Define an orchestration model, in the DRM-broker, between the same functionalities of the different open- DRM systems. 11
  • 18. Some DRM concepts • One of the functions that modern DRM involves the use of several security technologies: • Public-key cryptography • Secret-key cryptography • Digital signatures • Digital certificates • ... and others. • All this keying material should be properly managed, to avoid security breaches... • ... and this brings us to Key Management. 12
  • 19. Key Management • What is Key Management? • Key Management is the set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorised parties. • Key Management encompasses techniques and procedures supporting: • Initialisation of system users within a domain; • Generation, distribution and installation of keying material; • Controlling the use of keying material; • Update, revocation and destruction of keying material; 13
  • 20. Key Management in DRM • Key Management and DRM • DRM uses keying material in several situations: • Entities (content providers, users, ...) registration and management • Software applications and components registration and management • Content security • Rights management and enforcement (licenses) 14
  • 21. Key Management in DRM • Key Management Life Cycle Key installation • pre-operational Key registration operational • User Registration • Normal usage • System and User initialisation • Key backup • Key generation • Key update • Key recovery • post-operational obsolete Key de-registration and • Archival • destruction Key revocation • 15
  • 22. Key Management in DRM • Key Management Life Cycle 16
  • 23. Key Management in DRM • Key Management Life Cycle • It is important to study on the different DRM solutions handle this functionalities • Establish a common secure license and key management life-cycle • Implementing a broker-based interoperable key management system • As a mechanism for DRM interoperability 17
  • 24. Key Management in open DRM • Key management analysis on open DRM • a set of open DRM platforms were selected • OpenSDRM, OpenIPMP, DMAG MIPAMS, DMP Chillout, OMA DRM, Sun DReaM • and the key management cycle has been studied • available specifications • in some cases, open-source code (OpenSDRM, OpenIPMP, DMP Chillout and Sun DReaM) 18
  • 25. Key Management in open DRM • OpenSDRM • not very well documented • source-code is available • relies on XML certificates and X509 certificates • key management life cycle • handles key material creation, registration and normal usage • revocation, archival, or destruction of obsolete key material is not handled 19
  • 26. Key Management in open DRM • OpenIPMP • not very well documented • source-code is available • relies on X509 certificates • key management life cycle • handles key material creation, registration and normal usage • handles key and certificate revocation • archival, or destruction of obsolete key material is not handled 20
  • 27. Key Management in open DRM • DMAG MIPAMS • some limited documentation exists • no source-code available • makes usage of X509 mechanisms • key life cycle management • handles key material creation, registration and normal usage • handles (partly) key and certificate revocation • archival, or destruction of obsolete key material is not handled 21
  • 28. Key Management in open DRM • DMP Chillout • extensive and detailled documentation is available • source-code is well organized and available • makes usage of X509 • key management life cycle • handles key material creation, registration and normal usage • revocation, archival, or destruction of obsolete key material is not handled 22
  • 29. Key Management in open DRM • OMA DRM • OMA has an extensive available documentation with several specifications • No source-code is available • Details specific security details, like algorithms to be used, protocols, ... • key management life cycle • handles key material creation, registration and normal usage • handles key and certificate revocation • archival, or destruction of obsolete key material is not handled 23
  • 30. Key Management in open DRM • Sun DReaM • has some specifications available, although very limited • source-code is available (it is still under heavy development) • key management life cycle • it is hard to analyse this due to early development • handles key material creation, registration and normal usage • revocation, archival, or destruction of obsolete key material is not handled 24
  • 31. Comparison DMAG MIPAMS User Registration System and User Initialization Key generation Key installation Key registration Normal usage Key backup Key update Key recovery Key archival Key revocation Key de-registration and destruction 25
  • 32. Comparison DMAG MIPAMS User Registration operational System and User pre- Initialization Key generation Key installation Key registration operational Normal usage Key backup Key update Key recovery olet operati Key archival obs post- Key revocation Key de-registration and destruction 26
  • 33. Conclusions • Key management is important in DRM for: • confidentiality • entity authentication • data origin authentication • data integrity • and digital signatures. • Managing correctlyinthe keying material and its life cycle is important DRM security design. 27
  • 34. Conclusions • The analysis conducted to open of the platforms DRM revealed that important aspects key management life cycle are poorly considered: • key backup • key update • key recovery • key archival • key revocation • key de-registration and destruction. 28
  • 35. Conclusions • The lackin DRM could lead keysome serious of an appropriate management scheme to security problems, such as: • the compromise of confidentiality of secret keys; • compromise of authenticity of private or public keys, and; • the unauthorized usage of private or public keys. • This is of DRM solutions. considered on the an aspect to be further design 29
  • 36. Q &A • It’s time for some questions... • ... and (maybe) some answers. 30