A Novel Approach to DRM Systems

Download PDF
2 downloads 23272 Views 238KB Size Report
Comment
to buy digital content provided by a CP has only to be provided with a common web .... the dual signature, and sends it to CP together with his/her public key.
2009 International Conference on Computational Science and Engineering

A Novel Approach to DRM Systems F. Frattolillo, F. Landolfi, F. Marulli Department of Engineering University of Sannio Benevento, Italy {frattolillo,landolfi,fmarulli}@unisannio.it

[2], [4], [5]. In particular, “digital watermarking” is the process of embedding some predefined information, such as the owner’s tracking and copyright information, directly into the digital data in an inconspicuous manner. Therefore, if the copyright notice represented by the embedded watermark cannot be altered or removed, it can identify the owner of the content and so provide a proof of ownership. Digital watermarking is a promising technology for protecting digital copyright, but secure “watermarking protocols” are also desirable to achieve the goal of protecting the participants’ benefit in a digital content transaction [6]. In fact, watermarking protocols define the scheme of the interactions that have to take place among the entities involved in the processes of content protection and webbased distribution governed by the DRM systems. They have been adopted as the basis for a number of modern DRM systems developed as web software platforms, such as that presented in [7]. In particular, such systems have been designed as service oriented architectures [8] composed of a federation of coordinated web entities [9] that play distinct roles and dynamically interact within a trusted environment. According to such an approach, trusted relationships have to be dynamically established across multiple and heterogeneous organizational boundaries so as to facilitate an “onthe-fly” resource sharing [10]. This introduces non-trivial security architectural requirements. More precisely, the main challenges to be faced in order to correctly implement the trusted relationships dynamically within the DRM system concern with the following considerations:

Abstract—Modern Digital Rights Management (DRM) systems are often developed as web software platforms designed as service oriented architectures composed of a federation of coordinated web entities that play distinct roles and dynamically interact within a trusted environment. Such a design approach requires that trustu relationships have to be dynamically established across multiple and heterogeneous organizational boundaries so as to facilitate an “on-the-fly” resource sharing. This introduces non-trivial security architectural requirements concerning with the mechanisms that allow different security realms of web entities to be federated. This paper presents a DRM system developed as a web software platform designed to give a specific support both to the interaction of the web entities involved in the platform and to the development of the trusted relationships among them, in a much more flexible way than before, dynamically and with minimal overheads and shared infrastructure. Keywords-digital rights management; copyright protection; watermarking protocols.

I. I NTRODUCTION The progress in digital technologies and the growth of the Internet have posed the problem of the copyright protection of digital content distributed on the web, whose solution has become a well-known and important research issue. In fact, web users can easily obtain copyrighted content illegitimately, for example by unauthorized content downloads from peer-to-peer file sharing services, while the quality of digital content is not reduced after each time of duplicating [1]. As a consequence, piracy of digital content is considered a serious problem by content companies, since illegitimate distribution networks make content available ubiquitously, thus both violating the legal rights of copyright owners and causing economic loss due to the difficulty in selling information at a profitable price [2]. Digital Rights Management (DRM) systems can be considered a potential solution to the problem of copyright protection [3]. Their features are effective in combating piracy, by (1) protecting the legal rights associated with the use of digital content, (2) preventing content from being altered, shared, copied, printed or saved, and (3) exploiting watermarking and fingerprinting techniques to implement the content protection, in order to correctly take into account and balance the rights of both users and copyright holders

978-0-7695-3823-5/09 $26.00 © 2009 IEEE DOI 10.1109/CSE.2009.416





trust formation across heterogeneous organizational boundaries is subject to due diligence, usually carried out by humans in their business frame of reference; trust exploitation, enabling resource sharing, must be automated, so the benefits of a decision to trust has to be realized very rapidly.

However, current DRM systems do not support automation. Therefore, the number of human decisions needed is large, and the creation of a federation of services takes a long time. Moreover, DRM systems do not support convenient trusted scoping mechanisms. As a consequence, a decision to trust a web entity may involve placing complete trust in

492

CP

WCA

WCA

1.Or ig cont inal ent

t an cce p 2 .A

2.Check on the correct download

e itiv te efin a 3.D ertific c sa l e

ted cryp 2.En ent and de o cont ng c i t n i erpr fing ted cryp 3.En marked r wate ntent co

ary por te em f i c a 4.T certi e sa l

1.N o ava tifica pro ilabil tion o tec ity f ted of the con the ten t 4.D ef pur initive c cert hase ifica te

The Delivering Phase

ce

The Protection Phase

1 .P ur req chas ues e t

The Negotiation Phase

3.Credentials

B

WCA

SP

CP

B

CP

5.Temporary purchase certificate

Figure 1.

The watermarking protocol.

or seller (CP), the service provider (SP), and the trusted watermark certification authority (WCA). According to Figure 1, the protocol consists of three main phases: negotiation, protection and delivering. The negotiation phase starts when B visits the website of CP and chooses a content. B negotiates with CP a common agreement that is also considered as a purchase order. Then, B contacts WCA and sends his/her credentials. In particular, B can choose between two alternative identification methods: the former is based on the use of anonymous digital certificates issued by Certification Authorities (CAs), whereas the latter is based on the use of credit cards. In the former case, B can start the protection transaction by sending his/her anonymous digital certificate together with the data associated with an anonymous prepaid card. Otherwise, in the latter case, B can send the data associated with his/her credit card. The exchanged data allow WCA to check if B can pay the chosen content and to unambiguously identify B. Then, WCA generates two tokens representing a temporary sale certificate and a temporary purchase certificate, and sends them to CP and B respectively. The protection phase starts with CP that sends WCA the content to be watermarked. WCA encrypts it by exploiting a cryptosystem that has to be “privacy homomorphic” [13] with respect to the subsequent watermark insertion. WCA also generates the fingerprinting code that will have to be embedded in the content to identify B. Then, WCA selects a SP and sends it the encrypted content together with the encrypted fingerprinting code. SP directly watermarks the received content and sends it back to WCA. WCA decrypts the watermarked content, thus generating the final protected version of the content.

it, and this also means that the due diligence process is often arduous and time consuming. Mechanisms to allow different security realms to be federated, such that authorized access to resources managed in one realm can be provided to security web entities whose identities and attributes are managed in other realms, already exist. They include mechanisms for brokering of identity, attribute, authentication and authorization assertions between entities, and privacy of federated claims [11]. However, such mechanisms are not actually dynamic and cannot be effectively used within current DRM systems, which require that trusted transactions occur in real time. Furthermore, since web entities taking part in a DRM system and supplying on-line services are often overcrowded, overburdened or unavailable, the speed they are sought out and federated becomes crucial. In this paper, we presents a DRM system developed as a web software platform to implement the copyright protection of multimedia digital content distributed on the Internet. The DRM system is an evolution of the one presented in [7] and has been designed to give a specific support both to the interaction of the entities involved in the platform and to the development of trusted relationships among them, in a much more flexible way than before, dynamically and with minimal overheads and shared infrastructure. The outline of the paper is as follows. Section II describes the watermarking protocol adopted and implemented by the proposed DRM system. Section III sketches the architecture of the DRM system. In Section V final remarks are available. II. A DOPTED WATERMARKING P ROTOCOL The DRM system presented in this paper adopts the watermarking protocol described in [12], which is based on four main web entities: the buyer (B), the content provider

493

User View HTML Pages

Buyer Applet

Dual Signature

Watermark Certification Authority DCServlet

xml

WPServlet

Enciphered content + Enciphered fingerprinting code

Controller BPEL Process

BPEL Process

Handler

Verifying Processes

TFManager

Content Provider

TWSBroker Model Security Tokens

WS Trust Federation Policy

Service Provider

Bank Figure 2.

The architecture of the DRM system.

security components and/or services can be transparently plugged in within a trusted interaction context. The architecture is made up of software components developed as applets, servlets, BPEL processes [9], and web services, each belonging to a different physical tier and cooperating by exchanging XML based messages according to the WS-Security specification [9]. According to the MVC design approach, the view layer of the DRM system is devoted to the presentation to the user of the digital content hosted by CP, whereas the controller layer groups the core processes that coordinate and manage the services by which the DRM system can insert watermarks into the digital content to be protected. Finally, the model layer groups all the services that make it possible to actually implement the watermarking processes. In particular, some external services, such as those supplied by Banks and “federated” trusted providers, are considered as part of the model layer, even though they are not directly implemented by the DRM system. In fact, such services are decoupled from the core processes in order to support a flexible implementation of the DRM system, whose components can be easily loaded or updated without impacting on the internal

WCA starts the delivering phase by notifying the availability of the protected content to B and the reference to the download server, which can be also distinct from WCA, and from which B may download the watermarked content. Then, B can contact the server and download the required content. WCA autonomously verifies the content download, and only if the transfer results to be correct, WCA charges the B’s prepaid or credit card and generates the definitive version of the sale and purchase certificates to be sent to CP and B respectively. In addition, WCA also sends CP the extended version of the code used to watermark the content, which will be used by CP to refer to the corresponding sale certificate in its databases. III. A RCHITECTURE OF THE DRM S YSTEM In Figure 2 the architecture of the proposed DRM system is shown. It follows the protocol described in Section II and is structured as a multi-tier, distributed layered web application developed according to the Model-View-Controller (MVC) design pattern. In fact, the adopted design approach makes it possible to achieve a good level of system scalability as well as obtain a flexible architecture, in which new

494

the former is involved in the processes which verify the user’s personal and payment credentials, apply the protection to the content, and generate the temporary certificates that are returned to the DCServlet and user. The latter manages the download of the protected content to the user, activates the payment phase, and generates the definitive version of the certificates to be returned to the user and CP. The handler processes enable the components of the controller layer to exploit the services located in the model layer. These services are viewed as provided by the DRM system but result in being external to WCA. They are supplied by Banks, as verification and payment services, and by SPs, as watermarking services. To this end, it is worth noting that Banks supply their services by exploiting standard security interaction mechanisms and protocols. On the contrary, SPs are made available to the DRM system by means of a “federation” of trusted web services [9]. The design choice of federating SPs is mainly motivated by the need to support trusted relationships dynamically established among distinct web entities so as to facilitate an “on-the-fly” resource sharing. In fact, according to the protocol described in Section II, the DRM system mainly manages on-line watermarking transactions. This means that it has to guarantee specific levels of “quality of service” as well as the availability of the protection services provided by SPs, which, on the contrary, can suffer problems caused by breakdowns or overheads. Therefore, in order to solve such problems, the DRM system implements in the controller layer specific mechanisms to automatically pre-federate SPs so as to make its ability to effectively complete secure online watermarking transactions independent of the need to federate a sufficient number of SPs within a trusted web context.

system processes. The view layer is made up of dynamically built HTML pages and applets which enable users to interact with CP and WCA. The HTML pages contain the descriptions of the digital content distributed by CP and the purchase information to be returned to users. The applets manage the communication and interaction that take place between users and CP in the negotiation phase of the watermarking protocol. They also manage: (1) the interaction between users and WCA during the process that takes charge of verifying the user’s identity together with his/her payment credentials; (2) the delivery phase of the watermarked content. Therefore, a user wanting to buy digital content provided by a CP has only to be provided with a common web browser by which he/she can display HTML pages and run applets. The controller layer mainly includes two specific servlets, some BPEL processes and a handler process that manages the invocation of the services that appear as globally supplied by WCA, according to the interaction scheme defined by the watermarking protocol. The DCServlet (Digital Content Servlet) is implemented by CP and interacts with the user applets to generate and manage the HTML pages to be returned to the user in the preliminary part of the purchase transaction. It receives the purchase request from the user and returns the reference to the WCA to be contacted, as the transaction acceptance. It also manages the interaction with WCA during the content protection phase. In particular, during this phase, the DCServlet interacts with the WPServlet (Watermark Process Servlet), which is responsible for starting the watermarking process on the content to be protected and sent by CP through the DCServlet. The WPServlet is implemented by WCA and plays the role of the interface of the control layer. It takes charge of receiving the purchase and protection request from the user together with his/her personal and payment credentials. More precisely, the WPServlet verifies the user’s credentials and, if they turn out to be valid, generates the temporary certificates, which are returned to the DCServlet and user. Then, the WPServlet runs the transfer from CP to WCA of the content to be protected, and starts the protection phase. In particular, this phase consists in generating the fingerprinting code, ciphering and deciphering the received content, and managing the interactions with the SP selected to apply the watermark. Then, the WPServlet notifies the availability of the protected content to the user and, after the correct download of the content, it activates the payment phase and generates the definitive version of the certificates to be returned to the user and CP, according to what defined by the watermarking protocol described in Section II. The WPServlet represents the upper level of the control layer. All its tasks are performed by invoking two BPEL processes, which exploit a set of handler processes to transparently access the services external to WCA. In particular,

IV. A RCHITECTURAL D ETAILS In developing the proposed DRM system, among the others, two main problems have been addressed: 1) the correct implementation of the negotiation phase in terms of both information that has to be exchanged among distinct web entities and user privacy [14]; 2) the dynamic implementation of the federated SPs so as to create a trusted web context. A. Exploiting the gSET Protocol The negotiation phase involves three main web entities: the user, CP and WCA. According to the protocol presented in Section II, it requires the user to send two kinds of information to CP: the user’s credentials and the description of the selected content. The former have to be managed only by WCA, whereas the latter needs to be used by CP. As a consequence, the proposed DRM system supports the use of a subset of the gSET protocol [15], known as the “dual signature” technique, in order to guarantee the confidentiality and integrity of the exchanged data among

495

2: SP requires the security credentials 3: If SP can be authenticated, the CA of TWSBroker returns the security token to SP

TWSBroker Certification Authority

Service Provider Certification Authority 2 Policy

3

Service Provider Policy

1

Security Token

4

Claims

TWSBroker Claims

1: TWSBroker specifies its policy in order to authenticate a SP 4: SP returns the obtained security token to TWSBroker

Security Token

Figure 3.

The TWSBroker authenticates a SP.

the involved web entities. In particular, such a security technique enables both the user’s credentials and content description to be sent in a single message to both CP and WCA. However, it also allows each receiver to only access its part of the sent message, thus preserving user privacy in the CP’s context without preventing WCA from checking the user’s credentials. More precisely, by employing the RSA encryption algorithm, the user ciphers his/her credentials with the public key of WCA and ciphers the content description with the public key of CP. Then, the user computes the SHA-1 digests on these two parts and concatenates them, thus generating the “dual digest”. In addiction, the user exploits his/her secret key to cipher the dual digest, thus creating the “dual signature”. Then, the user builds a XML message including the ciphered information, the digests, the dual digest, and the dual signature, and sends it to CP together with his/her public key. Once received the message built according to the “dual signature” technique, CP is allowed to only access the description of the content selected by the user. Then, CP can forward the received message to WCA, which is allowed to access the user’s credentials, as stated by the watermarking protocol.

URLs of their “policy” files. In fact, such files are compliant with the WS-Policy specifications [9], and define the rules by which the services can be accessed. Therefore, only if SPs specify rules accepted by WCA, they can take part in the service federation, and can dynamically provide WCA with their security services. Core of the implementation of the service federation is the TWSBroker (Trusted Web Services Broker), which is a specific web service whose main aims consist in discovering new SPs to be included in the service federation managed by the TFManager and verifying the compliance of their security policies with the rules defined by WCA. If such a compliance can be verified, the discovered services can be added to the “trusted federation” managed by the TFManager, which updates its registry by storing the URLs and all the policy information about the new services. The federation of a new web service is made possible by a specific protocol implemented by the TWSBroker, which acts as a “requester” for SPs (see Figure 3). In particular, when the TFManager receives a service request that cannot be satisfied by the SPs already included in the federation, it activates the TWSBroker, which starts the discovery service. When the TWSBroker finds out one or more SPs able to perform the required tasks, it starts the federation handshake protocol, based on the exchange of security tokens. This protocol consists of two main steps: • the TWSBroker sends an “invitation” message to the SPs found during the discovery phase in order to know their intention to participate in the federation; • the TWSBroker starts a two-way handshake protocol with each SP that has accepted the invitation message, in order to recognize it as a trusted entity that can be included in the federation. More precisely, the “invitation” message sent by the TWSBroker specifies the goals of the invitation, such as, for

B. Federation of Service Providers As shown in the previous sections, the proposed DRM system has been designed according to a web-oriented approach that allows for exploiting federated SPs in order to watermark digital content. The federation of web services is implemented according to the WS-Federation standard [9], and is managed by a specific web service, called TFManager (Trusted Federation Manager). The TFManager implements a registry service able to store the main information about web services along with the

496

example, the kind of the required service. If a SP accepts the “invitation” message, the mutual recognition can start. It is based on a two-way handshake protocol, which enables the involved entities, i.e. the TWSBroker and the contacted SP, to exchange the respective “security credentials”, according to the policies defined by the Certification Authorities that authenticate them. If the mutual match occurs, i.e. each entity recognizes the other one as a trusted entity, the protocol ends and the SP is allowed to join the service federation. To this end, it is worth noting that the two-way handshake protocol is based on the exchange of “security tokens”, which express the security credentials of the entities involved in the protocol. The contents of the security tokens depend on the Certification Authorities that release them, and are specified in terms of security “claims” and “policies” (i.e. name, key, permission, capabilities, etc. . .). A service can indicate claims and related information in its policy, according to the WS-Policy specifications [9]. Therefore, as shown in Figure 3, when one of the two entities involved in the protocol has not the security credentials required by the other entity, it can ask for them in a specific security token to the Certification Authority that authenticates the other entity. Only if the required security credentials can be correctly obtained, the entity can be authenticated. As a consequence, only if the reciprocal match of the security claims between the TWSBroker and a SP occurs, the two-way handshake protocol can be successfully concluded. Then, the TWSBroker can return information about the new federated SP to the TFManager, which can make it available to WCA.

[2] F. Bartolini, A. Piva, and M. Barni, “Managing copyright in open networks,” IEEE Internet Comput., vol. 6, no. 3, pp. 18–26, 2002. [3] E. T. Lin, A. M. Eskicioglu, R. L. Lagendijk, and E. J. Delp, “Advances in digital video content protection,” Proceedings of the IEEE, vol. 93, no. 1, pp. 171–183, 2005. [4] I. Cox, J. Bloom, and M. Miller, Digital Watermarking: Principles & Practice. Morgan Kaufman, 2001. [5] K. J. R. Liu, W. Trappe, Z. J. Wang, M. Wu, and H. Zhao, Multimedia Fingerprinting Forensics for Traitor Tracing. Hindawi Publishing Corporation, 2005. [6] F. Frattolillo, “Watermarking protocol for web context,” IEEE Trans. Inf. Forensics Security, vol. 2, no. 3, pp. 350–363, 2007. [7] F. Frattolillo and F. Landolfi, “Designing a DRM system,” in Proc. of the 4th Int. Conf. on Information Assurance and Security, Naples, Italy, 2008. [8] G. Hostetler and S. Hasznos, Web Service and SOA Technologies. Practicing Safe Techs, 2009. [9] M. Papazoglou, Web Services: Principles and Technology. Prentice Hall, 2007. [10] F. Frattolillo and S. D’Onofrio, “An effective and dynamically extensible DRM web platform,” in Proc. of the Int. Conf. on High Performance Computing and Communications, ser. Lecture Notes in Computer Science, L. T. Yang, O. F. Rana, B. Di Martino, and J. Dongarra, Eds., vol. 3726, Sorrento, Italy, Sept. 2005, pp. 411–418.

V. C ONCLUSIONS

[11] M. Menzel, C. Wolter, and C. Meinel, “Access control for cross-organisational web service composition,” Journal of Information Assurance and Security, vol. 2, no. 3, pp. 155– 160, 2007.

The paper has presented a DRM system designed according a novel approach suited for web context and developed by exploiting web-oriented software technologies. The system is based on a flexible design approach which enables SPs to dynamically supply copyright protection services on behalf of CPs in a security context. As a consequence, CPs exploiting the proposed system can take advantage of copyright protection processes without having to directly implement them. Furthermore, the implementation approach based on the MVC design pattern makes the DRM system modular and easily extensible. Finally, due to the automatic support to dynamically federate SPs within a trusted interaction context, web entities belonging to distinct security realms can take part in the proposed DRM system in a much more flexible way than before, dynamically and with minimal overheads and shared infrastructure.

[12] F. Frattolillo and S. D’Onofrio, “A web oriented and interactive buyer-seller watermarking protocol,” in Security, Steganography, and Watermarking of Multimedia Contents VIII, ser. Proc. of SPIE, E. J. Delp and P. W. Wong, Eds., vol. 6072, 2006, pp. 718–726. [13] C. L. Lei, P. L. Yu et al., “An efficient and anonymous buyerseller watermarking protocol,” IEEE Trans. Image Process., vol. 13, no. 12, pp. 1618–1626, 2004. [14] M. Campidoglio, F. Frattolillo, and F. Landolfi, “Security and privacy in web-oriented watermarking protocols,” in Proc. of the 10th Int. Conf. on the Social and Ethical Impacts of Information and Communication Technology, Mantua, Italy, 2008.

R EFERENCES

[15] T. Weishaupl, C. Witzany, and E. Schikuta, “gSET: Trust management and secure accounting for business in the grid,” in Proc. of the 6th IEEE Int. Symp. Cluster Computing and the Grid, Singapore, 2006.

[1] J. Spencer, “Beyond file sharing-commerce in peer-to-peer networks: Surveying the landscape,” Journal of Internet commerce, vol. 5, no. 2, pp. 1–19, 2006.

497