Discovering the Core Security Requirements of DRM Systems by Means of Objective Trees

Discovering the Core Security Requirements of DRM Systems by Means of Objective Trees

Hugo Jonker (University of Luxembourg, Luxembourg and Eindhoven University of Technology, The Netherlands) and Sjouke Mauw (University of Luxembourg, Luxembourg)
Copyright: © 2009 |Pages: 15
DOI: 10.4018/978-1-60566-262-6.ch005
OnDemand PDF Download:


The use of Digital Rights Management (DRM) systems involves several stakeholders, such as the content provider, the license provider, and the user, each having their own incentives to use the system. Proper use of the system implies that these incentives can only be met if certain security requirements are fulfilled. Much attention in literature has been devoted to specific security aspects of DRM systems. The contributions of this chapter consist of deriving a systematic overview of core security requirements for DRM systems. This chapter conducts a stakeholder analysis, gives an objective tree for each relevant stakeholder, and develops a simple, generic conceptual model to arrive at the set of core security requirements.
Chapter Preview


There is a precarious balance between dissemination of information (to the general public) and stimulation of innovation and art. The easier it is to spread new information, the less possibilities to profit there will be for innovators to reap the fruits of their labour. On the other hand, spreading innovation and art is considered beneficial to society.

The introduction of computers has had a profound impact on this balance. With computers, it is trivial to create a perfect copy of content – a term used to indicate a work of art, such as music, literature, movies, etc. This coupled with the widespread availability of broadband internet connections means that completely new venues for spreading content to the public at large have come into existence. This enables a business model that consists of selling and delivering digital versions of content online. The main point of concern for such a business is to prevent unsanctioned redistribution of the delivered content.

Digital Rights Management (DRM) systems have been created for this goal. The purpose of a DRM system is to protect (digital versions of) content. Content is bound to a license, and the content is only accessible under the terms stated by the license. Since the year 2000, there has been a strong push into the research and development of DRM systems. There has been work on various related security aspects such as secure storage (Shapiro & Vingralek, 2002), traitor-tracing (Kiayias & Yung, 2003; Safavi-Naini & Wang, 2003), watermarking (Cox, Bloom & Miller, 2001), fingerprinting (Haitsma & Kalker, 2002; Prechelt & Typke, 2001) and tamper resistant code (Horne, Matheson, Sheehan & Tarjan, 2002; Chang & Atallah, 2002). There have also been various proposals for models of DRM systems with specific properties (OMA, 2004; Serrão, Naves, Barker, Balestri & Kudumakis, 2003; Guth, 2003; Popescu, Kamperman, Crispa & Tanenbaum, 2004).

These proposals incorporate various security requirements. Some of these requirements assure core DRM functionality, whereas other requirements realise the specific properties for which that architecture was constructed (e.g. interoperability: MOSES (Serrão, Naves, Barker, Balestri & Kudumakis, 2003), Coral (Coral Consortium, 2006)). The emphasis of such proposals is usually on the latter type of requirements. It is not uncommon that the requirements assuring core DRM functionality receive a lesser treatment. These requirements are often not all made explicit, nor is a justification for them provided. Which of these requirements are made explicit varies from proposal to proposal, which means that the set of requirements that assure core DRM security is scattered. There are several reasons to make this core explicit. The first and foremost reason is that security is an enabling factor for DRM systems. DRM systems are designed to provide a solution for a security problem. An understanding of (the justification for) the core security requirements is crucial for fundamental comprehension of the security of DRM systems. Moreover, knowledge of the core security requirements is instrumental in the construction and verification of DRM systems. Such knowledge enables developers to better understand the consequences of security trade offs. In practical systems, such trade offs between desired features and security requirements are not uncommon.

For example, Apple’s iTunes allows the user to create a CD of protected music. Naturally, Apple realised that such a CD could be used to copy music. Nevertheless, this feature was deemed more important than the costs in terms of loss of security. In this case, an informed decision has been made. In other respects, some of the design decisions of iTunes seem less well-informed and have a negative impact on the overall security of the system. A more detailed examination of iTunes follows below.

Key Terms in this Chapter

Security Requirement: A specific prerequisite that a system needs to fulfil in order to achieve a specific security objective.

License: A virtual object granting specific rights to a specific user for accessing content.

Stakeholder Analysis: A methodology to determine which parties have an interest in a given situation.

Digital Rights Management: Describes techniques that manage protective measures for content.

Open Mobile Alliance (OMA): A standardisation body comprised of most companies in the cell phone market (manufacturers as well as network operators). The corresponding DRM specifications are called OMA DRM.

Content: A work of art, such as music, a movie, literature, software, et cetera.

Objective Trees: A method to establish goals for stakeholders.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Borko Furht
Shiguo Lian, Yan Zhang
Shiguo Lian, Yan Zhang
Chapter 1
Pramod A. Jamkhedkar, Gregory L. Heileman
Rights expression languages (RELs) form a central component of digital rights management (DRM) systems. The process of development of RELs... Sample PDF
Rights Expression Languages
Chapter 2
Deepali Brahmbhatt, Mark Stamp
This chapter presents a digital rights management (DRM) system designed for streaming media. A brief, general introduction to DRM is also provided... Sample PDF
Digital Rights Management for Streaming Media
Chapter 3
Jean-Henry Morin
This chapter introduces and discusses much needed alternatives to the traditional either/or debate on total security of secure multimedia... Sample PDF
Rethinking DRM Using Exception Management
Chapter 4
Mercè Serra Joan, Bert Greevenbosch, Anja Becker, Harald Fuchs
This chapter gives an overview of the Open Mobile AllianceTM Digital Rights Management (OMA DRM) standard, which allows for the secure distribution... Sample PDF
Overview of OMA Digital Rights Management
Chapter 5
Hugo Jonker, Sjouke Mauw
The use of Digital Rights Management (DRM) systems involves several stakeholders, such as the content provider, the license provider, and the user... Sample PDF
Discovering the Core Security Requirements of DRM Systems by Means of Objective Trees
Chapter 6
Pallavi Priyadarshini, Mark Stamp
Peer-to-peer (P2P) networks have proliferated and become ubiquitous. A school of thought has emerged that harnessing the established user-base and... Sample PDF
Digital Rights Management for Untrusted Peer-to-Peer Networks
Chapter 7
L. Badia, A. Erta, U. Malesci
Traditional analog video surveillance systems technology has recently become inadequate to face the massive demand of security systems consisting of... Sample PDF
Pervasive Video Surveillance Systems Over TCP/IP Networks
Chapter 8
Ramya Venkataramu, Mark Stamp
Digital Rights Management (DRM) technology is used to control access to copyrighted digital content. Apple employs a DRM system known as Fairplay in... Sample PDF
P2PTunes: A Peer-to-Peer Digital Rights Management System
Chapter 9
Nicolas Anciaux, Luc Bouganim, Philippe Pucheral
This chapter advocates the convergence between Access Control (AC) models, focusing on the granularity of sharing, and Digital Right Management... Sample PDF
A Hardware Approach for Trusted Access and Usage Control
Chapter 10
Ionut Florescu
Regarding fundamental protocols in cryptography, the Diffie-Hellman (Diffie and Hellman, 1976) public key exchange protocol is one of the oldest and... Sample PDF
A Summary of Recent and Old Results on the Security of the Diffie-Hellman Key Exchange Protocol in Finite Groups
Chapter 11
Guojun Wang, Yirong Wu, Geyong Min, Ronghua Shi
Secret sharing aims at distributing and sharing a secret among a group of participants efficiently. In this chapter, we propose a plane-based access... Sample PDF
Secret Sharing with k-Dimensional Access Structure
Chapter 12
Supavadee Aramvith, Rhandley D. Cajote
Presently, both wireless communications and multimedia communications have experienced unequaled rapid growth and commercial success. Building on... Sample PDF
Wireless Video Transmission
Chapter 13
M. Hassan Shirali-Shahreza, Mohammad Shirali-Shahreza
Establishing hidden communication is an important subject of discussion that has gained increasing importance recently, particularly with the... Sample PDF
A Survey of Information Hiding
Chapter 14
Fan Zhang
The digital multimedia, including text, image, graphics, audio, video, and so forth, has become a main way for information communication along with... Sample PDF
Digital Watermarking Capacity and Detection Error Rate
Chapter 15
Digital Watermarking  (pages 277-297)
Aidan Mooney
As Internet usage continues to grow, people are becoming more aware of the need to protect the display and presentation of digital documents.... Sample PDF
Digital Watermarking
Chapter 16
Pradeep K. Atrey, Abdulmotaleb El Saddik, Mohan Kankanhalli
Digital video authentication has been a topic of immense interest to researchers in the past few years. Authentication of a digital video refers to... Sample PDF
Digital Video Authentication
Chapter 17
Tieyan Li
The multimedia community is moving from monolithic applications to more flexible and scalable proliferate solutions. Security issues such as access... Sample PDF
Flexible Multimedia Stream Authentication
Chapter 18
K-G Stenborg
Media that is distributed digitally can be copied and redistributed illegally. Embedding an individual watermark in the media object for each... Sample PDF
Scalable Distribution of Watermarked Media
Chapter 19
Hafiz Malik
This chapter provides critical analysis of current state-of-the-art in steganography. First part of the this chapter provides the classification of... Sample PDF
Critical Analysis of Digital Steganography
Chapter 20
Esther Palomar, Juan M.E. Tapiador, Julio C. Hernandez-Castro, Arturo Ribagorda
Perhaps the most popular feature offered by Peer-to-Peer (P2P) networks is the possibility of having several replicas of the same content... Sample PDF
Secure Content Distribution in Pure P2P
Chapter 21
Andreas U. Schmidt, Nicolai Kuntze
Security in the value creation chain hinges on many single components and their interrelations. Trusted Platforms open ways to fulfil the pertinent... Sample PDF
Trust in the Value-Creation Chain of Multimedia Goods
Chapter 22
Goo-Rak Kwon, Sung-Jea Ko
The objective of this chapter introduces an advanced encryption of MP3 and MPEG-4 coder with a quality degradation-based security model. For the MP3... Sample PDF
Copyright Protection of A/V Codec for Mobile Multimedia Devices
Chapter 23
Frank Y. Shih, Yi-Ta Wu
Steganography is the art of hiding secret data inside other innocent media file. Steganalysis is the process of detecting hidden data which are... Sample PDF
Digital Steganography Based on Genetic Algorithm
Chapter 24
Guangjie Liu, Shiguo Lian, Yuewei Dai, Zhiquan Wang
Image steganography is a common form of information hiding which embeds as many message bits into images and keep the introduced distortion... Sample PDF
Adaptive Image Steganography Based on Structural Similarity Metric
Chapter 25
Shiguo Lian
Video watermarking technique embeds some information into videos by modifying video content slightly. The embedded information, named watermark, may... Sample PDF
A Survey on Video Watermarking
Chapter 26
Minglei Liu, Ce Zhu
Digital watermarking is a useful and powerful tool for multimedia security such as copyright protection, tamper proofing and assessment, broadcast... Sample PDF
Multiple Description Coding with Application in Multimedia Watermarking
Chapter 27
Hsuan T. Chang, Chih-Chung Hsu
This chapter introduces a pioneer concept in which multiple images are simultaneously considered in the compression and secured distribution... Sample PDF
Fractal-Based Secured Multiple-Image Compression and Distribution
About the Contributors