Abstract
Security in the value creation chain hinges on many single components and their interrelations. Trusted Platforms open ways to fulfil the pertinent requirements. This chapter gives a systematic approach to the utilisation of trusted computing platforms over the whole lifecycle of multimedia products. This spans production, aggregation, (re)distribution, consumption, and charging. Trusted Computing technology as specified by the Trusted Computing Group provides modular building blocks which can be utilized at many points in the multimedia lifecycle. We propose an according research roadmap beyond the conventional Digital Rights Management use case. Selected technical concepts illustrate the principles of Trusted Computing applications in the multimedia context.
TopIntroduction
Major scientific efforts have gone into security issues of the value creation chain and lifecycle of digital multimedia products, see the Proceedings of the IFIP TC-6 TC-11 Conferences on Communications and Multimedia Security (1999-2007), and (Zeng, et al., 2006). Thus far these developments have been a rather traditional application of information security to the life-cycle of multimedia data. In particular, authorisation policies and metadata for Digital Rights Management have reached a high degree of maturity (Kosch, et al., 2005). All proposed architectures for multi-media production and distribution have the common characteristic of a few-to-many association between media sources and consumers. This asymmetry is currently gradually changing. The distinction between media consumers and producers becomes less sharp in Web 2.0 communities like Flickr, YouTube and Facebook. Citizen journalism is a new buzzword. And although the mainstream of media production and distribution will still for a long time be largely resting on centralised business models, information and communication technology exhibit a trend toward convergence which treats user devices on the same technical footing as media servers, for instance.
Likewise the traditional security architectures supporting the life cycle of multimedia content are centralistic and focused on the enforcement of Digital Rights Management (DRM) policies throughout the processes. This approach has its own technical, as well as economical and societal problems (Becker, et al., 2003; Drahos, & Maher, 2004; Mulligan, et al., 2003). On the other hand, the trend toward decentralised distribution structures calls for radically new security foundations. Merabti, & Llewellyn-Jones (2006) suggest approaches to DRM which are rooted in cellular automata to establish trust between consuming and distributing nodes. The authors also mention Trusted Computing as a potential underlying technology.
The purport of this chapter is to show that Trusted Computing is a viable technology option for the security fundaments of old and new multimedia production and distribution models alike. The standardisation efforts of the Trusted Computing Group have produced what has the potential to become a universal security fundament for the information society. The distinct feature of the new technology is its inherently decentralised organisation. The consequences of this change of paradigms must not be underestimated. Though classical security systems, e.g. for access control and Public-Key Infrastructures (PKI), can easily be modelled using TC, the underlying trust models leave ample space for alternatives – already known or yet to be envisaged.
The chapter is organised as follows. Section 1.1 presents fundamental notions of Trusted Platforms which are essential for the understanding of the concepts outlined in Section 2, which structures the life-cycle of multimedia according to security requirements. Key usages of TC are highlighted in Section 2.2. Section 3 introduces TC on a more technical level, providing prerequisites for the architectural ideas sketched in Section 4. The latter presents two key concepts for TC application in multimedia content distribution, the first centred on mobile devices, the second on traditional Digital Video Broadcast (DVB) architectures. Section 5 contains a concluding discussion focused on security assessments and practical implications of this novel combination of technologies.
Key Terms in this Chapter
Privacy CA: One of the first protocols developed by the TCG the privacy certification authority (Privacy CA) offers as third party service pseudonyms which are used within all authentication protocols later on. Only the Privacy CA can later on bring together the identity of a certain user with the identity issued by the Privacy CA.
Secure Boot: In contrast to the trusted boot where all components are only measured and reported secure boot requires an internal verifier which decides on every step of boot if the boot will continue or not. At the end of the boot process the system is in a fully checked status.
DVB: Digital Video Broadcasting (DVB) is the standard for the broadcast of multimedia content. Substandards are defined for satellite (-S), terrestrial (-T), and mobile (-H) broadcasting which define the physical characteristics of the signal. DVB is based on the MPEG-2 coding of content and published by a Joint Technical Committee (JTC) of European Telecommunications Standards Institute (ETSI), European Committee for Electrotechnical Standardization (CENELEC) and European Broadcasting Union (EBU).
Trusted Boot: During boot each component is verified and the measurements are stored in a special log. Using the log together with the TPM produced reference an external verifier is able to judge if a certain platform is in a trustworthy state according to the verifier’s policies.
Trusted Platform Module (TPM): (From the TCG’s FAQ) The TPM is a microcontroller that stores keys, passwords and digital certificates. It typically is affixed to the motherboard of a PC. It potentially can be used in any computing device that requires these functions. The nature of this silicon ensures that the information stored there is made more secure from external software attack and physical theft. Security processes, such as digital signature and key exchange, are protected through the secure TCG subsystem. Access to data and secrets in a platform could be denied if the boot sequence is not as expected. Critical applications and capabilities such as secure email, secure web access and local protection of data are thereby made much more secure. TPM capabilities also can be integrated into other components in a system.
Mobile Trusted Module (MTM): The Mobile Phone Working Group (MPWG) derived from the specification of the TPM a mobile version which is adapted to the special technical and organisational requirements in this environment. The MTM defines isolated compartments providing secured and trustworthy environments for different stakeholders in the mobile economic chain.