Nuovo DRM Paradiso: Towards a Verified Fair DRM Scheme

  • M. Torabi Dashti
  • S. Krishnan Nair
  • H. L. Jonker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4767)


We formally specify the recent DRM scheme of Nair et al. in the μ crl process algebraic language. The security requirements of the scheme are formalized and using them as the basis, the scheme is verified. The verification shows the presence of security weaknesses in the original protocols, which are then addressed in our proposed extension to the scheme. A finite model of the extended scheme is subsequently model checked and shown to satisfy its design requirements, including secrecy, fairness and resisting content masquerading. Our analysis was distributed over a cluster of machines, allowing us to check the whole extended scheme despite its complexity and high non-determinacy.


Model Check Content Provider Trust Third Party Label Transition System Digital Right Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Nair, S., Popescu, B., Gamage, C., Crispo, B., Tanenbaum, A.: Enabling DRM-preserving digital content redistribution. In: 7th IEEE Conf. E-Commerce Technology, pp. 151–158. IEEE CS, Los Alamitos (2005)Google Scholar
  2. 2.
    Halderman, J., Felten, E.: Lessons from the Sony CD DRM episode. In: The 15th USENIX Security Symposium, pp. 77–92 (2006)Google Scholar
  3. 3.
    Groote, J.F., Ponse, A.: The syntax and semantics of μCRL. In: Algebra of Communicating Processes 1994. Workshops in Computing Series, pp. 26–62. Springer, Heidelberg (1995)Google Scholar
  4. 4.
    Blom, S., Fokkink, W., Groote, J.F., van Langevelde, I., Lisser, B., van de Pol, J.: μCRL: A toolset for analysing algebraic specifications. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 250–254. Springer, Heidelberg (2001)Google Scholar
  5. 5.
    Blom, S., Calame, J., Lisser, B., Orzan, S., Pang, J., van de Pol, J., Torabi Dashti, M., Wijs, A.: Distributed analysis with μCRL. In: TACAS 2007 (to appear, 2007)Google Scholar
  6. 6.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. on Information Theory IT-29(2), 198–208 (1983)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Asokan, N.: Fairness in electronic commerce. PhD thesis, Univ. Waterloo (1998)Google Scholar
  8. 8.
    Avoine, G., Gärtner, F., Guerraoui, R., Vukolic, M.: Gracefully degrading fair exchange with security modules. In: Dal Cin, M., Kaâniche, M., Pataricza, A. (eds.) EDCC 2005. LNCS, vol. 3463, pp. 55–71. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Pucella, R., Weissman, V.: A logic for reasoning about digital rights. In: CSFW 2002, pp. 282–294. IEEE CS, Los Alamitos (2002)Google Scholar
  10. 10.
    Gürgens, S., Rudolph, C., Vogt, H.: On the security of fair non-repudiation protocols. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 193–207. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Kremer, S., Raskin, J.: A game-based verification of non-repudiation and fair exchange protocols. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 551–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Shmatikov, V., Mitchell, J.: Finite-state analysis of two contract signing protocols. Theor. Comput. Sci. 283(2), 419–450 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Kähler, D., Küsters, R.: Constraint solving for contract-signing protocols. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 233–247. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Abadi, M., Blanchet, B.: Computer-assisted verification of a protocol for certified email. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 316–335. Springer, Heidelberg (2003)Google Scholar
  15. 15.
    Bella, G., Paulson, L.C.: Mechanical proofs about a non-repudiation protocol. In: Boulton, R.J., Jackson, P.B. (eds.) TPHOLs 2001. LNCS, vol. 2152, pp. 91–104. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Evans, N., Schneider, S.: Verifying security protocols with PVS: widening the rank function approach. J. Logic and Algebraic Programming 64(2), 253–284 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Krishnan Nair, S., Torabi Dashti, M.: DRM paradiso (2007),∼srijith/paradiso/andformal.phptherein
  18. 18.
    Pagnia, H., Vogt, H., Gärtner, F.: Fair exchange. Comput. J. 46(1), 55–75 (2003)zbMATHCrossRefGoogle Scholar
  19. 19.
    Alpern, B., Schneider, F.: Defining liveness. Technical Report TR 85-650, Dept. of Computer Science, Cornell University, Ithaca, NY (October 1984)Google Scholar
  20. 20.
    Fischer, M., Lynch, N., Paterson, M.: Impossibility of distributed consensus with one faulty process. J. ACM 32(2), 374–382 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Basu, A., Charron-Bost, B., Toueg, S.: Simulating reliable links with unreliable links in the presence of process crashes. In: Babaoğlu, Ö., Marzullo, K. (eds.) WDAG 1996. LNCS, vol. 1151, pp. 105–122. Springer, Heidelberg (1996)Google Scholar
  22. 22.
    Even, S., Yacobi, Y.: Relations amoung public key signature systems. Technical Report 175, Computer Science Department, Technicon, Haifa, Israel (1980)Google Scholar
  23. 23.
    Jonker, H., Nair, S.K., Dashti, M.T.: Nuovo DRM paradiso. Technical Report SEN-R0602, CWI, Amsterdam, The Netherlands (2006),
  24. 24.
    Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)Google Scholar
  25. 25.
    Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE J. Selected Areas in Communication 21(1), 44–54 (2003)CrossRefGoogle Scholar
  26. 26.
    Fernandez, J.C., Garavel, H., Kerbrat, A., Mateescu, R., Mounier, L., Sighireanu, M.: CADP: A protocol validation and verification toolbox. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 437–440. Springer, Heidelberg (1996)Google Scholar
  27. 27.
    Cervesato, I.: Data access specification and the most powerful symbolic attacker in MSR. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 384–416. Springer, Heidelberg (2003)Google Scholar
  28. 28.
    Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of non-repudiation protocols. Computer Communications 25(17), 1606–1621 (2002)CrossRefGoogle Scholar
  29. 29.
    Cederquist, J., Torabi Dashti, M.: An intruder model for verifying liveness in security protocols. In: FMSE 2006, pp. 23–32. ACM Press, New York (2006)CrossRefGoogle Scholar
  30. 30.
    Mateescu, R., Sighireanu, M.: Efficient on-the-fly model-checking for regular alternation-free μ-calculus. Sci. Comput. Program. 46(3), 255–281 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Comon, H., Shmatikov, V.: Is it possible to decide whether a cryptographic protocol is secure or not? J. of Telecomm. and Inform. Tech. 4, 3–13 (2002)Google Scholar
  32. 32.
    Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols. In: CSFW 2000, pp. 255–268. IEEE CS, Los Alamitos (2000)Google Scholar
  33. 33.
    Francez, N.: Fairness. Springer, Heidelberg (1986)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • M. Torabi Dashti
    • 1
  • S. Krishnan Nair
    • 2
  • H. L. Jonker
    • 3
  1. 1.CWI Amsterdam 
  2. 2.Vrije Universiteit Amsterdam 
  3. 3.Technische Universiteit Eindhoven 

Personalised recommendations