Security Specification for Conversion Technologies of Heterogeneous DRM Systems

  • Heasuk Jo
  • Woongryul Jeon
  • Yunho Lee
  • Seungjoo Kim
  • Dongho Won
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5451)

Abstract

Digital Right Management (DRM) can be used to prohibit illegal reproduction, and redistribution of digital content, to protect copyrights. However, current DRM systems are incompatible and lack of interoperability which exchange of data, different platform, designed and protected by different content providers. To overcome these drawbacks, three ways of interoperability are full-formation interoperability, connected interoperability, configuration-driven interoperability, allowing consumers to use the purchased content in their equipments of choice. In this paper, we study on the security specification of configuration-driven interoperability for heterogeneous DRM systems, using the Common Criteria. Then, we study security boundary, security environment, security objectives, and rationale of an CTHDS_PP(Conversion Technologies of Heterogeneous DRM Systems Protection Profile) to find important security features. The CTHDS_PP gives a discussion covered the current security problems to conversion technologies and lists threats to solve those problems. Moreover, this CTHDS_PP can be used for potential developers and system integrators, and reviewed and assessed by evaluators.

Keywords

Digital rights management(DRM) Common Criteria(CC) Protection Profile(PP) Interoperability 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Secure Digital Container, http://www.digicont.com
  5. 5.
    International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Evaluation, Part 1 (2005)Google Scholar
  6. 6.
    International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Evaluation, Part 2 (2005)Google Scholar
  7. 7.
    International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Evaluation, Part 3 (2005)Google Scholar
  8. 8.
    International Standard ISO/IEC 15408, Common Methodology for Information Technology Security Evaluation, Evaluation methodology (2005)Google Scholar
  9. 9.
  10. 10.
  11. 11.
    Herrmann, D.S.: Using the Common Criteria for IT Security Evaluation. Auerbach publications (2003)Google Scholar
  12. 12.
    Open Mobile Alliance, DRM Architecture Approved Version 2.0 (2006)Google Scholar
  13. 13.
    Apple Inc. Common Criteria Certification: Apple’s Ongoing Commitment to Security, WhitepaperGoogle Scholar
  14. 14.
    Jaafari, A.B.: Common Criteria for Information Technology Security Evaluation Mobile Phone Digital Rights Management Protection Profile, Polytechnic University (2004)Google Scholar
  15. 15.
    Jaafari, A.B.: Protection Profile Reuse: Case Study of the reusability of the Smart Card Protection Profile for producing the Mobile Phone Digital Rights Management Protction Profile, Polytechnic University (2004)Google Scholar
  16. 16.
    Naini, R.S., Sheppard, N.P., Uehara, T.: Import/Export in Digital Rights Management. In: ACM Workshop on Digital Rights Management (2004)Google Scholar
  17. 17.
    Koenen, R.H., Lacy, J., Mackay, M., Mitchell, S.: The Long March to Interoperable Digital Rights Management. Proceedings of the IEEE 92, 883–897 (2004)CrossRefGoogle Scholar
  18. 18.
    Bradley, W., Maher, D.: The NEMO P2P service orchestration framework. In: Proc. 37th Annu. Hawaii Int. Conf. System Sciences (2004)Google Scholar
  19. 19.
    Torres, V., Serrao, C., Dias, M.S., Delgado, J.: Open DRM and the Future of Media. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  20. 20.
    Rump, N.: Can digital rights management be standardized? IEEE Signal Processing Magazine (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Heasuk Jo
    • 1
  • Woongryul Jeon
    • 1
  • Yunho Lee
    • 1
  • Seungjoo Kim
    • 1
  • Dongho Won
    • 1
  1. 1.Information Security GroupSungkyunkwan UniversityGyeonggi-doKorea

Personalised recommendations