How to Increase the Security of Digital Rights Management Systems Without Affecting Consumer’s Security

  • Jürgen Nützel
  • Anja Beyer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3995)


The paper starts with a description of the fundamental principles of modern Digital Rights Management Systems. This is the basis for the discussion of their most important security aspects from the provider’s view on the one hand and the customer’s view on the other hand. The second half of the paper focuses the new DRM standard from the Open Mobile Alliance (OMA) and its implementation on “open” systems like Windows. The security anchor of the OMA DRM is the device private key. As long as no trusted storage facilities for open systems work effectively, techniques for software obfuscation could be a solution. Therefore the obfuscation of the device private key and its secure download is described. Currently on Windows PCs there is no chance for a full tamper-proof solution, but the authors try to make the job of an attacker as hard as possible, without affecting the consumer’s security.


Content Provider Certification Authority Trust Platform Module Digital Right Management Trust Computing Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Website of the Open Mobile Alliance,
  2. 2.
    Rosenblatt, B., Trippe, B., Mooney, S.: Digital Rights Management, Business and Technology. M&T Books, New York (2002)Google Scholar
  3. 3.
    Nützel, J.: Die informatorischen Aspekte virtueller Güter und Waren, Habilitationsschrift (venia legendi), Technische Universität Ilmenau (2006),
  4. 4.
    Schmidt, A.U., Tafreschi, O., Wolf, R.: Interoperability Challenges for DRM Systems. In: 2nd Virtual Goods Workshop, Ilmenau (May 2004),
  5. 5.
    Website of the ODRL initiative,
  6. 6.
    Iannella, R.: Digital Rights Management (DRM) Architectures. D-Lib Magazine 7(6) (June 2001),
  7. 7.
    Niels, R.: Managing Meaning - How can standards help? 2nd Virtual Goods Workshop, Ilmenau (May 2004),
  8. 8.
    Grimm, R.: Digital Rights Management: technisch-organisatorische Lösungsansätze. In: Kreis, M. (ed.) Digital Rights Management, Picot, Arnold, pp. 93–106. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Google Scholar
  10. 10.
    Müller, G., Pfitzmann, A.: Sicherheit, insbesondere mehrseitige IT-Sicherheit in: Mehrseitige Sicherheit in der Kommunikationstechnik – Verfahren, Komponenten, Integration; pp. 21–29, Addison-Wesley-Longman, Bonn (1997)Google Scholar
  11. 11.
    Röhrig, S., Knorr, K., Noser, H.: Sicherheit von E-Business-Anwendungen - Struktur und Quantifizierung. WIRTSCHAFTSINFORMATIK 42(6), 499–507 (2000)CrossRefGoogle Scholar
  12. 12.
  13. 13.
    World of warcraft hackers using Sony BMG rootkit,
  14. 14.
    Website of Common Criteria,
  15. 15.
    OMA Digital Rights Management V1.0, DRM Specification, Approved Enabler (Release Date: June 25, 2004),
  16. 16.
  17. 17.
    OMA Digital Rights Management V2.0, DRM Specification, Candidate Enabler (Release Date: September 15, 2005),
  18. 18.
    OMA Digital Rights Management V2.0, DRM Architecture, Candidate Enabler (Release Date: September 15, 2005),
  19. 19.
    The website of the Trusted Computing Group,
  20. 20.
    Website of Microsoft’s Windows Vista,
  21. 21.
    Eilam, E.: Reversing: Secrets of Reverse Engineering. Wiley Publishing, Inc., Indianapolis (2005)Google Scholar
  22. 22.
    Cerven, P.: Crackproof Your Software. No Starch Press, San Francisco (2002)Google Scholar
  23. 23.
    Christian, C., Clark, T., Douglas, L.: A taxonomy of obfuscating transformation, Technical report #148, Department of Computer Science, University of Auckland, New Zealand (1997)Google Scholar
  24. 24.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of Obfuscating Programs (extended abstract) In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 1. Springer, Heidelberg (2001), CrossRefGoogle Scholar
  25. 25.
    Christian, C., Clark, T.: Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection, Department of Computer Science, University of Auckland, New Zealand (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jürgen Nützel
    • 1
  • Anja Beyer
    • 1
  1. 1.Institut für Medien und KommunikationswissenschaftTechnische Universität IlmenauIlmenauGermany

Personalised recommendations