How to Manage Persistent State in DRM Systems
Digital Rights Managements (DRM) systems often must manage persistent state, which includes protected content, an audit trail, content usage counts, certificates and decryption keys. Ideally, persistent state that has monetary value should be stored in a physically secure server. However, frequently the persistent state may need to be stored in a hostile environment. For example, for good performance and to support disconnected operation, recent audit records may be stored on a consumer device. The device’s user may have an incentive to alter the audit trail and thus obtain content for free. In this paper we explain the need for persistent state in DRM systems, describe several methods for maintaining persistent state depending on the system requirements, and then focus on the the special case of protecting persistent state in hostile environments.
KeywordsStable Storage Replay Attack Message Authentication Code Digital Right Management Persistent State
Unable to display preview. Download preview PDF.
- 1.Mihir Bellare and Bennet Yee. Forward integrity for secure audit logs. Technical report, Computer Science and Engineering Department, University of California at San Diego, November 1997.Google Scholar
- 2.M. Blaze. A cryptographic file system for unix. In In Proceedings of the First ACM Conference on Computer and Communication Security, November 1993. Firfax, VA.Google Scholar
- 3.M. Blum, W. Evans, P. Gemmel, S. Kannan, and M. Naor. Checking the correctness of memories. In In Proceedings of the IEEE Conference on Foundations of Computer Science, 1991. San Juan, Puerto Rico.Google Scholar
- 4.G. Cattaneo, L. Catuogno, A. Del Sorbo, and P. Persiano. The design and implementation of a transparent cryptographic file system for unix. In Proceedings of the FREENIX Track: USENIX Annual Technical Conference, June 2001. Boston, MA.Google Scholar
- 5.S. Chari, C. Jutla, J. Rao, and P. Rohatgi. Towards sound approaches to counteract power-analysis attacks. In In Proceedings of the 19th Annual International Cryptology Conference, 1999. Santa Barbara, CA.Google Scholar
- 6.Dallas Semiconductor. DS5002FP Secure Microprocessor Chip, July 2001.Google Scholar
- 7.K. Fu, F. Kaashoek, and D. Mazieres. Fast and secure distributed read-only file system. In Proceedings of the 4th Symposium on Operating Systems Design and Implementation, 2000. San Diego, CA.Google Scholar
- 8.J. Gray and A. Reuter. Transaction Processing: Concepts and Techniques. Morgan Kaufmann, 1993.Google Scholar
- 9.D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, 2000. Cambridge, MA.Google Scholar
- 10.U. Maheshwari, R. Vingralek, and W. Shapiro. How to build a trusted database system on untrusted storage. In Proceedings of the 4th Symposium on Operating Systems Design and Implementation, 2000. San Diego, CA.Google Scholar
- 11.D. Mazieres and D. Shasha. Don’t trust your file server. In In Proceedings of the 8th Workshop on Hot Topics in Operating Systems, May 2001. Schloss Elmau, Germany.Google Scholar
- 12.R. Merkle. Protocols for public key cryptosystems. In Proceedings of the IEEE Symposium on Security and Privacy, 1980. Oakland, CA.Google Scholar
- 13.N. Provos. Encrypting virtual memory. In Proceedings of the 9th USENIX Security Symposium, August 2000. Denver, CO.Google Scholar
- 14.P. Reiher, T. Page, S. Crocker, J. Cook, and G. Popek. Truffles—a secure service for widespread file sharing. In In Proceedings of the The Privacy and Security Research Group Workshop on Network and Distributed System Security, February 1993.Google Scholar
- 15.M. Rosenblum and J. Ousterhout. The design and implementation of a log-structured file system. In Proceedings of the 13th ACM Symposium on Operating Systems Principles, 1991. Pacific Grove, CA.Google Scholar
- 16.B. Schneier and J. Kelsey. Cryptographic support for secure logs on untrusted machines. In In Proceedings of the USENIX Security Symposium, 1998. San Antonio, TX.Google Scholar
- 17.M. Seltzer and M. Olson. Challenges in embedded database system administration. In Proceeding of the Embedded System Workshop, 1999. Cambridge, MA (software available at www.sleepycat.com).
- 18.Dallas Semiconductor. Java-powered cryptographic iButton. www.ibutton.comibuttonsjava.html, July 2001.
- 19.S. Smith, E. Palmer, and S. Weingart. Using a high-performance, programmable secure coprocessor. In Proceedings of the International Conference on Financial Cryptography, 1998. Anguilla, British West Indies.Google Scholar
- 20.C. Stein, J. Howard, and M. Seltzer. Unifying file system protection. In Proceedings of the USENIX Annual Technical Conference, 2001. Boston, MA.Google Scholar
- 21.Infineon Technologies. Eurochip II — SLE 5536. available at www.infineon.com/cgi/ecrm.dll/ecrm/scripts/prod_ov.jsp?oid=14702&cat_oid=-8233, 2000.
- 22.InterTrust Technologies. Rightschip. available at www.intertrust.com/main/products/rightschip-fs.html, July 2001.
- 23.J. Tual. MASSC: A generic architecture for multiapplication smart cards. IEEE Micro, 19, 1999.Google Scholar
- 24.R. Vingralek. GnatDb: A small footprint, secure database system. Technical Report STAR-TR-01-05, InterTrust Technologies, 2001. available at www.star-lab.com/tr/star-tr-01-05.html.
- 25.R. Vingralek, U. Maheshwari, and W. Shapiro. TDB: A database system for digital rights management. Technical Report STAR-TR-01-01, InterTrust Technologies, 2001. available at www.star-lab.com/tr/star-tr-01-01.html.
- 26.E. Zadok, I. Babulescu, and A. Shender. Cryptfs: A stackable vnode level encryption file system. Technical Report CUCS-021-98, Computer Science Department, Columbia University, June 1998.Google Scholar