A Content Protection Scheme Using MPEG-21 Concepts and Tools Chia-Hsien Lu Feng-Cheng Chang...
-
Upload
josephine-maulding -
Category
Documents
-
view
220 -
download
0
Transcript of A Content Protection Scheme Using MPEG-21 Concepts and Tools Chia-Hsien Lu Feng-Cheng Chang...
A Content Protection Scheme A Content Protection Scheme Using MPEG-21 Concepts and Using MPEG-21 Concepts and
ToolsToolsChia-Hsien Lu Chia-Hsien Lu
Feng-Cheng ChangFeng-Cheng ChangHsueh-Ming HangHsueh-Ming Hang
Dept. Electronics EngineeringDept. Electronics EngineeringNational Chiao Tung UniversityNational Chiao Tung University
Hsinchu, Taiwan, R.O.C.Hsinchu, Taiwan, R.O.C.
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU2
OutlineOutline
GoalsGoals OverviewOverview Design and ImplementationDesign and Implementation Application ExampleApplication Example ConclusionsConclusions DemonstrationDemonstration
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU3
GoalsGoals
A DRM SystemA DRM System Integrate concepts ofIntegrate concepts of
MPEG-21 IPMPMPEG-21 IPMP MPEG-21 RELMPEG-21 REL
Implement usingImplement using MPEG-4 IPMPXMPEG-4 IPMPX MPEG-21 Test BedMPEG-21 Test Bed
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU4
Fundamental ConceptsFundamental Concepts
MPEG-21MPEG-21 Digital Item (DI)Digital Item (DI) Part 2Part 2
Digital Item Declaration (DID)Digital Item Declaration (DID) Digital Item Declaration Language (DIDL)Digital Item Declaration Language (DIDL)
Part 4Part 4 Intellectual Property Management and Protection (IPMP)Intellectual Property Management and Protection (IPMP) IPMP DIDLIPMP DIDL
Part 5Part 5 Rights Expression Language (REL)Rights Expression Language (REL)
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU5
MPEG-21 Part-4 IPMPMPEG-21 Part-4 IPMP
Goals of MPEG-21 IPMP:Goals of MPEG-21 IPMP: Effective protection and management on DIEffective protection and management on DI
ss Protect a specific part of the DI by encapsulProtect a specific part of the DI by encapsul
ating it in IPMP DIDLating it in IPMP DIDL Element interchangeability:Element interchangeability:
DIDL IPMP DIDL
<Container> <Item> … </Item></Container>
<Container> <ipmpdidl:Item> … </ipmpdidl:Item></Container>
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU6
MPEG-21 Part-5 RELMPEG-21 Part-5 REL
An XML-based rights expression An XML-based rights expression languagelanguage
Declare an authorized distribution for Declare an authorized distribution for the use of any resource owned by the use of any resource owned by specific usersspecific users
Characteristics:Characteristics: Comprehensive Data ModelComprehensive Data Model Precise Authorization ModelPrecise Authorization Model Extensible Extension and flexible ProfilingExtensible Extension and flexible Profiling
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU7
REL LicenseREL License
General semantics of a license:General semantics of a license: An identified principal has specific rights An identified principal has specific rights
for exercising those resources under the for exercising those resources under the terms and conditions. terms and conditions.
license grant
Johnplaywifi_audio.aacduring June 2006
issuerMusic Station
license
grant issuer
principal right resource condition
0 .. 1 0 .. 1 0 .. 1
0 .. ∞ 0 .. ∞
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU8
MPEG-4 IPMPXMPEG-4 IPMPX
Tool Manager
Terminal
IPMP Tool
IPMP Filter (Control Point)
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU9
RTSPmux with terminal& user XDI
Decoder
MediaChannels
(RTP, UDP)
ControlChannel
(RTSP,TCP)
RTSPmux with
SDP
Packet Buffer
Output Buffer
NetworkEmulator
OfflineMedia
Encoder
TCP
NetworkProfile
Server
MediaDatabase
StreamBufferNetwork Interface
UDPUDP
Client
TCP
ClientController
control
RTP/ RTCP
RTP/ RTCP
RTSPdemux
with terminal&user XDI
Packet Loss
MonitorQoS
Decision
QoSDecision
Streamer
terminal& user XDI
NISTnet
NISTnet
Network Interface
media
Packet Buffer
DIA
media
1
1
CDI, XDI,IOD
networkXDI
XDImedia
ServerController
IPMPFilter(PostDIA)
IPMPFilter(PreDecoder)
IPMPFilter(PostDecoder)
User Characteristics
control
RTSP demux
with SDP
MPEG-21 Test BedMPEG-21 Test Bed
Control Channel
Data Channel
ControlPoint
Control Point
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU11
IPMP_Info_EngineIPMP_Info_Engine An IPMPX ToolAn IPMPX Tool
Perform functionalities of MPEG-21 IPMP anPerform functionalities of MPEG-21 IPMP and RELd REL
Parse_IPMPDIDL()Parse_IPMPDIDL() Parse an IPMP DIDL element Parse an IPMP DIDL element
REL_authorize()REL_authorize() Extend REL reference software (ContentGuard)Extend REL reference software (ContentGuard) Perform rights authorization and generate an auPerform rights authorization and generate an au
thorization proofthorization proof
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU12
Example ScenarioExample Scenario
Each IPMP Tool can send requests to the Each IPMP Tool can send requests to the IPMP_Info_Engine Tool for the right to pIPMP_Info_Engine Tool for the right to process data through IPMP Messagerocess data through IPMP Message
DES Tool
IPMP_Info_EngineTool
1. Send an message for request the right to decrypt.
2. Perform REL verification
3. Send an message with the result of verification
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU13
Content Protection Content Protection MechanismMechanism
Layer 1Layer 1: Content is protected with symmetric : Content is protected with symmetric encryption algorithm.encryption algorithm.
Layer 2Layer 2: Content encryption keys are protected : Content encryption keys are protected with asymmetric encryption algorithm.with asymmetric encryption algorithm.
(Encryption)DESTool
(Decryption)DESTool
Key Server
Layer 1
Layer 2
RequestSetup
Ask for keys
Verify
Encrypted Content
Server Client
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU14
Key ServerKey Server
Function of a Key serverFunction of a Key server Manage keysManage keys Client authentication and authorizationClient authentication and authorization Encrypt keys with client’s public keysEncrypt keys with client’s public keys
Implementation of a Key serverImplementation of a Key server A local web serverA local web server
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU15
Example: Super-distributionExample: Super-distribution Manage the user’s right in a distributed mobile Manage the user’s right in a distributed mobile
environment.environment. Example of OMA DRM v2.0Example of OMA DRM v2.0
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU16
License Verification License Verification
Online verificationOnline verification Remote server verifies the client.Remote server verifies the client.
Offline verificationOffline verification Online verification is more secure than Online verification is more secure than
offline verification.offline verification. Use an online certificate to represent if a Use an online certificate to represent if a
successful online verification already successful online verification already exists.exists.
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU17
License structureLicense structure
License
<John> <play> <foreman.m4v> <allConditions> <exerciseMechanism> <validicityInterval> </allConditions>
Grant 1 (online)
<John><play><foreman.m4v><allConditions> <exerciseMechanism> <validicityInterval> <exerciseLimit> <sx:count>3</sx:count> </exerciseLimit></allConditions>
Grant 2 (offline)
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU18
Authorization FlowAuthorization Flow
False
False
Online?
True
Interval valid?
True
Count valid?
False
True True
Grant 1(Online)
Grant 2(Offline)
Offline? False
True False
Interval valid?False
True
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU19
ConclusionsConclusions
We construct a DRM system implemented We construct a DRM system implemented using MPEG-21 IPMP and RELusing MPEG-21 IPMP and REL Two specifications are included:Two specifications are included:
Content protectionContent protection Rights ManagementRights Management
A two-layer content protection scheme is A two-layer content protection scheme is proposed for delivering both content and proposed for delivering both content and key securelykey securely
Develop one application exampleDevelop one application example
C.-H. Lu, F.-C. Chang, H.-M. Hang CommLab EE NCTU20
DemonstrationDemonstration
Offline play without a certificate Offline play without a certificate FailuFailurere
Online play Online play SuccessSuccess Offline playback three times Offline playback three times SuccessSuccess Fail to continue offline playback (counts Fail to continue offline playback (counts
are limited to three times) are limited to three times) FailureFailure