(v) system software/hardware can be separated into au- tonomous modules ... Accountability can be achieved using electronic signing, com- mitment and digital ...
A Security Model for Internet - based Digital Asset Management Systems ? I. Chatzigiannakis1,2 V. Liagkou1,2 , D. Salouros1,2 , and P. Spirakis1,2 1 Research and Academic Computer Technology Institute N. Kazantzaki, University of Patras, 26500, Rio, Patras, Greece 2 Department of Computer Engineering and Informatics, University of Patras, 26500, Rio, Patras, Greece e-mails: {ichatz,liagkou,salouros,spirakis}@cti.gr
Abstract. Usage and exploitation of the Internet is a critical requirement for managing and distributing valuable digital assets. This requirement introduces a great number of threats for commercial (or not) organizations that may cause huge data and financial losses, harm their reputation as well as people’s trust on them. In this paper we present the research challenges for secure digital asset management over the web by proposing a model that provides data safety and secure user interaction on especially demanding on-line collaboration environments.
1
Introduction
Nowadays, rich-media organizations tend to produce, manage, present, exchange, organize, store and distribute their material over the web. However, Internet increases the vulnerability of digital content commercial (or not) exploitation since it is a possibly hostile environment for secure data management. The relation between content (digital files) and the proper intellectual property rights (IPR) for use and manage it, results in digital assets, as concluded in [1]. Copies of digital assets, usually of lower quality, that carry copyright information in order to secure IPR on the originals are referred to as proxies. An information system that manages digital assets is called a Digital Asset Management System (DAMS). From a comprehensive summary of [4, 3, 2], a DAMS performs administrative functions on assets such as: ingest, categorize, store and retrieve, workflow control, manage IPR, preview and search, repurpose, encode and transform, preserve and destruct, and, finally, distribute on web portals, broadcasting stations, streaming services and collaborative environments. ?
Partially supported by the IST Programme of the European Union under contact number IST-2005-15964 (AEOLUS).
2
Research Challenges on DAMS
Till now, a large number of commercial and open-source DAMS platforms, has been developed. [2] gives a classification according to market and commercial demands (desktop, workgroup/collaborative, mid-range, pay-as-you-go and enterprise systems). [4] present a system for online learning and asset dissemination to researchers, students or even the general public. [5] describes a detailed top-down system architecture based on selected software and hardware technologies. Today, modern rich-media enterprises seek ways to effectively manage their digital material using Internet-based DAMS. Such systems provide advantages such as: (i) data management can be performed in a distributed fashion by utilizing different servers across a network. (ii) users activate system applications even if they are far away from the system infrastructure. (iii) commercial exploitation of digital assets opens to an endless list of possible consumers. (iv) uninterruptible availability on system data and applications can be achieved. (v) system software/hardware can be separated into autonomous modules (multi-tier scheme) in order to handle more resource needs and increasing numbers of users. The vast majority of today’s DAMS platforms are not relied upon a unifying model that can sustain a well defined security level. Their development is primarily based on the requirements of specific application domains and they usually need to co-operate with external systems such as Digital Rights Management, watermark platforms, etc. But even then, there are still open security problems concerning privilege and IPR assignment, licensing policies and safe access to assets, etc. The demand of expertised staff and the adoption of particular software/hardware solutions are extra disadvantages. 2.1
Security Challenges and Requirements
Despite the advantages, Internet is vulnerable to various threats coming from cyber criminals, hackers, unprincipled authorities, etc. We summarize the most common threats in terms of our application domain: 1. Unauthorized access: an Internet user pretends to be a system user and illegally gains access to system data or applications. 2. Unprivileged activity: a user of a certain group illegitimately acquires privileges of other groups and proceeds to prohibitive actions. 3. Repudiation: a user denies an action that caused a potential damage and the system cannot trace him back. 2
4. Illicit interference with transferred data: packet sniffing, modification or deletion is possible when an unscrupulous entity gains access to a communication channel. 5. Manipulations on stored content: an entity tampers with and forges valuable assets and illegally downloads or distributes them on the net. 6. Virus spreading: generation and propagation of malicious programs (i.e. viruses, worms, etc.) and other hacking techniques (like denial of service attacks) over the web may infect computers, lower performance, stop system operation, delete and steal confidential data, etc. Our research direction necessitates a very careful consideration of all possible security challenges. Below, we list our resulted security requirements and give certain design directives in order to eliminate the threats and increase people’s trust on the provided system services. 1. Confidentiality: leakage of critical information to unauthorized single users or entire user groups is unacceptable. Confidentiality can be achieved through VPN networks, watermarking techniques and effective privileges and IPR management. 2. Integrity: no unauthorized changes should be made on stored and transferred data. Data integrity can be achieved through computating hash and MAC functions. 3. State stamping: an IPR enforced asset locks into a state and no modifications are possible without detection. State stamping can be achieved by utilizing electronic fingerprints and checking hash values. 4. Availability: system data and applications should be available anytime by any authorized user. Availability can be achieved through central failover clusters that perform data path replication and load balancing when needed. 5. Accountability: unauthorized access, modification or illegal distribution on media files should be detected and, possibly, traced to specific sources. Accountability can be achieved using electronic signing, commitment and digital watermarking. 6. Robustness: the system should be shielded against all possible Internet attacks and threats. Robustness can be achieved through the placement of hardware firewalls, with automatically updated antivirus software, and physical protection to confront natural disasters.
3
Our Proposed DAMS Architecture
We can imagine our Internet-based DAMS as a large data repository that provides specific web applications for handling and distributing dig3
ital assets over the web. The system is based on an architectural model that was designed according to the previously discussed requirements. It follows the open-source idea in order to be software/hardware platform independent, lower development and maintenance costs and adapt easier in broader management infrastructures or to future changes. More specifically, in our model users are separated into distinct groups of specific privileges and discrete roles. A distributed architecture based on median servers connected with a central server farm of failover clusters offers scalability and high-availability. Servers follow a multi-tier scheme to achieve modular organization and flexible adaptation to environmental or future changes. A disciplinary workflow mechanism introduces interdependencies between user tasks and data. Network technologies such as VPN networks, a hierarchical Public Key Infrastructure (PKI) and hardware firewalls guarantee integrity and confidentiality on transferred data. Cryptographic techniques such as bit commitments, electronic fingerprints and signing, computing hash and MAC functions as well as watermarking methods and effective IPR enforcements are utilized in order to prevent potential counterfeiting and unauthorized use of digital files and other administrative information. Especially for IPR enforced assets, the system checks hash values so that no system user or Internet attacker is able to modify them without detection (state stamping). We are currently developing a prototype for our model that will serve as a reference implementation. In particular, we wish to examine the security levels achieved as well as the scalability of the system to large number of user requests. We also plan to examine alternative techniques and cryptographic tools for achieving a more advanced security level and also investigate the trade-offs between security and overall performance in large scale environments.
References 1. D. Austerberry, Digital Asset Management - How to realise the value of video and image libraries, Focal Press, Elsevier Ltd, 2004. 2. F. Frey, S. Williams-Allen, H. Vogl and L. Chandra, “Digital Asset Management A Closer Look at the Literature,” Printing Industry Center (Technical Report No. PICRM-2004-08), Mar. 2005. http://www.edsf.org/img/picrm200408.pdf 3. G. Geser et al., “Digital Asset Management Systems for the Cultural and Scientific Heritage Sector,” DigiCULT Project (IST-2001-34898), Thematic Issue 2, Dec. 2002. 4. M. Walter, “Architectural Considerations in Digital Asset Management,” The Gilbane Report, Oct. 2004. http://www.ancept.com/talks/GilbaneWP AnceptIBM 1.0.pdf 5. Digital Asset Management (DAM) Infrastructure Reference Architecture, v. 1.0, Sun Microsystems, Artesia Technologies, Feb. 2003.
4
