contents from unauthorized access and also preserve the personal privacy of users. Various cryptographic tools (e.g. Public-key encryption, digital signature, ...
Improving Security and Efficiency of Enterprise Digital Rights Management Ahmed H. Soliman
Maged H. Ibrahim
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
Adel E. El -Hennawy
6th ICCCNT
1
Contents Introduction
Previous Work Our Contribution System Model
Upload Protocol Download Protocol System Analysis
Conclusion
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
2
Introduction Digital Rights Management (DRM) schemes are used to protect the confidentiality of digital contents from unauthorized access and also preserve the personal privacy of users. Various cryptographic tools (e.g. Public-key encryption, digital signature, … etc) are used in the design of DRM protocols to achieves the desired services. In commercial applications, users privacy has a major concern in deploying DRM protocols.
For governmental institutions, military applications, or private enterprises, the administration level need to track sensitive information being exchanged through the organization’s system. Enterprise-oriented Digital Rights Management (E-DRM) schemes are used to protects the corporate’s confidential information from insider, as well as outsider attacks.
Various DRM as well as E-DRM schemes have been proposed.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
3
Introduction Digital contents are becoming larger in their size. So, the need for a storage efficient E-DRM system is becoming as crucial as the need for reducing the computations complexity. We propose a new secure E-DRM system which is computationally efficient, it also uses the Information Dispersal Algorithm (IDA) (by M. Rabin 1989) to achieve the efficient storage reliability.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
4
Previous Work Most of previously proposed E-DRM systems have the major components as shown below.
Modification to this architecture are done by: ◦ Chen et al. (2009) who proposed a group of authentication servers rather than a single one. ◦ Chang et al. (2013) who introduced multi-user access.
Lin et al. (2009) apply the concept of role-based access control. All these work did not address the need for an efficient ,and reliable storage and retrieval of digital contents.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
5
Previous Work In most of previously proposed E-DRM systems: ◦ Users send their files unencrypted to the content server. (Fully trusted server) ◦ Encrypted digital contents are stored in a single content server. (Single point of failure)
Garay et al. (2000) proposed the secure storage and retrieval of information (SSRI) system which is based on IDA.
In the SSRI system: ◦ A user securely deposit a file to the system so that, no one except the same user (file owner) can retrieve this file in the future. ◦ The encrypted file is dispersed among n servers. ◦ At the same time, at most t servers (including the gateway server) can be malicious. ◦ Cryptographic tools used: IDA, blind decryption, threshold decryption, distributed digital signature. ◦ Most of distributed digital signature protocols have relatively large communications and computations.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
6
Our Contribution We adapt the SSRI protocols to the E-DRM system to achieve: ◦ ◦ ◦ ◦ ◦
Multi-user access to the same digital content. (rather than single-user access in SSRI). Confidentiality and privacy by eliminating the use of a fully trusted server. Increasing security (by eliminating a security weakness in the SSRI system). Significant reduction in the computational and communications complexity. Reduction in the total storage requirements.
We note that Ibrahim (2015) proposed a secure digital rights management protocol (SDRMP) which is based on the SSRI protocols. However, his protocol have a relatively large computations and communications complexities.
Next, we are going to describe our proposed E-DRM system.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
7
System Model System Entities: ◦ ◦ ◦ ◦
User (ui). Author (uo). Authority Server (AS). Storage Server (SSi).
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
8
System Model Communication Model: ◦ Private channel: realized by using a symmetric encryption (e.g. AES) between the communicating parties with the use of a secret session key. ◦ All channels are assumed to be private.
Adversary Model: ◦ ◦ ◦ ◦
We assume a t-malicious adversaries who can corrupt at most t storage servers. The adversary is assumed to be computationally bounded. The AS is assumed to be honest-but-curious. Each user/author must have a DRM-App (an authorized application used to communicate with the EDRM system, follow the protocols instructions, and force the digital rights of the downloaded contents to be applied). ◦ DRM-App is assumed to be tamper resistant, or else watermarking and fingerprinting techniques must be used.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
9
System Model Key Management: ◦ Public-key infrastructure in which each entity has its own private and public keys. ◦ Storage servers cooperatively generate additional key-pair, a public encryption key Sek and a private decryption key Sdk. ◦ Sdk is shared among all the storage servers (each server SSi has the share Sdki). ◦ A coalition of t or less malicious servers gives them absolutely no information about the original key Sdk. ◦ This can be done using a joint verifiable random secret sharing protocol.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
10
Upload Protocol The protocol consists of two phases; the author-upload phase, and the dispersal phase.
Author-upload phase:
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
11
Upload Protocol Dispersal Phase:
AS runs a slightly modified version of the IDA on the encrypted content as follows: ◦ Divide the encrypted file C into t +1 parts denoted by m0 , m1 , ……., mt , and choose large prime p. ◦ The shares are calculated from: ◦ 𝐶𝑖 = 𝑓 𝑖 , ∀ 𝑖
𝑤ℎ𝑒𝑟𝑒, 𝑓 𝑥 =
𝑡 𝑗=0 𝑚𝑗
𝑥 𝑗 𝑚𝑜𝑑 𝑝
◦ Each server Si will have its share 𝐶𝑖 .
AS chooses a content identity CID which is: a unique identification serial number generated for each uploaded content.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
12
Upload Protocol Dispersal Phase:
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
13
Download Protocol This protocol consists of two phases; the content request and retrieve phase, and the content deliver phase. Content request and retrieve phase: ◦ User ui wants to download a selected content with an identity CID. ◦ The user will get the content decryption key Ke using blind decryption, thus the AS will gain no information about it.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
14
Download Protocol Content request and retrieve phase: ◦ r is the random blinding factor. ◦ ( πi , di )=PDSdki(B.Ke) is the partial decryption with a NIZKP πi .
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
15
Download Protocol Content Deliver Phase:
The DRM-App will force the user to use the file F under the constraints embedded in the digital rights received with this file.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
16
System Analysis Robustness against Malicious Adversaries: ◦ The AS can detect the corrupted share 𝐶𝑖 ′ by computing its hash H [𝐶𝑖 ′] and comparing it with the hash hi which was previously computed and saved during the dispersal phase. ◦ The encrypted content 𝐶 can be correctly reconstructed from any valid t +1 shares (Using Lagrange Interpolation). ◦ Corrupted partial decryptions 𝑑𝑖 ′ can be detected by verifying the associated NIZKP 𝜋𝑖 ′. ◦ The blinded key (r.K) can be correctly reconstructed from any valid t +1 partial decryptions (Using Lagrange Interpolation). ◦ We assumed that the number of storage servers to be n > 2t. So, our DRM system is robust against malicious adversaries corrupting up to t storage servers at the same time.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
17
System Analysis Confidentiality and Privacy: ◦ ◦ ◦ ◦ ◦
The encrypted key Ke can not be decrypted by a collusion of t or less malicious servers at the same time. AS reconstructs the blinded key (r.K) which gives no information about the original key K. No secret information will be exposed to any server including the AS. AS does not reveal the user’s identity to the storage servers during all protocols. Note that a security weakness in the SSRI system which is their assumption that the gateway (AS) could be malicious so, ◦ it can choose another blinding factor 𝑟 ′ ◦ encrypting it 𝐵′ = 𝐸𝑆𝑑𝑘𝑖 (𝑟 ′ ), sending it to all servers ◦ reconstruct the partial decryptions to obtain (𝑟 ′ 𝐾) and thus obtaining the content decryption key K.
◦ We avoid this weakness by assuming that the AS is honest-but-curious.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
18
System Analysis Computations Complexity:
We define the computational cost as the number of basic cryptographic and computational functions implemented by the system entity. The following three tables describes the computational costs of our E-DRM system, SSRI, and SDRMP protocols respectively.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
19
System Analysis Protocol
Upload
Cost at the User/Author
Cost at the AS
1 symmetric encryption
1 signature verification
1 public-key encryption
1 IDA
1 signature generation
n hashes
Cost at SSi 1 signature verification
1 signature generation 1 public-key encryption
Download
n + 1 signature verifications
1 signature verification
1 signature generation
2 signature generations
1 modular multiplication (blinding)
1 signature verification
n hashes
1 partial decryption
1 modular multiplication (de-blinding)
1 IDA reconstruct
1 signature generation
1 symmetric decryption
1 partial decryption interpolation
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
20
System Analysis Protocol
Cost at the User/Author 1 symmetric encryption
Deposit and Dispersal (Upload)
Retrieval (Download)
Cost at the AS 1 partial signature reconstruction
Cost at SSi
1 public-key encryption
1 signature verification 1 partial signature generation
1 signature generation
1 IDA
1 signature verification
n hashes
1 public-key encryption
n majority calculations
1 signature generation
n hashes
1 signature verification 1 IDA reconstruct 1 modular multiplication (de- 1 partial signature blinding) reconstruction 1 symmetric decryption
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
1 signature verification 1 modular multiplication (blinding) 1 partial decryption 1 partial decryption interpolation 1 partial signature generation 6th ICCCNT
21
System Analysis Protocol
Deposit, and Dispersal (Upload)
Cost at the User/Author
Cost at the AS
Cost at SSi
1 symmetric encryption
1 signature verification
1 signature verification
1 public-key encryption
1 signature generation 1 partial signature reconstruction
1 IDA
1 signature generation
1 partial signature generation
1 signature verification
Retrieval (Download)
n hashes
1 public-key encryption
n + 1 signature verification
1 signature verification
1 signature generation
2 signature generation
1 signature verification 1 modular multiplication (deblinding) 1 symmetric decryption
n majority calculations
1 signature generation 1 modular multiplication (blinding)
n hashes
1 partial decryption
1 IDA reconstruct 1 partial decryption interpolation
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
22
System Analysis Computations Complexity:
Most of the computing power we need in our E-DRM system is concentrated mainly in the AS. This means that the AS is required to have a high processing power, while each SSi is mainly used for storage and does not need to be a high processing machine.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
23
System Analysis Storage Requirements:
The overall storage requirement for all servers including the AS is: 𝑛
𝐶 + 𝑡+1
|𝐾𝑒 | + 𝑛|H [𝐶𝑖 ]|
The SSRI and SDRMP systems have a total storage of:
𝑛
𝐶 + 𝑡+1
|𝐾𝑒 | + 𝑛2 |H [𝐶𝑖 ]|
𝐶 : Content size. 𝐶𝑖 : Size of the content share. |𝐾𝑒 | : Encrypted key size. |H [𝐶𝑖 ]| : Hash size.
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
24
System Analysis Storage Requirements:
Comparing the total storage requirement of our E-DRM with that of SSRI and SDRMP using realistic example: • n : from 3 to 41 • |H [𝐶𝑖 ]| = 32 bytes (for SHA-256) • |𝐾𝑒 | = 128 bytes (for 1024 bit public-key length)
The amount of storage reduction becomes more significant for small files than for large files. IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
25
Conclusion we propose an E-DRM system which satisfy: ◦ ◦ ◦ ◦ ◦
Multi-user access to the same digital content. Confidentiality and privacy by eliminating the use of a fully trusted server. Increasing security. Significant reduction in the computational and communications complexity. Reduction in the total storage requirements. (Still needs improvements).
◦ Our future work is to implement the proposed system and evaluate its usability.
26
Thanks
IMPROVING SECURITY AND EFFICIENCY OF ENTERPRISE DIGITAL RIGHTS MANAGEMENT (PAPER # 135)
6th ICCCNT
27
