1 / 14

Enriched Trusted Platform and its Application on DRM

Enriched Trusted Platform and its Application on DRM. Yongdong Wu, and Feng Bao. 吴永东 , 鲍丰 . Cryptography and Security Department Institute for Infocomm Research, Singapore Oct. 16, 2008. Content. Background Overview of TPM Related work Enhanced TPM structure DRM Application

jemima
Download Presentation

Enriched Trusted Platform and its Application on DRM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enriched Trusted Platform and its Application on DRM Yongdong Wu, and Feng Bao 吴永东, 鲍丰 Cryptography and Security Department Institute for Infocomm Research, Singapore Oct. 16, 2008

  2. Content • Background • Overview of TPM • Related work • Enhanced TPM structure • DRM Application • DRM structure • Expiry control • Software upgrading • Discussion • Security • Performance • Conclusion

  3. Background TPM component Transitive trust • Processor • Cryptographic engine • Non-volatile memory • Tamper control circuitry • Non-volatile storage space • Hardware RNG • Real-time clock

  4. Objectives Design an Environment for • Coexistence oftrusted and non-trusted processes • Guaranteed integrity and confidentiality of the process environment,e.g., private memoryspace of an application • Backward compatibility: The trusted application such as DRM application can open any authorized documentdespite of software upgrading

  5. Related work • Property attestation • Replace the binary attestation with property-based attestation so as to attest security requirements without revealing the specific software and hardware configuration. • Enhance boot loader by translating binary measurements into properties, allowing to attest properties of unmodified operating systems loaded. it is not clear how to map software variants to properties. • Visualization • Tree of Trust: Tree nodes represent the various platform components, from the hardware TPM up to the running applications, annotated with trust and security statements. • TRM (Trusted Reference Monitor) • TRM seals secrets and policies so that it can enforce the policies correctly without disclosing the secrets. TRM does not handle legacy applications, but trusted applications only.

  6. Enriched architecture SPM: Secure Process Manager

  7. Workflow • Before loading an application A, SPM verifiesA based on its signature. • PKI infrastructure. A is produced by a softwarecompany who has certificate. • Whenever the software producer upgrades A, it shouldgenerate a new signature of the new application A. • To attest application A to a remote party, local SPM willattest A first, and then sign the description of Aso that the remote party can trust A.

  8. DRM Structure

  9. DRM Application - Usage Ctrl • Number of usage • App reads the license file and extracts the number Ue of legal usages. • App reads the number of counter U from sealed storage. • If U<Ue, App renders the protected document, otherwise, reject the access. If rendering correct, U  U+1. • Expiry control • Employ the real-time clock • Virtual clock

  10. Software up-gradation Document D DRM application A D1 A1 Di= Encrypt(Ki, D) Ki=Hashv-i(Kv) A, v, Kv Dv Av X Dv+1 AV DI

  11. Document delivery process M=(Appname, cert, version v)

  12. Security analysis • Trusted booting • The kernel including SPM is booted in a trusted way. • Anti-abuse attack • Threat: Load A with loader such as debugger • Countermeasure: Application A is authentically loaded by SPM, SPM will authenticate A to prevent tamperingA. • Anti-replay attack: • Challenge-response protocol in the document delivery process. • Key refreshing: • Threat: Hack the secret key and forge a new software to obtain all the past and future documents. • Countermeasure: employ hash chain to refresh the software periodically such that the adversary has to “break one by one”, other than “break one, break all”.

  13. Performance • Kernel-level SPM • Prompt response • Robustness against tampering: administrator priority and difficult in kernel-level debugger. • Universal software • SPM can separate trusted applications from legacy ones such that the later can co-exist on the same computer without disturbing the former. • Simplified remote attestation • SPM authenticates the application Alocally, and asks the verifier to check the suitability of the software versions and producer.

  14. Conclusion A new structure which Enriches OS kernel with software module SPM: • Enable to handle software attestation request locally. • Ensure secure software updating in a simple way. • Apply SPM for DRM application. • DRM scheme enables to share documents transparently, • but enforce usage control with the off-the-shelf TPM chip.

More Related