The ACM (Association for Computing Machinery), the foremost society in computing, organised its eleventh Conference on Computer and Communications Security on October 26-27, 2004, in Washington, DC. In conjunction with this conference, several workshops were held on hot topics of applied computer security, one of them focussing on DRM. The vast majority of attendants were IT experts from the United States investigating more secure ways of digital content protection. There were only few researchers from other countries and with a different focus of research.

Trusted hardware solutions for better protection
Most speakers aimed to contribute to higher security for content protection. So far, technology has contributed very little to reduce piracy, and on open system architectures it is very difficult to achieve high-security DRM solutions. Software-based protection is not enough. What seems to be required are therefore either "unbreakable", tamper-resistant devices, or advanced protection methods. Most participants even shared the belief that in order to achieve secure systems, trusted hardware solutions were needed. In the following, I will touch upon a range of suggestions made during the workshop on how to improve content protection.

Bertrand Anckaer from Ghent University, Belgium, came up with the idea of diversification of software upon distribution, before and after installation, upon software activation, and of course with the help of tailored updates. Weidong Shi, a researcher from Georgia Institute of Technology, claimed that today’s microprocessors are already "too powerful", and if the pace of development continues, in fifteen years they will be thousand times faster than today, and he asked: What are we going to do with the computational power then? He suggested incorporating PKI into trusted computing: software (and content) should be encrypted with public-key cryptography characteristic to the particular microprocessor, so that software running on one computer wouldn't run on another computer. Of course, security and performance are opposing things, but future chips – as the speaker pointed out –, will have the power to achieve this higher level of security.

Global record keeping of secure devices and revocation of tampered devices was proposed by Bogdan Popescu from Philips as another way to achieve higher security. Philips’ system of "anytime anywhere" home networks is a case in point, in which content can only be played by online authenticated compliant devices. A similar approach including secure key handling also underlies AACS (Advanced Access Content System), the content protection system of the "next generation DVDs", aiming to enhance the current movie protection which can easily be circumvented. I am sure many INDICARE Monitor readers will remember that the person, who had cracked the first generation DVDs’ copy protection system (CSS), argued that he did it, because Linux and other open source operating systems had been excluded from media consumption by content industry before. So I asked about open-source software and the play-back of next generation DVDs, and Jefferey Lotspiech from IBM Almaden Research Centre replied that IBM was going to provide an open-source implementation of the key handling for Linux. This seems to me a very welcome development holding the promise of more acceptable systems.

Virtual machines (software, which behaves like a computer able to run programmes) are also of high concern. Today, more and more hardware and software emulators can be found for personal computers, which can in many cases render copy protection measures useless: A computer with a DRM system integrated at the operating system level may "think" that it has implemented secure copy protection, while in fact the whole operating system might just run as a process of another operating system, which eventually extracts digital content from its protected form. All that is needed to rip protection measures off is a right for a single play-back on the virtualised device, possibly a try-before-you-buy right. During this single play-back the digital output, which passes through the underlying virtual machine, can be captured by the host operating system. This exploit is similar to the analogue hole, but more efficient. The speaker even claimed that a "Trusted Computing Base" would be "virtualisable". In this sense not even Trusted Computing is sufficient to resolve this problem – food for thought for its advocates.

Digital fingerprinting and watermarking
Before the workshop it was my belief that fingerprinting and watermarking can only be used to trace copyright infringers ("forensic DRM"), I learnt however that these technical means can have a wider use and can also be used to prevent illegal content use. At the workshop fingerprinting methods were shown, which are e.g. immune to rotation and recompression of digital movies. Fingerprinting, as demonstrated, can also be used to detect illegal copies and request removal, or even to filter internet traffic containing potentially copyright infringing material.

Watermarking, as one speaker claimed, can be so effective today that watermarked information can even be recovered from a camcorder-captured and recompressed movie. Watermarks can also be used to ensure data integrity. Huiping Guo, from George Mason University in Fairfax, Virginia, talked about so-called "fragile watermarks", which unlike robust watermarks, used for ownership verification, can detect tampering of digital data. When for example a database is kept at an insecure server of a service provider, the owner of the database has to be able to verify the integrity of the data. Tamper detection by means of fragile watermarks is a way to do so, and it is a better way compared to just digitally signing a database to detect the fact of tampering, because fragile watermarks allow the localisation of modifications in the database. This way the intact parts of the databases can still be trusted.

The importance of standardisation was emphasised in several speeches. It was noted that it is unlikely that the whole industry will come to a common conclusion, and accept a common standard. Instead, market needs will determine compatibility – or incompatibility – of devices and services, and vendors and manufacturers will not heed much the interests of their competitors.

Two possible solutions were outlined, which could solve the question of interoperability, or at least provide a means to reduce the negative effects of device incompatibility. Gregory L. Heileman, professor at the University of New Mexico, recommended a completely new way to look at DRM systems: just like all telecommunication systems more or less follow the ISO/OSI seven-layered system, the functionalities of DRM should just as well be divided into layers, governed by the International Organization for Standardization. The top and bottom layers could vary from application to application and for each method of content distribution, but there should be one middle layer, namely the rights expression and interpretation layer, which would need standardisation to achieve interoperability of different systems.

The other suggestion is based on a scenario in which no common industry standard exists: it was about creating an import/export functionality for each DRM solution, by means of which users could exchange content between different devices. If a common format can be agreed on, then most manufacturers could create an export function which would transform the usage rights and content to this common format, and the other device could import content in this form to achieve interoperability of devices. Reihaneh Safavi-Naini from the University of Wollogong, Australia, investigated two current, widespread DRM solutions, and concluded that they were basically compatible, and import/export functionality would be achievable.

Other suggestions
Boris Margolin from the University of Massachusetts introduced a very interesting suggestion about using financial incentives to discourage consumers from exchanging content with each other. He focussed on valuable content to be shared between just two parties only, which needs to be protected for a limited amount of time. Examples given include passwords to a subscription service, prerelease of media for review, or content bound to nondisclosure agreements. The idea is to have a deposit of money from everyone who legally obtains some form of permission to do something with a given content. When "returning" the token of authorisation, the deposited amount of money will be given back. If someone shares his or her permission with others, then the deposited amount will be divided between all those who can present such a token: this way the incentive to share is discouraged. The interesting thing is that this solution does not use watermarking or any other form of DRM to prevent sharing.

Bottom line
From the point of view of technology the ACM workshop on DRM was very interesting and informative. Several new suggestions were made to better protect content from unauthorised use. However, if we consider consumer interests, we have to conclude that the end users of content are still looked at as "the enemy" by technicians. Their major problem is still how to achieve better content protection, and as long as this central question is not solved, little effort will be put in making DRM systems more consumer friendly, implementing more privacy or respecting the interests of disadvantaged groups.

This, however, is not a purposeless proceeding. The development of DRM, as everything else, must be a market-driven process in order to ultimately achieve consumer-friendly systems. For the supply side of the market, namely content providers, the most important thing today is safe content, which guarantees their financial compensation. Content providers will not flood the market unless better and more secure copy protection is implemented. Then, in a next step, the fight for customers will shift the focus of development to create more acceptable and consumer-friendly systems. That is my conclusion from the workshop leading to the intriguing question about the real use of approaches like "user-centred design" of DRM.


About the author: Kristóf Kerényi is a researcher at Budapest University of Technology and Economics in the SEARCH Laboratory. His interests include mobile and wireless IT security, as well as technological aspects of DRM. He received a MSc in computer science from BUTE. Contact:

Status: first posted 19/11/04; included in INDICARE Monitor Vol. 1, No 6/7, 17 December 2004; licensed under Creative Commons