W3C Technology and Society

[Minutes Overview] [Workshop Home] [Previous:Counter Points] [Next:Multimedia]

Minutes from the Session on Security and Encryption

Please refer to the position-papers and slides for authoritative answers. The following minutes are only a snapshot of Presentations and Discussions

Spencer Cheng (Cloakware), Trusting DRM Software

See also the [Slides (ppt)] and the Position Paper

The DRM model is different from other security models. The traditional view is that the user is good, and you are trying to protect content from non-users. In contrast, on DRM model, you don't have any trusted party, as even the users isn't trusted, because he has access and can attack your protections.

Cryptography is part of the solution, use a key to access content. But where is the key stored? What if Alice can't trust Bob with the key? Who watches the watcher? Trusted agents are needed for key hiding. Cheng noted that DeCSS was a successful hack (of DVDs) and that Steven King's eBook was cracked. Something about them being in unprotected software. You need tamper-resistant software in addition to cryptography.

Hardware solutions for storing keys and resisting tampering exist, but they are not always practical. They are physically too big for cell phones and present a high cost for hardware and installation. Trusted software agents are cheaper and are renewable and flexible. In any case, you need a chain of trust:

  1. Content providers want components on the content distributors' servers or
  2. Distributors may want components on the providers' servers.

Current tamper-resistant libraries and code obfuscators are inadequate. Portability is a key for software agents but they must contend with heterogenous systems (cell phone, palmtops, PCS).

Jeremy Wyant (NTRU), Establishing security requirements for more effective and scalable DRM Solutions

See also the [Slides (ppt)] and the Position Paper

Ntru is a public key algorithm company, founded by four mathematicians from Brown University. Their technology is going through the standards process. It is very fast and very compact. We are small new company.

Here are some business requirements we have encountered:

Wyant than gave a list of available technologies:

The task of Public Key Technology:

Wyant than aborded the issue of Key exchange. He showed a diagram of the architecture for a "heavy" PKI system between a server and the end-user. There were several transaction steps:

Then he showed diagram similar to last that also includes a trusted device, e.g., a RIO player with SDMI.

What lessons have been learned from well known recent activities? There were problems in the case of SET (secure electronic transactions, Visa & MasterCard), Identrus, and other examples. We think that these incidents may have resulted from not having enough planing representation from all stakeholders. The end users experienced slow performance, suffered from non-portable content, trust may not have been there.

Pierre Vannel (Gemplus), Towards Towards a User- Friendly a User- Friendly DRM

See also the [Slides (pdf)] and the Position Paper

Note, that IPMP means Intellectual Property Management and Protection

Vannel started with stating the principles of his approach: Internet users are both consumers and creators. And in France, at least, digital rights encompass both economic and moral rights.

DRM must match current systems:

So how do we deploy a new instance of IPMP? How do we allow installation? Taken from an end-users point of view this could mean, having an IPMP certified by trusted third party. From the provider's point of view, the core DRM system should not be tampered.

We need a secure repository for key storage and a secure repository for license data that controls the service. This can be done with smart-cards

When coming to the guarantee of fair use, the slide talked about what Erickson calls a zero cost license, which might work to give the effect of fair use in a licensing situation.

Vannel then explained, how to implement this with smart cards. IPMP modules may be split between off-card and on-card elements. On-card are sensitive elements the rights-holder delegated control. The smart card acts as rights holder repository.

What would we like to see from W3C?


Rigo Wenning (W3C): Will the Ntru algorithm run on a smart card?

Jeremy Wyant (NTRU):Yes, it uses simple arithmetic.

Answer:The library can act as a proxy for the client. The problem is one of authentication, not of access.

Dan Connolly (W3C): In general practice, libraries have licensed copies of what they have. How often will they have to get access to other things?

Viveca Still (University Helsinki): The question is whether the library will be able to get access long into the future.

Hiroshi Kawamura (Daisy Consortium): The legal definition of published has to evolve. Right now, the definition in each country depends on seeing a rendering.

Alan Kotok (W3C): Many systems suggest a need to have a plaintext copy of the works. We have also heard about the separation of the rights from the physical encumbrance of the material. What is the feeling of those in the room as to whether we can move forward on the conveyance of rights as separate from the prevention of access to the material.

Carl Fleischhauer (LOC): I was just having a conversation in which we contemplated whether an archival plaintext copy could be held by the national library but [other forms] used for patron access. Doesn't quite answer the question for access by persons with disabilities. Generally the depository copies held today are not circulated. They are accessible only at the library campus.

Larry Lannom (CNRI): It is easy in US law to disentagle the publisher's mandatory deposit copy from other distribution copies.

Janina Sajka (AAB): Smart cards raise many disability problems, especially if this is a single device. Inevitably someone gets locked out of using the technology. Bank automatic teller machines are becoming subject to more accessibility law suits.

Dan Connolly (W3C): The number of cases in which encryption is cost-effective is fairly small. The balance in the marketplace will tend toward cleartext distribution because it is so much more efficient. Monitoring to discover massive piracy will work. Library access does not currently exist for every ephemoral object on the Web, and this is a feature.

[Minutes Overview] [Workshop Home] [Previous:Counter Points] [Next:Multimedia]

Created by Rigo Wenning February 2001
Last update $Date: 2001/03/07 02:48:07 $ by $Author: rigo $