[Paper Overview] [DRM-Workshop Homepage]

Trusting DRM Software

Submitted to: W3C Workshop on DRM, January 2001
Author: Spencer Cheng, Paul Litva, Alec Main [{spencer.cheng,alec.main,paul.litva}@cloakware.com]

The Success of DRM: Trust and Convenience

The Internet offers digital content providers a distribution channel with incredible potential. Manufacturing, distribution and inventory management costs can be significantly reduced while improving the ability to address peak demands. At the same time, content providers need assurance that their copyrights are being respected and enforced. These are some of the key challenges facing digital rights management (DRM).

The Internet provides users with convenient and ubiquitous access to digital content. Providing a solid and reliable DRM security model that will at the same time be simple for users is vital to the success of DRM.

Security Model: Trusting the Untrustworthy

Computer security research and development over the last decade has focused on malicious code such as BackOrifice and the large family of computer viruses that may be encountered on the typical PC. Many virus scanners are available to control and contain the infection. The Java sandbox was developed specifically to address the risk of malicious Java applets.

The security model for DRM differs substantially from typical Internet security models, which in general rely on components deployed in trusted environments. For example, companies rely on web servers and applications for e-commerce because they deploy these in a trusted environment with restricted physical access.

In DRM, the situation is reversed. Content providers must deliver content to legitimate users across a hostile network to a user that cannot be assumed to be trusted. This requires the content provider to rely on a trusted entity residing on the user's player device; the trusted entity must represent and enforce the interests of the content owner including the terms and conditions under which the content may be used and by whom.

The user must be assumed to have complete control and access to the hardware and software that provides access to the content; the user must also be assumed to have an unlimited amount of time and resources to attack and bypass any content protections mechanisms.

This is an entirely different security model, which requires different solutions.

Hardware Solutions

One potential solution to the problem of creating a trusted agent is to rely on some form of hardware. In general, when a trusted agent operating in an untrusted environment has been integral to a security model, companies have relied on tamper resistant hardware.

For example, smart cards have been used to decode satellite TV signals to control subscription fraud.

Similarly, trusted agents implemented in hardware have been proposed for DRM. Although hardware may offer a solution to DRM security, it introduces a number of challenges that could affect the viability and rollout of DRM:

  1. Installed Base Compatibility: Such solutions are, in general, not compatible with the installed base of PCs and other player devices.
  2. Time and Cost: The time and cost to build a large enough installed base of devices would be substantial and may slow the adoption and evolution of DRM.
  3. Long Lifecycle: If a large installed base of trusted hardware agents could be built up, another challenge is introduced. That is the life cycle for these devices would have to be long (of the order of years), so these devices must have the ability to maintain the secrecy of cryptographic keys of a long time. It is not clear that this can be accomplished. For example, smart cards that decode satellite TV signals have been hacked months after their introduction.
  4. Renewability: In the event that the trusted hardware security is compromised it is expensive and difficult to upgrade the trusted hardware component. This has also been the experience of satellite television broadcasters who must upgrade smart cards used to decode satellite TV signals.

Cryptography: Part of the Solution

Historically, cryptography is modeled on Alice sending Bob some data, while Eve tries to attack the communications. This model has always assumed that both Alice and Bob can be trusted and that they know some secret (key) which Eve wants.

In the DRM security model, even Bob can't be trusted. He can't be trusted with any keys or even the unencrypted data. As a matter of fact, Bob must assumed to be hostile, not just naive. Cryptography is an important element of DRM for protecting communications and stored digital content but it is not the complete solution.

Trusted Software Component in DRM

Cryptography protects data but what protects executable code from attackers? Digital signatures can be used to ensure the integrity of a program downloaded by Bob, but in the DRM security model, we can't trust Bob. In fact, we can't trust Bob to even use the digital signature. It's a chicken or egg problem. We can create a program to check the digital signature and ensure program integrity but what protects our program? Who watches the watcher?

The failure of DVD's CSS and Glassbook's Steven King e-book were the result of cryptography implemented in untrusted software. Well publicized failures such as these pose a real danger to any trust based system because such failures undermines the faith of all parties involved. DRM solutions must address these issues to gain broad acceptance

Successful deployment of DRM systems requires a trusted software component on the user's computer or device to perform integrity checking, to decrypt the content and to enforce the usage rights associated with digital content. The malicious host security model means that DRM software must preserve it's integrity in an extremely hostile environment. This software must be able to perform the integrity checking and hide the decryption keys, in the presence of hostile watchers and attackers.

Tamper-Resistant Software (TRS) Solutions

For many reasons, a software only solution is preferred over a hardware solution. While some may not view TRS to be as secure as a hardware solution such as smart cards, it is much cheaper to "manufacture", deploy and upgrade software rather than hardware.

All solution must recognize that security measures have a finite, and progressively shorter, useful life as attackers develops better attacks and acquires access to ever greater resources. DRM systems should rely on renewable, not immutable, TRS agents. It should be flexible, so agents can be upgraded as new attacks are found and as the state-of-the-art in TRS evolves.

Any secure DRM solution should avoid global secrets to negate the risk of a single crack compromising the whole system. It should consider the use of an agent philosophy, where there are numerous agents with different secrets, different tamper-resistance levels. These agents could be treated as disposable pieces of software code, much like the disposable credit cards being implemented now.

The best way to ensure that secrets such as cryptographic keys cannot be extracted from the DRM engine is to ensure that the keys cannot be found through either static analysis of code or by tracing the execution of code. Traditional software solutions to this problem apply simple obsfucation techniques to a program. This level of obsfucation is achieved by symbol renaming, stripping out debug information and other related techniques that are easily defeated.

More advanced code transformation techniques are required to effectively hide information and provide tamper resistance. My company, Cloakware, is a world leader in developing and implementing such techniques.


The portability of a DRM solution is another key success factor. With the rise in new consumer devices that will be used to access the Internet and to access digital content, no single O/S or processor architecture will dominate the platforms used to view and access digital content.

Portability also supports the goal of providing users with access to digital content anywhere, on any device, at any time. In the face of these factors, large scale deployment of platform dependent TRS solutions are problematical. Platform and architecture independent TRS solutions that can be applied to high level code is preferred.

A number of TRS technologies have been implemented or proposed. Normally, these rely on encryption and decryption of the binary, or manipulation of the binary to make it very difficult to reverse engineer these protected software. These "wrapper" technologies are, in general, limited in their portability as they are closely tied to the O/S or the processor architecture.

The Chain of Trust

DRM is all about trust as we mentioned at the start. While we have focused on end-user or client software, TRS is also needed on the server. Servers are high value targets which tempts attackers because of the secrets they hold, such as private keys in a PKI-based system. DRM involves a chain of trust from content provider to publisher to distributor to retailer to end-user. TRS is needed throughout this chain.


Trusted software is a key requirement for any DRM system. All DRM solution providers should consider the adoption of an TRS agent security model. Tamper-resistant solutions must be highly portable to accommodate the heterogeneous environment the future will bring. Finally, tamper-resistant software technology must be considered for the entire chain of trust to provide an end-to-end trusted solution.