Colloquium Details
DRM versus Security
Author: | Mark Baugher Cisco |
---|---|
Date: | November 17, 2005 |
Time: | 15:30 |
Location: | 220 Deschutes |
Host: | Reza Rejaie |
Abstract
This talk compares digital rights management (DRM) and security technologies, particularly as applied to video, music, and games. Most experts hold that DRM and cryptographic security are unrelated. Nonetheless, multimedia data are used in bonafide secure applications ranging from military conferencing to business video-on-demand. DRM systems, however, "package" media to limit consumer access according to a license. Although no one has yet invented the "package" that could not be circumvented, DRM systems typically do not trust the consumer to adhere to the license. This is inherently insecure.
Security requires the end-user to have a vested interest in protecting secrets whereas today's DRM systems typically employ "technical protection measures" that attempt to prevent certain usages by the user. There is no evidence, however, that unauthorized copying can be avoided, eradicated, or even controlled by such "protections".
The thesis of this talk is that the best protection comes from treating rights management as a security technology having secrets that users protect willingly. In this paradigm, "rights" are security policies that are securely managed for authorization purposes. The talk concludes by considering some of the objections and to making rights management into a security technology and the problems inherent in this approach.