Many media distribution systems require the digital media (“content” or “asset”) such as video or audio that they distribute to be encrypted with a cryptographic key using an associated cipher process to prevent playback by unauthorized media players. The system for managing these cryptographic keys is called a Digital Rights Management (DRM) system. Many DRM systems involve a client software component (DRM module) in the media players and a server software component (DRM server) that distributes the keys to the client.
Cryptography is the traditional method of protecting data in transit across a computer network. In its typical application, cryptography protects communications (messages) between two mutually trusting parties from thievery or hackers by attack on the data in transit. However, for many digital file transfer applications (e.g. for the transfer of audio or video content), instead the party that receives the content (i.e., the receiving party) might try to break the DRM encryption that the party that supplied the content (i.e., the distributing party) applied to the content. Thus in this case the receiver is not a trusted party per se, but the point is to protect the distributor who owns the content from its misuse by the receiving party. In addition, with the proliferation of network penetration attacks, a third party may well obtain access to the receiving party's computer and thus to the protected content.
In many DRM systems now in use, the weakest link in security is not the encrypted data (message) but rather cryptographic key management and handling. As well known, modern cryptographic systems use keys which are strings of digital values for both encryption and decryption purposes. For instance, one of the more successful DRM systems, which distributes music online, requires that the receiving party's computer to maintain the unencrypted key for each piece of encrypted music in a “key bag” (repository) that is itself encrypted.
This approach has disadvantages. By encrypting the key bag instead of the keys contained in the key bag, this exposes the keys to a potential attack. Similarly to play a piece of content the receiving party's computer must decrypt the entire key bag, retrieve the key for a particular piece of content, and decrypt the content with the retrieved key.
This approach also disadvantageously allows different devices to use different formats for their key bags. The use of different key bag formats for different devices further exposes the keys to penetration when the content is transferred between devices.
Most current DRM systems encrypt content with a “content key” that is applied to an encryption algorithm (process) such AES, triple DES, or RC4. These are well known encryption systems. Typically these are symmetric key systems, that is the same key is used for encryption and decryption. With this method, the entire content is encrypted with a single content key. Normally of course it is relatively easy for users to share the encrypted files in an unauthorized fashion. However without the content key, such shared files are useless. In cases where the content key is discovered, for instance by hackers or other unauthorized users, the content key is often published and made available to the public. This substantially reduces security of the system and allows unauthorized downloading and successful decryption of the content without permission, which is extremely undesirable to the owner of the content. Usually the attackers or hackers share the discovering process, in addition to the keys themselves, and as a result even more keys are discovered and published in a public database. The less experienced users who may not be able to use the discovery process can then access the database, which is often provided in a website, to see if the content key for their particular piece of content, for instance a particular piece of music or video, is published and in turn break the copy protection on material that they have obtained without paying for. This type of attack, also known as a dictionary attack, has been found to be successful.
It is well known that an attack can discover the content key associated with each piece of content. Specifically, the content key typically remains available during play in the memory of the playback device (which is a computer or for instance digital music or video player), or even longer when the end user pauses during play. Specific DRM implementations protect against this “pause attack” already have been implemented.
This dictionary attack is becoming more harmful to owners of the distributed digital content, especially since there are only a few currently available commercially successful systems for distribution of videos and audio. Since there are only a few such systems, hackers, by focusing on the content available via those systems and publishing the content keys, have made unauthorized use of the content even easier.
In a typical DRM system, the pieces of encrypted digital content are maintained on a central server by the content owner or operator of the service. Users then download to their computer via the Internet particular pieces of content such as a song or a video program. The downloaded material is typically downloaded in encrypted form and the content key is transmitted also, often in a separate transmission. This is done for some form of payment. The user can then play the content by decrypting it on his computer or player. This process is transparent to the user if he has purchased an unauthorized piece of digital content since the key accompanies the downloaded file and software installed on the user's computer decrypts the file. It is also possible for the user to download the digital file to a media player. Typically this second download is also performed in the encrypted state and then the decryption occurs upon playback in the player. Again this is transparent for properly purchased content. It is generally been found best if the decryption only occurs upon playback, for security reasons. Of course if the content key has been compromised as described above, that is published, anyone can access the song and transfers of the encrypted files to unauthorized users is easily accomplished and they can then apply the decryption key even though not authorized to do so.
In a typical scenario, a client computer downloads a piece of media (content or asset) to be played from a media distribution server, and the client also contacts a remote license server which provides the DRM license containing the specific cryptographic keys (content or asset key) required to decrypt the content. The DRM module has the necessary machine code instructions in order to open the license file and then decrypt the content or asset for the player, even without a network (e.g., Internet) connection.
So DRM systems are constantly being reverse engineered by attackers (hackers). In some types of attacks, a critical piece of data used in the content decryption process may be published by an attacker. This piece of data may allow an unauthorized party to utilize the DRM module and the license on the machine to perform unauthorized tasks (such as playing the content on a device that is not allowed by the license).
The DRM provider may want to upgrade the DRM module in the client media player to introduce new features or in reaction to security vulnerabilities or attacks on the client DRM module. There are multiple known routes for a DRM module to obtain an update on a computer system. Some methods require the system being upgraded to have Internet connectivity (using a remote loader, or installer program with online registration) and some do not (using a standalone pre-downloaded installer, or installation via a USB drive or an optical media disk).