Detecting whether a computer system or computing device has been compromised may present challenges.
To combat unauthorized consumption of content, some content owners have adopted an approach to protecting their content known as digital rights management (“DRM”), which may include various techniques for limiting access of electronic content to authorized individuals and/or enforcing other restrictions on the use of such content. Typically, clear content that is to be protected by DRM is encoded and packaged into an encrypted form. At packaging time, the packaging unit responsible for packaging content may utilize various types of encryption algorithms for encrypting content. In some cases, these encryption algorithms may encrypt content based on a cryptographic key, which may be selected or generated in a random fashion. At some point, the encrypted content may be provided to an electronic device associated with a content consumer. For instance, the consumer may pay a one-time fee or a recurring subscription fee to access the content electronically. To view the content in unencrypted form on the consumer's electronic device, the device may be required to obtain a respective content license that includes the correct cryptographic key for decrypting the content.
In some cases, decryption keys may be compromised by malware or an attacker. If a decryption key is compromised, an attacker may use the key to generate a clear version of the corresponding content with no DRM restrictions. In some cases, the compromised key or the clear content itself (e.g., a copyrighted movie) may be freely distributed through various outlets, such as a file sharing network, which may represent a significant revenue loss for the content owner.