英文文献翻译同名7384.docx

1、英文文献翻译同名7384文献翻译2010年4月10日数字版权管理系统的安全1 引言最近年通过互联网获取数字媒体已成为普遍现象。公司正在研究如何在互联网上出售其内容（音乐，电影等）而买方不能够进一步销售其产品。数字版权管理（DRM）系统处理这个问题；他们的主要目标是使授权用户能够接受一份数字内容版本的有关条款，为的是使他们被授权而防止所有其他人访问数字内容。这当然并非总是可能的，因此数字版权管理领域也有兴趣在实际的安全，即安全在理论上可能是易碎的，但在实际操作上是可行的（因为成本大于其利润）。因此，数字版权管理系统立志实现一个安全的目标。他们如何达到这个目标还不明确。尽管各种安全技术正在被数字版

2、权管理系统所使用的，并在DRM系统的使用中被研究，似乎没有评估整个DRM系统的安全性的研究。作为一个系统的各个组成部分的安全不能保证整个系统安全性，这意味着，目前很难了解什么样的安全级别是由数字版权管理系统提供。应用科学研究组织ITSEF进行硬件和软件产品的安全评价。本文的研究是初步的，浓缩为评价DRM系统安全的报告。本研究的主要目标是制订一套安全评估方法，包括一致、相互可比的结果。2 数字版权管理本节描述了一般意义上的DRM系统。第一，他们的目标已经被提到，而紧随其后的是数字版权管理系统的技术说明。一个数字版权管理系统的设计当然受到其在部署过程中的影响。因此，接下来的小节在这方面仔细看看。在

3、最后一个小节，是审查各种用来加强数字版权管理系统安全的技术。2.1 通用突破式的数字版权管理系统DRM系统在客户服务器环境下运作。一个分销商提供内容（如音频（音乐），视频（电影），文字（书籍），图片（照片）给客户。一般来说，执行分销商实施严密安全测量要比用户容易得多。因此，这边可以被认为是“安全”的而用户的一方可以被认为是“不安全”的。网络作为一个传播媒介。出于安全评价目的，该网络可以被认为是不安全的。2.2 分销商端为了保护本系统以外的访问内容，内容存储在一个“安全的容器”里。要访问的内容，需要一个有效的许可证（可以包含在容器里或单独交付）。许可证均以权限表达语言来表达。这些语言（主要基于X

4、ML语言）只允许授予的许可权以及拒绝任何其他访问。为了保证互操作性，REL的语义可以被定义在另外基于XML的语言的一个权限数据字典（RDD）里。保密通信被使用是为了确保内容保持秘密并且可以正确接收。这样可以确保攻击者无法获得安全的容器和陪同执照，这些内容可以被发送到一个合法用户，并确保他们能够正确的接收。2.3 用户端几乎在所有情况下，使用了数字版权管理系统的内容提供商需要一个安全的用户端。内容提供商要在用户端执行DRM组件。这些组件包括代码，数据和状态。由于用户端被认为是敌对领域，这些元件在敌对的环境下执行。必须采取措施，以保证代码的正确执行，数据的完整性和状态的完整性。一个防篡改环境，可以

5、提供这一点。这防篡改环境称为可信计算机（TCB）。一个TCB的职能是作为用于计算的可信赖的第三方。一个DRM系统可以确保，从开放和包括转换成模拟制式货柜了所有的安全操作步骤按牌照要求。如果没有一个TCB在用户端，有没有办法保证，根据该用户被允许访问内容方面得到满足的方式。当DRM系统只发送数字内容到用户的版本时，这不需要（或不能）受到保护，用户端也不需要TCB。3 网络对数字版权管理的影响DRM在网络上运行，这个网络可能是互联网或手机网络，其他的网络也是有可能（如，电视电缆网络），但是这些并没有在本论文中所提到，一个DRM系统需要考虑的装置，为用户方的行为所约束。一个重要的问题是如何的强大和巩

6、固一个设备上的实施。对于上述网络，这些设备通常是一台电脑和一部手机。这些网络的每一个研究如下。3.1 互联网由于计算机可以模拟电脑，他们可以模拟一个是允许访问计算机上的内容。因此，如果用户一旦可以访问内容，就很难阻止他访问他所喜欢的内容。这意味着它是难以体会无需在额外的计算机上的TCB，一个防篡改硬件组件。然而，数字版权管理方面的实用安全: 很难掌握非法的数位内容只要上述打击是非常困难的（或费时）来执行，该数字版权管理系统的安全性可以为内容提供者可以接受的。3.2 手机网络手机有一个短的生命周期这意味着，引入数字版权管理可以发生（相对）迅速的硬件支持。再加上硬件的密码（在SIM卡）和减少硬件和

7、软件上的方面，而且显然，DRM系统的技术要求更容易被业界提供移动电话（在个人电脑市场相比）。然而，手机是有限的设备。他们不是为塑造理想的音频或视频设备（虽然正在改善）。这意味着，可以在手机上浏览的内容将在范围有限。这是难以想象到手机上观看完整的电影。4 DRM的安全技术支持DRM系统可以使用各种技术来实现的目标。在本节中，讨论了以下技术：密码学，身份证的技术，跟踪技术，技术合作局，最终可更新性和互操作性。4.1密码学安全的容器密码学是用来保护从访问内容和保密通信之间的用户和经销商。为了保护内容，内容是隐藏在一个“安全的容器”里。这个容器是加密，通过访问它以保护所有的DRM系统。4.2 身份认证

8、技术内容所有者可以使用内容识别来检测盗用，而用户可以使用它来查找那些他们看到或听到，但他们尚未取得的内容。DRM系统可以采用多种技术来确定内容：添加一个数字ID对象，数字内容可以添加指纹或添加水印。一个指纹是一个小样本的内容。这可以被发送到一个确定的内容和相应的用户重定向的指纹服务。水印是由嵌入在数字内容的信息组成。他们不是通过对人类探测的内容回放（如果正确地嵌入），但检测水印发现水印，即使转换为模拟信号。追踪：通过嵌入一个水印还可以识别合法获得的信息内容的用户。如果内容是在“野外”发现，水印仍然可以提取和用户鉴定。可信计算基：TCB可以确保其他的TCB拥有者能够忠实地执行在TCB中的计算，而

9、不必向拥有者揭露秘密。TCB一个典型的例子是荷兰的“chipknip”。5 DRM安全评价为了能够评价的DRM系统的安全性，其安全目标需要加以明确说明。对于可能的威胁这一原因需要威胁模型。为了研究安全目标旨在实现DRM系统，该用户端模型将有助于确定安全问题的所有数字版权管理系统需要解决的问题。由于数字版权管理系统的设计是由他们所部署的网络所影响，因此是威胁模型：对于Internet，我们使用了强大的威胁模型。攻击者可以打破弱密码，利用弱键，知道通信协议，控制网络，可以为服务器打破安全自动气象站，拥有完全控制用户端，可以劈在用户端播放软件。对于手机网络我们使用不太强大的威胁模型。攻击者可以打破弱

10、密码，利用弱键，知道通信协议，不控制网络，不能打入服务器，并没有特别控制用户端，不能劈播放软件。DRM系统的安全目标，为达到这个目标，是要防止所有的内容不符合从有效的源得到有效的牌照进入上述内容。可以有次要目标（如能够跟踪非法访问的内容返回给买方或能够证明著作权的内容）。本文将不涉次级安全目标。结论评价DRM系统的安全是一项复杂的任务。这个问题不解决的，即没有一个明确的技术解决方案，满足所有的安全需要 - 除其他原因，在这种情况下DRM系统运作太大变化。因此，关键的是要理解安全的DRM系统提供。不幸的是，目前的评价方法是没有能力生产一致，相互可比数字版权管理系统的评价。因此，更把这个课题的研究

11、是必要的。SECURITY ASPECTS OF DRM SYSTEMSH.L. Jonker1, S. Mauw1, J.H.S. Verschuren1,2 and A.T.S.C.Schoonen21 Eindhoven University of Technology, Department of Mathematics and Computer ScienceE-mail: h.l., s.2 TNO ITSEF BV, Stieltjesweg 1, Delft,E-mail: verschuren, schoonentpd.tno.nlIntroductionAcquiring

12、digital media over the Internet has become commonplace in recent years. Companies are looking into ways to sell their content (music, movies, etc.) over the Internet without the buyer being able to further distribute the work. Digital Rights Management (DRM) systems address this; their main goal is

13、to enable authorized users to access a version of digital content on the terms for which they are authorized whilst preventing all other access to digital content. This is of course not always possible, therefore the field of DRM is also interested in practical security, i.e. security that may theor

14、etically be breakable, but in practice will not be (because the costs outweigh the benefits).So DRM systems aim to achieve a security goal. How well they achieve this goal is unclear. Although various security techniques are being used by DRM systems and being researched for use in DRM systems, ther

15、e seems to be little research into evaluating the security of an entire DRM system. As security of the individual components of a system does not guarantee security of the system as a whole, this means that currently it is hard to understand what level of security is offered by a DRM system.TNO ITSE

16、F performs security evaluations of both hardware and software products. This paper is a preliminary and condensed report of research into evaluating the security of DRM systems. The main goal of this research is to devise a security evaluation method that has consistent, reciprocal comparable result

17、s.Digital Rights ManagementThis section describes DRM systems in a generic sense. First, their goals are mentioned, followed by a technical description of DRM systems. The design of a DRM system is of course influenced by the context in which it is deployed. Therefore, the next subsection takes a cl

18、oser look at that context. In the last subsection, various techniques are examined which are used to strengthen the security of DRM systems.Generic break-down of DRM systemsDRM systems operate in a client-server context. A distributor offers content (e.g. audio (music), video (movies), text (books),

19、 images (photos) to customers. Generally speaking, it is far easier to implement stringent security measurements on the distributors side than on the users side. Therefore, this side can be considered “secure” and the users side can be considered “insecure”. A network serves as a communication mediu

20、m. For purposes of security evaluation, the network can be considered insecure.Distributors sideTo protect the content from access outside the system, the content is stored inside a “secure container”. To access the content, a valid license is needed (which can be included in the container or delive

21、red separately). Licenses are expressed in Rights Expression Languages. These languages (mostly XML-based) allow only the rights granted in the license and deny any other access. To ensure interoperability, the semantics of a REL can be defined in a Rights Data Dictionary (RDD)-another XML-based lan

22、guage.To ensure that the content stays secret and is received correctly, secure communication is used. This assures that attackers cannot obtain a secure container and the accompanying license when these are sent to a legitimate user, and ensures that the user receives them correctly. Users sideIn a

23、lmost all cases, the content provider who uses a DRM system requires a secure environment at the users side. The content provider wishes to execute DRM components on the users side. These components consist of code, data and state. Since the users side is considered hostile territory, these componen

24、ts execute in hostile environment. Measures must be taken to assure correct execution of code, data integrity and state integrity. A tamperproof environment can provide this. This tamperproof environment is referred to as a Trusted Computing Base (TCB). A TCB functions as a trusted third party for c

25、omputing.A DRM system assures that all steps from opening the secure container up to and including conversion into an analogue format operate as required by the license. Without a TCB at the users side, there is no way of guaranteeing that the terms under which the user is allowed to access the cont

26、ent are met.A TCB is not needed on the users side, when the DRM system only sends versions of the digital content to the user, which need not (or cannot) be protected (e.g. analogue versions or low-quality versions).Influence of networks on DRMDRM systems operate on a network. This could be the Inte

27、rnet or a cell phone network. Other networks are possible (e.g. a cable TV network), but not considered in this paper. A DRM system needs to take into account the constraints of the device which acts as the users side. An important question is how powerful and secure a TCB implemented on the device

28、is. For the mentioned networks, these devices would typically be a computer and a cell phone. Each of these networks is examined below.InternetAs computers can emulate computers, they can emulate a computer which is allowed to access the content. So, if a user can access the content once, it is hard

29、 to prevent the user from accessing the content as he pleases. This means that it is hard to realize a TCB on computers without additional, tamperproof hardware components.However, DRM is concerned with practical security: making it too hard to acquire the digital contents illegally. As long as the

30、above attack is too difficult (or time-consuming) to execute, the security of the DRM system can be acceptable for content-providers. Cell phone networkCellular phones have a short life cycle which means that introducing hardware support for DRM can happen (relatively) quickly. Add to this hardware

31、secrets (the SIM-card) and the closed aspect of the hard- and software (in stark contrast to computers), and it is clear that the technological requirements of DRM systems are more easily provided by the mobile phones industry (when compared to the PC market). However, cell phones are limited device

32、s. They are not ideal devices for portraying either audio or video (although improvements are being made). This means that the content that can be accessed on cell phones will be limited in scope. It is hardly imaginable to watch a complete movie on a cell phone.Security supporting techniques of DRMDRM systems can use various techniques to attain (sub) goals. In this section, the following techniques are discussed: Cryptography, ID techniques, tracing techniques, TCB and finally Updatability & interoperabilit