SUPPORT CONSUMERS' RIGHTS IN DRM: A SECURE AND FAIR SOLUTION TO DIGITAL LICENSE RESELLING OVER THE INTERNET A thesis submitted to the University of Manchester for the degree of Doctor of Philosophy in the Faculty of Engineering and Physical Sciences 2012 By Tarek Gaber School of Computer Science Contents Abstract 17 Declaration 19 Copyright 21 Dedication 23 Acknowledgement 25 Abbreviations 27 Definitions 29 Notaitons 31 1 Introduction 33 1.1 Introduction to Digital Rights Management (DRM) . 33 1.2 Introduction to Concurrent Signature Scheme . 34 1.3 DRM and Consumers' Rights . 36 1.4 Research Motivation and Challenges . 38 1.5 Research Aim and Objectives . 40 1.6 Research Methodology . 41 1.7 Novel Contributions and Publications . 42 1.8 Thesis Structure . 46 2 Digital Rights Management Overview 47 2.1 Chapter Introduction . 47 2.2 What is DRM . 48 2.3 DRM History . 48 3 2.3.1 First Generation DRM Systems . 49 2.3.2 Second Generation DRM Systems . 49 2.4 DRM Fundamental Principle . 50 2.5 DRM System Entities . 52 2.6 DRM System Components . 53 2.7 How a DRM System Works . 55 2.8 Existing DRM Systems . 56 2.8.1 Windows Media DRM . 56 2.8.2 FairPlay DRM . 58 2.8.3 Open Mobile Alliance (OMA) DRM . 61 2.9 Open Issues in Current DRM Systems . 65 2.9.1 Consumer Privacy . 65 2.9.2 Interoperability . 66 2.9.3 First-sale: License Reselling . 67 2.10 Chapter Summary . 68 3 A literature Survey 71 3.1 Chapter Introduction . 71 3.2 Current License Selling Solutions . 71 3.2.1 License Selling Process in WM-DRM . 72 3.2.2 License Selling Process in FairPlay . 73 3.2.3 OMA DRM License Selling . 74 3.3 Current License Reselling Solutions . 77 3.3.1 Full-trusted Hardware based Solutions . 79 3.3.1.1 Kwok's DRM System . 79 3.3.1.2 Sun's System . 80 3.3.1.3 NPGCT DRM System . 82 3.3.1.4 Nuovo DRM System . 87 3.3.2 Partial-trusted Hardware Based Solution: Conrado's System 89 3.3.3 Non-trusted Hardware based Solution: Laila's System . 91 3.4 What is Missing? . 94 3.5 The Best Way Forward . 96 3.6 Chapter Summary . 97 4 A Reselling Deal Signing (RDS) Protocol 99 4.1 Chapter Introduction . 99 4 4.2 A Survey of Fair Exchange Protocols . 100 4.2.1 Protocols without TTP . 100 4.2.1.1 Gradual Secret Release Protocols . 101 4.2.1.2 Probabilistic Protocols . 101 4.2.2 TTP-based Protocols . 102 4.2.2.1 In-line TTP-based Protocols . 103 4.2.2.2 On-line TTP-based Protocols . 104 4.2.2.3 Off-line TTP-based Protocols . 105 4.2.3 Concurrent Signature (CS) based Protocols . 108 4.3 A Novel Idea for The RDS Protocol . 109 4.4 Preliminaries . 112 4.4.1 Notations . 112 4.4.2 Design Assumptions . 113 4.4.3 Design Requirements . 113 4.5 RDS Protocol Overview . 114 4.6 RDS Protocol Informal Analysis . 115 4.6.1 Fairness Analysis . 116 4.6.2 Non-repudiation Analysis . 119 4.6.3 Abuse-freeness Analysis . 120 4.6.4 Security Analysis . 121 4.7 RDS Protocol Formal Verification . 122 4.7.1 Formal Methods: An Overview . 122 4.7.2 Mocha Model Checker . 125 4.7.2.1 Alternating Transition System (ATS) . 125 4.7.2.2 Alternating-time Temporal Logic (ATL) . 127 4.7.2.3 Guarded Command Language . 128 4.7.3 Model Checker and RDS Protocol Modelling . 129 4.7.3.1 Modelling the RDS Protocol . 130 4.7.3.2 Modelling the Properties of the RDS Protocol . 135 4.7.3.3 RDS Verification Using Mocha . 141 4.8 Protocol Performance Analysis . 151 4.8.1 RDS Protocol Computational Cost . 151 4.8.2 RDS Protocol Communication Cost . 153 4.8.3 Comparison with Related Work . 154 4.8.4 Prototyping and Evaluation . 155 5 4.8.4.1 RDS Protocol Design . 155 4.8.4.2 RDS Protocol Implementation . 157 4.8.4.3 Hardware and Software Architecture . 159 4.8.4.4 RDS Protocol Evaluation . 159 4.8.4.4.1 Performance Evaluation . 159 4.8.4.4.2 Test against Security Attacks . 162 4.9 Chapter Summary . 165 5 Reselling Deal Method 167 5.1 Building Blocks . 167 5.1.1 Market Power . 167 5.1.2 Existing License Distribution Infrastructure . 168 5.1.2.1 License Issuer (LI) . 169 5.1.2.2 DRM Client . 169 5.1.3 License Revocation List (LRL) . 170 5.1.3.1 LRL Types . 171 5.1.3.2 Delivering LRL to Reseller . 173 5.1.3.2.1 Pull Mode . 173 5.1.3.2.2 Push Mode . 174 5.1.3.3 The Need for Imposing a Reselling Deal Validity Deadline . 174 5.1.4 Reselling Permission (RP) . 176 5.2 Preliminaries . 177 5.2.1 Notations . 177 5.2.2 Design Assumptions . 180 5.2.3 Design Requirements . 181 5.3 Fair and Secure License Reselling Protocol (FSLRP) Suite: An Overview . 184 5.4 The FSLRP Protocol Suite in Detail . 186 5.4.1 2-Messages RD Signing (2M-RDS) Protocol . 186 5.4.1.1 2M-RDS Protocol Overview . 186 5.4.1.2 2M-RDS protocol Analysis . 186 5.4.2 RD Activation (RDA) Protocol . 187 5.4.2.1 RDA Protocol Overview . 187 5.4.2.2 RDA Protocol Analysis . 188 5.4.3 RD Completion (RDC) Protocol . 190 6 5.4.3.1 RDC Protocol Overview . 190 5.4.3.2 RDC Protocol Analysis . 191 5.5 Threat and Attack Analysis . 192 5.5.1 Threats Analysis . 192 5.5.1.1 Double Use of a License . 193 5.5.1.2 Installing an Out-of-date LRL-update . 194 5.5.2 Attack Analysis . 194 5.5.2.1 Collusion Attack 1 . 194 5.5.2.2 Collusion Attack 2 . 195 5.6 FSLRP suite Evaluation . 196 5.6.1 FSLRP Suite Computational Cost . 196 5.6.2 Comparison with Related Work . 197 5.7 Chapter Summary . 201 6 Two Methods Supporting Multi-Reselling 203 6.1 Chapter Introduction . 203 6.2 Additional Design Building Block . 204 6.3 Preliminaries . 204 6.3.1 Definitions . 204 6.3.2 Design Assumptions . 206 6.3.3 Design Requirements . 206 6.4 Method One: Repeated RP based Multi-reselling . 207 6.4.1 RRP-MR Method Overview . 208 6.4.2 RRP-MR Method in Detail . 208 6.4.3 Verifications used in the RRP-MR Method . 214 6.4.3.1 Buyer's Verifications . 214 6.4.3.2 LI's verifications . 217 6.4.4 RRP-MR Method Analysis . 219 6.4.4.1 Analysis against Requirements . 219 6.4.4.2 Analysis against Potential Attacks . 220 6.4.4.3 RRP-MR Method Weaknesses . 222 6.5 Method Two: Hash Chain based Multi-reselling . 222 6.5.1 HC-MR Method Overview . 225 6.5.2 Multiple Reselling Permission (MRP) . 226 6.5.3 Read-only Public Directory (RPD) for Multi-Reselling Check- ing............................... 229 7 6.5.4 HC-MR Method in Detail . 229 6.5.5 Verifications Used in the HC-MR Method . 235 6.5.5.1 Buyer's Verifications . 236 6.5.5.2 LI's verifications . 242 6.5.6 The HC-MR Method Analysis . 243 6.5.6.1 Analysis against Requirements . 243 6.5.6.2 Security Analysis against Potential Attacks . 245 6.6 Evaluation of the Two Multi-reselling Methods . 248 6.6.1 Computational Costs of the Two Methods . 248 6.6.2 Comparison with Related Work . 250 6.7 Chapter Summary . 253 7 Conclusion and Future Work 255 7.1 Thesis Contributions . 256 7.2 Directions for Future Work . 260 7.3 Deployment Requirements . ..