A

Ha

b

c

a

ARRAA

KADHPR

1

esstcrtb

acfac222abb(

y

0d

The Journal of Systems and Software 83 (2010) 2431–2440

Contents lists available at ScienceDirect

The Journal of Systems and Software

journa l homepage: www.e lsev ier .com/ locate / j ss

robust and flexible digital rights management system for home networks

eeyoul Kima, Younho Leeb,∗, Yongsu Parkc

Kyonggi University, Republic of KoreaDepartment of Information and Communication Engineering, Yeungnam University, Republic of KoreaHanyang University, Republic of Korea

r t i c l e i n f o

rticle history:eceived 17 November 2008eceived in revised form 1 March 2010ccepted 7 April 2010

a b s t r a c t

A robust and flexible Digital Rights Management system for home networks is presented. In the proposedsystem, the central authority delegates its authorization right to the local manager in a home networkby issuing a proxy certificate, and the local manager flexibly controls the access rights of home deviceson digital contents with its proxy certificate. Furthermore, the proposed system provides a temporary

vailable online 15 June 2010

eywords:uthorized domainigital rights managementome network

accessing facility for external devices and achieves strong privacy for home devices. For the validationof delegated rights and the revocation of compromised local managers, a hybrid mechanism combiningOCSP validation and periodic renewal of proxy certificates is also presented.

© 2010 Elsevier Inc. All rights reserved.

roxy certificateight delegation

. Introduction

Digital rights management (DRM) refers to technologies thatnforce pre-defined policies to control the access of digital media,uch as digital movies and digital music. Since the advent of per-onal computers and Internet file-sharing tools, it has become easyo make and distribute an unlimited number of copies of digitalontents without any quality degradation. To prevent the unautho-ized use and propagation of commercial content and to preservehe benefits of digital content providers, robust DRM systems haveecome essential.

In home network environments, where electronic devices suchs PCs and digital TVs are interconnected, if a consumer pur-hases DRM content he or she will want to render the contentreely on any of his or her home devices. This point has receivedttention in the literature, and many DRM systems based on theoncept of an authorized domain (AD) have been proposed (Holtz,002; Kim et al., 2006; Open Mobile Alliance, 2004; Popescu et al.,004; SmartRight, 2003; Sovio et al., 2003; van den Heuval et al.,002). According to AD concept, home devices are registered in

domain, and the access permissions to render DRM content areestowed on the domain instead of on a single device. The mem-ership of a domain is managed by either a centralized authorityIBM Corporation, 2001; Open Mobile Alliance, 2004), or a local

∗ Corresponding author. Tel.: +82 53 810 3092.E-mail addresses: heeyoul.kim@kgu.ac.kr (H. Kim), yhlee@ynu.ac.kr (Y. Lee),

ongsu@hanyang.ac.kr (Y. Park).

164-1212/$ – see front matter © 2010 Elsevier Inc. All rights reserved.oi:10.1016/j.jss.2010.04.064

manager in the domain (Kim et al., 2006; Popescu et al., 2004;SmartRight, 2003), and the home devices in a domain share a secretdomain key to render the content. This concept may be extendedto assign different access privileges to different devices in a homenetwork by establishing multiple domains having different privi-leges. However, this approach supports dynamic access control ina very limited fashion and increases the cost of managing domains.For example, in an OMA DRM (Open Mobile Alliance, 2004) sys-tem, each device in a home network has to interact with the centralauthority whenever it joins a domain.

In this paper, a robust and flexible DRM system for homenetworks is presented that considers various scenarios that canoccur in home network environments. The term ‘robust’ meansthat the system protects unauthorized consumption of digital con-tents for the benefit of content providers, and the term ‘flexible’means that the system provides more fine-grained access con-trol for home devices. To provide compatibility with OMA DRM(Open Mobile Alliance, 2004), the proposed system assumes thesame environment as the OMA DRM, except for inside the homenetwork.

In the proposed system, the central authority delegates itsauthorization right to local managers located in the home networksby issuing proxy certificates that explicitly guarantee delegatedrights. Since a proxy key, which is associated to the correspond-

ing proxy certificate, is assigned per each of the bestowed rightsseparately, a fine-grained control of delegated authorization rightsis possible. Based on the delegated rights, a local manager can pre-cisely control the access permissions of the DRM contents in thehome network. The proposed system also supports a temporary

2 ms an

adwaavtbsv

psawpptada

2

a2ihvahnsV“eeSErc

swsalPob

fsiom

AlRatht

432 H. Kim et al. / The Journal of Syste

ccessing facility, a term used here to indicate enabling an externalevice to have a temporary access right to render specific contentithin a home network. To efficiently validate the delegated right

nd to revoke compromised local managers, the system provideshybrid mechanism of Online Certificate Status Protocol (OCSP)

alidation (Myers et al., 1999) and periodic renewal of proxy cer-ificates. This paper also presents a functionality comparison resultetween the proposed system and the previous domain-based DRMystems. It shows that the proposed system achieves stronger pri-acy for home devices.

The rest of the paper is organized as follows. In Section 2,revious DRM systems are reviewed. In addition, the expected con-umption scenarios of the DRM contents with the proposed systemre given in Section 3. In Section 4, a proper delegation strategyith proxy certificate is explained. In Section 5, the design of theroposed system is shown. Section 6 explains a prototype of theroposed system. In Section 7, the certificate validity check andhe certificate revocation mechanism are discussed. In Section 8,functional comparison between the proposed system and otheromain-based DRM systems is provided. Lastly, some conclusionsre made in Section 9.

. Related work

To protect DRM content in home networks, the concept of anuthorized domain (AD) has been developed (Eskicioglu and Delp,001; Kamperman et al., 2001; Ripley et al., 2002). The main goal

n this area is to devise a mechanism enabling devices in the sameousehold to share content without any restrictions and to pre-ent the devices in one household from accessing the contents innother household. The domain does not have to be restricted toome network environments. It can be extended to personalizedetworks or any networks that have several rendering devices,uch as PCs, MP3 Players, PDAs, and Video Players. The Digitalideo Broadcasting (DVB) standard firstly named this concept theauthorized domain”; subsequently, many domain content deliv-ry architectures have been proposed (IBM Corporation, 2001; Kimt al., 2006; Open Mobile Alliance, 2004; Popescu et al., 2004;martRight, 2003; Sovio et al., 2003; van den Heuval et al., 2002).specially, in van den Heuval et al. (2002), the basic functionalequirements and the design guideline of an AD-based system arelearly presented.

The SmartRight system (SmartRight, 2003) proposed by Thomp-on introduces the concept of a Personal Private Network (PPN),hich is also based on the AD concept. Before joining the PPN, the

martcard incorporated into a device performs a compliance checknd a registration process with a public key certificate issued by aicensing organization. After joining the PPN, all devices in the samePN share a symmetric domain key that protects digital contents. Ifne device in the domain is compromised, the domain key shoulde changed.

Popescu et al. (2004) proposed an AD security architecture thatollows the specifications in van den Heuval et al. (2002) and isimilar to the abovementioned SmartRight system. Their systemmproves the compliance checking protocol to reduce public keyperations, and it provides an efficient and flexible revocationechanism for compromised devices.The Open Mobile Alliance (OMA) DRM standard (Open Mobile

lliance, 2004) also supports the concept of a domain with a Pub-ic Key Infrastructure (PKI). However, in this standard, a centralized

ights Issuer (RI) manages all authorized domains, i.e., each compli-nce device joins a domain with the approval of the RI and receiveshe domain key from the RI. This centralized approach imposes aeavy burden on the RI, and domain privacy issues arise, becausehe RI knows which devices are registered in which domains.

d Software 83 (2010) 2431–2440

The xCP cluster protocol (IBM Corporation, 2001) proposed byIBM is an AD-based architecture where the broadcast encryption isapplied. Since this architecture utilizes only symmetric key encryp-tion, it requires low computational cost compared with othersutilizing public key operations. However, the broadcast encryptionhas an inherent limitation in that the size of the broadcast messageincreases as the total number of revoked devices increases. Thus,if many devices are compromised, this revocation mechanism maybe very expensive.

The DVB-CPCM (2009) is a system for Content Protection andCopy Management of commercial digital content delivered to con-sumer products. It provides the Authorized Domain Managementmechanism that allows the devices belonging to a household toestablish and join an AD. When a new AD is created, a new glob-ally statistically unique AD secret is generated to protected digitalcontents bound to that AD. If a new device joins the AD the ADsecret is transmitted securely. And if the device leaves the AD it isforced to erase the AD secret to disable consumption of AD-boundcontents.

In an alternative research direction, a few DRM architectureshave been proposed supporting the delegation of authorization(Nair et al., 2005; Sovio et al., 2003). In Sovio et al. (2003), thearchitecture deals with delegating the right of authorization toaccess a secret key. To implement authorized domains, it utilizesthe function sharing technique between a device in the domainand a semi-trusted network server. The main drawback of thisapproach is that it always requires the cooperation of the semi-trusted server to exercise the right. On the other hand, in Nair et al.(2005) the architecture deals with delegating the right of authoriza-tion to bestow the access rights of DRM content on other entities.Although it is proposed for content redistribution, this concept canbe applied to home networks as in Kim et al. (2006).

Meanwhile, the Coral Interoperability Framework (CoralConsortium Whitepaper, 2006) tries to solve the interoperabilityproblem which is another important issue in DRM systems. MostDRM systems are monolithic in the sense that they support a singleprotected content format and system for enforcing access rights, soa consumer having a device that supports one DRM system cannotconsume the contents with other device that supports another DRMsystem. The Coral framework is based on service-oriented architec-ture to support interoperability between different DRM systemsand content formats with the goal of providing an intuitive andtransparent consumer experience. The framework itself is not aDRM system but a mediator between different DRM systems.

3. Consumption scenarios of DRM contents for homenetworks

Since a home network can include many home devices, theconsumption of DRM content can occur in a variety of ways. Inthis section, we provide various scenarios that describe whichdevices purchase and distribute DRM contents, and which devicesare allowed to access the contents.

3.1. Purchasing and consuming contents within the homenetwork

A user may want to consume DRM content via all devices inthe home network. Thus, any device registered in a home networkshould be able to purchase the contents and efficiently distribute

them to other devices in the home network, instead of requiringeach device to contact the content provider separately. Only autho-rized devices that are registered in a home network should be ableto render the purchased content. This case is a typical scenario inhome networks.

ms an

3h

aloaiTts

3

tboaa

3

tDpwtmncttr

4

dcceccwwdasrde

mewmkttcpd

of LDM. Based on LDM, a domain is organized in each home net-work. All devices in the home network are registered in a domainand managed by LDM in the domain.

The functional architecture of the proposed system is shown inFig. 1, and the descriptions of each functional entity are as follows.

H. Kim et al. / The Journal of Syste

.2. Purchasing contents through a device residing out of theome network

Users may purchase DRM content via a mobile device when theyre far away from the home network. For example, a user mayike to purchase music content via a cellular phone while in hisr her office. In this case, the device cannot be guaranteed to haveconnection with the home network. However, a user ordinar-

ly wants to consume the content immediately after purchasing it.hen, once home, a user may want to share the purchased con-ent with other home devices. These two requirements should beatisfied in a non-conflicting way.

.3. Controlling access privileges of home devices

Home devices may have different access privileges althoughhey are in the same home network. The privileges of a device maye dependent on the device owner, e.g., the host versus the guest,r may be dependent on the content, e.g., music content versusdult content. Since the access privileges can be altered, a dynamicccess control mechanism should be provided.

.4. Allowing temporary access rights to external devices

Although consuming DRM content with external devices otherhan those owned by the content owner violates the concept ofRM systems, it is sometimes required in the real world. For exam-le, a user may want to render legally purchased DRM contentith a friend’s devices in the friend’s home. In this case, since

he user already purchased the content access rights, he or sheay feel incompatible if rendering is not allowed. Enabling exter-

al devices to preview a part of DRM content as an advertisementan be another good example, because it increases potential cus-omers. However, to protect illegal distribution and consumption,he temporary rights should be carefully controlled with explicitestrictions, such as consumption count and allowance period.

. Right delegation using proxy certificate

To support DRM facilities efficiently in the various scenariosescribed above, delegating the right to authorize access of DRMontents to local domain managers is useful. For instance, if theentral authority directly manages the authorization granting anxternal user a temporary right to render DRM content, or if theentral authority directly controls the access permissions of DRMontent for each device in all home networks, the central authorityill bear a heavy management burden and a scalability problemill arise in the DRM system. Thus, the proposed system takesecentralized approach where each domain and its membershipre handled by a local domain manager. Moreover, in the proposedystem the local domain manager is delegated the authorizationight to issue new licenses on behalf of central authority for theomain members. This kind of decentralized approach enhancesfficiency and scalability of the proposed system.

To verify the delegated authorization right of a local domainanager and to prevent a malicious manager from abusing its del-

gated right, the proposed system employs the proxy certificatehich is a well-known method for delegation in the PKI environ-ent (Housley et al., 1999). The local manager generates a proxy

ey pair and requests right delegation to the central authority. Then

he authority delegates authorization right by issuing a proxy cer-ificate signed by the authority’s private key. After receiving theertificate, the local manager can issue new licenses with its proxyrivate key. Then the licenses’ validity is verified by each domainevice with corresponding proxy certificate.

d Software 83 (2010) 2431–2440 2433

The most important feature of the proxy certificate related tothe proposed system is that the proxy certificate makes it pos-sible to transform the rights management problem into a proxykey management problem. The proxy key is different from theentity key that is used for identity authentication. Since the entitycertificate is not relevant to the proxy certificate, the entity certifi-cate need not be reissued even if the proxy certificate is revoked.Thus, the use of the proxy certificate makes rights managementsimple and can provide an efficient and flexible way for rightsdelegation.

5. System design

This section describes the detailed design of the proposed sys-tem. The proposed system has been designed based on the OMADRM standard, and it provides the rights delegation facility byemploying the proxy certificate. The main characteristic of theproposed system is that the authorization right to issue accessrights to DRM content is delegated from a centralized server toa home network manager. Thus, the proposed system can locallysupport the scenarios of Section 3 without the help of an outsideserver.

5.1. System overview

A home network interconnects electronic products and systems,such as PCs, mobile phones, digital audio/video, and digital TV. Withthe help of the home network, both remote access to and control ofthose products and systems are possible (Holtz, 2002). The typicalhome network consists of a home gateway that connects the homenetwork to the outside public network, in-home intranets such asphone-lines, power-lines, or wireless networks, and home devicesthat include home networking facilities.

To support the various scenarios for home networks in Section 3,we utilize the concept of rights delegation using proxy certificates.The authorization rights to issue access permissions of DRM contentto home devices are delegated to a home manager in a home net-work, namely the Local Domain Manager (LDM). The LDM shouldbe secure and reliable, and it also should have an “always-on”property. Moreover, it should have reasonable computing power,because issuing access rights may require time-consuming opera-tions. The home gateway satisfies these requirements. Therefore, inthe proposed system, a home gateway is considered to play the role

Fig. 1. DRM functional architecture for home networks.

2 ms and Software 83 (2010) 2431–2440

•

•

•

•

EcaPatikL

pmwRiLdvpt

5

ciipdi

434 H. Kim et al. / The Journal of Syste

Content issuer (CI): The content issuer has responsibility for trans-ferring DRM content to home networks. For secure transfers, theDRM content is re-packaged so that only the purposed homedevice can obtain the content.Rights issuer (RI): The rights issuer generates a Rights Object (RO)and issues it to the LDM, which legally purchases the associatedDRM content. In the RO, the access permissions of the correspond-ing DRM contents are contained. The RO governs how the contentcan be consumed by the user’s home devices.LDM: The LDM exists in a domain. The right to issue an RO to ahome device is delegated from the RI to the LDM. After delegation,the LDM acquires ROs for its domain from the RI, and issues ROsfor home devices based on the former ROs.Home device: This refers to any device that is registered in adomain. A trusted DRM agent is embedded in each home device.The agent is responsible for enforcing access permissions speci-fied in the RO.

ach entity has a private key and public key pair (SK,PK) and aorresponding entity certificate issued by a trusted CA. The inter-ctions between the two entities are performed after establishingKI-based mutual authentication. Initially, the LDM acquires theuthorization right to issue access rights for home devices fromhe RI by the delegation by certificate strategy, which is describedn Section 5.2. The registration of home devices and the domainey distribution follow the OMA DRM standard, except that theDM manages them instead of the RI.

When a user in a home network wants DRM content, theurchasing process is performed through the LDM with a legal pay-ent. The CI transfers the protected content, which is encryptedith a Content Encryption Key (CEK). The RI issues a correspondingO from which only the LDM can obtain the CEK. Then, depend-

ng on the purposes described in Sections 5.4, 5.5 and 5.6, theDM issues a new access permission containing the CEK for homeevices, and distributes it with the LDM’s proxy certificate. Aftererifying the validity of both the proxy certificate and the accessermission, the home device can obtain the CEK and then renderhe content.

.2. Rights delegation

The RI delegates the right to issue the access permissions of DRMontent to the LDM after a negotiation between the RI and the LDMs successfully finished. The delegation is implemented by request-

ng a proxy certificate from the LDM and consequent issuing of aroxy certificate of RI. An overview of the delegation procedure isepicted in Fig. 2. A detailed description of the delegation procedure

s as follows (Fig. 3).

Fig. 2. Authorization rights delegation process.

Fig. 3. Examples of a proxy request and a proxy certificate.

(1) LDM → RI: ProxyReqLDM. The LDM generates a private key andpublic key pair (SKproxy, PKproxy) that will be used in proxy sig-nature generation and verification. It then generates a proxyrequest message ProxyReqLDM, including the identity of theLDM and PKproxy. The message also includes two signaturesSIGproxy and SIGLDM: the former is generated with SKproxy toprove that the LDM has the private key corresponding to PKproxy,and the latter is generated with SKLDM, the entity private keyof the LDM, to prove that the delegation is requested from theLDM. The request message is sent to the RI.

(2) RI: verify SIGproxy, SIGLDM in ProxyReqLDM. The RI verifies thetwo signatures in the request message with PKproxy and PKLDM.

(3) RI → LDM: Certproxy. The RI generates a proxy certificateCertproxy, which binds PKproxy with the LDM and authorizes theright to issue RO for home devices. The conditions and restric-tions of the delegated right are expressed by the Open DigitalRights Language (2002), and are located in the ProxyCertInfoextension field, which is defined in the X.509 Proxy CertificateProfile (Perlman et al., 2004). The proxy certificate is signedwith SKRI and sent to the LDM.

(4) LDM: verify Certproxy. After receiving the proxy certificate, theLDM checks whether it is generated from the correspondingrequest message by verifying that the public key in the proxycertificate is equal to the key previously sent in the proxyrequest message. Then, the LDM verifies SIGRI, the signatureof the RI. From this point, the LDM can delegate rights to homedevices.

5.3. Registration

The registration process is employed from the OMA DRM stan-dard (Popescu et al., 2004). Each home device performs a mutualauthentication with the LDM. The LDM checks the compliance ofthe device by verifying the entity certificate of the home device.The device verifies the entity certificate of the LDM. All verificationprocedures include the OCSP validation. The details of the OCSPvalidation procedure are given in Section 6.

5.4. Consuming home content through LDM

When a user in a home network wants to purchase DRM con-tent, a purchasing process is executed through the LDM. After aproper payment, the LDM receives from the CI protected DRM con-tent, which is encrypted with a CEK, and receives from the RI a

corresponding RO containing the rights to consume the content,restrictions, and validity period. Based on the RO and the delegatedright of Section 5.2, the LDM issues a Domain RO (DoRO) for homedevices and distributes it with the protected DRM content. TheDoRO contains the CEK encrypted with a domain key known to all

H. Kim et al. / The Journal of Systems an

hDF

(

(

(

(

5

dhL

Fig. 4. Consumption process of a home device with a Domain RO.

ome devices, and thus home devices can consume the protectedRM content. The procedure is as follows and is also depicted inig. 4.

1) CI, RI → LDM: protected content, ROLDM. The CI sends protectedcontent encrypted with the CEK, and the RI sends the LDM anRO which contains the CEK encrypted with PKLDM, the entitypublic key of the LDM.

2) LDM: generate Domain RO. The LDM obtains the CEK fromthe RO by decrypting with its private key SKLDM, and issues aDoROLDM containing both the CEK encrypted with the domainkey and the signature generated with SKproxy. The access condi-tions and restrictions are explicitly described in the DoROLDM.They should not exceed the scope of those in the original RO,which was previously issued from the RI to the LDM. The updateand distribution of the domain key is performed by the LDMinstead of the RI, according to the OMA DRM specification.

3) LDM → device: DoROLDM, protected content, Certproxy. If a homedevice wants to access the content, the LDM distributes theprotected content with a corresponding DoROLDM and Certproxy.

4) device: verify Domain RO. The device first checks the validityof the proxy certificate to confirm that the LDM has a properright to issue the Domain RO by investigating the descriptionand verifying the signature in the proxy certificate. It then ver-ifies the signature in the DoROLDM with the certificate andobtains the CEK by decrypting it with the domain key. Afterdecrypting the protected content with the CEK, the device con-sumes the content according to the access permissions in theDoROLDM.

.5. Converting an RO into a Domain RO for home networks

Sometimes a user may purchase DRM content for a specificevice without the help of the LDM if he or she is far from theome network and his or her device cannot be connected with theDM. In this case, the user may want to share the content with

Fig. 5. Conversion from an indivi

d Software 83 (2010) 2431–2440 2435

other home devices upon returning home. The proposed systemcan manage this case; it can convert the previously purchased ROinto a DoRO that enables all home devices to access the content.The detailed process is described as follows and is also depictedin Fig. 5, assuming that the user purchases the content through adevice D1.

(1) CI, RI → D1: protected content, ROD1. The CI sends protected con-tent encrypted with the CEK, and the RI sends an RO for D1 thatcontains the CEK encrypted with the public key PKD1.

(2) D1 → LDM: ROD1, protected content, EPKLDM(CEK). At the home

network, D1 requests the LDM to convert ROD1 into DoROLDM.D1 obtains the CEK by decrypting with SKD1. D1 again encryptsit with PKLDM and sends the encrypted result EPKLDM

(CEK) andROD1 to the LDM.

(3) LDM: verify ROD1. The LDM verifies the signature of the RI inROD1 and checks whether converting the RO into the DomainRO is allowed.

(4) LDM: generate Domain RO. The LDM obtains the CEK fromEPKLDM

(CEK) with SKLDM, and issues a corresponding DoROLDM.DoROLDM includes the ciphertext, which is a result of encryptingthe CEK with the domain key.

(5) LDM → device: DoROLDM, protected content, Certproxy. If anotherhome device wants to consume the content, the LDM dis-tributes the protected content with a corresponding DoROLDMand the proxy certificate.

(6) device: verify Domain RO. The device checks the validity of boththe DoROLDM and the proxy certificate. Then, it can obtain theCEK and consume the content after decryption.

5.6. Access control of home devices

Depending on the type of DRM contents or the policy of thehome network, it is desired that only a subset of home devicescan access certain contents. Aforementioned AD-based DRM sys-tems may solve this problem by allowing multiple domains for ahome network. However, this approach requires additional effortsto manage not only the membership for each domain but alsothe corresponding domain keys. The proposed system has a differ-ent approach, in which the LDM separately issues a Delegated RO(DeRO) for each device to have a different access privilege respec-tively with LDM’s issuing right that is empowered by RI. Since theaccess control is performed by the LDM, the RI does not require anyadditional cost. The following procedure describes how to issue aDeRO so that can be used for only a specific home device, D1.

(1) D1 → LDM: request for a DRM content. A home device D1requests the LDM to send D1 DRM content on which D1 hasthe access privilege.

dual RO into a Domain RO.

2436 H. Kim et al. / The Journal of Systems an

(

(

(

(

5

LpLrdt((fa

(

((3) The OCSP server checks the validity of the proxy certificate,

Fig. 6. Consumption process of a Temporary RO.

2) LDM: check request. The LDM checks whether D1 is allowed toaccess the content, based on either the restrictions described inthe ROLDM or the policy of the home network.

3) LDM: generate Delegated RO. The LDM obtains the CEK fromthe ROLDM by decrypting it with LDM’s private key, and issuesa DeROD1 containing both the CEK encrypted with D1’s publickey PKD1 and the signature generated with the private proxykey SKproxy.

4) LDM → D1: DeROD1, protected content, Certproxy. The LDM sendsthe protected content with a corresponding DeROD1 and theproxy certificate to D1.

5) D1: verify Delegated RO. D1 checks the validity of both theDeROD1 and the proxy certificate. Then, it obtains the CEK inDeROD1 by decrypting it with SKD1. After decrypting the pro-tected content with the CEK, D1 can consume the content.

.7. Allowing temporary consuming of external devices

For the cases described in Section 3.4, it is necessary that theDM allows external devices to consume intended content tem-orarily. The proposed system provides this ability by allowing theDM to issue a Temporary RO (TRO), which has restricted accessights and a very short validity period. If the identity of the externalevice that will consume the contents is predictable, the consump-ion process of TRO is similar to the process of DeRO in Section 5.5see Fig. 6a). If it is not predictable, the following process is executedsee Fig. 6b). In both cases, the internal device D1 has responsibilityor delivering the protected content and TRO from the LDM to Dex,n external device.

1) LDM → D1: TROanony, protected content, EPKD1 (TK), Certproxy. TheLDM generates a temporary key TK and issues a TROanony for ananonymous device where the CEK is encrypted with TK. TheLDM also encrypts TK with D1’s public key PKD1 and sends it toD1. After receiving them, D1 obtains TK.

2) Dex → D1: CertDex. When outside the home network, if D1 con-tacts an external device Dex which will consume the content,it receives the certificate of Dex through a local connection ora physical connection.

d Software 83 (2010) 2431–2440

(3) D1 → Dex: TROanony, protected content, EPKDex(TK), Certproxy.

After verification of CertDex, D1 sends the protected content andthe TROanony received from the LDM in Step 1 and also sendsthe encryption of TK with PKDex.

(4) Dex: verify Temporary RO. Dex obtains the TK by decrypting itwith SKDex, and checks the validity of TROanony with Certproxy.Then, it obtains the CEK in TROanony with TK and can consumethe content after decryption.

6. Revocation and certificate validation

The trust model of the proposed system follows the OMA DRMtrust model except one additional hypothesis. The LDM is assumedto be a trusted entity that acquires delegated authorization rightproperly and does not issue illegitimate licenses maliciously. Toverify this hypothesis each device performs two kinds of checkingprocesses. First, the device checks the validity of received licensewith the corresponding proxy certificate to prevent a maliciousattacker from pretending a trusted LDM. Second, the device checksthe validity of the proxy certificate as below to prevent a revokedLDM from issuing illegal licenses. Therefore, we argue that the pro-posed system is not necessarily weaker than the base OMA DRMsystem.

This section describes how to check the validity of LDM’s proxycertificate and how to revoke it. Compared with the previous DRMsystems, the revocation and certificate validation process in theproposed system have been carefully designed, because the LDMis far more powerful than that of previous systems. How to detectmalicious LDMs is beyond the scope of this paper; however, theproposed system provides a way to isolate known malicious LDMseffectively via a certificate validation and revocation process.

6.1. Validity checking of proxy certificates

In the proposed system, upon receiving a new access right andits associated proxy certificate, a rendering device performs thevalidation of the received proxy certificate via the OCSP certificatevalidation protocol (Myers et al., 1999). If it passes the validationprocess, it is not revalidated until the validity period of the proxycertificate is expired.

This method is more efficient than an intuitive approach that thedevice accesses the OCSP server per each rendering of the content toverify the validity, because the device accesses the OCSP server onlyonce per each content during the validity period of the proxy cer-tificate. Moreover, this method preserves the main objective of thevalidity check process with OCSP; the lifetime of the malicious LDMcan be limited at most to the validity period of the proxy certificate.Fig. 7 shows why the lifetime of the malicious LDM is limited to thevalidity period of its proxy certificate.

The following protocol shows the way for each device to performOCSP validation protocol. Fig. 8 depicts an overview of the detailedprotocol. Since it cannot be assumed that the device directly con-nects to the OCSP server, the messages in the protocol are deliveredthrough the LDM.

(1) The device sends the LDM an OCSP request message whichincludes the serial number of the proxy certificate and a randomnonce to prevent replay attacks by a malicious LDM.

(2) The LDM delivers the received OCSP request to the OCSP server.

which corresponds to the serial number in the request. TheOCSP server then responds with the check result and the signa-ture of OCSP server to the LDM.

(4) The LDM delivers the response to the device.

H. Kim et al. / The Journal of Systems and Software 83 (2010) 2431–2440 2437

s LDM

(

6

tppaiifdcLgc

Fig. 7. Relation between the lifetime of maliciou

5) After receiving the response, the device verifies the signatureof the OCSP server with the pre-shared certificate of the OCSP.Also it verifies whether the nonce in the response is the sameto the one in the corresponding request message. Then thedevice investigates the response. If the response shows theproxy certificate is valid, the device regards the proxy certifi-cate is valid and continues the content rendering procedure. Ifnot, the device erases the proxy certificate and its associatedrights object in its memory.

.2. Periodical renewal of proxy certificates

The periodic renewal of a proxy certificate is performed whenhe validity period of the proxy certificate is expired. If the validityeriod expiration is recognized, an LDM requests the renewal of theroxy certificate to RI. After receiving the renewal request, RI re-uthenticates the LDM by checking its black-list or white-list, andnteracting with the OCSP server to verify the proxy certificate is notncluded in the revocation list. If the re-authentication is success-ul, RI issues the renewed proxy certificate to the LDM. The only

ifferences between the old proxy certificate and the new proxyertificate are the validity period and the signature of RI. Thus, theDM can keep on using the current proxy private key without re-eneration of a new private/public key pair for the renewed proxyertificate.

Fig. 8. Certificate validatio

and the validity period of the proxy certificate.

6.3. Revocation

If the right of an LDM should be invalidated due to the cor-ruption or malfunctioning of the LDM, revocation of the proxycertificate should be performed. For this, the RI sends the infor-mation of the proxy certificate (including serial number, subjectidentity, and proxy public key) to the OCSP server. Then the serverregisters this entity in the revocation list. After this registration, thedevices querying the status of the proxy certificate are notified ofits revocation status.

7. Implementation

The prototype of the proposed system has been implementedon a Linux environment with the OpenSSL library (OpenSSL, 2010).We modified the ASN.1 encoding module, the X.509 entity andproxy certificate module, and used a cryptographic module inthe OpenSSL library to implement the proposed system. Fig. 9depicts the functional architecture of the proposed system andFig. 10 depicts the component hierarchy of our implementation. Weemployed XML in the proposed system to describe the delegated

right and its condition.

The following screenshots show simple running results of theprototype. Fig. 11 depicts the running result of issuing the proxycertificate, and Fig. 12 depicts a sample DoRO (Domain RightObject). In Fig. 11, the proxy certificate includes a policy where the

n querying process.

2438 H. Kim et al. / The Journal of Systems and Software 83 (2010) 2431–2440

ional a

sisi

8

AP(

TF

G

Fig. 9. Funct

cope and limitation of the delegated right is described. The policys expressed as an XML description. In Fig. 12, a white-list, whichhows the entities that are permitted to use the DoRO, is containedn the DoRO.

. Comparison with domain-based DRM systems

In this section, the proposed system is compared with otherD-based DRM systems for home networks: SmartRight (2003),opescu et al. (2004), xCP (IBM Corporation, 2001), OMA DRMOpen Mobile Alliance, 2004), and DVB-CPCM (2009). The com-

Fig. 10. Componen

able 1unctionality comparisons between the proposed system and the previous systems.

Functionality SmartRight(2003)

Popescu et al.(2004)

xCP (ICorpo

Home content local sharing © © ©Home content access control × × �Temporary accessing × × ×AD management policy Decentralized Decentralized CentrAD privacy © © ×Revocation mechanism GDRL GDRL/LDL MKB

DRL, global device revocation list; LRL, local revocation list; MKB, media key block; OCS

rchitecture.

pared functionalities are described as follows, and the results aresummarized in Table 1.

• Home content local sharing: All home devices registered in a homenetwork should be able to render home contents that are allowed

to be consumed. This functionality is supported in all the aboveDRM systems, since they are based on the concept of authorizeddomain.

• Home content access control: It should be possible to give differentaccess privileges to each device even in the same home network.

t hierarchy.

BMration, 2001)

OMA (Open MobileAlliance, 2004)

DVB-CPCM(2009)

Proposed

© © ©� × ©× × ©

alized Centralized Decentralized Decentralized× © ©OCSP GDRL OCSP/PRPC

P, online certificate status protocol; PRPC, periodical renewal of proxy certificate.

H. Kim et al. / The Journal of Systems an

Fig. 11. Prototype result: description of proxy certificate.

•

•

•

•

Fig. 12. Prototype result: description of Domain Right Objects (DoRO).

xCP and OMA DRM can partially support this functionality withmultiple domains; however, they do not support a flexible andefficient access control mechanism. On the other hand, the pro-posed system supports it by issuing a Delegated Rights Object(DeRO).Temporary accessing of external devices: This functionality enablesan external device to render home contents temporarily with theagreement of the user. The proposed system supports it for thefirst time by issuing a Temporary Rights Object (TRO).AD management policy: The management of domains can beclassified into two types: centralized and decentralized. Theformer means that a centralized trusted server manages themembership of all domains and domain keys, and the lattermeans that each domain is managed by each local man-ager registered in the domain. The latter type has betterscalability.AD privacy: The information about compliant devices registeredin a home network should not be revealed. This is very closelyrelated to the AD management policy. If the domain is managed

by the connection with an outside server, the information maynot be kept secure.Revocation mechanism: If a device in home networks is compro-mised by an attacker, it should be prevented from rendering homecontent. For the system of Popescu et al., a lightweight revocation

d Software 83 (2010) 2431–2440 2439

mechanism for local domains is supported. For OMA DRM usingOCSP, depending on the online server can impose a heavy burden.

As shown in Table 1, the proposed system supports all functionalityabove. Especially, it supports access control of home contents andAD privacy. Moreover, it applies the concept of periodical renewalwith OCSP validation to validate the proxy certificate efficiently andto revoke the certificate of a malicious AD manager.

9. Conclusion

In this paper a robust and flexible DRM system for home net-works has been presented. In the proposed system the RI delegatesits authorization right to the local domain manager by issuing aproxy certificate, and the local domain manager robustly and flex-ibly controls the consuming rights of home devices. The systemwas carefully designed in consideration of various consumptionscenarios of DRM contents for home networks, and its advantagescompared with previous domain-based systems are shown in Sec-tion 8. In conclusion, the system can reduce the inconvenience toconsumers using DRM contents, and thus can contribute to thegrowth of the DRM market.

Acknowledgement

This work was supported by the GRRC program of Gyeonggiprovince, [200911963, Software Technology for Effective DigitalContents Service]. Also, This research was supported by Basic Sci-ence Research Program through the National Research Foundationof Korea(NRF) funded by the Ministry of Education, Science andTechnology(2009-0069740, 2010-0006355).

References

Eskicioglu, A.M., Delp, E.J., 2001. An overview of multimedia content protection inconsumer electronic devices. Signal Processing: Image Communication 16 (April(5)), 681–699.

Holtz, R., 2002. Guide to Home Networks. Consumer Electronics Association.Housley, R., Ford, W., Polk, W., Solo, D., 1999. Internet X.509 Public Key Infras-

tructure. RFC 2459, The Internet Engineering Task Force (IETF). Availablehttp://www.ietf.org/rfc/rfc2459.txt.

. xCP Cluster Protocol DVB-CPT-716, October. IBM Corporation.Kamperman, F.L.A.J., van den Heuvel, S.A.F.A., Verberkt, M.H., 2001. Digital rights

management in home networks. In: Proc. IBC, September, pp. 70–77.Kim, H., Lee, Y., Chung, B., Yoon, H., Lee, J., Jung, K., 2006. Digital rights management

with right delegation for home networks. In: Proc. ICISC 2006, LNCS, vol. 4296,November, pp. 233–245.

Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C., 1999. X.509 Internet PublicKey Infrastructure Online Certificate Status Protocol – OCSP. RFC 2560.

Nair, S.K., Popescu, B.C., Gamage, C., Crispo, B., Tanenbaum, A.S., 2005. EnablingDRM-preserving digital content redistribution. In: Proc. 7th IEEE Int. Conf. onE-Commerce, pp. 151–158.

2002. Open Digital Rights Language (ODRL), Version 1.1, Technical Specification.ODRL Initiative, available: http://odrl.net/1.1/ODRL-11.pdf.

. DRM Architecture Candidate Version 2.0, July. Open Mobile Alliance, available:http://www.openmobilealliance.org.

OpenSSL: The Open Source Toolkit for SSL/TLS, 2010. Available:http://www.openssl.org.

Perlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke S., 2004. Internet X.509 PublicKey Infrastructure (PKI) Proxy Certificate Profile. RFC 3820.

Popescu, B.C., Crispo, B., Kamperman, F.L.A.J., Tanenbaum, A.S., 2004. A DRM securityarchitecture for home networks. In: Proc. 4th ACM Workshop on Digital RightsManagement, October.

Ripley, M., Traw, C.B.S., Balogh, S., Reed, M., 2002. Content protection in the digitalhome. Intel Technology Journal 6 (9), 49–56.

SmartRight technical white paper, January 2003. Available: http://www.smartright.org/images/SMR/content/SmartRight tech whitepaper jan28.pdf.

Sovio, S., Asokan, N., Nyberg, K., 2003. Defining authorization domains using virtualdevices. In: Proc. SAINT Workshops 2003, pp. 331–336.

van den Heuval, S.A.F.A., Jonker, W., Kamperman, F.L.A.J., Lenoir, P.J., 2002. Securecontent management in authorized domains. In: Proc. IBC, September, pp.467–474.

Digital Video Broadcasting Content Protection and Copy Management (DVB-CPCM),December 2009. DVB Document A094r4-7.

Coral Consortium Whitepaper, February 2006. http://www.coral-interop.org.

2 ms an

H2itCc

YKtB

440 H. Kim et al. / The Journal of Syste

eeyoul Kim received the B.E. degree in Computer Science from KAIST, Korea, in000, the M.S. degree in Computer Science from KAIST in 2002, and the Ph.D. degree

n computer science from KAIST in 2007. From 2007 to 2008, with the Samsung Elec-ronics as a senior engineer. Since 2009 he has been a faculty member of Division ofomputer Science at Kyonggi University. His main research interests include appli-

ation security such as secure group communication and digital rights management.

ounho Lee received the B.E., M.S., and Ph.D. degree in Computer Science fromAIST, Korea, in 2000, 2002, and 2006, respectively. He worked as a visiting pos-

octoral researcher and research staff under the supervision of the Prof. Alexandraoldyreva at the GeorgiaTech Information Security Center from 2007 to 2009. He

d Software 83 (2010) 2431–2440

has been a faculty member in the department of Information and CommunicationEngineering, Yeungnam University, Korea, since 2009. His reserch interests includenetwork security, applied cryptography, and multimedia security.

Yongsu Park received the B.E. degree in Computer Science from Korea Advanced

Institute of Science and Technology (KAIST), South Korea, in 1996. He received theM.E. degree and the Ph.D. degree in Computer Engineering from Seoul NationalUniversity in 1998 and 2003, respectively. He is currently an assistant professorin the Division of Computer Scince and Engineering at Hanyang University, Seoul,Korea. His main research interests include program security, network security, andcryptography.