Digital Rights Management (DRM) refers to the protection of ownership/copyrights of digital content by restricting the action of an authorized person can take with regards to the content. We need to understand that e-Books, music, software, movies, etc. are subjected to copyrights or intellectual property rights. DRM gives digital content owners the ability to securely distribute their works, to control the use of their works and to prevent unauthorized distribution, thus protecting their intellectual properties.
DRM systems use encryption of content allowing only authorized users to access and digital marking like watermark, placed on the content to indicator to the device that the media is copy protected. However, some of the DRM technologies are developed with little regard to the privacy protection that require user to reveal their identity to access the protected content.
DRM is most commonly used in the entertainment industry as movies and music are two of the most popular categories of copyrights infringement on the internet. Some of the DRM solution offered in the market includes Online Services Platform by Ubisoft, FairPlay by Apple and Advanced Regional Copy Control Operating Solution (ARccOS) by Sony.
Here are some parties actively engaging in DRM and the reason behind them using DRM. Commercial content owner such as Apple Inc, Hollywood uses DRM to protect their copyrighted works from illegal use. DRM also curb increasing piracy and unauthorised copying which in turn lead to revenue loss.
Another party includes Producers of end user equipment such as Microsoft, Sony, Nintendo who manufacture game consoles. DRM can help them to restrict access of unauthorised content and enforce copy protection.
Government Organization / Private Corporation also make use of DRM to control access to corporate and confidential documents as well as restrict sharing and modification to documents.
Case Study 1: DRM in Games
Games Publisher always wants to implement DRM because it allows them control mass distribution and prevent piracy, thus increasing their sales revenue. However in the following case study, we shall talk about how the implementation of DRM causes the opposite.
Electronic Arts (EA) was the most popular game company in the world. They create many popular PC games and online games. But game installation files must produced by CD/DVD, so they need a security technology to protect their product.
Electronic Arts (EA) with DRM named SecuROM have created themselves a number of issues to handle. One of the EA game named SPORE has certainly create much attention.
Problem with SecuROM in SPORE:
Restricted user on what they can do with the CD
You are only allowed to install the game into 3 machines, this make user extremely unhappy about it due to the unforeseen circumstances which they have to format their computer, or upgrade to a faster computer as technology advance.
Internet Connection is required
Every time you install the game, you are required to get online to authenticate with the server. The recurring 10 days online authentication make it worse, the game will cease to function if it cannot authenticate with server after 10 days.
Online Services Platform (OSP)
The DRM method that Ubisoft uses requires gamers to have a constant, uninterrupted Internet connection in order to play the games. The connection is needed to authenticate the user as well as allowing games that are saved to be synchronised online. This allows the gamer to access the game from another computer without the need for the CD/DVD after the installation, as long as there is internet connection. There is no limit to the number of computers that the game can be installed but gamer would need to create an account with Ubisoft.
DOS Attack on Ubisoft's DRM Servers
Assassin's Creed 2 is one of the games released by Ubisoft that uses OSP. Within days of the game release the authentication servers used for OSP were under a massive Distributed Denial of Service (DDoS) attack which resulted in some customers unable to play its game. The use of OSP, designed to combat piracy, have sparked negative reaction in the gaming community and it probably inspired the attack by hackers. As a result of the attack Ubisoft had to give out free copies of games to the affected gamers.
Separate and Stand-Alone program
SecuROM is a separate and stand-alone program that is installed into your computer together with the game. However if you uninstall the game, this will not remove SecuROM. The worst part is that this program installation is not known to the user, which led to the lawsuit against EA. User will have no idea on how this SecuROM will comprise their system.
Whether to have DRM implement or not have raise arguments from different point of view, from publishers point of view, they may argue that having copy protection justify the effort and amount of time each individual put in building up the game, therefore they see a need to implement DRM prevent piracy.
However on the other side, the consumers may argue that the DRM implemented make them unable to use it freely as shown in the above case. The DRM does stop some hardcore pirates, however in the process; they may lose some legitimate user because of it. All these factors have made the consumer turn to piracy instead of purchase genuine copy.
Case Study 2: Alpha-DVD
At the end of January 2006, the computer users from German post complaints to a public newsgroup about the DVD of the movie. The movie name is Mr. & Mrs. Smith. The users have noticed the presence of a new protection_system on the DVD, which is essentially based on two levels of security.
The first is a physical protection, it will on the disc surface (some kind of bad sectors), and the second is software protection, it was installed on the machines by the auto run player. The messages were posted on the public forum and reported strange errors relating to popular DVD ripping programs in the presence of the aforementioned software. It was not take long for experienced computer users to understand what was going on.
One week later, the popular Web site from German Heise Online published the technical analysis of the protection software was found on the Mr. & Mrs. Smith DVD, it is named 'Alpha-DVD' and produced by the Korean company Settec.
Setup
The Alpha-DVD protection software was composing of two modules
An executable file
A DLL library, which have the following characteristics:
Filename: %System/[RANDOM].EXE
Size (bytes): 827.592
MD5: 0x4e7797f813c20cb162b3f289698c8114
Filename: %System%/HADL.DLL
Size (bytes): 356.552
MD5: 0x9b845d4fc0b7e9f3ac5339ca4ba7e079
It is possible to know this protection on the DVD by the appearance of the main executable under the DVD root folder, with the name is 'alpha.dat'. The executable is copied files into the %System% folder with a random name, and then drops the dll library when it is executed.
The .exe file contains many other execute files for example: including a VXD driver for Windows, which are embedded as resources. The hadl.dll file is located under the location 'FILES' of the resources table and has the resource number 153.
When a DVD with Alpha-DVD protection is inserted into the DVD-ROM drive, 'playdvd.exe' runs immediately, if auto run functions was enable. This file is the main installer of the Settec protection.
From the producer, the first part of the installer does is to display an End User License Agreement. asking users to agree with the installation of the Alpha-DVD program on the system.
License Agreement
Typically, if the user does not agree with the installation process, the software (and its system hooking component) will not be installed onto the machine. However, software will show a copy of the .exe file and the .dll file are saved in the temporary folder of the computer before any consent is given by the user.The setup program will install the executable and the DLL file to the following paths before any user interaction:
%Temp%/tmpagent.exe
%Temp%/hadl.dll
When the end user disagree the License Agreement, the installer will ejects the DVD disc and deletes all files about the 'tmpagent.exe'. However, it does not delete the 'HADL.DLL' library. If this files were text or image files, it would post little risk to security. However, this library is named "core system hooking component", it is implements all the hooking code. It is possible for malicious code to utilize the component unknown data to the computer user, who would probably be unaware that the file was on their machine.
The Protection Scheme
When the software installed on the system, the Alpha-DVD program will creates the following registry sub key, it will run the protection program every time when the machine starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\policies\Explorer\Run\"SystemManager"="%SYSTEM%\ [RANDOM].EXE"
The library HADL.DLL
The random and obscure filenames is a typical feature of malicious programs; it is rarely seen in legitimate software. Because of the Run registry sub key is not hidden, so users can use search function to search the registry, check for its presence, and then delete it. When the program is executed on Windows XP or Windows 2000 computer, it drops the copy of the 'HADL.DLL' library in the current folder. Using DLL injection techniques, it will inject the library into every process, when it is currently running or that will run. The DLL is the core component of the software and it exports the following methods:
__InjectDllAll()
__RemoveDllAll()
__SetProtectedProcess()
__StartProtect()
__StopProtect()
After the injection, the DLL library uses system hooking techniques to create a user-mode hook APIs:
Hook no. Library Hooked API
KERNEL32.DLL Open Process
NTDLL.DLL NtQuery System Information
KERNEL32.DLL DeviceI Control
NTDLL.DLL NtCreate File
WNASPI32.DLL SendASPI32Command
ASAPI.DLL SendASPI32Command
ELBYCDIO.DLL ElbyCDIO_ExDoScsiIO
ELBYCDIO.DLL ElbyCDIO_DoScsiIO
The goals of hooks are complete different, so there are not all of them result in a rootkit. The rootkit part of the code is concentrated in some of the hooks; there are some special points that should be considered:
The hooking is realized in user-mode, it using standard DLL injection, so it is easier to detect and remove.
Many security programs typically use the driver module for scanning the software, so they will be able to bypass the hooks.
The DLL is not hiding files.
The rootkit of this module resides in the 'NtQuery System Information' and 'Open Process' hooks, which were designed explicitly to hide a process from the Windows Task Manger, it will from any other standard process monitoring utilities.
The hook from 'NtCreateFile' will not hide files, but it can prevent access to directories as part of the DVD protection strategy.
When DVD or CD discs was reading or writing, all the other hooks enterprise DVD or CD-ROM functions and may have an impact on system performance. Finally, it should be mentioned some of these hooks are designed for protect only Alpha-DVD discs, so when a different DVD is inserted, these will not have any effect.
What Are The Real Risks?
In the story of HAL 9000, the protection design 'as-is' was not intended to hide malicious code, but it is happened, Good functionality can be used when it completely different. The implementation of this protection is not safe, because the entire control file resides in the .EXE file, it is utilizes the DLL component. Considered, HADL.DLL is a wide-open module, it can provide all its functionality to any other process or executable. The diagram shows one of the possible attack scenarios.
A malicious code can check for the presence of HADL.DLL in the Temp folder or System folders, using LoadLibrary() load it, and get the address of any exported function to use it. Uses HADL.DLL functions to designing a program does not require advanced skill nor needs only a few lines of code.
For example, HADL.DLL will hide the process using its rootkit functionality when somebody calls the 'SetProtectedProcess()" and passes a PID as parameter. Any programmer will use a DLL library even once knows how to do that. When software is installed on a computer, this library represents a real security risk.
Another type of risk is also present in the hooking code.
As previously, the Alpha- DVD program is an un-hiding file, although it hooks 'NtCreateFile'. This hook is necessary to keep access to the VIDEO-TS folders and AUDIO-TS folders, when the encrypted .VOB files of movies are typically stored. This protection is controlled by the main files, it is activated only on DVD or CD-ROM drives, until the executable code contains a check routine for drive type using the Windows GetDriveType() function.
However it is possible to control HADL.DLL externally, if getting the address of the '_StartProtect()' function and calling it using. For example, the 'D' drives as the parameter. In this attack, a malicious program will force the protection of the VIDEO-TS and AUDIO-TS directories of any drive and preventing access to every file in these folders. This means that if the malicious program activates the Settec protection on the D: drive of the computer and copy itself into these folders, the malicious file will be visible by Explorer, but it will not be accessible, it will not to be opened, and normal antivirus programs will not be able to check it. Just security scanners can use a kernel mode driver bypass HADL.DLL hooking, it will be able to open the file for scanning.
Finally, a different attack scenario that exploits the file access protection of the Settec program can be realized, when a malicious attacker creates a special DVD or CD-ROM disc that contains a malicious file inside the VIDEO-TS folder or AUDIO-TS folder. If this disc is created with characteristics that make it similar to an original Alpha-DVD disc, the protection agent will protect the malicious disc automatically and prevent this access to the folders.
Competitive Antagonism In Legitimate Software
At the end of this story, we should also consider by the software industry and the developers. In the past, many type of malware have contained aggressive code against other type of malware. For example, the "Trojan.Satiloler.E" tries to terminate a long list of processes, include processes belonging to SpyAxe, Trojan.Abwiz, Trojan.Anserin, SpySheriff, and to some Backdoor.Nibu variants. All of these recent Beagle variants create mutexe to prevent NetSky worms from launching.
This phenomenon is not terrible if observed in a highly competitive environment like malware, where nothing is either controlled or legal. But how about these if something similar started to happen between legitimate software programs? For example, Web-browsing software, when it is installed, tried to disable certain features of internet Explorer or FireFox for a competitive reason. While these programs can be used for piracy, modifying such programs without clear notification and consent could be the start of a slippery slope.
Conclusion
Alpha-DVD DRM protection contains rootkit-like code, it may allow other third party programs to hide their processes, and it prevents security software from having access to their files. This code can read by malware authors with little of rootkit techniques.
Settec quickly released a uninstaller for Alpha-DVD and an updated version of the agent, which does not include the security issues discussed in this article.
Case Study 3: DRM in Music
iTunes FairPlay Hacked
FairPlay is a DRM technology launched by Apple in iTunes online music store to prevent sharing of copyright music content, so as to protect the rights of the content owner. It was first implemented by Apple when they started selling music online via iTunes music store in 2003.
How does FairPlay works?
FairPlay protects file by encrypting AAC audio stream and storing it in encrypted form that are regular MP4 container files(.M4P). The master key that is required to decrypt the encrypted audio file is also stored in encrypted form. Each time customers purchase soundtracks from iTunes music store, a new random user key will be generated and used to encrypt the master key. The random user key together with the account information is stored in Apple's servers and sent to iTunes encrypted key repository. When required, iTunes will retrieve the user key from the key repository to decrypt the master key.
Who hacked FairPlay?
Jon Johansen was the one who successfully developed and released several programs between 2003 and 2008 to hack FairPlay. He is a programmer and very famous for reverse engineering data formats. He is also known as DVD Jon as he is widely known for cracking the piracy protections on DVDs several years ago. The reason why Jon hacked Apple iTunes DRM is because he was frustrated that companies could release programs that prohibit and restrict customers from using a product the way they wanted.
How was FairPlay hacked?
In November 2003, Jon released QTFairUse that could bypass the DRM software used to encrypt music content distributed by the iTunes Music Store. In 2004, he released DeDRMS which could remove copy protection as well as FairKeys which could retrieve the keys needed by DeDRMS from the iTunes Music Store servers. In 2005, he wrote PyMusique which allows the download of purchased files from the iTunes Music Store without DRM encryption. In 2006, he joined DoubleTwist Ventures and work together to reverse engineered iTunes DRM - FairPlay. In 2008, he launched doubleTwist that allows customers to route around DRM in music files and convert files between various formats. This software will convert music of any bitrates encoded with any codec into another format that can be played on other music devices.
So far, Apple has not sued anyone who has created or distributed any of the FairPlay hacks. This could be because Apple is afraid that losing a case would set a precedent that would encourage imitations of the iPod and wider distribution of FairPlay hacks. Or it could be that Apple does not want to give the publicity and more people to know the existence of FairPlay hacks.
Advantages and Disadvantages of iTunes DRM
There are both advantages and disadvantages for Apple to use DRM in iTunes. With implementation of DRM, iTunes music store have attracted a number of record companies to place their soundtracks in iTunes store to be sold online. This is because record companies are confident that their soundtracks will be restrict from illegal copying and sharing with iTunes DRM in placed.
Another advantage is that as iTunes DRM only allows soundtracks to be played directly on iPod, customers who wish to purchase soundtracks in iTunes music store will need to own and use iPod as their music devices. This may also boost the demand for iPod devices.
On the other hand, the disadvantage is that as iTunes DRM restricts soundtracks to be played directly on non iPod music devices, this may lead to unsatisfactory customer experience and a decrease in the number of customers purchasing soundtrack from iTunes. This will in turn affect Apple's competitiveness in the market.
Case Study 4: DRM in eBook
What is eBook?
An e-book means a digital book. It is an e-text book, forms the digital media equivalent of a conventional printed book. E-books are usually read on computers or smart phones, or on dedicated hardware devices like e-readers or e-book devices. DRM-protected eBook do not like the traditional paperback. A paperback can be read anywhere; and also can lent any number of times and given away and resold. A DRM-protected eBook is different. Some don't even let you print them. If DRM restrictions were placed on a traditional paperback, then you can forced to designate a chair for reading at purchase time. Your paperback would then be delivered to your home.
Sony
SONY uses Broad Band eBook (BBeB) format. This format is normally used with their own products. Ex. SONY Librie EBR-1000EP. Using the DRM functions of BBeB and the Librie, content downloaded into the reader is set to expire and be unreadable after 60 days.The format is not much as reader is mostly distributed and sold in Japan. But people managed to convert this reader to view other formats downloaded by using 3rd party Librie software to convert txt, pdf, doc and most other popular format into .LRF format to allow them to be viewable on SONY readers.
Amazon
Amazon uses their own file format which is .azw format to download from their Amazon's kindle store. Uses Whispersync tech to to automatically save and synchronize bookmarks and last page read across different devices. The azw formatted ebooks can only be transferred and readable on Amazon's devices or kindle software installed on other system.
People later discovered that the .azw format was actually from an old and popular format called Mobipocket. Many 3rd party software are able to convert Mobipocket files and thus able to generate or convert your own documents into Mobipocket files and then into .azw format to work with Amazon's kindle. And vice versus to extract the azw format and convert them into other popular formats to share.
Adobe PDF
Another format is the PDF by Adobe. The ebooks in this format can be opened Adobe Reader and Adobe Acrobat or 3rd-party software. It uses industry-standard 128-bit RC4 or uses 128/256-bit AES cipher to native PDF files. The keys generated by the owner and stored separately from the document itself on the server. Only the document owner knows the decryption key, and the keys are decryption only for authenticated users; neither FileOpen Systems nor any third party has a "backdoor" way of opening the encrypted files.
There is so many 3rd party programs like PDF2PDF to convert the encrypted PDF file into a un-encrypted PDF for sharing or distribution. Another interesting method is to mail the encrypted PDF file to a Gmail account, view the email in the Gmail client and save it as html in the attachment area.
Microsoft Reader
Microsoft Reader has its own Digital Right Management software。It reads e-book by .lit format. Microsoft reader consists of three different levels of access control - sealed e-book, inscribed e-book and owner exclusive e-book.
Sealed e-book has the least amount of limitation. It can only prevent the document from being edited such as changing the ending of the stories.
Inscribed e-book belongs to the next level of restriction. Microsoft Reader will input a digital ID tag to identify the owner of the e-book. The disadvantage is that reader cannot distribute them as it can be easily traced back to the original owner.
Owner exclusive e-book uses the old traditional Digital Right Management technology, which is the strictest form of security. Purchaser will need to open up Microsoft Reader and ensure that once e-book is downloaded to the PC, it will create a link to the computer Microsoft Passport account. As a result, this e-book can only be able to open up, using the same computer Microsoft Passport account. This will help to prevent copying and distribution of e-book.
Impact of DRM on eBook as of today
End-users still rejects DRM on eBooks. No choice of freedom to print, share. "If I can lend my hardcopy book to my friend, why can't I do it in eBooks"
Weak DRM still better than strong DRM. People willing to spend more money buying eBooks that they can share freely and on different machines, rather than buying eBooks that can solely be used on a single piece of hardware or a particular software. If that hardware crash with the "license key", they lose the purchase.
The financial overhead in running a DRM system, web server that deals with decryption key requests and allocations, and web pages for transferring key allocations. Long term, one have to maintain this server indefinitely, otherwise the customers will lose the ebooks they purchased. This discourage a lot of small companies to take up DRM or even publish their books electronically.
Case Study 5: DRM in CD / DVD
All Game and Media industries use CD or DVD to package the media product for release. To protect the content copyright, they need to prevent illegal distributing and copying of their content, so DRM is used.
Technology Used In the Market
Advanced Access Content System (AACS), Content Scrambling System (CSS), Content Protection for Recordable Media and Pre-Recorded Media (CPRM/CPPM) and ARccOS (Advanced Regional Copy Control Operating Solution) (Sony) are the technologies used.
ACCS is a standard for digital rights management and content distribution, intended to restrict access to and copying of the next generation of optical discs and DVDs.
CSS is a method that uses a proprietary 40-bit stream cipher algorithm to encrypt the media content in the DVD. To play the DVD, only licensed DVD players can decode it with the licensed key sets.
ARccOS is used in addition to CSS, by adding another layer of protection. It works by creating bad sectors on the DVD to prevent other software from copying the data.
Sony Pictures
In April 2007, Sony Pictures has released DVD with their new DRM ARccOS. Sony Pictures received complaints from consumers because these DVDs could not be played on Toshiba, LG, Pioneer, Sony, and other DVD players. While playing the DVD, when the title screen is displayed, the screen freezes. One minute later, the device will automatically switch off.
This was due to the incompatibility of the player when they play the new DRM format. Even Sony's latest player also could not play their own format; this is very big problem, most likely due to lack of communication and testing in the corporation. To solve the problem and not cause further damage to the company's name, they immediately updated their ARccOS format and allowed consumers to exchange their faulty Sony DVDs with the newer version.
Case Study6: Haihaisoft Media
ATA selects Haihaisoft Media DRM protects video course
Founded in 1999, ATA is a leader in providing performance-based technology and solutions to global IT learning and assessment industry as well as computer-based testing services to academy, government, IT vendors, and corporate clients. With many years of experience and accomplishments, ATA provides interactive learning system products and various customized test delivery system products to clients. ATA has developed over 1,100 authorized test centers (ATCs) across China, the largest CBT service network in the country, and delivers millions of CBT tests each year.
The Haihaisoft Media DRM empowers ATA to deliver video courses and other digital media content over the Internet in a protected, encrypted file format. These files can be streamed and downloaded to the students' computer-and with Haihaisoft Media DRM they can be delivered directly to devices that are connected to the Internet.
ATA selects Haihaisoft Media DRM Enterprise Version includes License Server, Online Control Panel, and Media DRM Packager.
Conclusion
Pros & Cons of DRM
Pros:
Protect legal rights of copyright owners.
Ensure that the digital content is from original source and genuine copy with uncompromised quality.
Cons:
They are not perfect and can be cracked from time to time.
Compatibility and playback issues that might arise due to DRM might
Lead to unsatisfactory user experience.
Extra costs are required to implement and maintain DRM technology
Proponents of DRM would argue that it is necessary to have these "digital lock" to prevent intellectual properties from being stolen. They also argue that DRM are not just for copy protection but also for time-limited trials that allow sampling of product before purchasing.
Opponents of DRM highlight the issues of privacy and inconvenience. Currently, DRM focus on ensuring the copyrights of the owners and distributors, but it often disregards the privacy of the customers, requiring users to identify them and allow their behavior to be tracked. DRM has sometimes proved to be inconvenient to user as it does not allow the content to be share across different devices even though these devices may belong to the same owner.
DRM currently consists of technologies that manage the access and use of the digital content but so far it lacks a strong standard and it is also non-interoperable. To be able to convince the opponents of DRM it must be interoperable, less intrusive and must not cause inconvenience to users.
