Compliance and Compliance and Robustness Rules for Robustness Rules for Windows Media DRM Windows Media DRM

ImplementationsImplementations

Microsoft CorporationMicrosoft Corporation

Copyright 2004 by Microsoft Corporation2

DefinitionsDefinitions

Compliance RulesCompliance Rules specify the required specify the required behaviors of the Windows Media DRM behaviors of the Windows Media DRM implementation and any applications implementation and any applications accessing the implementationaccessing the implementation

Compliance Rules include definitions of specific Compliance Rules include definitions of specific WMDRM license rightsWMDRM license rightsCompliance Rules include WMDRM device Compliance Rules include WMDRM device requirementsrequirements

Robustness RulesRobustness Rules specify the Windows specify the Windows Media DRM assets and different levels of Media DRM assets and different levels of robustness required to protect each asset robustness required to protect each asset typetype

Copyright 2004 by Microsoft Corporation3

Compliance Rules ScopeCompliance Rules Scope

OutputsOutputs

DRM StoresDRM StoresKeys, CertificatesKeys, Certificates

Final ProductFinal Product

PlatformPlatform

ApplicationApplication

PlatformPlatform implements Windows implements Windows Media DRMMedia DRM

ApplicationApplication accesses and/or accesses and/or passes Windows Media DRM-passes Windows Media DRM-protected contentprotected content

Decrypted Decrypted ContentContent

Decoded Decoded ContentContent

Copyright 2004 by Microsoft Corporation4

Anatomy of Robustness Anatomy of Robustness RulesRules Section 1: Construction

Section 2: Accessibility of Content

Section 3: Methods to Make a Robust Implementation

Section 3.1: Software

Section 3.2: Hardware

Section 3.3: Hybrids

Section 4: Robustness Levels

Section 3.x.1 Secure by Construction

Section 3.x.2 Robust to Tampering

Copyright 2004 by Microsoft Corporation5

Assets and Security LevelsAssets and Security Levels

• Immune to Widely Available ToolsImmune to Widely Available Tools• Resistant to Specialized ToolsResistant to Specialized Tools

Level 1 Level 1 AssetsAssets

Level 2 Level 2 AssetsAssets

Level 3 Level 3 AssetsAssets

Widely Available ToolsWidely Available Tools general purpose, easy general purpose, easy to use: screwdrivers, to use: screwdrivers, clips, file editors, etc.clips, file editors, etc.

Specialized ToolsSpecialized Tools reasonable price; some skill reasonable price; some skill

required: debuggers, required: debuggers, memory scanners, etc.memory scanners, etc.

Professional ToolsProfessional Tools high price;high price;

professional useprofessional useICE, logic analyzersICE, logic analyzers

• Immune to Widely Available & Specialized ToolsImmune to Widely Available & Specialized Tools

• Resistant to Widely Available & Specialized Resistant to Widely Available & Specialized ToolsTools

Device Device KeyKey

Content Content KeyKey

Profiling Profiling datadata

Copyright 2004 by Microsoft Corporation6

HARD DRIVEHARD DRIVE

Bus Bus MonitorMonitor

Device Asset Threat Surface And Device Asset Threat Surface And Robustness RulesRobustness Rules

CPUCPU

FLASHFLASH

ROMROM SDRAMSDRAM

Obfuscated Device KeyObfuscated Device Key

Obfuscation Obfuscation ComponentsComponents

Crash Crash FileFile

Paged Paged MemoryMemory

ICE, JTAG, ICE, JTAG, ETM, OCDETM, OCD

Memory Memory Scanner, Scanner, DebuggerDebugger

File File EditorEditor

““Professional Professional Tools”Tools”

““Widely Available Widely Available Tools”Tools”

““Specialized Specialized Tools”Tools”

Device KeyDevice Key

Copyright 2004 by Microsoft Corporation7

Producing a Robust Producing a Robust SolutionSolution

Understand the Robustness RulesUnderstand the Robustness RulesSecured assets on your deviceSecured assets on your deviceProtected content and user accessible Protected content and user accessible busbusWidely available, specialized & Widely available, specialized & professional toolsprofessional tools

Threat model your designThreat model your designFor each asset-tool pair, define attack For each asset-tool pair, define attack pathpathEvaluate how easily this attack would be Evaluate how easily this attack would be donedone

Compare Results to Robustness RulesCompare Results to Robustness RulesDoes your design meet the minimum Does your design meet the minimum standard?standard?

AppendixAppendix

Copyright 2004 by Microsoft Corporation9

WM DRM Content WM DRM Content DistributionDistribution WM DRM for WM DRM for

PortablePortable Devices Devices

WM Format WM Format SDKSDK

WM DRM for WM DRM for NetworkNetwork Devices Devices

Distribution

Distribution

Authorization

Authorization

Pro

tect

ed C

on

ten

t

WM Rights ManagerWM Rights Manager

Content ServerContent Server