Digital Rights Management and Code Obfuscation
Digital Rights Management (DRM) involves retaining control over digital information, even after it has been made public. Preventing illegal file sharing on the Internet, which is a topic that has recently received a large amount of media attention, is just one instance where DRM is needed. In this thesis, we attempt to create formal definitions for DRM. Currently, there is a lack of such formal definitions, which is one reason why DRM schemes have achieved little success. We will also examine two DRM schemes that can be cracked easily: Microsoft DRM 2. 0, and the Content Scrambling System. We then discuss the reasons why DRM schemes have been unsuccessful so far, and why a good DRM scheme must incorporate secure hardware, secure software, and an efficient legal system. We also briefly discuss several issues related to DRM, such as privacy. Code Obfuscation involves hiding a program's implementation details from an adversary. One application of code obfuscation involves hiding cryptographic keys in encryption and decryption programs for a cryptosystem. Code obfuscation is directly applicable to DRM schemes, where the adversary has access to a program that contains secret information. For example, a music player may contain a secret key that it uses to decrypt content. The secret key must be hidden from the adversary, since otherwise, he/she could use the key to write his/her own decryption program, and distribute it to circumvent the DRM scheme. We discuss the proof from Barak et al that shows that code obfuscation is impossible in general. This, however, does not mean that code obfuscation cannot be achieved in specific cases. We will examine an obfuscated version of the Data Encryption Standard, and discuss the circumstances under which it is insecure. We also examine a toy example of a block cipher called <i>Simple Block Cipher (SBC)</i>, and apply obfuscation techniques to SBC to hide the secret key, and then attempt to obtain the secret key.