Tutorial M3 – Cryptographic Techniques for Digital Rights Management

Dr. Hongxia Jin, IBM Almaden Research Center
Mr. Jeffery Lotspiech, Lotspiech.com LLC

Monday, December 8th, Full Day

Today we live in a digital world. The advent of digital technologies has made the creation and manipulation of multimedia content simpler. It offers higher quality and a lot more convenience to consumers. For example, it allows one to make perfect copies. Furthermore, the rapid advance of network technologies, cheaper storage and larger bandwidth have enabled new business models on electronically distributing and delivering multimedia content. However, unauthorized music and movie copying are eating a big bite of the profit of the record industry, and beginning to impact the movie studios. The success of these emerging business models hinges on the ability to only deliver the content to authorized customers. It is highly desirable to develop techniques to protect the copyrighted material and defend against piracy.

Many digital rights management (DRM) systems have been developed. However, most DRM systems are overly restrictive on user's behavior. For example, users are not allowed to make any copies on their purchased content. It is not surprising that DRM receives bad press. A more balanced DRM system can be much more user friendly. We believe cryptographic techniques can be used to enable such a balanced system.

There are many cryptographic technologies that have developed for Digital Rights Management. We cover from basic key management and forensic techniques; renewability; content certificates; managed copies; driver authentication; proactive renewal. Since the authors are the actual inventors of some of these core technologies that are currently used in various industry standards, the authors will use their first hand experience on design, implementation and deployment of DRM solutions for content protection to teach security researchers and practitioners how to design various cryptographic techniques that can be used in building a balanced DRM system. For example, the "managed copies" technology enables the users to import a purchased movie disc into their home entertainment network.

Even though some of the technologies have received extensive studies in the cryptography literature, bringing them to practice is a different question. There are many issues that the theoretical community has overlooked in order to bring the solution to practice. This tutorial will cover both state-of-the-art and state-of-the-practice. It will also cover the gap between state-of-art and practice and show the authors' experience on how to bring a theoretical solution to practice.

The tutorial will also cover some attacks that have actually occurred in practice. For example, in a pirate decoder attack, the attackers break legitimate players, extract secret keys out of the players and build a clone player that can use to rip the content. In an anonymous attack, the attackers can set up a server and serve the clients with the per-content keys on demand, or simply pirate and re-distribute the decrypted plain content. Practical forensic technologies that can detect the attackers in these types of attacks will be discussed in depth in the tutorial.
Since the authors have been involved in various content protection standards for many years, in this tutorial they will also show how to market the technologies to the various stakeholders: the television and film industry, the consumer electronic industry, and the information technology industry, with their quite different concerns. They will talk about the value of open standard-based licensing infrastructure in commercializing DRM technologies in a market, and some of the constraints and assurances that the various industries demand in these licenses. They will also discuss copyright law, not to give legal opinions, but to point out the curious situation where both the DRM practitioners and the DRM attackers cite copyright law to justify their actions.


  1. Introduction
  2. Key Management Approaches
  3. Broadcast Encryption
  4. Managed copies
  5. Key Conversion data
  6. Content Certificates
  7. Attacks (real and potential)
  8. Forensic Technologies
  9. Online features
  10. Managed copies
  11. Copy control water marking
  12. Drive authentication
  13. Future of DRM research directions


This tutorial is targeted at a beginner to intermediate audience; only basic background on cryptography is assumed. No textbook is required. The attendees will walk away with an understanding of the various cryptographic technologies that can be used for building a customer friendly DRM system. We will talk about different types of real and potential pirate attacks and challenges associated with defending against each attack. Intermediate students will have the opportunity to get summary of existing cryptographic techniques. Academic researchers will walk away with an understanding of challenges arising to bring theoretical solutions to practice as well as potential new research directions that have been largely overlooked from academia in this area. Industrial practitioners will walk away with an understanding of real world DRM systems, from design, legal issues, to adoption.

About the Instructors

The authors are the actual inventors of some of the technologies deployed in multiple industry content protection standards. They bring expertise in mainstream content protection technologies and first-hand design, implementation and deployment of key generation, management and forensic systems in real world.

Dr. Hongxia Jin obtained her Ph.D. degree in computer science from the Johns Hopkins University in 1999 and worked as a Research Staff Member for IBM research ever since. She is currently at the IBM Almaden Research Center, where she is the leading researcher working on key management, broadcast encryption and traitor tracing technologies. The key management and forensic technologies she invented have been chosen as the core technologies by AACS, a new content protection industry standards for managing content stored on the next generation of pre-recorded and recorded optical media for consumer use with PCs and consumer electronic devices. She has filed about 20 patents in this area and has been awarded IBM's Outstanding Innovation Achievement Award. She also published numerous papers as well as invited book chapters and journal papers. She has been an invited speaker at multiple forums and universities including Stanford, CMU and University of California at Berkeley.

Mr. Jeffrey Lotspiech was in at the inception of technologies for both the 4C and the AACS industry standards. He is a named inventor on over 100 patents, including most of the key patents that protect content on physical media. He was the founder and first manager of the content protection group at the IBM Almaden Research Center. He retired from IBM in 2005, and now owns a content protection consulting company. He received his MS and BS in EE (Computer Science) from the Massachusetts Institute of Technology in 1972.