Software-Based Key Protection

Robust Digital Media Security

Resources

WMDRM Robustness Rules

Open Cable Robustness Rules

OMA Robustness Rules

TransformIT™ - Data Sheet

Some examples of threats to the digital media ecosystem and associated revenue include:

Reverse-engineering applications to unravel proprietary algorithms, such as watermarking

Reverse-engineering platforms, for example to spoof authentication

Discovering secret keys to decrypt a title or an entire library

Tampering to disable security functions such as biometric authentication

Tampering to unlock subsidized devices such as media gateways or high-end gaming platforms

Discovering secret keys to decrypt a title or an entire library

Generation of class hacks or BORE (break once run everywhere) attacks that allow any average user to quickly unlock all controlled content. These are particularly virulent when they are constructed not just for your application, but for the protection technology you use to secure it!

Encryption is a fundamental protection mechanism for all digital rights management (DRM) systems. The primary target of hacks on copyrighted content are the decryption keys that protect them, such as:

• Digital cinema keys contained in KDMs (key delivery messages)
• AACS volume keys protecting hi-definition DVD content
• OMA device private keys protecting content on mobile platforms
• Device secret keys protecting WMDRM implementations in portable and networked devices
• DTCP keys protecting content streamed through DLNA networks

For software-based systems, an emerging attack vector is the PKI infrastructure used to authenticate external devices and internal software modules. Private keys are used to sign certificate revocation lists, device certificates and software component certificates. The corresponding public keys are used to verify signatures at run-time. When run-time copies of these public keys or authentication routines are tampered with, then pirates gain access to valuable controlled content.

Arxan provides a two-tiered solution to help digital media applications and devices strongly safeguard secret keys and critical constants against discovery and tampering.

TransformIT provides a base layer of protection based on white box cryptography (WBC). The private or public key is transformed into a obfuscated algorithmic representation that is intertwined into the application logic. This patent-pending technique provides provable resistance to key discovery attacks.

TransformIT also allows multiple hardware characteristics to be built into the transformed key calculation, providing strong binding with a hardware device. As a second layer, GuardIT provides application hardening to prevent brute-force lifting of cryptographic routines into counterfeit products. GuardIT also protects against tampering attacks on critical security functions. By binding key security with overall application robustness, Arxan provides total application security for DRM application and device developers, service providers and conditional access providers.

To learn more, download white paper ->