Companies such as Netflix are driving requirements for highly secure DRM implementations on mobile platforms. Recently, Netflix wrote a blog entry explaining that they cannot support Android-based platforms at this time because of insufficient security mechanisms for these platforms.
The need for secure DRM implementations is real, and it is happening now. Secure and robust DRM implementation, as defined by content owners, is mandatory in order to enable premium content licensing by the service provider. Such robust implementation requires an in-depth understanding of the security vulnerabilities of today’s connected devices. This article explains what is required to build a secure DRM solution. The first part of the article develops a DRM threat model. The second part of the article presents some approaches to a secure DRM solution.
DRM threat model
In order to develop a DRM threat model, we start by reviewing a typical DRM flow. From this, we identify the assets in a DRM system. Finally, we define against what attacks the DRM assets should be protected.
DRM Flow
Figure 1illustrates a typical DRM Flow
DRM assets
The DRM flow described above illustrates the elements of the system that must be protected in a secure DRM system, i.e. the DRM assets.
The first set of assets that must be protected is all DRM private keys and license files that are permanently stored on the device storage. One example is that of a DRM scheme that includes system-wide keys which must be stored securely on the device. A second example is a private key that uniquely identifies the device in a DRM scheme ecosystem.
The second set of DRM assets is temporary keys. The most common example of temporary keys is CEKs that are extracted from license files during run-time.
The third set of DRM assets is the decrypted compressed content data that is passed from the DRM client to the codec. This is actually the “native” form
