Thursday, September 07, 2006

Is DRM broken?

The simple answer to this is NO.

What is broken is the Windows Media DRM solution as shown by FairUse4WM. But this does not mean DRM as a whole is broken. The problem with WM-DRM is how the private keys are stored. Take OMA V2 DRM for example which is used in many mobile phones. Here the private keys are stored in hardware together with the crypto algorithms. The private part of the key never leaves the hardware. To break this system you need to break RSA or ECC.

The problem with WM-DRM is that the private keys are stored in the normal filesysystem. I suppose this is done this way to be able to use this solution on a PC without any specialized hardware. But alas a solution like this can never be safe. Security through obscurity is never safe.

OMA V2 DRM describes a protocol called ROAP that ensures the safety of the system. Mobile phone technology enables this by using specialized hardware to hold private keys. Licenses contains content keys that is unique to every phone. To be able to decrypt content files access to the private key and an associated license is needed. In a good DRM solution the keys and the algorithm are bundled together so that the keys never have to leave the hardware.

Even in mobile phones the WM-DRM solution is not safe as it does not use the built in secure hardware but depends on scrambling certain part of the filesystem to get hold of the private key. The scrambling process is not easy to understand but, as has been proven by FairUse4WM, a system like this will eventually be broken.

No comments: