Hardware manufacturers, publishers, broadcasters, and copyright holders use Digital Rights Management (DRM) and Conditional Access Systems (CAS) to govern the use of digital content on open networks and service-enabled devices. Cryptographic functions are frequently used in DRM systems and CAS to secure intellectual property via private keys, content and license keys, and secret algorithms that are only revealed to authorized users. However, the instance at which a key is decrypted is a single point of failure. As soon as the key is exposed, it is vulnerable to capture by attackers which can result in a system-wide exploit. An example of such a system-wide exploit is when DRM systems are breached and entire content libraries or platforms are compromised.
By using whiteCryption SKB, the cryptographic functions involved in DRM and CAS are protected using white-box cryptography. This means that instead of employing implementations of cryptographic algorithms that operate on plain (unencrypted) keys, security-optimized white-box implementations of the same algorithms are used. They are designed to operate on encrypted keys, which are never exposed in plain form before, during, or after execution.
Utilizing whiteCryption SKB enables DRM/CAS producers to comply with the robustness rules demanded by the media industry, with minimal effort and costs. The advantage of whiteCryption SKB is that various industry-standard DRM/CAS technologies on different operating systems and hardware platforms can be supported with only one solution, making the integration and deployment straightforward and efficient. Using whiteCryption SKB for cryptographic key protection adds an additional layer of security to DRM/CAS applications, thus making them more secure than other products on the market.
whiteCryption SKB is designed to address today's security attributes and needs, but at the same time, it is flexible enough to adjust quickly and efficiently for future requirements. It can be easily integrated with any existing code and data protection schemes.
| Sample Use Case — DRM in a Music Player | |
|---|---|
| Object | A DRM module embedded in a music player application that runs on a smartphone. |
| Summary | The player application downloads and plays copyrighted content from a media server. The DRM implements a hybrid encryption scheme, in which each player application possesses a unique RSA key pair, and the content is encrypted with a specific AES content key. At the time of downloading, the media server encrypts the AES content key using the player's public RSA key, thus ensuring that the content is accessible only by the specific player application. If a valid license is present, the DRM module decrypts the AES content key with the player's private RSA key. The AES content key is then used to decrypt the actual content, which is finally passed to the player's playback engine. |
| Threat | Adversaries can reverse engineer the DRM implementation. In the program code and smartphone memory, the RSA and AES keys are visible in plain form. Hence, they can be extracted and incorporated into DRM cracks. Without protection of the RSA and AES keys, the DRM can be easily compromised. |
| Solution | By integrating the DRM code with whiteCryption SKB, you will add a robust protection layer for the secret keys and ensure that they are never revealed in plain form. |