Journal of Computer Applications ›› 2012, Vol. 32 ›› Issue (10): 2771-2775.DOI: 10.3724/SP.J.1087.2012.02771

• Information security • Previous Articles     Next Articles

Security analysis of digital rights management system based on usage control

WANG Chang-da1,2,GONG Ting-ting2,ZHOU Cong-hua1,2   

  1. 1. Institute of Engineering Technology, Jiangsu University, Changzhou Jiangsu 213164, China
    2. School of Computer Science and Telecommunication Engineering, Jiangsu University, Zhenjiang Jiangsu 212013, China
  • Received:2012-03-05 Revised:2012-05-09 Online:2012-10-23 Published:2012-10-01
  • Contact: GONG Ting-ting

基于使用控制的数字版权管理系统安全性分析

王昌达1,2,宫婷婷2,周从华1,2   

  1. 1. 江苏大学 工程技术研究院,江苏 常州 213164
    2. 江苏大学 计算机科学与通信工程学院,江苏 镇江212013
  • 通讯作者: 宫婷婷
  • 作者简介:王昌达(1971-),男,上海人,副教授,博士,主要研究方向:信息安全;宫婷婷(1987-),女,黑龙江双鸭山人,硕士研究生,主要研究方向:信息安全;周从华(1978-),男,江苏大丰人,副教授,博士,主要研究方向:信息安全。
  • 基金资助:
    国家自然科学基金;江苏省自然科学基金资助项目(BK2011147);江苏省六大高峰人才项目;江苏省高校自然科学研究计划;江苏大学高级人才项目

Abstract: Through the research and analysis about the security mechanisms of the existing Digital Rights Management (DRM), a fine-grained Usage Control (UCON) plan separated rights from content was proposed in order to avoid being cracked now and then. Firstly, based on the concept of secret division, digital license has been divided into two sections to realize the separation of authentication and authorization management. Then temporary permission files were fine-grainedly granted to ensure that digital content can be dedicatedly controlled in usage. Finally integrity checks were used to improve the ability of anti-tampering attacks. The model checking results show that this plan and its policy can realize the design requirements and fairly satisfy the security requirements of DRM.

Key words: Digital Rights Management (DRM), Usage Control (UCON), separation of content and right, fine-grain, security analysis

摘要: 针对现有数字版权管理(DRM)系统屡遭破解的问题,通过调研分析其安全机制,提出一种内容与权限分离的细粒度使用控制方案。该方案首先根据秘密分割的思想将数字许可证一分为二,实现身份验证与授权管理的分离;然后通过细粒度授予临时权限文件,确保数字内容在使用中能够细致控制;最后采用多项完整性检查来提高防篡改攻击的能力。模型检测结果表明,该方案及策略能够实现设计要求并基本满足数字版权管理安全性需求。

关键词: 数字版权管理, 使用控制, 内容权限分离, 细粒度, 安全性分析