P2P and DRM Interoperability

References

P2P and Content Distribution, ISA 767, Secure

Electronic Commerce Xinwen Zhang,
[email protected] George Mason University (Some slides
of this talk are provided by Dr. Songqing Chen from GMU)

DRM Interoperability in Networked Environments, David

P. Maher and A. D. Poonegar, Intertrust Technologies
Corporation March 2005
Security and DRM, Joseph Chou, Texas Instruments
Unstructured Routing : Gnutella and Freenet, Presented
By Matthew, Nicolai, Paul

Outline

P2P Overview
P2P systems
P2P and DRM
DRM Interoperability

P2P Definitions

A class of systems and applications that employ

distributed resources to perform a function in a
decentralized manner. The resources encompass
computing power, data (storage and content), network
bandwidth, and presence (computers, human, and
other resources) - by Milojicic et al.
Any network that does not have fixed clients and
servers, but a number of peer nodes that function as
both clients and servers to the other nodes on the
network - wikipedia

More Definitions

the sharing of computer resources and services

by direct exchange between systems . - Intel
P2P working group
SETI@home: the computers at the edge
provide power and those in the middle of the
network are there only to coordinate them David Anderson 2002.
Clay Shirky of OReilly and Associate

A class of applications that takes advantage of resources

available at the edges of the Internet. Because accessing
these decentralized resources means operating in an
environment of unstable connectivity and unpredictable IP
addresses, P2P nodes must operate outside the DNS system
and have significant or total autonomy from central servers

P2P Definitions

Sharing
Contribution
Incentive of sharing and contribution
Collaboration
As reported in June 2004, P2P traffic makes up
80% traffic on the Internet, in which the share
of BitTorrent is 53%.

Others are eDonkey, Gnutella, FastTrack, etc.

P2P is not new

ARPANET, late 60s

Usenet

DNS

Since 1979
UUCP (Unix to Unix copy protocol), NNTP (network news transport
protocol)
Copies files between computers without central control
At the beginning, only UNC and Duke
Later, using news server and ISPs server
Mix of p2p and hierarchical model
Early Internet: Hosts.txt includes a set of names and IP addresses
and copied around the Internet periodically
In 1983, DNS was developed for better scalability
Hierarchical DNS names

Windows workgroups
Network File system

P2P in 21st century

Napster music file sharing

Powerful home computing resources
High Bandwidth networking
Negative views on P2P

Illegal copy on copyrighted materials

Too much bandwidth consumption of existing
networks
Too much uncontrolled/inaccurate/junk contents

P2P Applications and

Functionality

Distributed computing

SETI@home (compute-intensive), 1996

Data/content sharing

SETI: Search for Extraterrestrial Intelligence

Using computing power of home PCs to search for radio
signals from extraterrestrial civilizations

Napster, Gnutella, FreeNet, etc.

Communication and collaboration

Instant Messaging (ICQ, AIM), discussion board

(Groove), games (Dooms), VOIP (skype)

1st generation of P2P

networks

Napster
Gnutella
Super Peer
DHT

Napster Example
1.

2.

3.

When a peer (Bob)

connects to Napster, it
informs center server
with its IP address and
song titles
Alice queries for a song,
then central server
returns bobs address
Alice request the song to
bob and download a
copy directly

Hybrid P2P

Many hybrid application of decentralized and

centralized systems

Usenet (backbone or heavy-duty peers)

DNS (built in hierarchy)
ICQ (direct client-to-client communication with
backup of a server)
Napster (decentralized file sharing with centralized
file directory)

Dramatically reduced latency

Better search engine
Not for illegal objects distribution

What is Gnutella?

Gnutella is a fully decentralized peer-to-peer

protocol for locating resources
Standard, not a program. There are many
implementations of Gnutella (BearShare,
LimeWire, Morpheus)
Each node in a Gnutella network acts as both a
client and server

What is Gnutella?

Peer to Peer, decentralized model for file

sharing
Any type of file can be shared
Nodes are called Servents

What do Servents do?

Servents know about other Servents

Act as interfaces through which users can
issue queries and view search results
Communicate with other Servents by sending
descriptors

Descriptors

Each descriptor consists of a header and a body.

The header includes (among other things)

A descriptor ID number
A Time-To-Live number

The body includes:

Port information
IP addresses
Query information
Etc depending on the descriptor

Gnutella Descriptors

Ping: Used to discover hosts on the network.

Pong: Response to a Ping
Query: Search the network for data
QueryHit: Response to a Query. Provides
information used to download the file
Push: Special descriptor used for sharing with
a firewalled servent

Routing 1/2

Node forwards Ping and Query descriptors to

all nodes connected to it
Except:

If descriptors TTL is decremented to 0

Descriptor has already been received before

Loop detection is done by storing Descriptor

IDs
Pong and QueryHit descriptors retrace the
exact path of their respective Ping and Query
descriptors

Routing 2/2
QueryHit

B
Query

A
Query

Note: Ping works essentially the same way,

except that a Pong is sent as the response

Joining a Gnutella Network

Servent connects to the network using

TCP/IP connection to another servent.
Could connect to a friend or
acquaintance, or from a Host-Cache.
Send a Ping descriptor to the network
Hopefully, a number of Pongs are
received

Querying

Servent sends Query descriptor to nodes it is

connected to.
Queried Servents check to see if they have
the file.

If query match is found, a QueryHit is sent back to

querying node

Downloading a File

File data is never transferred over the Gnutella

network.
Data transferred by direct connection
Once a servent receives a QueryHit descriptor, it
may initiate the direct download of one of the files
described by the descriptors Result Set.
The file download protocol is HTTP. Example:
GET /get/<File Index>/<File Name>/ HTTP/1.0\r\n
Connection: Keep-Alive\r\n
Range: bytes=0-\r\n
User-Agent: Gnutella\r\n3

Direct File Download

TCP/IP
Connection

B
Query

A
Query

QueryHit

Problems with Flood Query

Scales poorly: Querying and Pinging generate a lot of

unnecessary traffic
Example:

If TTL = 10 and each site contacts six other sites

Up to 10^6 (approximately 1 million) messages could be generated.
On a slow day, a GnutellaNet would have to move 2.4 gigabytes per second
in order to support numbers of users comparable to Napster.
On a heavy day, 8 gigabytes per second (Ritter article)

Heavy messaging can result in poor performance

Problems with Flood Query

Traditional Gnutella flood query

has a number of problems

Very large number of packets generated to fulfill

queries

Most searches on Gnutella can be satisfied with a

search that visits fewer nodes

Essentially, just a Breadth First Search (BFS)

Some proposals attempt to address this with
alternate schemes for searching

Alternatives to Flood Query

Iterative Deepening
Directed BFS
Local Indices
Random Walkers

Issues

Several alternatives (Local Indices, Iterative

Deepening) require a global policy to be
understood by all nodes
Sharing information about file index (Local
Indices) or even statistics (Directed BFS) leads
to possible security risks
Most, require at least some modification to the
servents

Overall

Simple Protocol
Not a lot of overhead for routing
Robustness?

No central point of failure

However: A file is only available as long as the fileprovider is online.

Vulnerable to denial-of-service attacks

P2P and DRM

P2P

P2P networks are good for distribution of

unprotected files.

Uniformed copies obtained by different peers

Difficult to define rights
More difficult to enforce

>90% of files in P2P are unauthorized.

Leveraging P2P for legal content distribution is
a new problem.

Current Situations

P2P networks are popular.

Mainly for unauthorized copies of IP

Fighting between content
owners/manufactures/providers and P2P
users/developers

Recent Supreme Court has ruled that

developers can be held responsible for
the copyright infringement that their
P2P file sharing products allow.

DRM

Basic requirements of DRM:

Package, publish, and protect object

content
Expression of digital rights
Authentication of user/devices and
Authorization to access/use the content
Enforcement mechanisms

Client side

Payment integration

DRM Common Architecture

P2P vs. DRM

To IP owner:

P2P offers open invitations to copyright

infringement and IP theft.
DRM is the way to protect their revenue on
Internet.

To end users/consumers:

P2P is the open functionality of the Internet,

and provides freedom of information era.
DRM restricts user behaviors.

P2P vs. DRM

As a technical issue, P2P supports many

new business models with DRM

P2P streaming
Paid access with controlled sharing

iTunes

P2P and DRM

Integration of DRM into P2P network

Embracing the functionality of P2P

Maintaining control over IP

Multiple vendors in value chain:

P2P publisher, IP owner, license agent,

payment agent, etc.

DRM Technology Features for

P2P Networks (Rosenblatt)

Reasonable usage support for users:

Use on any devices

Space shifting

Interoperability of identity schemes for

both users and devices
Format conversions or transcoding

DRM Technology Features for

P2P Networks (Rosenblatt)

Lightweight superdistribution

User-defined business models and easy to

implement

DRM Technology Features for

P2P Networks (Rosenblatt)

Standards Support

Rights Expression Languages

Define rights for peers

Network Identification

Universal or interoperable identity schemes for users

and devices

Windows Live ID (formerly .NET Passport)

Liberty Alliance (Federated id)

Web Services

Services for DRM schemes

authentication, payment, license, etc.

Minimize cost and complexity for peers in P2P

DRM Technology Features for

P2P Networks (Rosenblatt)

User Experience:

Installation of the DRM has to be seamless

Payment process should be integrated with

ISP and other service providers.

Use cross-platform technologies (Java, XML,

etc)

E.g., cell phone SP

Content usage track should respect user

privacy.

Gaps in Existing DRM

Cost-related functionality limitations

Device Tethering

A content object only can be supported on

a specific device.

Lack of superdistribution support

Complexity of integration

P2P Architecture for DRM

Hybrid P2P

Decentralized content distribution

Centralized management:

License, authentication, payment, etc.

DigitalContainers
Hybrid P2P
File Trading
All transactions
tracked
No bottlenecks
DRM
E-commerce
Great use of resources
From Secure File Delivery System for Consumer and Enterprise Peer-to-Peer Networks, DigitalContainer Inc.

What are Digital Containers?

DigitalContainers wrap files in a secure multimedia digital

shell that can only be opened with a key.

Simple as a password
Unique as an individuals fingerprint (Biometric)
Created and delivered in a patented process in which the container
talks to remote authorization authorities
Any combination of the above: Multi-Factor Authentication

The containers are tracked perpetually as their content is

passed securely from person to person, with only authorized
individuals being able to access the protected content.

Who, Why, Where, When, How Much?

Credit/Debit/Phone card payments

Basic Container Structure

Basic P2P Business Model

Basic P2P Business Model

Packager widely available and easy to use

Content owners package digital goods in Digital
Container

They register content, set price, and agree to payment

terms

P2P network provider gets percentage

Content owner gets percentage
People get paid all along the value chain

Sample P2P Integration Scheme

External Control-based DRM

Separated distribution of content and

meta information

Control set (or rules, policies) are

distributed separated from content
Service-oriented architecture for
authentication, control, payment, etc

DRM and P2P

Pure P2P networks:

trust management in P2P

Web of trust
Datta et al, Beyond web of trust: Enabling
P2p E-commerce, IEEE International Conf. on
E-Commerce,2003.

Reputation management in P2P

eBay

DRM Interoperability

Overview

What is the DRM interoperability problem?

Why should we care?

Consumers will subscribe to illicit services, seeking a

better experience

Approaches to a Solution

DRM systems work as closed domains

Unsatisfactory consumer experience

Corals approach: standardize interoperability

NEMO technology
Summary

Security and DRM

DRM is Based on Security Principals

Authentication (device, user, service)

Key management, data encryption and
signature for data confidentiality and
integrity
Secured delivery of premium content usage
rights
Can be used for personal content protection

DRM Interoperability is Needed

PERM Interoperability Framework

Issues with DRM System Diversity

Lack of a unified and open DRM system standard

for PC, CE and mobile handheld devices for
content interoperability
Current DRM system implementations are not
interoperable

Diversity of smart card implementations

Diversity of internet DRM system implementations
Diversity of packaged media content protection
implementations

Mismatches between different trust and protection

models
Mismatches between rights expression languages
Consumer devices cannot locate and connect to all
needed services/content

DRM Interoperability Problem

DRM systems operate as closed domains or

silos

Consumers media needs are changing

Content is not portable outside silo by design

Consumer confusion and dismay
Home networks include CE, mobile, and PC-based
devices
Different possible media gateways: Cable box, PC,
Mobile device
Expect seamless play of acquired content on all
their devices

Ripping and P2P networks offer content

portability and ease of use

Limited Consumer Experience

Consumers expect to use content on any of

their devices. They are dissatisfied
when their content is not portable because of DRM.

Why DRM interoperability?

Intuitive Anytime, anywhere consumer

experience with licensed content
Reduces dependency on a single
technology silo
Anticipates further convergence between
CE, mobile, and PC platforms
Future-proof business models
Illegal P2P content distribution networks
already offer it

Possible Customer Experience

Technology exists to allow consumers to use

their DRM-protected content seamlessly,
whenever and wherever they want.

Alternate Approaches

Allow a de facto standard to evolve

Standardize a universal end-to-end DRM

system

Value chain participants can be at the mercy of

a single technology provider

Unfeasible to address requirements of entire

value chain from CE, mobile, and PC markets in
a single system

Standardize a DRM-neutral interoperability

architecture

Diversity of Security, Content

Protection/DRM Implementations

Pre-recorded/Recordable content (DVD, DVD-Audio)

CSS (Prerecorded DVD)

CPPM (Prerecorded Audio)
CPRM (Recordable Audio/Video)

Internet streaming audio/video content

Various DRMs

Broadcast content

Smart Card DRMs

WM DRM 10, Fairplay, Real, Open Magic Gate, OMA, SDMI and etc.

DigiCipher, Cable Card ITU-T SG9, DVB-CSA, DirectTV, Multi-2, NDS (ICAM),
Irdeto, Nagra, DVB Content Protection and Copy Management (CPCM) and
many others.

Between media client and TV/display

HDCP (HDMI/DVI)
DTCP/1394/USB (1394/USB)
Macrovision (analog TV)

Rationales of DRM Interoperability

Framework

Users are able to locate and connect to the

content services that they need
A security protocol can be used to protect
personal contents or clear contents from the
original content owners
An open DRM interoperability standard
accelerates content consumption in the home
network and propels device volume growth and
thus benefits the consumers, the content owners
and the device manufacturers

DRM Interoperability

Coral Approach

Unite consumer media value chain

participants

Create open standards for interoperability

between consumer DRMs

Avoid changes in current DRM systems

Define roles, services, interfaces, and tools to
bridge between incompatible systems

Develop a compliance infrastructure

Include content owners, device makers, technology

and service providers

Develop program to certify that solutions comply

with architecture and ecosystem specifications

Content providers publish to Coral usage

models

Ecosystem matches usage model to a device DRM

Decomposition of DRM
Components and Services

Content packaging
Licenses, Rules and their management
Identity management for individuals, groups, other
entities
Policy management for services
Offer management
Fraud management
Key and token management
Security components and methods

Secure packaging
Secure transport, storage
Secure execution and process isolation

Different components and services can be offered by

different expert providers

Decomposition into functional

Tiers
Asset Management and Content Origination

Bundling and Distribution Services

Home and Enterprise Gateways

Devices and Personal Networks

Coral Architecture Specification

Consists of three layers

Roles

Interfaces between roles

Provide interoperable messaging

Nodes

Describe functionality and behavior

Act as a hook for compliance

Group roles together in a secure deployment container

Nodes and roles are certified for secure,

trusted, policy-managed communications
across implementations
Works online and offline
Application of NEMO, Intertrusts reference
technology for DRM interoperability

NEMO Technology

Stands for: Networked Environment for

Media Orchestration
Service-oriented architecture
Framework for building distributed
applications that include:

Security
Trust management
Policy management

How Coral uses NEMO

Uses NEMO framework to define services

such as:

Rights mediation: maps usage models

between DRM systems
Principal identity provider: maps usage
identities between DRM systems
Rights registry: used to implement rights
locker-type services

These and other services form the

foundation of an interoperability layer

How NEMO works

Possible Scenarios

Online Scenario

Offline Scenario

both content and licenses are acquired

online
content and licenses are transformed locally

Hybrid Scenario

licenses are acquired from an online service

content is transformed locally

Online Scenario

Offline Scenario

Hybrid Scenario