WWW 2008 / Poster Paper

April 21-25, 2008 · Beijing, China

Enabling Secure Digital Marketplace
Hongxia Jin
IBM Almaden Research Center

Vladimir Zbarsky
IBM Almaden Research Center

jin@us.ibm.com

zbarsky@us.ibm.com

ABSTRACT
The fast development of the Web provides new ways for effective distribution of network-based digital goods. A digital marketplace provides a platform to enable Web users to effectively acquire, share, market and distribute digital content. However, the success of the digital marketplace business models hinges on securely managing the digital rights and usage of the digital content. For example, the digital content should b e only consumable by paid users. This pap er describ es a Web-based system that enables the secure exchange of digital content b etween Web users and prevents users from illegally re-sell of the digital content. Part of our solution is based on broadcast encryption technology. Categories and Sub ject Descriptors:K.6.5 [Management of Computing and Information Systems][Security and Protection] General Terms: Security, digital content, marketplace Keywords: DRM, content protection, security, download

We classify the marketplace scenarios into two different cases. In one case the acquired content is restricted to only display on one particular device. In the other case the acquired digital content can b e displayed/rendered on multiple and mayb e different typ e of devices. For example, a user wants to run the purchased software on multiple machines, or playback the purchased video content on different typ es of devices. In this pap er we will show a system that can enable secure digital marketplace in b oth cases. The main design goal is to prevent p eople from making copies and resell copies illegally.

2. OUR SYSTEM
Our system mainly involves three parties, the marketplace provider (the server), web users as content producers/sellers (client) and web users as content consumers/buyers (client). Figure 1 illustrates a transaction process at high level. As a first step of the transaction process, the selling client uploads his content to the server where the content will b e encrypted and packaged. The uploaded content will b e encrypted with a randomly picked key called title key. The title key will also b e encrypted and reside together with the encrypted content. Once the content and its title key are encrypted, it can b e stored securely in the backend rep ository. Of course storing the content and the title key in their encrypted form does not require sp ecial storage. In the meanwhile, the preview or introduction of the digital content is displayed and advertised on the server web site. When the buying client identifies the content he wants to purchase from the server website, he will connect to the rep ository to download the encrypted content together with its encrypted title keys (step 2). In our system we will rebind the title key to the buying client (step 3 and 4). This will prevent p eople from illegally re-sell the content. The calculation that binds the title key to the client is p erformed on the server side, not on the client side. We call the server that p erforms this function the clearing house. The marketplace provider can also function as the clearing house. How does the clearing house learn the title key in order to bind the title key? Well, when the content is packaged and encrypted, the title key is encrypted with a key that is agreed up on b etween the clearing house and the server who packages the content. Different ways may b e used to encrypt the title key. A simple way would b e encrypting the title key with the server's public key. After the buying client downloads the packaged content, it extracts the encrypted title key from the packaged content. In the case that only one machine is allowed to playback

1.

INTRODUCTION

The fast development of the Web provides new ways for p eople to exchange goods. Web 2.0 companies like Ebay provide platforms that enable Web users to b ecome a buyer/seller and exchange their goods. It provides an online marketplace for p eople. In this typ e of business model, the marketplace provider derives most of its revenue by charging a service fee for each buy/sell transaction that is done through its Website. On the other hand, more and more p eople are producing and consuming content in digital form, for example, software, digital document or video/audio. Unfortunately different from a physical good that can b e sold to only one buyer, digital good can b e easily copied and sold to many buyers. While it helps driving more legitimate sales, it also allows p otential illegal re-sells of the copies of the digital goods. So a digital marketplace must provide security features that ensure only the paid buyers can acquire and consume the digital content. Only then p eople can b e motivated to produce and sell their digital content online. As a concrete example, one can imagine a web user who produces a video clip teaching how to do a certain thing. Another Web user might b e looking for ways to learn how to do that. A digital marketplace would provide secure and effective exchange of digital learning content.
Copyright is held by the author/owner(s). WWW 2008, April 21­25, 2008, Beijing, China. ACM 978-1-60558-085-2/08/04.

1217


WWW 2008 / Poster Paper
content packaging
encrypted content and E(Kt)

April 21-25, 2008 · Beijing, China
client not only needs to send to the clearing house the initially encrypted title key but also the MKB and media ID information extracted from the recordable media (step 3). The clearing house will calculate the media key out of the MKB and derive a media unique key from the media key and the media ID. The clearing house will re-encrypt the title key with the media unique key (step 4). The buying client will burn the downloaded encrypted content and the new encrypted title key to the recordable media (step 5). This media can b e played back at any compliant device b ecause any compliant device can process MKB and decrypt the title key to decrypt the content. But any copies of the media will not work b ecause the content encrypting key (the title key) is b ound to the particular media.

1

raw content

2
download

clearing house
old E(Kt) is decrypted title key is re-encrypted

encrypted content

3

4 5

old E(Kt)

consumer device

old E(Kt), (MKB), media ID

new E(Kt)

media

Figure 1: High level overview

3. KEY FEATURES AND CONCLUSIONS

In this pap er we describ ed a system that provides a marketplace that enables web users to exchange digital content securely. The first main feature in our system is that the the purchased content, the buying client will first make the content is stored encrypted; and the content encrypting key payment, then send the encrypted title key together with (title key) itself is stored encrypted together with the conits machine sp ecific information (e.g., ID) to the clearing tent. Second, it provides ways to prevent illegal re-sale of house (step 3). The payment could b e made to the clearthe content. We achieve this by binding the title key to ing house or directly to the selling client. In either case, a particular machine or a piece of physical media. Third, once the payment is confirmed, the clearing house will dein our system, the clearing house which does the title key crypt the encrypted title key using the key that was initially binding can b e placed anywhere that the client can access. agreed up on with the content packaging server. The clearIt does not have to b e tied to the rep ository that stores the ing house then derives a machine unique key based on the content. The clearing house does not have to interact with machine sp ecific information using an one-way function and the content server and does not have to know the content. re-encrypts the title key using the machine unique key. The This simplifies the design of the clearing house. The clearing re-encrypted title key is sent back to the buying client (step house and the content server can even b e two indep endent 4). Only on the sp ecified playback machine the buying client entities. Moreover, in order to prevent illegal reselling of can derive the machine unique key and decrypt the title key the decrypted content which is of course more bandwidthto decrypt the content. consuming for attackers but might allow them stay anonyIn a more generic case, the purchased content can b e conmous, we can easily add a feature similar to [4]. Basically sumed on multiple devices. Those devices may not b e even different devices will b e b ound to the different variations emknown when the content is purchased. In order to enable b edded in the content. Those variations allow identification this, we utilize a technology called broadcast encryption [1]. of which copy of the content has b een re-distributed. We discussed two business scenarios. In one scenario the 2.1 Broadcast Encryption acquired content is b ound to a particular machine/device. In A broadcast encryption scheme is a key management techanother scenario the acquired content is b ound to a physical nology that allows a piece of content to b e accessible only by media but can b e consumed in multiple devices. In later a subset of privileged/enabled users and not the revoked/disabled scenario we used broadcast encryption technology which has users. When a user is found non-compliant he/she will b e b een used in traditional settings to protect the large amount excluded from future content access. The structure that of content produced by small numb er of producers [3]. enables exclusion/revocation of users is called Media Key As future work we want to improve the system by taking Block (MKB). MKB can enable very compliant device to into considerations of the unique setting of the new Web calculate a key that ultimately derives the title key to deparadigm in which there exist large numb er of content procrypt the content. Any non-compliant device will not b e ducers (e.g., web users) each producing small numb er of conable to process MKB and derive the key to access content. tent (e.g., video clips). While our preliminary system design Unlike a public key system, a broadcast encryption system shows some similarities with traditional content protection is not identity based. As long as a device is compliant, he system setting. We b elieve the uniqueness of the new Web can process MKB and ultimately access content. It has b een setting may deserve a different system design. used in Content Protection for Recordable Media [2].

2.2 Binding title key to the media
We b elieve it is p ossible to use broadcast encryption scheme to enable purchased content b e consumable by multiple devices. We burn the purchased content onto a physical recordable media and bind the title key to the media. The media contains in it a MKB created by the clearing house, and each playback device is a user in a broadcast encryption scheme. In order to bind the title key to the media, the buying

4. REFERENCES
[1] A. Fiat and M. Naor, "Broadcast Encryption," Crypto'93, LNCS Vol. 773, pp480-491. Springer, 1993. [2] www.4centity.com [3] CPRM Sp ecification, CPRM Network Download [4] H. Jin, J.Lotspiech and S.Nusser, "Traitor tracing for prerecorded and recordable media", ACM DRM workshop, pp.83-90, Washington.DC.2004.

1218