A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery

Research output: Contribution to conferencePaperpeer-review

81 Downloads (Pure)

Abstract

Digital rights management (DRM) solutions aim to prevent the copying or distribution of copyrighted material. On mobile devices, a variety of DRM technologies have become widely deployed. However, a detailed security study comparing their internal workings, and their strengths and weaknesses, remains missing in the existing literature. In this paper, we present the first detailed security analysis of mobile DRM systems, addressing the modern paradigm of cloud-based content delivery followed by major platforms, such as Netflix, Disney+, and Amazon Prime. We extensively analyse the security of three widely used DRM solutions -- Google Widevine, Apple FairPlay, and Microsoft PlayReady -- deployed on billions of devices worldwide. We then consolidate their features and capabilities, deriving common features and security properties for their evaluation. Furthermore, we identify some design-level shortcomings that render them vulnerable to emerging attacks within the state of the art, including micro-architectural side-channel vulnerabilities and an absence of post-quantum security. Lastly, we propose mitigations and suggest future directions of research.
Original languageEnglish
Pages549-558
Number of pages10
DOIs
Publication statusE-pub ahead of print - 3 Nov 2023
Event2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) - Exeter, United Kingdom
Duration: 1 Nov 20233 Nov 2023

Conference

Conference2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Country/TerritoryUnited Kingdom
CityExeter
Period1/11/233/11/23

Keywords

  • Digital Rights Management (DRM)
  • Media streaming
  • Trusted Execution Environments
  • Mobile Security

Cite this