Abstract
Digital rights management (DRM) solutions aim to prevent the copying or distribution of copyrighted material. On mobile devices, a variety of DRM technologies have become widely deployed. However, a detailed security study comparing their internal workings, and their strengths and weaknesses, remains missing in the existing literature. In this paper, we present the first detailed security analysis of mobile DRM systems, addressing the modern paradigm of cloud-based content delivery followed by major platforms, such as Netflix, Disney+, and Amazon Prime. We extensively analyse the security of three widely used DRM solutions -- Google Widevine, Apple FairPlay, and Microsoft PlayReady -- deployed on billions of devices worldwide. We then consolidate their features and capabilities, deriving common features and security properties for their evaluation. Furthermore, we identify some design-level shortcomings that render them vulnerable to emerging attacks within the state of the art, including micro-architectural side-channel vulnerabilities and an absence of post-quantum security. Lastly, we propose mitigations and suggest future directions of research.
| Original language | English |
|---|---|
| Pages | 549-558 |
| Number of pages | 10 |
| DOIs | |
| Publication status | E-pub ahead of print - 3 Nov 2023 |
| Event | 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) - Exeter, United Kingdom Duration: 1 Nov 2023 → 3 Nov 2023 |
Conference
| Conference | 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) |
|---|---|
| Country/Territory | United Kingdom |
| City | Exeter |
| Period | 1/11/23 → 3/11/23 |
Keywords
- Digital Rights Management (DRM)
- Media streaming
- Trusted Execution Environments
- Mobile Security