Enhanced Security by OS-Oriented Encapsulation in TPM-Enabled DRM
The Trusted Computing Group (TCG) defines the specifications for the Trusted Platform Module (TPM) and corresponding trust mechanisms that allow a TPM-enabled platform to run only authenticated software. For example, the operating system (OS) can use the facilities provided by the TPM to authenticat...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2007
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/397 https://ink.library.smu.edu.sg/context/sis_research/article/1396/viewcontent/Enhanced_Security_by_OS_Oriented_Encapsulation_in_TPM_Enabled_DRM_afv.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-1396 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-13962019-03-08T07:45:43Z Enhanced Security by OS-Oriented Encapsulation in TPM-Enabled DRM WU, Yongdong BAO, Feng DENG, Robert H. MOUFFRON, Marc ROUSSEAU, Frederic The Trusted Computing Group (TCG) defines the specifications for the Trusted Platform Module (TPM) and corresponding trust mechanisms that allow a TPM-enabled platform to run only authenticated software. For example, the operating system (OS) can use the facilities provided by the TPM to authenticate a Digital Rights Management (DRM) application before allowing it to run. However TCG does not provide any clear specification on what kind of software can be regarded as trusted and hence be authenticated. In fact it is unlikely that there will be a clear line between the software that should be authenticated and those should not, e.g., debugger for developing binary codes and Internet browser for running applets. This leaves a grey area where even authenticated software may be exploited for malicious usage. This paper investigates the security of DRM applications in a relaxed scenario where users have larger purview. We present two attacks: abuse attack and injection attack where some reasonably authenticated software can be exploited for stealing protected contents. In the abuse attack, an attacker uses an authenticated debugger to monitor the internal state of a DRM application for the purpose of violating the access privilege in the application. In the injection attack, an adversary is able to make malicious modifications on an original DRM application at will. These two attacks demonstrate that it is not straightforward to impose DRM in a TPM-enabled system. To counter the attacks, we provide the OS-encapsulation scheme which ensures that only the genuine OS can start the DRM application. Our scheme is an enhancement of security for TPM-enabled DRM in a loose but more practical environment, where people are allowed to use the debugger, web browser, etc. 2007-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/397 info:doi/10.1007/978-3-540-79499-8_37 https://ink.library.smu.edu.sg/context/sis_research/article/1396/viewcontent/Enhanced_Security_by_OS_Oriented_Encapsulation_in_TPM_Enabled_DRM_afv.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security WU, Yongdong BAO, Feng DENG, Robert H. MOUFFRON, Marc ROUSSEAU, Frederic Enhanced Security by OS-Oriented Encapsulation in TPM-Enabled DRM |
| description |
The Trusted Computing Group (TCG) defines the specifications for the Trusted Platform Module (TPM) and corresponding trust mechanisms that allow a TPM-enabled platform to run only authenticated software. For example, the operating system (OS) can use the facilities provided by the TPM to authenticate a Digital Rights Management (DRM) application before allowing it to run. However TCG does not provide any clear specification on what kind of software can be regarded as trusted and hence be authenticated. In fact it is unlikely that there will be a clear line between the software that should be authenticated and those should not, e.g., debugger for developing binary codes and Internet browser for running applets. This leaves a grey area where even authenticated software may be exploited for malicious usage. This paper investigates the security of DRM applications in a relaxed scenario where users have larger purview. We present two attacks: abuse attack and injection attack where some reasonably authenticated software can be exploited for stealing protected contents. In the abuse attack, an attacker uses an authenticated debugger to monitor the internal state of a DRM application for the purpose of violating the access privilege in the application. In the injection attack, an adversary is able to make malicious modifications on an original DRM application at will. These two attacks demonstrate that it is not straightforward to impose DRM in a TPM-enabled system. To counter the attacks, we provide the OS-encapsulation scheme which ensures that only the genuine OS can start the DRM application. Our scheme is an enhancement of security for TPM-enabled DRM in a loose but more practical environment, where people are allowed to use the debugger, web browser, etc. |
| format |
text |
| author |
WU, Yongdong BAO, Feng DENG, Robert H. MOUFFRON, Marc ROUSSEAU, Frederic |
| author_facet |
WU, Yongdong BAO, Feng DENG, Robert H. MOUFFRON, Marc ROUSSEAU, Frederic |
| author_sort |
WU, Yongdong |
| title |
Enhanced Security by OS-Oriented Encapsulation in TPM-Enabled DRM |
| title_short |
Enhanced Security by OS-Oriented Encapsulation in TPM-Enabled DRM |
| title_full |
Enhanced Security by OS-Oriented Encapsulation in TPM-Enabled DRM |
| title_fullStr |
Enhanced Security by OS-Oriented Encapsulation in TPM-Enabled DRM |
| title_full_unstemmed |
Enhanced Security by OS-Oriented Encapsulation in TPM-Enabled DRM |
| title_sort |
enhanced security by os-oriented encapsulation in tpm-enabled drm |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2007 |
| url |
https://ink.library.smu.edu.sg/sis_research/397 https://ink.library.smu.edu.sg/context/sis_research/article/1396/viewcontent/Enhanced_Security_by_OS_Oriented_Encapsulation_in_TPM_Enabled_DRM_afv.pdf |
| _version_ |
1770570410587324416 |