A practical approach to impede key recovery and piracy in Digital Rights Management System (DRM)

With the invention of high speed internet and content digitization, large scale content sharing has become exceptionally easy. This ease adds fuel to the fire of piracy, which causes a gigantic loss to content providers. Copyright laws only cause deterrence. Hence a technological solution was required to protect the rights of digital content owners. This inevitably gave birth to Digital Rights Management System (DRM). But DRM could not fulfill this obligation and is broken time to time. Two major types of attacks faced by DRM are the key recovery and unencrypted content capturing. In this paper a DRM model has been proposed which will employ elliptic curve integrated encryption system (ECIES) and a secure one-way hash function for generating a dynamic one time content encryption/decryption key. A portion of key is stored in license. With the proposed technique, the knowledge of a portion of key will reveal no information about the key itself. The key will never be reused and will never be stored on end user device. The proposed solution will raise the scale of difficulty for key recovery and piracy. If any effort is made to distribute the contents illegally, the contents will be locked cryptographically for both legal and illegal consumers. The proposed technique also provides protection against attacks, wherein an attacker becomes successful in extracting the content decryption key and publishes it on a public website database. With the help of any well-known technique like remote attestation, the proposed solution also allows checking the integrity of DRM client software which is executed in malicious host environment.