Jeffrey Bruce Lotspiech

Anonymous trust: digital rights management using broadcast encryption

Broadcast encryption is an active area of cryptographic research. Originally defined by Fiat and Naor, broadcast encryption refers to key management schemes that operate when the participating parties do not have a two-way communication path. We contrast that with public-key cryptography: all known public-key protocols require a handshake to establish a common key. We extend the use of broadcast encryption to solve problems that have been traditionally addressed by public-key cryptography: we discuss the xCP cluster protocol, a proposed digital rights management (DRM) system for the home entertainment network, and we illustrate a broadcast-encryption-based content distribution system, which can work without requiring any secrets in the DRM client.

Digital signets: self-enforcing protection of digital information (preliminary version)

The problem of protecting digital content software, video, documents, music, etc. – from illegal redistribution by an authorized user, is the focus of considerable industrial and academic effort. In the absence of special-purpose tamperproof hardware, the problem has no cryptographically secure solution: once a legitimate user has purchased the cent ent, the user, by definition, has access to the material and can therefore capture it and redistribute it. A number of techniques have been suggested or are currently employed to make redistribution either inconvenient or traceable. In this paper we introduce digital signets, a new technique for protecting digital content from illegal redistribution. The work motivates the study of the previously unexamined class of incompressible functions, analysis of which adds a cryptographic twist to communication complexity.

Broadcast encryption's bright future

As a vehicle for content protection, broadcast encryption promises more flexible and resilient security compared with traditional public key cryptography techniques.

xCP: peer-to-peer content protection

In this article, we present a new protocol for implementing an authorized domain, a collection of devices that are equally authorized to play content. This is a new direction for content protection schemes that represents a careful balance between the needs and wants of consumers and content owners. Our protocol is a novel application of cryptographic technique known as broadcast encryption in a configuration that had not been explored previously: a peer-to-peer (P2P) network. We discuss the details of a P2P protocol based on broadcast encryption that supports and enforces renewable content protection for home networks. Several technical advantages of this protocol, including lower computational requirements, flexible network topology and support for intermittently connected devices, are given.

A digital library system for periodicals distribution

As part of IBMs Digital Library Initiative, IBMs Almaden Research Center has teamed with the Institute for Scientific Information in a joint project to deliver on-line access to the bibliographic information and abstracts from the scientific journal articles indexed in Current Contents/Life Sciences as well as articles offered by the respective publishers. This requires both adaptation of existing technologies and development of new capabilities, especially regarding copyright protection. Since the Fall of 1995, a pilot system has been installed at four universities, two corporate libraries, and a major public research library, beginning a study that involves many publishers, libraries, and users to test the system and to experiment with new economic models. This article describes some requirements we identified for this system, and the solutions we have devised for these requirements.

Security for the digital library-protecting documents rather than channels

In this paper we focus on the mechanisms necessary to put a security architecture for digital libraries in place. This includes protection of the content, feasibility of payment and assertion of copy- and usage rights. While current research in secure Web technology (like SSH, SHTTP or SSL) focuses on the protection of the communication channel, proposals for protecting digital content usually rely on some sort of secure container to realize the functions mentioned above. We explain the concepts underlying both approaches using the IBM Cryprolope technology as an example for secure containers.

On finding non-intersecting straightline connections of grid points to the boundary

Abstract We consider the problem of determining whether it is possible to connect a given set of N points in an ( m × n ) rectangular 2D grid to the grids boundary using N disjoint straight (horizontal or vertical) lines. If this is possible, we find such a set of lines. We provide an algorithm with either O ( m + n ) or O ( N log N ) complexity. In higher dimensions, the problem is NP-complete. We then extend our results to accommodate an additional constraint, namely forbidding connections in opposite directions that run next to one another. A solution to this problem can be used to provide a set of processor substitutions which reconfigure a fault-tolerant rectangular array of processing elements to avoid the faulty processors while retaining its important properties.

Cryptographic Containers and the Digital Library

Today, information is distributed on the Internet and other communication infrastructures mainly for free. However, once information or digital contents is assigned some value, a means is needed to protect its copyrights and control its use.

Unifying Broadcast Encryption and Traitor Tracing for Content Protection

In this paper we study the design of efficient trace-revoke schemes for content protection. In state-of-art, broadcast encryption and traitor tracing are viewed as two orthogonal problems. Good traceability and efficient revocation seem to demand different types of design. When combined into trace-revoke schemes, existing schemes only offer efficiency on one aspect but weak on the other. Moreover, there are two major styles of pirate attacks, namely the clone device attack and anonymous re-broadcasting attack. In current state-of-art, defending against these two attacks are viewed as two different problems that demand different trace-revoke schemes. In current state-of-practice, a content protection system has to deploy two trace-revoke schemes in order to provide complete protections against both attacks. As a result, the system incurs the complexity of having to manage two schemes, even worse the overall strength of the system is the weakest link in either scheme. In this paper we present a unified trace-revoke system that can offer superior efficiency on both traceability and revocation capability as well as simultaneously defend against two attacks in a unified way. Our unified system offers everything that the original two schemes combined can provide, but our system is much simpler and more efficient. The design of our unified framework carries both scientific and real world practical significance. We reduce the tracing time from tens of years to hours. The much improved simplicity and efficiency of our unified system caused it to be adopted by the new version of AACS, Advanced Access Content System, the industry content protection standard for the new Blu-ray high-definition-video optical discs. Scientifically our design shows it is possible to design an efficient broadcast encryption scheme and traitor tracing scheme in a unified way. We also showed the equivalence of the two major types of attacks which are currently viewed as different attacks. This opens brand new directions for future research on broadcast encryption and traitor tracing.

Key evolution-based tamper resistance: a subgroup extension

The number and magnitude of hostile attacks against software has drastically increased. One class of attacks of particular concern to the software industry is tampering to circumvent protection technologies such as license checks. A variety of hardware- and software-base techniques have been developed to address the issue. These include, but are not limited to, dongles, smartcards, and code obfuscation. In this paper we examine two previously proposed software-based tamper resistance techniques which are both based on the same key evolution mechanism: Event Log-Based and Branch-Based tamper resistance. As proposed the techniques offer many advantages over other software-based algorithms, however, they still suffer from a common limitation. Through our analysis we identify this limitation and propose an extension to the schemes which improves the overall strength.