Stefan Nusser

Anonymous trust: digital rights management using broadcast encryption

Broadcast encryption is an active area of cryptographic research. Originally defined by Fiat and Naor, broadcast encryption refers to key management schemes that operate when the participating parties do not have a two-way communication path. We contrast that with public-key cryptography: all known public-key protocols require a handshake to establish a common key. We extend the use of broadcast encryption to solve problems that have been traditionally addressed by public-key cryptography: we discuss the xCP cluster protocol, a proposed digital rights management (DRM) system for the home entertainment network, and we illustrate a broadcast-encryption-based content distribution system, which can work without requiring any secrets in the DRM client.

Broadcast encryption's bright future

As a vehicle for content protection, broadcast encryption promises more flexible and resilient security compared with traditional public key cryptography techniques.

Traitor tracing for prerecorded and recordable media

In this paper we are focusing on the use of a traitor tracing scheme for distribution models that are based on prerecorded or recordable physical media. When a pirated copy of the protected content is observed, the traitor tracing scheme allows the identification of at least one of the real subscribers who participated in the construction of the pirated copy. We show how we systematically assign the variations to users. We explore under what circumstances traitor tracing technology is applicable for media based distribution and then focus on two challenges specifically related to this form of distribution: We demonstrate a way to encode the variations on the disc that is mostly hidden from the attackers and also remarkably compatible with the existing DVD standard. We also present an efficient key management scheme to significantly reduce the requirement for non-volatile key storage on low-cost CE devices.

Tag-it, snag-it, or bag-it: combining tags, threads, and folders in e-mail

We describe the design of bluemail, a web-based email system that provides message tagging, message threading, and email folders. We wanted to explore how this combination of features would help users manage and organize their email. We conducted a limited field test of the prototype by observing how users triage their own email using bluemail. Our study identified ways in which users liked tagging, threading, and foldering capabilities, but also some of the complex ways in which they can interact. Our study elicited early user input to guide the iterative design of these features. It also involved a user study researcher, designer, and developer in the field test to quickly integrate different perspectives during development.

Content protection for games

In this paper we review the state of the art in content protection for video games by describing the capabilities and shortcomings of currently deployed solutions. In an attempt to address some of the open issues, we present two novel approaches. The first approach uses branch-based software watermarking to discourage and detect piracy through a registration-based system. In the second approach, based on the parallels between games and premium audio and video content, we propose the use of current physical-media copy-protection technologies for gaming content. In particular, we focus on broadcast encryption technology. The use of an open, standard-based architecture enables the development of a more restrictive protection system for games. Finally, we demonstrate how the proposed protection mechanisms can be applied to video-game copy protection through five scenarios.

Security for the digital library-protecting documents rather than channels

In this paper we focus on the mechanisms necessary to put a security architecture for digital libraries in place. This includes protection of the content, feasibility of payment and assertion of copy- and usage rights. While current research in secure Web technology (like SSH, SHTTP or SSL) focuses on the protection of the communication channel, proposals for protecting digital content usually rely on some sort of secure container to realize the functions mentioned above. We explain the concepts underlying both approaches using the IBM Cryprolope technology as an example for secure containers.

Enabling efficient orienteering behavior in webmail clients

Webmail clients provide millions of end users with convenient and ubiquitous access to electronic mail - the most successful collaboration tool ever. Web email clients are also the platform of choice for recent innovations on electronic mail and for integration of related information services into email. In the enterprise, however, webmail applications have been relegated to being a supplemental tool for mail access from home or while on the road. In this paper, we draw on recent research in the area of electronic mail to understand usage models and performance requirements for enterprise email applications. We then present an innovative architecture for a webmail client. By leveraging recent advances in web browser technology, we show that webmail clients can offer performance and responsiveness that rivals a desktop application while still retaining all the advantages of a browser based client.

Agile development meets strategic design in the enterprise

In this paper we present our approach to design and develop an enterprise email application called bluemail. We describe our development process that is orchestrated for fast, iterative deployments and aimed at offering increased transparency to our internal user community. We finish by discussing the relationship between iterative design and agile development practices.

Automatic Categorization of Tags in Collaborative Environments

Tagging allows individuals to use whatever terms they think are appropriate to describe an item. With the growing popularity of tagging, more and more tags have been collected by a variety of applications. An item may be associated with tags describing its different aspects, such as appearance, functionality, and location. However, little attention has been paid in the organization of tags; in most tagging systems, all the tags associated with an item are listed together regardless of their meanings. When the number of tags becomes large, finding useful information with regards to a certain aspect of an item becomes difficult. Improving the organization of tags in existing tagging systems is thus highly desired. In this paper, we propose a hierarchical approach to organize tags. In our approach, tags are placed into different categories based on their meanings. To find information with respect to a certain aspect of an item, one just needs to refer to its associated tags in the corresponding category. Since existing applications have already collected a large number of tags, manually categorizing all the tags is infeasible. We propose to use data-mining and machine-learning techniques to automatically and rapidly classify tags in tagging systems. A prototype of our approaches has been developed for a real-word tagging system.

Enabling secure distribution of digital media to SD-cards

As the marketplace for digital media increases we witness the rise of new media distribution models where timely delivery, convenience, privacy and personalization are essential features of competitive offerings. Consumers are looking for innovative ways to access content in a service-oriented manner that suits their mobile life style. This paper describes a prototype standard-based system that allows the secure and fast download of content to SD-Card-enabled consumer devices. Content is protected by Content Protection for Recordable Media (CPRM) technology; specifically we use CPRM SD-Video. Our prototype shows Digital Media Terminals (DMT, also denoted kiosks) that enable innovative rental and purchase models. Our solution combines IBMs plug-in web services, Panasonics leading-edge devices and Porto Medias high-speed data transfer to Secure Digital Memory Flash Cards (SD-Cards).