How does a DRM system protect content keys with elliptic curve cryptography (ECC)?

Digital rights management (DRM) refers to a group of access control technologies used to manage the usage of copyrighted content and prevent illegitimate access to it. There are two primary modules in DRM technology, namely content protection and rights management. While the content protection aspect is responsible for content transformation and recovery, the rights management part governs the generation of user licenses and their validation. DRM-enabled content is protected by services such as Microsoft PlayReady, Google Widevine, Apple FairPlay, or Adobe Access. These technologies separately encrypt the content with a title key, which is distributed to users via a multi-DRM vendor.

A large number of encryption algorithms are used in the application of DRM and they are categorized into two main types: symmetric and asymmetric. Elliptic curve cryptography (ECC) is an asymmetric algorithm based on elliptic curves. Compared to other encryption algorithms, such as RSA, ECC offers the highest level of security with a smaller key size. While the RSA approach uses basic multiplication of two prime numbers to generate factors on which to decode the key, ECC uses points on a curve, meaning that keys generated by ECC are ephemeral and ideal for session-based use cases, such as streaming DRM video protection. Mathematically, an elliptic curve is a plane curve over a finite field (instead of real numbers) which consists of points that satisfy the equation y2 = x3 + ax + b.

A 256-bit ECC key size can achieve the same level of security that an RSA algorithm can achieve using a greater key size of 3072 bit. In addition, ECC requires fewer computational resources. A shorter key also means that the bandwidth consumption in the authentication process is significantly lower. From a security standpoint too, full exponential time is needed to break down ECC. For example, ECC with 160-bit key size takes 9.6 x 1011 million instructions per year (MIP) with the best known attack to be broken down.

The Elliptic Curve Digital Signature Algorithm (ECDSA) is used to validate a license generated by ECC. Digital signatures are used to ensure that the contents of important messages sent from the server to the user device or web application are not altered in transit. A combination of ECC approaches are now being used to provide DRM solutions; the Elliptic Curve Diffie-Hellman (ECDH) is used for exchanging keys while the Elliptic Curve Digital Signature Algorithm (ECDSA) is used in the digital signature process.

Comments are closed.