Enhanced security by OS-oriented encapsulation in TPM-enabled DRM

Abstract

The Trusted Computing Group (TCG) defines the specifications for the Trusted Platform Module (TPM) and corresponding trust mechanisms that allow a TPM-enabled platform to run only authenticated software. For example, the operating system (OS) can use the facilities provided by the TPM to authenticate a Digital Rights Management (DRM) application before allowing it to run. However TCG does not provide any clear specification on what kind of software can be regarded as trusted and hence be authenticated. In fact it is unlikely that there will be a clear line between the software that should be authenticated and those should not, e.g., debugger for developing binary codes and Internet browser for running applets. This leaves a grey area where even authenticated software may be exploited for malicious usage. This paper investigates the security of DRM applications in a relaxed scenario where users have larger purview. We present two attacks: abuse attack and injection attack where some reasonably authenticated software can be exploited for stealing protected contents. In the abuse attack, an attacker uses an authenticated debugger to monitor the internal state of a DRM application for the purpose of violating the access privilege in the application. In the injection attack, an adversary is able to make malicious modifications on an original DRM application at will. These two attacks demonstrate that it is not straightforward to impose DRM in a TPM-enabled system. To counter the attacks, we provide the OS-encapsulation scheme which ensures that only the genuine OS can start the DRM application. Our scheme is an enhancement of security for TPM-enabled DRM in a loose but more practical environment, where people are allowed to use the debugger, web browser, etc. © 2008 Springer-Verlag Berlin Heidelberg.