Background

Digital rights management

• Protect the contents from copying
• Estimates of cost impact of piracy is about $446 million to $250 billion
• Despite some shortcomings, like analog hole

DRM System

Implementation

• High-bandwidth Digital Copy Protection (HDCP) put this decryption into media playback hardware
• Lower-end devices use software solutions (e.g. PKI)

Android DRM

Architecture

DRM Schemes

• OMA
• Widevine
• …

OMA

• open DRM standard published by the Open Mobile Alliance
• Version 1 (Assume mobile terminal is reliable)
  • Forward-lock
  • Combined Delivery
  • Separate Delivery
• Version 2
  • Separate content and license into two objects

Widevine

• On Android >=3.0 the Widevine DRM plugin is integrated
• Uses hardware-backed protection to secure movie content and user credentials

Android DRM Detail

Architecture

DrmManagerClient

• All operations are done using DrmManagerClient to communicate with the DrmManagerServer
• Procedure:
  • Register the device with an online DRM service.
  • Acquire the license
  • Extract constraint information from the license.
  • Save rights info

acquireDrmInfo()

• Registration & Right acquisition

processDrmInfo()

• ?

Rights Management

• acquireRights()
• saveRights()
• removeRights()

Read data

• openConvertSession()
• convertData()
• closeConvertSession()

Device Support

Device support

• Widevine, OMA v1 Forward Lock on Nexus 5 & st70408
• No plugins on Virtual Android Devices

Related Work

T6 kernel using ARM trustzone

• Secure VNC
• Secure DRM

Steal This Movie

• Usenix Security 2013
• Attack the software implementation

SierraVMI Virtual Mobile Infrastructure