Secure Android as a Service
By Wang Jiajun 2015/4/1
Background
Digital rights management
Protect the contents from copying
Estimates of cost impact of piracy is about $446 million to $250 billion
Despite some shortcomings, like
analog hole
DRM System
Implementation
High-bandwidth Digital Copy Protection (HDCP) put this decryption into media playback hardware
Lower-end devices use software solutions (e.g. PKI)
Android DRM
Architecture
DRM Schemes
OMA
Widevine
…
OMA
open DRM standard published by the Open Mobile Alliance
Version 1 (Assume mobile terminal is reliable)
Forward-lock
Combined Delivery
Separate Delivery
Version 2
Separate content and license into two objects
Widevine
On Android >=3.0 the Widevine DRM plugin is integrated
Uses hardware-backed protection to secure movie content and user credentials
Android DRM Detail
Architecture
DrmManagerClient
All operations are done using DrmManagerClient to communicate with the DrmManagerServer
Procedure:
Register the device with an online DRM service.
Acquire the license
Extract constraint information from the license.
Save rights info
acquireDrmInfo()
Registration & Right acquisition
processDrmInfo()
?
Rights Management
acquireRights()
saveRights()
removeRights()
Read data
openConvertSession()
convertData()
closeConvertSession()
Device Support
Device support
Widevine, OMA v1 Forward Lock
on Nexus 5 & st70408
No plugins on Virtual Android Devices
Related Work
T6 kernel using ARM trustzone
Secure VNC
Secure DRM
Steal This Movie
Usenix Security 2013
Attack the software implementation
SierraVMI Virtual Mobile Infrastructure
Thanks
Made with Slides.com