DRM加密方案的研究与设计
|
摘要
随着网络通信、计算机技术的迅速发展,网络上传播的音视频、电子书、图片和软件等数字产品已经融入人们的日常生活。这些数字产品有着传播速度快、易复制和易分发等特点。因此,带给人们方便的同时网络侵权事件的发生越来越频繁,数字产品的盗版与侵权行为已经成为数字产业化最大的障碍。为保护数字产品的版权和其作者的合法权益,各界都投入了大量的资源来与盗版侵权做斗争,从而出现了数字版权管理(DRM)系统。DRM系统通过各种安全技术对数字产品进行封装,使得只有相关权限的用户才可以使用该数字产品而其他用户无法获取其内容,从而维护了版权所有者以及相关各方的合法利益。数据加密作为一种最基本的信息安全技术是DRM系统中对数字产品提供的最基本也是最安全的保护。然而,对数字产品进行加密处理是非常耗费系统资源和时间的。因此,采用何种方法使得数据加密处理能够高效、安全、连续的进行是一个值得深入研究的问题。
针对DRM系统中数据加密在单机处理模式下效率较低的不足,本文结合集群技术,提出M-S集群加密模型并对该模型进行两次优化处理,同时提出基于服务期望的集群加密调度算法来从整体并发处理上提高加密模块的处理效率,从而提高加密模块整体的服务能力。最后,在加密模块的设计中,针对传统密钥管理上的缺陷提出了三级密钥保护机制来保证密钥的安全;针对单个文件加密处理的安全和性能上的平衡问题提出自适应加密方案;针对加密模块在系统健壮性上的特殊要求提出断点恢复技术。从安全性、效率以及系统连续性上提高了加密模块的整体性能,对构建优秀的DRM加密方案有着重要的意义。
Along with the rapid development of network communication and computer technology,digital products spread on internet such as audio frequency and video, eBooks, pictures and software have been integrated into the daily life of people. These digital products have some characteristics such as spreading speedily, easy replication and distribution etc. However, the piracy incidents on line occurred more frequently while they bring convenience to people, and the piracy and tort of digital products has become the biggest obstacle to digital industrialization. To protect the copyright of digital products and the lawful rights of the authors, all social circles put in a great deal of resources to struggle with piracy, and then the Digital Rights Management(DRM) System appeared. DRM System encapsulates digital products by various of security technologies, making that only users who acquire related permissions can use the digital products but others can't get related contents, thus the interests of the copyright owners and the relevant parties can get guarantee effective. As one of the most basic information security technology, data encryption can provide the most basic and safest protection to digital products in the DRM System. However, it takes a very expensive system resources and time to encrypt digital products. Therefore, using what method can make the processing of the data encryption effectively as well as safe and continuous is a problem worth researching deeply.
Aiming at the problems of data encryption in the offline processing mode with low efficiency in DRM System, this paper proposes M-S cluster encryption model based on the cluster technology and the improved model that has been optimized twice. Meanwhile, the cluster encryption scheduling algorithm based on service expectation is presented to improve the efficiency of encryption module from the whole concurrent processing, improving the overall service ability of the encryption module. Finally, aiming at the defects of traditional key management, the three-level key protection mechanism is proposed to ensure the security of the encryption key during the design of the encryption module; To handle the balance between safety and performance of single file’s encryption, adaptive encryption scheme is presented; And breakpoint recovery technology is proposed to satisfy the special requirements of the system robustness in encryption module. The overall performance of encryption module is improved in terms of safety, efficiency and system continuity, and it has important significance to build excellent encryption schemes on DRM.
针对DRM系统中数据加密在单机处理模式下效率较低的不足,本文结合集群技术,提出M-S集群加密模型并对该模型进行两次优化处理,同时提出基于服务期望的集群加密调度算法来从整体并发处理上提高加密模块的处理效率,从而提高加密模块整体的服务能力。最后,在加密模块的设计中,针对传统密钥管理上的缺陷提出了三级密钥保护机制来保证密钥的安全;针对单个文件加密处理的安全和性能上的平衡问题提出自适应加密方案;针对加密模块在系统健壮性上的特殊要求提出断点恢复技术。从安全性、效率以及系统连续性上提高了加密模块的整体性能,对构建优秀的DRM加密方案有着重要的意义。
Along with the rapid development of network communication and computer technology,digital products spread on internet such as audio frequency and video, eBooks, pictures and software have been integrated into the daily life of people. These digital products have some characteristics such as spreading speedily, easy replication and distribution etc. However, the piracy incidents on line occurred more frequently while they bring convenience to people, and the piracy and tort of digital products has become the biggest obstacle to digital industrialization. To protect the copyright of digital products and the lawful rights of the authors, all social circles put in a great deal of resources to struggle with piracy, and then the Digital Rights Management(DRM) System appeared. DRM System encapsulates digital products by various of security technologies, making that only users who acquire related permissions can use the digital products but others can't get related contents, thus the interests of the copyright owners and the relevant parties can get guarantee effective. As one of the most basic information security technology, data encryption can provide the most basic and safest protection to digital products in the DRM System. However, it takes a very expensive system resources and time to encrypt digital products. Therefore, using what method can make the processing of the data encryption effectively as well as safe and continuous is a problem worth researching deeply.
Aiming at the problems of data encryption in the offline processing mode with low efficiency in DRM System, this paper proposes M-S cluster encryption model based on the cluster technology and the improved model that has been optimized twice. Meanwhile, the cluster encryption scheduling algorithm based on service expectation is presented to improve the efficiency of encryption module from the whole concurrent processing, improving the overall service ability of the encryption module. Finally, aiming at the defects of traditional key management, the three-level key protection mechanism is proposed to ensure the security of the encryption key during the design of the encryption module; To handle the balance between safety and performance of single file’s encryption, adaptive encryption scheme is presented; And breakpoint recovery technology is proposed to satisfy the special requirements of the system robustness in encryption module. The overall performance of encryption module is improved in terms of safety, efficiency and system continuity, and it has important significance to build excellent encryption schemes on DRM.
引文
[1]. Garnett N.. Digital rights management, copyright, and napster. ACM SIGecom Exchanges. 2001, 2(2). 1~5
[2]. Rosenblatt W., Trippe W., Mooney S.. Digital Rights Management: Business and Technologhy. New York:M & T Books. 2002
[3]. Liu Q., Safavi-Naini R., Sheppard N. P.. Digital rights management for content distribution. In: Proceedings of the Australasian Information Security Workshop Conferenceon ACSW Frontiers 2003. Australian Computer Society. Adelaide, Australia. 2003. 49~58
[4]. Co hen J. E.. DRM and privacy. Communications of the ACM. 2003. 46(4). 47~49
[5]. Feigenbaum J., Freedman M. J., Sander T., Shostack A.. Privacy engineering for digital rights management systems. In: Sander T. ed.. Security and Privacy in Digital Rights Management, Lecture Notes in Computer Science 2320. Berlin:Springer-Verlag. 2002. 76~105
[6]. Yu Yin-Yan. Digital rigths management for B2C, B2B, and C2C content distribution[Ph.D.dissertation].Peking University, Beijing. 2005
[7]. Erickson J. S.. fair use, DRM, and trusted computing. Communications of the ACM.2003.46(4).34~39
[8]. Fromm M., Gruber H., Schutz M.. Evaluation of digital rights management systems. Vienna University, Seminar Paper. 2003
[9].段钢.加密与解密(第三版)[M].北京:电子工业出版社. 2008
[10].范科峰,莫玮,曹山等.数字版权管理技术及应用研究进展[J].电子学报2007, 35(6):1139-1147
[11].陈晓苏,胡蕾,肖道举.一个基于PKI和数字水印的数字版权保护框架模型[J].计算机工程与科学2005, 27(6): 12-14
[12].俞银燕,汤帜.数字版权保护技术研究综述[J].计算机学报2005, 28(12): 1957-1968
[13].谭寒生.授权管理基础设施PMI系统的研究与实现.电子科技大学硕士学位论文. 2003
[14].刘杰楠.一种基于可信计算模型的文件加密系统的设计与实现.北京邮电大学硕士学位论文. 2008
[15].李萍.基于UCON模型的PMI系统的研究与实现.上海交通大学硕士学位论文. 2006
[16].陈顺平.基于UCON的通用权限控制服务平台设计与应用.中南大学硕士学位论文. 2007
[17].马兆丰,冯博琴,宋擒豹.基于动态许可证的信任版权安全认证协议.软件学报. 2004. 15(1)
[18].戴元军.信息隐藏与数字水印技术,http://www.ibm.com/developerworks/cn/security/l-info/,2002
[19]. Gelareh Taban, Alvaro A. C′ardenas and Virgil D.Gligor. Towards a Secure and Interoperable DRM Architecture, DRM’06, October, 2006
[20]. ContentGuard, Stephen Weeks, Andrew Wright. Models and languages for digital rights. In proceedings of the Hawaii International Conference on System Science,2001.
[21]. Jaehong Park, Ravi Sandhu. Originator Control in Usage Control. International Workshop on Policies for Distributed Systems and Networks (Policy02).June 0_5-07 2002.
[22]. Ravi Sandhu, Pierangela Samarati. Access control: Principles and practices.IEEE Communications, pages 40-48, Sep 1994.
[23].蔡伟鸿,彭思喜,胡斯捷.基于版权保护的数字内容安全交易系统的设计与实现.计算机工程与设计, 2005, 26(9), 2347-2350.
[24].蔡伟鸿,邓宇乔.一个具有公平匿名性的数字版权管理系统.计算机应用, 2006, 26(12), 2924-2927
[25].关振胜.公钥基础设施PKI及其应用.电子工业出版社, 2008. 15-93
[26].熊智,熊步云,周寅聃.基于蚁群算法的Web集群文档优化分布方案.计算机工程与设计, 2009
[27].买京京. Web服务器集群负载均衡技术研究.中北大学硕士学位论文. 2008. 18.
[28].李敬.集群系统集中管理平台的研究与实现.西北工业大学硕士学位论文. 2004. 11.
[29].董娜.基于Linux高性能负载均衡的集群系统的研究与实现.大连交通大学硕士论文. 2003. 12.
[30].黄曦. Web服务器集群负载均衡技术的应用研究.重庆大学工程硕士学位论文. 2004. 11.
[31].弋瑞录.实时多任务集群管理系统的研究.西北工业大学硕士学位论文.2006.7
[32].刘健.可伸缩服务器集群的研究与实现.国防科技大学工学硕士论文. 2002 . 16.
[33].张洪武.服务器集群与均衡技术研究.重庆大学软件学院硕士论文,2004:11-13.
[34]. The Linux Virtual Server Project - Linux Server Cluster for Load Balancing http://www.linuxvirtualserver.org/.
[35]. Joseph D Sloan. High Performance Linux Clusters: With OSCAR, Rocks, openMosix,and MPI. O'Reilly Media. 2004. 72-85.
[36].王鑫.一种改进的LVS动态负载均衡算法.中南民族大学. 2008. 50.
[37].王雪莲. Linux集群负载调度机制的研究.辽宁师范大学. 2008. 35-44.
[38].董耀祖,周正伟.基于X86架构的系统虚拟机技术与应用.计算机工程, 32(13), 2006
[39]. Boss G, Malladi P, Quan D, Legregni L, Hall H. Cloud Computing. IBM White Paper, 2007. http://download.boulder.ibm.com/ibmdl/pub/software/dw/wes/hipods/Cloud_computing_wp_final_8Oct.pdf
[40].陈康,郑纬民.云计算:系统实例与研究现状. Journal of Software, Vol.20, No.5, May2009. 1337?1348
[2]. Rosenblatt W., Trippe W., Mooney S.. Digital Rights Management: Business and Technologhy. New York:M & T Books. 2002
[3]. Liu Q., Safavi-Naini R., Sheppard N. P.. Digital rights management for content distribution. In: Proceedings of the Australasian Information Security Workshop Conferenceon ACSW Frontiers 2003. Australian Computer Society. Adelaide, Australia. 2003. 49~58
[4]. Co hen J. E.. DRM and privacy. Communications of the ACM. 2003. 46(4). 47~49
[5]. Feigenbaum J., Freedman M. J., Sander T., Shostack A.. Privacy engineering for digital rights management systems. In: Sander T. ed.. Security and Privacy in Digital Rights Management, Lecture Notes in Computer Science 2320. Berlin:Springer-Verlag. 2002. 76~105
[6]. Yu Yin-Yan. Digital rigths management for B2C, B2B, and C2C content distribution[Ph.D.dissertation].Peking University, Beijing. 2005
[7]. Erickson J. S.. fair use, DRM, and trusted computing. Communications of the ACM.2003.46(4).34~39
[8]. Fromm M., Gruber H., Schutz M.. Evaluation of digital rights management systems. Vienna University, Seminar Paper. 2003
[9].段钢.加密与解密(第三版)[M].北京:电子工业出版社. 2008
[10].范科峰,莫玮,曹山等.数字版权管理技术及应用研究进展[J].电子学报2007, 35(6):1139-1147
[11].陈晓苏,胡蕾,肖道举.一个基于PKI和数字水印的数字版权保护框架模型[J].计算机工程与科学2005, 27(6): 12-14
[12].俞银燕,汤帜.数字版权保护技术研究综述[J].计算机学报2005, 28(12): 1957-1968
[13].谭寒生.授权管理基础设施PMI系统的研究与实现.电子科技大学硕士学位论文. 2003
[14].刘杰楠.一种基于可信计算模型的文件加密系统的设计与实现.北京邮电大学硕士学位论文. 2008
[15].李萍.基于UCON模型的PMI系统的研究与实现.上海交通大学硕士学位论文. 2006
[16].陈顺平.基于UCON的通用权限控制服务平台设计与应用.中南大学硕士学位论文. 2007
[17].马兆丰,冯博琴,宋擒豹.基于动态许可证的信任版权安全认证协议.软件学报. 2004. 15(1)
[18].戴元军.信息隐藏与数字水印技术,http://www.ibm.com/developerworks/cn/security/l-info/,2002
[19]. Gelareh Taban, Alvaro A. C′ardenas and Virgil D.Gligor. Towards a Secure and Interoperable DRM Architecture, DRM’06, October, 2006
[20]. ContentGuard, Stephen Weeks, Andrew Wright. Models and languages for digital rights. In proceedings of the Hawaii International Conference on System Science,2001.
[21]. Jaehong Park, Ravi Sandhu. Originator Control in Usage Control. International Workshop on Policies for Distributed Systems and Networks (Policy02).June 0_5-07 2002.
[22]. Ravi Sandhu, Pierangela Samarati. Access control: Principles and practices.IEEE Communications, pages 40-48, Sep 1994.
[23].蔡伟鸿,彭思喜,胡斯捷.基于版权保护的数字内容安全交易系统的设计与实现.计算机工程与设计, 2005, 26(9), 2347-2350.
[24].蔡伟鸿,邓宇乔.一个具有公平匿名性的数字版权管理系统.计算机应用, 2006, 26(12), 2924-2927
[25].关振胜.公钥基础设施PKI及其应用.电子工业出版社, 2008. 15-93
[26].熊智,熊步云,周寅聃.基于蚁群算法的Web集群文档优化分布方案.计算机工程与设计, 2009
[27].买京京. Web服务器集群负载均衡技术研究.中北大学硕士学位论文. 2008. 18.
[28].李敬.集群系统集中管理平台的研究与实现.西北工业大学硕士学位论文. 2004. 11.
[29].董娜.基于Linux高性能负载均衡的集群系统的研究与实现.大连交通大学硕士论文. 2003. 12.
[30].黄曦. Web服务器集群负载均衡技术的应用研究.重庆大学工程硕士学位论文. 2004. 11.
[31].弋瑞录.实时多任务集群管理系统的研究.西北工业大学硕士学位论文.2006.7
[32].刘健.可伸缩服务器集群的研究与实现.国防科技大学工学硕士论文. 2002 . 16.
[33].张洪武.服务器集群与均衡技术研究.重庆大学软件学院硕士论文,2004:11-13.
[34]. The Linux Virtual Server Project - Linux Server Cluster for Load Balancing http://www.linuxvirtualserver.org/.
[35]. Joseph D Sloan. High Performance Linux Clusters: With OSCAR, Rocks, openMosix,and MPI. O'Reilly Media. 2004. 72-85.
[36].王鑫.一种改进的LVS动态负载均衡算法.中南民族大学. 2008. 50.
[37].王雪莲. Linux集群负载调度机制的研究.辽宁师范大学. 2008. 35-44.
[38].董耀祖,周正伟.基于X86架构的系统虚拟机技术与应用.计算机工程, 32(13), 2006
[39]. Boss G, Malladi P, Quan D, Legregni L, Hall H. Cloud Computing. IBM White Paper, 2007. http://download.boulder.ibm.com/ibmdl/pub/software/dw/wes/hipods/Cloud_computing_wp_final_8Oct.pdf
[40].陈康,郑纬民.云计算:系统实例与研究现状. Journal of Software, Vol.20, No.5, May2009. 1337?1348