1 c r y p t o g r a p h y r e s e a r c h, i n c : l e a d e r i n a d v a n c e d c r y p t o s y s...
TRANSCRIPT
1
C r y p t o g r a p h y R e s e a r c h , I n c : L e a d e r I n A d v a n c e d C r y p t o s y s t e m s ™ 1
Objectives for Securing Next-Generation Optical Discs
Cryptography Research, [email protected]
2
C r y p t o g r a p h y R e s e a r c h , I n c : L e a d e r I n A d v a n c e d C r y p t o s y s t e m s ™ 2
Guiding Principles
• Free market economics- Technical systems should enable market-
based solutions to security problems.
• Risk management- Piracy is a problem like credit card fraud,
and is neither feasible nor necessary to eliminate completely.
• Best practices- Systems need to provide the best range
of security features with the best possible assurances of security.
3
C r y p t o g r a p h y R e s e a r c h , I n c : L e a d e r I n A d v a n c e d C r y p t o s y s t e m s ™ 3
Principle: Free Market Economics• Studios and CE/IT companies should
maximize their profits by meeting customer demand while working to control piracy.
• Vendors that provide tools should compete to offer studios the best systems and security features.
• Security decisions should be based on cost/benefit analysis.
4
C r y p t o g r a p h y R e s e a r c h , I n c : L e a d e r I n A d v a n c e d C r y p t o s y s t e m s ™ 4
Principle: Risk Management
• Content owners should gain as much knowledge as possible about piracy events when they occur.
• For every attack, including unexpected attacks, content owners should have the broadest possible range of responses.
• Parties that incur risk should have the ability and responsibility for controlling it.
5
C r y p t o g r a p h y R e s e a r c h , I n c : L e a d e r I n A d v a n c e d C r y p t o s y s t e m s ™ 5
Principle: Best Practices
• Security should be based on strong cryptography and other well-understood primitives and techniques.
• Designs should be produced by experienced experts whose objective is to mitigate piracy.
• Parties that rely on the security should be able to evaluate and understand it.