effective protection of intellectual property with drm ...€¦ · outsourcing increasing risks ......

Effective protection of intellectual propertywith DRM technology

Dr. Gunter BitzSAP Fraud Prevention Competence Center

Teletrust Roundtable

Feb, 5th 2007, San Francisco

SAP AG 2007, SAP Fraud Prevention Competence Center / Dr. Gunter Bitz / 2

The Need for Enterprise RM

The dissolving enterprise perimeter

The data itself must be secured and controlled

Outsourcing increasing risksExternal sharing of intellectual propertyWorking with partners that work with your competitors

Actions of employeesCareless usage of e-mail & large distribution listsIntentional forwarding of information

Collaboration with Externals

Security & Trusted Computing

Rights Management Technology overview

Concept for Enterprise Rights Management

Local Policy Enforcement: An Alternative







RM - How local Policy Enforcement works

EncryptSet Policy

AuthenticateRetrieve key

Content policy and key stored

Portal

Repository

E-mail

Owner RecipientDataExchange

Central control by Information owner

Recipient cannot modify rights


DRM use cases / BC considerations

Fulfill compliance requirements: SOX, HIPAA, Japan data & privacy act, …

Data protection in outsourced business processes (e.g. 4R)

Industrial espionage

Disgruntled employees / Change of employment to competitors

E-mails leaving company environment

Cooperation with Externals (customer, partner)

Board and Supervisory board meetings

Insider information

E-learning and documentation

Admin password distribution

Contract drafts, merger & acquisition

IP and trade secrets

Strategic development information

HR data (salary, address)

CRM data (opportunity pipeline)

All data in content management systems

Most use cases focus on small target groups


Gartner’s Security Technology Hype Cycle

Less than two years

Two to five years

Five to 10 years

Key: Time to Plateau

Technology Trigger

Peak of Inflated

Expectations

Trough of Disillusionment

Slope of Enlightenment

Plateau of Productivity

Maturity

Visibility

As of 15 February 2005

Content Monitoringand Filtering

Biometrics

Security Compliance Tools

Database Security

Deep-Packet Inspection Firewalls

EnterpriseDigital Rights Management

Enterprise Federated Identity

IAM

Instant Messaging Security

Managed Security Service Providers

Patch Management

EnterpriseReduced Sign-On

NAC

SSL VPNsSSL or Trusted-Link Security

SEM andSIM

SmartTokens

Antispyware

Trusted Computing Group

Vulnerability Management

Web Services Security Standards

WPA Security

Hardware Tokens

Role Management

Data-at-Rest Appliances

Antiphishing

Public Key Operations

Business Continuity Software

E-Signature

Host IPS

Network IPS

Spam Filtering

E-Mail Encryption

Acronym KeyIAM = identity and access management SEM = security event management VPN = virtual private networkIPS = intrusion prevention system SIM = security incident management WPA = Wi-Fi Protected AccessNAC = network access contol SSL = Secure Sockets Layer







Enterprise RM: Integration ideas

Editing RM Policies and assigning them to documents is time consuming!

RM Policy depends on employee’s role & document type

Identity Management System: Predefined roles for all document classification levels and

document types

Other Integration Points:Storage location of document in content management system

Policy depends on initial storage location (data room concept)

Dynamically generated contend (by ERP Systems)Keep existing authorization objects RM Policy


Integration: IAM with RM Policy Server

Identity & AccessManagement

• Business Intelligence• Data Warehouse

RM Policy Server

• ERP Applications• CRM• SCM

• ContentManagement• Portals• File shares• Local Storage

Client• strong Authentication required


Identity Management Infrastructure with RM

Email

B2B Web

ServiceDirectoryERPOffice

DataAccess

Pro-visioning

Enterprise Network

Directory Security

Infrastructure Access

End User Applications


Role based authorization model for RM

Office-Applications

Directory

Service (IAM)

Other

Attributes

Users

Document

Access-Rights

RM Security Policy

Documents

Roles or

Groups

• Classification Level

• Document Type


Integration of Document Classification technologies

Challenge: Automatic document classificationType of document and data

Recipient / Target Group

Classification level

Employee’s role and position

Possible Solution: Linguistic content scannersNo mature products available yet


Example: Integration with content management systems

Content Management System

1. check-in unprotected document

2. authorization objects

DRM policy server

3. DRM policy

Client(authorized)

4. DRM protected document stored in

system

Client(authorized)

5. client receives protected document


A Typical Document lifecycle

Archive /Destroy

Publish

EditCreate

EachCycle:Triggerfor new

DRMPolicy

Set

Point of Integration:

Portal or ContentManage-

mentSystem


Example: Integration with ERP Systems

Application Serverwith DRM extension

1. Data Export Request

Client(authorized)

2. Authorization Objects

DRM Policy Server

3. DRM Policy

4. DRM protected data

5. data forwarded to other clients (e.g. via email) Client

(authorized)

Client(not

authorized)

7. Read ok –Decryption Key issued

8. Readnot ok

6. read requests








DocumentsAuthor: Company A

• Company A is Author• Company B gets writeaccess• Company B gets no further rights

Company A Company B

• Company B can modifydocuments as defined in the collaboration• Company B cannot disclose information to 3rd party


Challenges: 1. Interoperability

2 PartnersMutual agreement vs.

Law of the strongest

Multiple Partners???


Smallsuppliercompany

Interoperability between multiple customers

Customer KRM Solution K

Customer BRM Solution B

Customer ERM Solution E

Customer IRM Solution I

Customer FRM Solution F

Customer HRM Solution H

Customer ARM Solution A

Customer LRM Solution L

Customer DRM Solution D

Customer CRM Solution C

Customer JRM Solution J

Customer GRM Solution G

HELP !!!!…we need aStandard!


Interoperability: RM Standards

XrML (eXtensible rights Markup Language),

ODRL (Open Digital Rights Language) and

XMCL (Extensible Media Commerce Language)

BUT

No interoperability between heterogeneous Policy Servers!

No interoperability between Policy Server and non-native clientKey material (for document access) is stored on policy server of issuing entity

Policy servers issue “read licenses” to their native clients only







Security: Attack Vectors 1

Black Box Attack:Direct Attack to RM protected and encrypted document

Direct Attack to RM Policy Server

Both methods are Very difficult, require high skills

If encryption is implemented flawlessly brute force onlyAES 128 is believed to be secure the next 50 – 60 years


Security: Attack Vectors 2

Hardware & I/O

Kernel

Application / RM Client

Drivers

Prevent Policy Enforcement

Grab output data

Copy or modify memory

All sort of bus attacks & “Analog Hole” problems

Client AttacksClient Components

Application / RM Client


Microsoft: Protected Infrastructure for Multimedia


Trusted Computing: A possible solution

Trusted Computing defines the secure and non-forgeable measurement of the state of a node.

The node can change it’s status at will (from “secure” to “insecure”) but it can not deny of having done so.

Attestation is performed for each part of code from start-up Integrity Measurement (of the node)

This form of attestation can be performed remotely via network.

Digital signatures proof correctness of measurement

As of today: Available only for “secure startup”.

Lack of a trusted operating system


Rights Management with Trusted Computing

TNC Specification of the Trusted Computing Group







Local Policy Enforcement

DGServer

DGComm (with IIS): Receives the activity data from Agents.The data are inserted into the DG Database.

DGMC: DG Management Web interface.Database: Stores information for reporting, events, activities

and other necessary functions of the DG system.

DG Agent (Client PC)

Administrator

DGMC access1080/tcp to the server

Communication requirement1080/tcp from the client to the server

AD


Findings from Verdasys reports

Activity – File Copy to Removable Media 1/2 Duration: 9/26-10/24



Application activity – file copy to removable media 2/2

1. There were 8 activities detected by Verdasys on 10/15/2006

2. Breakdown 7 explorer activities

3. Break down the activity recordThe user seems backup D: and E: drive to external storage



Activity – Network Upload of Files

3. Break down the activity recordThe user seems to upload a completeweb page to a web server

Duration: 9/26-10/24

2. Breakdown ftpte activities

1. There were 10,000 activities detected by Verdasys on 09/13/2006


Pilot project: Process flow for file movement analysis

Identification Monitoring Analysis Filtering Reporting

Identification of

confidential

data sources

(by folder level)

by business

owner

(Mangers).

A final report

and a risk

exposure

estimation is

produced

Results (here:

23,000 files)

are (manually)

filtered to

identify critical

files, which

could endanger

SAP’s business

when disclosed

Data is

analyzed for

files from

confidential

data sources

which end up

on insecure

media (USB,

CDR, Network)

Digital

Guardian tool

records all file

movement

activity over a

period of 2

months for 500

users


86%

14%

95%

65%

5%

35%

0%

20%

40%

60%

80%

100%

120%

Files ending up on

insecure devices

compared to all file

movements

How many of the files

ending up on insecure

devices are

confidential?

Of all confidential files

that are copied or

moved, how many end

up on insecure

devices?

All Files, secure Media

All Files ending up on

insecure media

Confidential* files ending

up on insecure media

Confidential* Files,

secure Media

*Confidentiality is defined in terms of location, not content

35% of accesses involving confidential shares lead to files ending up on insecure media

File Movement Observed (qualitative)


Conclusion & Outlook

Trusted Computing will help to maintain control when sharing confidential information with partners / externals – but: not supported yet.

Lack of Trusted Operating System weakens TC capabilities

Interoperability of Rights Management Solutions required

Integration of RM is key to success for mass usageIdentity & Access Management

Content Management Systems

ERP Systems

Start with high risk areas today!

Local Policy Enforcement as alternative for internal use


Effective Protection of IP (!?)

Thank you for your attention !Any questions ?

Effective protection of intellectual propertywith DRM technology

Dr. Gunter Bitz

gunter “dot” bitz “at” sap “dot” com

(E-Mails are welcome - SPAM is not)