CE39 - Sécurité globale, résilience et gestion de crise, cybersécurité

Attacks and Security Analysis of Digital Rights Management Systems – DRAMA

Submission summary

The world almost fully moved over earlier days of owning video files in their devices. Today, the most prevalent model is subscription-based services, where media can be played as often as the user wishes, but becomes unavailable when a user stops paying for the service. Thus, content providers rely on DRM (Digital Right Management), which is a technology that aims to protect media from illegal distribution. Modern DRMs ship content in an encrypted form, and then control their decryption through authorized players on users’ devices. The (in)security of DRM systems has a long history of hacking and patching by practitioners, but unfortunately still widely misunderstood. This resulted in a brittle security that mostly depends on design secrecy. The DRAMA project proposes to treat this topic with the rigor that it needs in order to uncover the inherent properties of these systems. Our goal is twofold: (1) identifying common attack vectors within deployed systems, and (2) formally studying existing open DRM standards. A particular aspect of DRM security is that it spans multiple domains: software analysis, cryptography, and protocols verification. Thus, in our project, we propose a methodology involving all aspects of DRM from design to implementation. This also involves building a set of tools to generically reverse engineer deployed proprietary systems. Progress in this domain does not only benefit industry, but also of interest for researchers. Indeed, it helps formalizing previously unstudied security properties (e.g., content piracy), as well as improving software analysis techniques of obfuscated code.

Project coordination

Mohamed Sabt (Université Rennes 1)

The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.


IRISA Université Rennes 1

Help of the ANR 193,032 euros
Beginning and duration of the scientific project: December 2022 - 48 Months

Useful links

Explorez notre base de projets financés



ANR makes available its datasets on funded projects, click here to find more.

Sign up for the latest news:
Subscribe to our newsletter