The area of E-book DRM is a hotly debated topic. Some argue that DRM makes E-book publishing complex, while others have shown that eliminating or relaxing DRM might be good financially for the publishers due to the increase in legitimate buyers outweighing the effects of piracy.
There are four main E-book formats available today, they are Mobipocket, Topaz, ePub and PDF. The challenge of implementing DRM schemes on E-book formats is complicated by the rapid changes in the hardware devices that read them, as well as the changes in businesses that publish/sell E-books. As a result, many technologies end up being obsolete not long after they are adopted.
Adobe Adept DRM
Adobe’s Adept DRM is developed by Adobe and used in the Adobe DRM software Adobe Content Serve, and is applied to ePubs and PDFs, which can be read by many third-party e-book readers, as well as Adobe’s Digital Editions software. The DRM uses a complex crypto system. Each book is encrypted using a per-book key, and this key is encrypted again using a per-user key and RSA with PKCS#1 v1.5 padding . The cipher used to encrypt the book content is AES in CBC mode with a random generated IV.
On paper, this encryption scheme ensures a strong DRM mechanism. However, it was soon observed that the software used to read ePubs and PDFs, Adobe Digital Editions, uses a very weak obfuscation to hide the per-user key. An attack that uses reverse-engineering on the software reveals a rather easy method of retrieving the per-user key from the software and use it to decrypt other Adept encrypted PDF or ePub file. Newer versions of the Adobe Digital Editions use more cryptic ways of hiding the per-user key, but attacks still exist to retrieve it from the registry.
FairPlay is a DRM scheme from Apple. It was initially used for its music store to protect audio files, but was soon also adopted in ePub files designed for Apple’s iBooks app on iOS devices. The system encrypts the file using AES in combination with MD5 hashes. For key management, FairPlay uses a master key for decryption, and a user key which decrypts the master key, both of which are stored together with the data in the file. Due to the local nature of the key storage and encryption processes, similar to Adobe’s Adept DRM, many attacks exist to break the encryption by reverse-engineering the local applications and retrieving the user key, or exploiting the authentication process and disguising the attack as legitimate software to obtain unlocked files.
Mobipocket and Topaz
Amazon has engineered its own version of DRM in their Kindle for PC application (K4PC). The Kindle proper and Kindle for iPhone/iPod app both use a single “device” encryption key for all restricted content. K4PC uses the same (proprietary) encryption algorithms, but also uses a per-book session key for the actual en/decryption. Furthermore, the obfuscation that is used in hiding the device key is highly sophisticated.
Microsoft Reader and Ereader
Microsoft Reader is Microsoft’s own E-book application that exclusively reads e-books in the .lit format. The application contains its own DRM software. The system imposes three levels of control, each with increasing limit on how the file can be used. The first level is called sealed e-books, which have no restriction and only prevents modification to the document text itself. The second level is called inscribed e-books. These files include a digital ID tag that identifies the owner of the e-book, thereby discouraging any illegal copying and sharing of the file. The last level is called owner exclusive e-books. These files are encrypted and linked to the user’s online account. The computer that downloads the file is the only device that is allowed to view the file.