Button Up

News

29.04.2013

Introduction

The popularity of electronic books has increased dramatically within the last five years as mobile devices have become widely spread. As amount of sales grows, amount of losses resulting from illegal copying becomes more tangible. Thus, stores selling e-books have to take measures to protect the books from being copied. In particular, large stores, that sell books for mobile devices, fight against illegal copying in the following ways:

Store

Company

Methods used for protection against illegal copying

Amazon Books

Amazon

A proprietary DRM system based on book encryption. Encryption is individual for a user.

GooglePlayBooks

Google

Two approaches are applied: online book browsing and encrypting books using Adobe Content Server, a DRM system. Encryption is individual for a user.

iTunes Books Store

Apple

FairPlay, a proprietary DRM system, based on the book encryption. Encryption is individual for a user.

 

Electronic Book Formats

Electronic books may be distributed in a great number of formats. Some formats include embedded features for interaction with DRM systems.

Format

Description

Functionality for integration with DRM systems

PDF

This is one of the oldest formats for electronic documents. It enables representation of complicated text formats and images as well as usage of different fonts.

The format is compatible with Adobe Content Server DRM system. Separate streams in a file are encrypted by RC4 algorithm to provide protection. In the end of a protected file, an additional object is added after %%EOF tag, which contains information on encryption.

EPUB

This is an HTML-based format. All required resources of an e-book (texts, images, styles) are packed into a ZIP archive with EPUB extension.

Encrypting a part of resources or all resources in a file is supported. A user is provided with a decryption key when he/she buys an e-book.

AZW

This is a proprietary format used on Amazon’s Kindle reading devices. This format uses its own binary representation of HTML content.

The format is specifically designed for use with Amazon’s DRM system.

KF8

This format is a further development of AZW format with the support of additional page formatting types.

As above.

If integration with a DRM system (e.g. a simple TXT format) is not allowed in a format, a file can be entirely encrypted. E-books are also distributed packed with a book reading application. In this case a book looks like an application for a user. This imposes certain limitations. When it is used, a book is represented only by means of an application embedded into it, making it impossible to use it on different platforms. Such a book is protected by application protection functionality.

 

DRM Systems for E-book Protection

Although there are many e-book formats, as a rule, they use one and the same DRM system. It allows reading books purchased in different stores on the same device, and creating universal applications for e-book reading. We will review the most popular DRM systems.

 

Adobe Content Server (also referred to as Adobe ADEPT)

This DRM system consists of an e-book encryption system and a system of server software installed in the e-book store. The server is responsible for managing user accounts and devices as well as distributing keys for book decryption. SDK, which enables developers to embed interaction with the server and file decryption into applications, is distributed among developers of book reading applications.

A typical scheme for buying an e-book is:

  • A reading application creates a unique user key. As a rule, it is unique for a given user account, but not for a device; thus, protected books may be read on different devices of a user.
  • When buying a book, a user receives a key for its decryption (the book key), which is itself encrypted with a user key. RSA algorithm is used for encrypting the book key.
  • When opening a book, a reading application uses a user key known to it to decrypt the book key and the book itself.

If a book and its encrypted key are simply copied to another device, the book cannot be decrypted, because the user key required for decrypting the book key is not known. The book key is not stored in decrypted form on a device. To read the book on another device, this device is to be authorized in the system. When authorization is performed, the user key is transferred to a new device.

Additional DRM restrictions may be implemented in a reading application, e.g. disabling printing or disabling browsing after a certain date. Adobe supplies Adobe DigitalEditions, an out-of-the-box application for reading e-books in PDF and EPUB formats, which uses this DRM system.

 

StarForce Content

SFContent is an universal DRM system to protect PDF books and any publisher can afford it. It currently supports Windows, Android, iOS and macOS. For more details please visit www.sfcontent.com.

 

FairPlay

This is a set of DRM technologies for protecting different file types on Apple devices. It includes separate protection systems for executable applications, e-books, video, and audio, referred to by one name. In general, this DRM system for book protection is similar to Adobe Content Server.

 

DRM System of Amazon Books

Since Amazon independently develops its DRM system, store, software, and book reading hardware, public information on this DRM system is minimal. It seems that, in general, it operates in the manner similar to Adobe Content Server.

 

Vulnerabilities of E-book Protection Systems

Three main methods of e-book protection are used. Each of them has its own vulnerabilities.

Protection method

Vulnerability

Online browsing

Screenshots of pages can be made. In this case the book content is represented in a graphic form, i.e. the quality of representation is low. Additional loss of quality is observed if a book contains many images.
A plug-in may be developed for a browser to enable making page copies from the browser. Whether quality is lost at that or not depends on implementation of protection and cracking.

Encrypting a book or some part of a book

A decrypted book key may be intercepted in a reading application and the whole file can be decrypted. Despite all the efforts of reading application developers, the key still can be intercepted in such applications. As a result, the most of the DRM systems based on book encryption are cracked in this way. There are many paid and free utilities for file decryption and removing restrictions.

A book represented as an application

There are two ways of penetration:

  • Cracking an application. The difficulty depends on the used application protection system.
  • Restoring an e-book from its application resources. This method is based on the fact that integration of a reading application and text of a book is usually low, because application books are created on the basis of applications developed for reading an external file. As a result, text of a book may be easily separated from a reading application, and a malicious user may take advantage of this fact.

However, books represented as applications show higher protection potential than other methods of protection mentioned above.

 

Conclusion

Currently there are no really reliable means for e-book content protection: some of them are not enough protected from penetration (online browsing, encryption), others are not flexible enough to be used on different platforms (a book represented as an application). Thus, the problem of e-book protection from illegal usage still remains.

book copy protection

About StarForce Technologies

StarForce Technologies (www.star-force.com) is a leading vendor of information protection, copy protection and code obfuscation solutions for software, electronic content and audio/video files. Since 2000, StarForce has been successfully developing and implementing its state-of-the-art security solutions, providing copyright and intellectual property protection worldwide. Two of these solutions were transformed into StarForce cloud services: sfcontent.com protects e-Documents against illegal copying and distribution and sfletter.com secures emails.

StarForce is a reliable and responsible Technological Partner for enterprises potentially incurring losses due to cyber-gangs, hackers, software piracy, unauthorized data access and information leaks. StarForce’s customers are Russian Railways, Corel, 1C, Mail.ru, Aeroflot, SUN InBev Russia, AMD Labs, ATC International, MediaHouse, Russobit M, New Disc, Buka, Snowball, 2Play, GFI, CENEGA, Akella, etc.

Press contacts:
pr@star-force.com

Back to the list

News

16.02.2023
We have released a new version of StarForce Reader for Android
19.01.2023
We have released a new version of StarForce Reader for iOS
13.01.2023
We have released a new version of StarForce Reader for macOS
26.12.2022
We have released a new version of StarForce Reader for Windows
Copy protection of audios and videos for Apple macOS
Data protection on USB