Ebook DRM Protection: ebook formats & security options

Amazon Kindle, Google Play and Adobe ebook DRM

Kindle readers support three different file formats: MOBI, EPUB or PDF.  The MOBI format uses Amazon’s own DRM where EPUB and PDF ebooks are protected using Adobe’s DRM (Adobe ADEPT / Adobe Content Server).  Google Play uses Adobe’s DRM.

Type in ‘Kindle DRM’ in Google Videos and all of the first page results are for instructions on how to easily remove it (use Calibre plugin, converting Kindle to PDF, etc.).

Type in ‘Adobe Digital Editions DRM’ in Google and all of the first page results (apart from one for the Adobe site) are for instructions on how to easily remove it.

So you may wonder what protection your ebooks are actually getting against piracy and theft if the security can be easily removed?  If you trust users not to use ebook DRM removal tools then you might equally trust them not to share your ebooks with others and therefore have no need to implement DRM security to begin with.

HTML5 and ebook DRM

An alternative to using the above platforms for ebook distribution and protection, is using software to generate an HTML5 ebook.

However, protecting ebooks in a browser is limited because there is no software installed on the client computer to decrypt the content or provide significant control over it once it has been decrypted.  Protected content either has to be decrypted on the server and relayed to the client (some bad implementations decrypt straight to disk where it is left available in the cache in plain text) or by using JavaScript in the browser.  Each has its limitations.

For instance:

• you cannot prevent users sharing login details and thus ebooks with others
• if you allow printing then you cannot prevent users printing to PDF format and removing all the protection
• you cannot prevent screen grabbing

Tools to remove ebook DRM

There are many tools available to remove ebook DRM from MOBI, EPUB and PDF files.  The most popular are:

• Calibre and DeDRM plugin – removes DRM from Adobe Digital Editions and Kindle DRM
• Epubor – provides a range of tools to remove DRM from Adobe, Amazon and others
• EPubsoft ToolBox – removes DRM from all common ebook formats

You might ask why are these ebook DRM applications so successful?  And that is because the DRM security has been implemented as an afterthought (and usually rather badly) enabling applications to either plugin to (to access the content as it is decrypted or intercept the decryption keys) or pickup unprotected content that has been directly cached to disk.  This is nothing new – Elcomsoft pointed out the issues with Adobe PDF DRM and other ebook protection methods back in 2000 – 20 years on and nothing has changed.  See PDF Security issues and weak ebook DRM implementations for further information.

Adobe’s standard security handler uses RC4 stream cipher encrypting file content with an unique encryption key.  The encryption key is encrypted and stored in the PDF file’s encryption dictionary. Either the user password or owner password can recover the encryption key and decrypt the file content. Removing PDF Passwords covers this subject in more detail.

In 2009 Adobe Digital Editions DRM was broken by i♥cabbages allowing users to remove the DRM protection from Adobe ebooks.  They commented “There is very little obfuscation in how Adobe Digital Editions hides and encrypts the per-user RSA key, allowing fairly simple duplication of exactly the same process Digital Editions uses to retrieve it”.   5 years later, in 2014, Adobe released Adobe Content Server 5 which in their own words “A more secure Digital Rights Management scheme to protect EPUB and PDF files from unauthorized viewing.  The new hardened DRM solution uses multiple encryption layers with Adobe Licensing server having the control to change the mechanism of encrypted key generation.”  Yet the ebook DRM removal products still claim to remove it proving that it does not matter how many layers of encryption you have, it is how you implement the security that really matters.

Publishers who implemented the latest edition were also in for a shock.  Customers reported losing e-books from their libraries after having upgraded to the latest version of Adobe Digital Editions.  Access being denied to PDF documents and ebooks after an Adobe update is not new.  Companies that have implemented the Acrobat PDF DRM plugin have also had furious customers unable to access protected PDF files since every time Acrobat is updated the PDF DRM plugin no longer works.

PDF ebook DRM

PDF is still the most common format for document distribution since it produces reliable results across all platforms.  However, if you are serious about protecting PDF ebooks from piracy and theft and are happy to provide your own means of distribution then using an ebook DRM that does not rely on Adobe (or a third party DRM plugin to Acrobat since they also rely on the Adobe Security Handler) is clearly the way forwards.

Locklizard ebook DRM

Locklizard ebook DRM protects PDF files using strong encryption and DRM controls to ensure your ebooks are protected against simple DRM removal applications.

We stop printing to PDF, stop screen grabbers and lock ebooks to devices so they cannot be shared.  If you don’t want users to have to install a Viewer then you can distribute your secure ebooks on a USB stick that includes the Viewer software.  Users can then open protected PDFs directly from USB without installing any software.  You can publish whole ebook libraries on USB sticks and then later grant access to individual books.  User can also add new ebooks as you publish them and you can grant access accordingly.

Locklizard ebook DRM enables you to sell ebooks securely without insecure passwords or plug-ins, and enforce access, location, expiry, and usage controls.  Our DRM technology ensures your ebooks remain safe no matter where they reside with US Gov Strength encryption, licensing, and DRM controls.  Ebook content is decrypted in memory and no temporary files are used.