Converged Experiences - WikiLeaks Protection/Encryptonite... · “states” in volatile memory or...

Converged Experiences

1


2© 2011 Motorola Mobility, Inc. – Confidential Proprietary

Content Processing Challenge for Multi-Screen

MS PlayReady

Apple Fairplay

Devices

MS Smooth Streaming

Apple HLS

Google Adaptive Streaming Widevine

Linear Content

VOD

Premium

SecurityContent Delivery

Adobe Dynamic Streaming Flash Access

Other Adaptive Streaming Other DRM



Content Owner/Operator Issues to Overcome

• Escalating costs of encoding, storage and distributing in multiple formats for multiple devices

• Need robust security across multiple platforms but don’t want to…..

• sacrifice user convenience

• incur expense of running several DRM systems

• deal with overly complex DRM implementations on various devices

• Security is not static

• Different security challenges based on device design and available resources

• As device capabilities improve, security should improve to enable higher value content



Simplifying the Process

HLSAdaptive Streaming

SecureMedia Encryptonite ONE™ DRM

Linear Content

VOD

Premium

DevicesSecurityContent Delivery

Encryptonite ONE HLS+



Encryptonite ONE HLS+™

• Based on the HLS IETF draft spec with SecureMedia’s Encryptonite ONE DRM integrated

• HLS gaining broad acceptance in the market – de facto standard

• Best protocol for reaching the iPhone and iPad

• HLS easy-to-deploy. Edge caching simple and cheap using “standard” Internet technologies and methods. Fits well with broadcast workflows.

• HLS+ offers a common ingestion process on the headend to streamline content processing, storage and delivery

• Encryptonite ONE provides robust content security

• Same Encryptonite functionality, Indexed Encryption™, iDetect, etc.

• Customization done at the client

• Native media players and decryption leveraged where possible (e.g. iPhone / iPad)

• SecureMedia delivering DRM-integrated adaptive media players where needed (e.g. PCs, Android devices, game consoles, etc.)



CDNContent Ingestion

Encryptonite SystemServers

Key Server Key Vault

Client Device

HTTP Servers

Content Ingestion

MediaPassServer

HLS+ Client

VOD Files(Satellite, FTP, etc.)

Broadcast Feeds(Satellite)

Encryptonite ONE HLS+ System Components

Key

EncryptedContent

Rights

Keys

Multi-bitTranscode

VODEncryptor

HLSChunker

Multi-bitTranscode

Broadcast Encryptor

HLSChunker

SP ClientApplication

Web Portal

Content Portal

SecureMedia HLS+



Encryptonite ONE HLS+ Clients Overview

• PCs• WMP plug-in integrating Encryptonite Decoder and HLS

client • Android devices

• Player application integrating the Encryptonite Decoder Client and HLS stream manager

• iOS devices and Macs• Encryptonite client application handles device registration,

authentication, rights management and key handling• Content decryption and rendering takes place in native

player• Playstation 3

• Signed application implemented in DRM layer• Development roadmap

• IP and hybrid STBs (Motorola & others)• Internet-connected TVs• Internet-connected Blu-rays,• Additional game consoles



PC Player

• WMP plug-in integrating Encryptonite and HLS+ stream manager client • Runs under ActiveX control in webpage or within WMP

“shell”• Video source, demux, decoding, and decryption implemented as

single integrated DirectShow filter within WMP to protect compressed video data • Monolithic filter only connects to the WMR Renderer

• Output protection detected and enabled using Windows COPP or OPM protocols

• iDetect™ Tamper Detection• Specs

• Video: H.264 in MPEG-2 TS (CBR & HLS), Audio: AAC, MPEG-1 L2

• OS: Windows® 2000, XP, Vista™, Windows 7

Streaming HLS to Android™ Devices

MediaServerSecureMedia

Encryptonite ONE™

ANDROID

EPG/UI Application

Motorola SecurePlayer Application

Player App (Visual On)

SecureMedia Decrypt Plugin

SecureMedia Libraries

4. PBlob 5. CK

7. ClearBuff6. EncBuff3. KeyURL

Mobile VideoService Portal

EPGChannel URLs

(http://espn.m3u8)

1. Play(mediaURL)

Motorola Secure SDK

Mobile Video Application

2. Playlist request (including Key URI)Encrypted Chunks request

0. S

M M

edia

Key

re

ques

t fro

mS

ecu

reM

edia

Lib

rari

es (

at s

tart

upfo

r b

roa

dcas

t)

© 2010 Motorola Mobility, Inc. – Confidential Proprietary



Enhanced Security for Motorola ATRIX ™ & XOOM™

Phase I

Factory installed MMI PKI Certificates

Secure device boot

Device registration and authentication

● Persistent Content Encryption (Brdcst & VOD)

Tamper detection

Clone detection

Obfuscation

Secure offline playback

HDCP output protection

Phase II

SecureMedia HLS+ client embedded in Motorola Android devices by Q3, 2011

Secure video processors

High level protection for premium HD content

Streaming HLS to iOS Devices


Encryptonite ONE™

Mobile Video Application

EPG/UI Application

Motorola SecurePlayer Application

Motorola Secure SDK

iOS Movie Player (Decryption in Native Player)

Localhost Server


4. PBlob 5. CK

3.KeyURL via https

Mobile VideoService Portal

EPGChannel URLs

(http://espn.m3u8)

1. Play(mediaURL)

6. CK in httpsresponse

iPhone / iPad / iPod


0. S

M M

edia

Key

req

ues

t fro

mS

ecu

reM

edia

Lib

rarie

s (a

t sta

rtup

for

broa

dcas

t)



12

Android & iOS Security Feature


• Mobile Device Root/Jailbreak Detection

• Issue: Customer obtains Android root privilege (i.e., in iOS “jail-breaks”) his/her mobile device and can install 3rd application to extract clear content played back by the mobile device

• I-Detect conducts observations of the system and execution of different commands which indicate access outside the typical "sandbox" of non-rooted and non-jailbroken devices

• Upon root access/jailbreak detection

• Register/acquireRights/play APIs throw an exception (error) and the APIs are disabled

• SecureMedia PKI certificates and HDCP certificates disabled

• Detection is enhanced as new threats are identified

• Updates pushed to the client via ESAM protocol

Streaming HLS to Mac


Encryptonite ONE™

Video Application

EPG/UI Application

Motorola SecureClient Application

Motorola Secure SDK

Quicktime

Localhost Server


4. PBlob 5. CK

3. KeyURIVia https

VideoService Portal

EPGChannel URLs

(http://espn.m3u8)

1. Play(mediaURL)

6. CK in httpsresponse

Mac


0. S

M M

edia

Key

re

ques

t fro

mS

ecu

reM

edia

Lib

rari

es (

at s

tart

upfo

r b

roa

dcas

t)


© Motorola 2010, Not to be disclosed outside of Motorola

14

Content Download to Android & iOS

Motorola Secure Client SDK invokes only native android video player application▪ SDK maintains a map of device manufacturers and associated native video

(.mp4) player application.▪ When the VZ application invokes play API, it internally checks the map and

invokes the right native video player application only.▪ A Rogue player application cannot pose as a native player (on non-rooted) :

▫ Existing native player application cannot be un-installed on the device.▫ Rogue player cannot be installed with the same application ID.

▪ Play API would throw an error/exception when rooted device is detected.▪ If a new manufacture device needs to be supported, SDK software update is

required.

Android device manufacturer Native video player application ID(application package name)

Motorola com.motorola.videoplayer

… …


15

Content Download - Decryptor Daemon (custom http server)

MSC SDK passes clear-decrypted content to native player over HTTP.

▪ The HTTP Server is not a generic http server.▪ The server is started only on play API invocation.▪ Server is started on an ephemeral port on localhost.

▫ Software running outside the device cannot see the intercept the content.

▪ Play API will pass the port and media details to the native player. ▪ Server serves only one client at a time.

▫ Hence, a rogue application cannot request for the decrypted content.

Clear content can be captured by intercepting the HTTP traffic. But,▫ This can be done only on rooted device.▫ Play API would throw an exception/error if it detects rooted device.


16

Content Download - Decryptor Daemon (custom http server)


17



Encryptonite ONE™ DRM – Applications & Features

• Open platform, software-based DRM system for……..• Linear broadcast• Streaming VOD• Content download• Disconnected playback

• DRM features• Indexed Encryption™ (Broadcast and VOD)• ESAM™ device authentication & clone detection• iDetect ™ tamper detection• Code obfuscation• Secure offline playback

Lightweight client deployable on any device



Encryptonite ONE - Connected Operation


20

Security Features


• Patented Indexed Encryption • Hybrid public key and symmetric key cryptographic process

• Each content data sample (i.e. video frame or chunk) encrypted uniquely for highest security

• Either AES (128) or RC4 (160) used for content encryption

• Content persistently encrypted in delivery and storage • VOD server, NPVR, local PVR and VOD trick play without decryption/re-

encryption

• Patented Key Delivery System• Only need to deliver single 1279-bit Base Decryption Key per asset to

generate individual frame/chunk keys in client• Single Base Key per VOD file or 12/24-hour broadcast period per channel

• Separation of content, rights and keys allows for multiple “storefronts” vending content and rights with centralized key management


21

Security Features (cont’d)


• ESAM - Encryptonite System Access Manager

• Dynamic client authentication and clone detection system

• ESAM server acts as gateway to SMS/middleware/e-commerce engine to ensure only authenticated devices can receive rights and keys

• Devices “fingerprinted” & registered with ESAM server upon deployment

• MAC addresses, pre-loaded PKI certificates, hardware identifiers, random numbers, passwords and/or one-time activation codes

• Client credentials modified during each subsequent session to establish chronological history and detect discrepancies between authentic and cloned clients

• Also provides secure communication channel from Encryptonite servers to Encryptonite client

• 2048-bit RSA key pair generated at registration to secure content requests, MediaPass (rights) delivery, system messages and client updates



Encryptonite ONE Connected Operation

Encrypted w/ Key Server public key sent w/ Media Pass

Encrypted w/ ESAM server public key

Encrypted w/ session key generated by Decoder Client & sent w/ Media Pass

Encrypted w/ ESAM session key


23



• iDetect™ Tamper Detection

• Protects client from hacking activity

• Disables decryption process if rogue application detected on device.

• Debuggers, screen-scrapers, stream recorders or other blacklisted software components

• Threat list updated and transferred to Encryptonite client using ESAM protocol

• Threat list is a data set of known code fingerprints, process names, sizes and other characteristics

• Threat list updates analogous to antivirus protection “updates”

• Available on Android, iOS and PC Platforms


24



• Secure Offline Content Playback

• In online mode, SecureMedia client only puts decryption “states” in volatile memory or secure storage (e.g. Sigma 86xx, ST Micro 71xx )

• For offline content consumption, rights information and decryption state information stored

• Motorola Rights Management Web Service works in conjunction with Encryptonite Business Support System and MediaPass Server to create “rights object” encapsulating rights information and decryption state information

• Rights object stored on client encrypted and protected by iDetect and obfuscation

• Rights expire after a (configurable) specified time period (e.g. 24 hours for rental)

• Purchase rights must be refreshed periodically (e.g. 30-60 days ). Rights renew when devices come on-line.

Converged Experiences - WikiLeaks Protection/Encryptonite... · “states” in volatile memory or...

Documents

Transcript of Converged Experiences - WikiLeaks Protection/Encryptonite... · “states” in volatile memory or...