Converged Experiences - WikiLeaks Protection/Encryptonite... · “states” in volatile memory or...
Transcript of Converged Experiences - WikiLeaks Protection/Encryptonite... · “states” in volatile memory or...
Converged Experiences
1
Converged Experiences
2© 2011 Motorola Mobility, Inc. – Confidential Proprietary
Content Processing Challenge for Multi-Screen
MS PlayReady
Apple Fairplay
Devices
MS Smooth Streaming
Apple HLS
Google Adaptive Streaming Widevine
Linear Content
VOD
Premium
SecurityContent Delivery
Adobe Dynamic Streaming Flash Access
Other Adaptive Streaming Other DRM
Converged Experiences
3© 2011 Motorola Mobility, Inc. – Confidential Proprietary
Content Owner/Operator Issues to Overcome
• Escalating costs of encoding, storage and distributing in multiple formats for multiple devices
• Need robust security across multiple platforms but don’t want to…..
• sacrifice user convenience
• incur expense of running several DRM systems
• deal with overly complex DRM implementations on various devices
• Security is not static
• Different security challenges based on device design and available resources
• As device capabilities improve, security should improve to enable higher value content
Converged Experiences
4© 2011 Motorola Mobility, Inc. – Confidential Proprietary
Simplifying the Process
HLSAdaptive Streaming
SecureMedia Encryptonite ONE™ DRM
Linear Content
VOD
Premium
DevicesSecurityContent Delivery
Encryptonite ONE HLS+
Converged Experiences
5© 2011 Motorola Mobility, Inc. – Confidential Proprietary
Encryptonite ONE HLS+™
• Based on the HLS IETF draft spec with SecureMedia’s Encryptonite ONE DRM integrated
• HLS gaining broad acceptance in the market – de facto standard
• Best protocol for reaching the iPhone and iPad
• HLS easy-to-deploy. Edge caching simple and cheap using “standard” Internet technologies and methods. Fits well with broadcast workflows.
• HLS+ offers a common ingestion process on the headend to streamline content processing, storage and delivery
• Encryptonite ONE provides robust content security
• Same Encryptonite functionality, Indexed Encryption™, iDetect, etc.
• Customization done at the client
• Native media players and decryption leveraged where possible (e.g. iPhone / iPad)
• SecureMedia delivering DRM-integrated adaptive media players where needed (e.g. PCs, Android devices, game consoles, etc.)
Converged Experiences
6© 2011 Motorola Mobility, Inc. – Confidential Proprietary
CDNContent Ingestion
Encryptonite SystemServers
Key Server Key Vault
Client Device
HTTP Servers
Content Ingestion
MediaPassServer
HLS+ Client
VOD Files(Satellite, FTP, etc.)
Broadcast Feeds(Satellite)
Encryptonite ONE HLS+ System Components
Key
EncryptedContent
Rights
Keys
Multi-bitTranscode
VODEncryptor
HLSChunker
Multi-bitTranscode
Broadcast Encryptor
HLSChunker
SP ClientApplication
Web Portal
Content Portal
SecureMedia HLS+
Converged Experiences
7© 2010 Motorola Mobility, Inc. – Confidential Proprietary
Encryptonite ONE HLS+ Clients Overview
• PCs• WMP plug-in integrating Encryptonite Decoder and HLS
client • Android devices
• Player application integrating the Encryptonite Decoder Client and HLS stream manager
• iOS devices and Macs• Encryptonite client application handles device registration,
authentication, rights management and key handling• Content decryption and rendering takes place in native
player• Playstation 3
• Signed application implemented in DRM layer• Development roadmap
• IP and hybrid STBs (Motorola & others)• Internet-connected TVs• Internet-connected Blu-rays,• Additional game consoles
Converged Experiences
8© 2010 Motorola Mobility, Inc. – Confidential Proprietary
PC Player
• WMP plug-in integrating Encryptonite and HLS+ stream manager client • Runs under ActiveX control in webpage or within WMP
“shell”• Video source, demux, decoding, and decryption implemented as
single integrated DirectShow filter within WMP to protect compressed video data • Monolithic filter only connects to the WMR Renderer
• Output protection detected and enabled using Windows COPP or OPM protocols
• iDetect™ Tamper Detection• Specs
• Video: H.264 in MPEG-2 TS (CBR & HLS), Audio: AAC, MPEG-1 L2
• OS: Windows® 2000, XP, Vista™, Windows 7
Streaming HLS to Android™ Devices
MediaServerSecureMedia
Encryptonite ONE™
ANDROID
EPG/UI Application
Motorola SecurePlayer Application
Player App (Visual On)
SecureMedia Decrypt Plugin
SecureMedia Libraries
4. PBlob 5. CK
7. ClearBuff6. EncBuff3. KeyURL
Mobile VideoService Portal
EPGChannel URLs
(http://espn.m3u8)
1. Play(mediaURL)
Motorola Secure SDK
Mobile Video Application
2. Playlist request (including Key URI)Encrypted Chunks request
0. S
M M
edia
Key
re
ques
t fro
mS
ecu
reM
edia
Lib
rari
es (
at s
tart
upfo
r b
roa
dcas
t)
© 2010 Motorola Mobility, Inc. – Confidential Proprietary
Converged Experiences
10© 2011 Motorola Mobility, Inc. – Confidential Proprietary
Enhanced Security for Motorola ATRIX ™ & XOOM™
Phase I
Factory installed MMI PKI Certificates
Secure device boot
Device registration and authentication
● Persistent Content Encryption (Brdcst & VOD)
Tamper detection
Clone detection
Obfuscation
Secure offline playback
HDCP output protection
Phase II
SecureMedia HLS+ client embedded in Motorola Android devices by Q3, 2011
Secure video processors
High level protection for premium HD content
Streaming HLS to iOS Devices
MediaServerSecureMedia
Encryptonite ONE™
Mobile Video Application
EPG/UI Application
Motorola SecurePlayer Application
Motorola Secure SDK
iOS Movie Player (Decryption in Native Player)
Localhost Server
SecureMedia Libraries
4. PBlob 5. CK
3.KeyURL via https
Mobile VideoService Portal
EPGChannel URLs
(http://espn.m3u8)
1. Play(mediaURL)
6. CK in httpsresponse
iPhone / iPad / iPod
2. Playlist request (including Key URI)Encrypted Chunks request
0. S
M M
edia
Key
req
ues
t fro
mS
ecu
reM
edia
Lib
rarie
s (a
t sta
rtup
for
broa
dcas
t)
© 2010 Motorola Mobility, Inc. – Confidential Proprietary
Converged Experiences
12
Android & iOS Security Feature
© 2011 Motorola Mobility, Inc. – Confidential Proprietary
• Mobile Device Root/Jailbreak Detection
• Issue: Customer obtains Android root privilege (i.e., in iOS “jail-breaks”) his/her mobile device and can install 3rd application to extract clear content played back by the mobile device
• I-Detect conducts observations of the system and execution of different commands which indicate access outside the typical "sandbox" of non-rooted and non-jailbroken devices
• Upon root access/jailbreak detection
• Register/acquireRights/play APIs throw an exception (error) and the APIs are disabled
• SecureMedia PKI certificates and HDCP certificates disabled
• Detection is enhanced as new threats are identified
• Updates pushed to the client via ESAM protocol
Streaming HLS to Mac
MediaServerSecureMedia
Encryptonite ONE™
Video Application
EPG/UI Application
Motorola SecureClient Application
Motorola Secure SDK
Quicktime
Localhost Server
SecureMedia Libraries
4. PBlob 5. CK
3. KeyURIVia https
VideoService Portal
EPGChannel URLs
(http://espn.m3u8)
1. Play(mediaURL)
6. CK in httpsresponse
Mac
2. Playlist request (including Key URI)Encrypted Chunks request
0. S
M M
edia
Key
re
ques
t fro
mS
ecu
reM
edia
Lib
rari
es (
at s
tart
upfo
r b
roa
dcas
t)
© 2010 Motorola Mobility, Inc. – Confidential Proprietary
© Motorola 2010, Not to be disclosed outside of Motorola
14
Content Download to Android & iOS
Motorola Secure Client SDK invokes only native android video player application▪ SDK maintains a map of device manufacturers and associated native video
(.mp4) player application.▪ When the VZ application invokes play API, it internally checks the map and
invokes the right native video player application only.▪ A Rogue player application cannot pose as a native player (on non-rooted) :
▫ Existing native player application cannot be un-installed on the device.▫ Rogue player cannot be installed with the same application ID.
▪ Play API would throw an error/exception when rooted device is detected.▪ If a new manufacture device needs to be supported, SDK software update is
required.
Android device manufacturer Native video player application ID(application package name)
Motorola com.motorola.videoplayer
… …
© Motorola 2010, Not to be disclosed outside of Motorola
15
Content Download - Decryptor Daemon (custom http server)
MSC SDK passes clear-decrypted content to native player over HTTP.
▪ The HTTP Server is not a generic http server.▪ The server is started only on play API invocation.▪ Server is started on an ephemeral port on localhost.
▫ Software running outside the device cannot see the intercept the content.
▪ Play API will pass the port and media details to the native player. ▪ Server serves only one client at a time.
▫ Hence, a rogue application cannot request for the decrypted content.
Clear content can be captured by intercepting the HTTP traffic. But,▫ This can be done only on rooted device.▫ Play API would throw an exception/error if it detects rooted device.
© Motorola 2010, Not to be disclosed outside of Motorola
16
Content Download - Decryptor Daemon (custom http server)
Converged Experiences
17
Converged Experiences
18© 2011 Motorola Mobility, Inc. – Confidential Proprietary
Encryptonite ONE™ DRM – Applications & Features
• Open platform, software-based DRM system for……..• Linear broadcast• Streaming VOD• Content download• Disconnected playback
• DRM features• Indexed Encryption™ (Broadcast and VOD)• ESAM™ device authentication & clone detection• iDetect ™ tamper detection• Code obfuscation• Secure offline playback
Lightweight client deployable on any device
Converged Experiences
19© 2011 Motorola Mobility, Inc. – Confidential Proprietary
Encryptonite ONE - Connected Operation
Converged Experiences
20
Security Features
© 2011 Motorola Mobility, Inc. – Confidential Proprietary
• Patented Indexed Encryption • Hybrid public key and symmetric key cryptographic process
• Each content data sample (i.e. video frame or chunk) encrypted uniquely for highest security
• Either AES (128) or RC4 (160) used for content encryption
• Content persistently encrypted in delivery and storage • VOD server, NPVR, local PVR and VOD trick play without decryption/re-
encryption
• Patented Key Delivery System• Only need to deliver single 1279-bit Base Decryption Key per asset to
generate individual frame/chunk keys in client• Single Base Key per VOD file or 12/24-hour broadcast period per channel
• Separation of content, rights and keys allows for multiple “storefronts” vending content and rights with centralized key management
Converged Experiences
21
Security Features (cont’d)
© 2011 Motorola Mobility, Inc. – Confidential Proprietary
• ESAM - Encryptonite System Access Manager
• Dynamic client authentication and clone detection system
• ESAM server acts as gateway to SMS/middleware/e-commerce engine to ensure only authenticated devices can receive rights and keys
• Devices “fingerprinted” & registered with ESAM server upon deployment
• MAC addresses, pre-loaded PKI certificates, hardware identifiers, random numbers, passwords and/or one-time activation codes
• Client credentials modified during each subsequent session to establish chronological history and detect discrepancies between authentic and cloned clients
• Also provides secure communication channel from Encryptonite servers to Encryptonite client
• 2048-bit RSA key pair generated at registration to secure content requests, MediaPass (rights) delivery, system messages and client updates
Converged Experiences
22© 2011 Motorola Mobility, Inc. – Confidential Proprietary
Encryptonite ONE Connected Operation
Encrypted w/ Key Server public key sent w/ Media Pass
Encrypted w/ ESAM server public key
Encrypted w/ session key generated by Decoder Client & sent w/ Media Pass
Encrypted w/ ESAM session key
Converged Experiences
23
Security Features (cont’d)
© 2011 Motorola Mobility, Inc. – Confidential Proprietary
• iDetect™ Tamper Detection
• Protects client from hacking activity
• Disables decryption process if rogue application detected on device.
• Debuggers, screen-scrapers, stream recorders or other blacklisted software components
• Threat list updated and transferred to Encryptonite client using ESAM protocol
• Threat list is a data set of known code fingerprints, process names, sizes and other characteristics
• Threat list updates analogous to antivirus protection “updates”
• Available on Android, iOS and PC Platforms
Converged Experiences
24
Security Features (cont’d)
© 2011 Motorola Mobility, Inc. – Confidential Proprietary
• Secure Offline Content Playback
• In online mode, SecureMedia client only puts decryption “states” in volatile memory or secure storage (e.g. Sigma 86xx, ST Micro 71xx )
• For offline content consumption, rights information and decryption state information stored
• Motorola Rights Management Web Service works in conjunction with Encryptonite Business Support System and MediaPass Server to create “rights object” encapsulating rights information and decryption state information
• Rights object stored on client encrypted and protected by iDetect and obfuscation
• Rights expire after a (configurable) specified time period (e.g. 24 hours for rental)
• Purchase rights must be refreshed periodically (e.g. 30-60 days ). Rights renew when devices come on-line.