ENHANCED CONTENT PROTECTION OVERVIEW. Security Solution Characteristics Comprehensive security...
-
Upload
marvin-waters -
Category
Documents
-
view
214 -
download
2
Transcript of ENHANCED CONTENT PROTECTION OVERVIEW. Security Solution Characteristics Comprehensive security...
ENHANCED CONTENT PROTECTION OVERVIEW
Security Solution Characteristics• Comprehensive security ecosystem• All devices meet the same standard– No assumption that any particular class of devices is more
difficult to hack• “Hack once, hack all” is not possible– Breach limited to a single title
• Breach response is rapid– Within days
• Security solution provider has a proven track record• Similar idea of per title diversity as BD+ but very different
approach– BD+ is not effective
High-Level Model of Video Path
Decryption / Decoding• Threats– Attacker extracts Device Key– Attacker extracts Content Key– Attacker captures decrypted compressed content– Attacker captures decrypted uncompressed content
• Mitigations– Software diversity per title– Decode in Trusted Execution Environment – Device keys protected by a Hardware Root of Trust– Require 3rd party verification of trusted DRM software
Framebuffer• Threats– Attacker captures raw frames from framebuffer• E.g. Screen scraping
• Mitigations– Use protected framebuffer (e.g. TrustZone)– Use secured links to video hardware (e.g. Nvidia)
HDCP Source• Threats– Attacker captures raw frames from hacked driver– Attacker captures raw frames from hacked video hardware
• Mitigations– Require HDCP 2.1 for source devices and repeaters• HDCP 2.x increases security and robustness
– Never send unencrypted frame data to video drivers/hardware
– Only send frame data to protected video hardware on SoC (e.g. TrustZone)
– Require 3rd party verification of trusted hardware
HDCP Sink• Threats– Attacker captures video from HDMI to screen driver
interface– Attacker uses HDCP stripper with valid HDCP 1.x Device
Keys• Since attackers can generate valid HDCP 1.x device keys
revocation is ineffective• Mitigations– Require HDCP 2.0 or higher for sink devices– HDCP source only transmits premium content to HDCP 2.x
devices
Screen Threats• Threats– Attacker captures video from screen using camera
• Mitigations– Security solution inserts forensic watermark that can be
used to identify user account and playback device
Breach Management• Security provider monitors Internet (websites, chat rooms,
IRC, etc) for indications of security breaches• Security provider works with manufacturers to identify
circumventions used by attackers• Countermeasures developed and deployed immediately a
breach is detected• Some new content may prevent playback on certain devices
until firmware is up-to-date
Example of Renewability on Android/ARM1. Integrity Validation insures that
no tampering has occurred both before and during playback
2. If Integrity Validation fails, out-of-date can be updated transparently
3. Platform may provide a means for DRM components to trigger a firmware update as required
4. Platform has the option of renewing OS and TrustZone components or leaving consumer with a device that won’t play content
Example: Current NDS Security SolutionsFunction Current NDS Platform Support
Android IOS Windows MacOS PS3 XBox CE (TV, Blu-ray)
Software diversity ✔ ✔ ✔ ✔
Trusted Execution Environment
TrustZone
Intel, AMD
Custom in SoC
Hardware Root of Trust ✔✔
(Win8)
Secure boot, root/jailbreak detect ✔ ✔
✔ (Win8)
Integrity Validation ✔ ✔ ✔
Watermark insertion ✔ ✔ ✔ ✔
Breach monitoring & response ✔ ✔ ✔ ✔
Security Management