[F1]Security Discussion with SPE
2012/10/23(Tue)Sony Corporation
2012/10/23 Sony Confidential 1
Agenda
• Introduction• High level Questions• SPE requirements• Phase 2: Marlin + NDS
2012/10/23 Sony Confidential 2
Introduction(1)
• This presentation is for a security discussion according to an e-mail from Yoshi/SPE:– Subject:
• F1 Phase-1 security questions
– Date: • 2012/10/18(Thu)PDT• 2012/10/19(Fri) JST
• This answers the questions in the e-mail above.
2012/10/23 Sony Confidential 3
Introduction(2)
• DRM structure:– Phase 1:
• Marlin BB• Hardware root of trust
– Phase 2:• Marlin BB• Will study Additional Features:
– Renew security with every download or with every title– Forensic watermark traceable to consumer’s Online Account
2012/10/23 Sony Confidential 4
Introduction (3)
• For Forensic WM and NDS the following business factors need to be clarified and considered together with the technical feasibility. – Royalty– Multiple platform support (e.g. future TV chipsets)– Influence on future TV architecture
2012/10/23 Sony Confidential 5
High level Questions1. By what means has the Marlin BB implementation been certified to meet the Marlin
C&R rules?2. How does the Marlin BB implementation enforce all Usage Rules?
1. For example, how does the system guarantee that only the F1 Box can receive licenses for 4k content?
3. What outputs are available on the F1 Box?4. What inputs are available on display devices that are able to connect to the F1 Box?5. What capabilities does the Marlin BB implementation have for determining whether
HDCP 2.0 or greater is enabled in display devices and HDCP 2.1 or greater is enabled in repeaters?
6. What is the behavior of the F1 Box if HDCP 2.x is not enabled? What if HDCP 1.x is available?
7. It is our understanding that compliant Marlin implementation must support renewability. Please explain how the Marlin BB implementation on the F1 Box can meet Marlin C&R rules without also providing renewability.
8. How does renewability propagate to F1 Boxes if the content is loaded from physical media?
9. How is content being transferred from one F1 box to another F1 box handled?10. Please provide feedback to the deck titled “F1 Box/security/server system, SPTECH
Feedback” that Yoshi presented in Tokyo on Sep.24.2012/10/23 Sony Confidential 6
High level Questions(1)
• Q: – By what means has the Marlin BB implementation
been certified to meet the Marlin C&R rules?• A:
– Marlin C&R rules will be applied to Marlin implementation portion. In addition to that, Sony will define new service requirements for 4k/F1.
– Sony thinks that 3rd party device certification is not necessary because any F1 capable devices are produced by Sony.
2012/10/23 Sony Confidential 7
High level Questions(2)
• Q:– How does the Marlin BB implementation enforce all Usage Rules?
• For example, how does the system guarantee that only the F1 Box can receive licenses for 4k content?
• A:– Marlin C&R rules will be applied to Marlin implementation
portion. In addition to that, Sony will define new service requirements for 4k/F1.
– F1 service provider will manage all the Marlin user/device keys and distribute content key encrypted by managed user/device keys for F1 service. This means that only the F1 Box can decrypt 4k content.
2012/10/23 Sony Confidential 8
High level Questions(3)
• Q:– What outputs are available on the F1 Box?
• A:– HDMI 1.4 w/ HDCP 2.x for Video. No analog ports.– No down conversion function is supported.
2012/10/23 Sony Confidential 9
High level Questions(4)
• Q: – What inputs are available on display devices that
are able to connect to the F1 Box?• A:
– 4K TVs should have inputs currently supported by 2K TVs. It must have an input that supports HDCP2.2.
2012/10/23 Sony Confidential 10
High level Questions(5)
• Q:– What capabilities does the Marlin BB implementation have for
determining whether HDCP 2.0 or greater is enabled in display devices and HDCP 2.1 or greater is enabled in repeaters?
• A:– The method of HDCP version determination will be supported
by F1 Box/HDCP mechanism (not defined by Marlin BB). • F1 Box only transfers any content by HDCP2.x. (not HDCP 1.x)• HDCP 2.1/2.2 defines the authentication method as follows:
– Source and Sink exchange AKE_Transmitter_Info (Tx) and AKE_Receiver_Info (Rx). This scheme is not defined in HDCP 2.0. That means that HDCP 2.1 or greater is enabled in repeaters if this exchange is completed.
2012/10/23 Sony Confidential 11
High level Questions(6)
• Q:– What is the behavior of the F1 Box if HDCP 2.x is
not enabled? What if HDCP 1.x is available?• A:
– For HDCP 1.4, content is not transferred and down conversion is not supported. Error message (notice) may be thrown to the display (TBD).
2012/10/23 Sony Confidential 12
High level Questions(7)
• Q:– It is our understanding that compliant Marlin
implementation must support renewability. Please explain how the Marlin BB implementation on the F1 Box can meet Marlin C&R rules without also providing renewability.
• A:– Marlin specification refers to renewability.
However, the details of renewability is not defined and is not implemented in Marlin device.
2012/10/23 Sony Confidential 13
High level Questions(8)• Q:
– How does renewability propagate to F1 Boxes if the content is loaded from physical media?
• A:– Moving Target (program for renewability including
content key) are not recorded in physical media. They would be distributed by F1 server at the Phase 2.
2012/10/23 Sony Confidential 14
F1 Box
Physical Media
F1 encrypted
content
F1 Server
Request
Moving Target (Phase 1: Marlin License)
Moving Target
Decrypt
F1 TV
Content Key
High level Questions(9)
• Q:– How is content being transferred from one F1 box
to another F1 box handled?• A:
– Would not be supported at Phase 1.
2012/10/23 Sony Confidential 15
High level Questions(10)
• Q:– Please provide feedback to the deck titled “F1
Box/security/server system, SPTECH Feedback” that Yoshi presented in Tokyo on Sep.24.
• A:– What kind of feedback is necessary?
2012/10/23 Sony Confidential 16
SPE requirements
2012/10/23 Sony Confidential 17
Items SPE Requirements F1 box security SPE Comments / Questions 1 A new approach to security Marlin BB + Enhanced New Feature
(Forensic watermark capable etc.) What is the set of “Enhanced New Feature” that will be provided by the F1 Box solution?
2 New compliance & robustness requirements
Trusted Execution Environment based on Uniphier security(e.g. Secure Boot, DRM process in H/W)
This requirement speaks to the need of moving beyond the limitations of existing C&R rules used in the industry. How does the F1 Box solution meet this requirement?
3 Designed and reviewed by organizations expert in security
Combination of Established Technologies This requirement is directed at the process of establishing a new standard for C&R rules. How does a “combination of established technologies” achieve this goal?
4 Single content protection system
Only “Marlin BB + Enhanced New Feature”
This requirement speaks to the ECP ecosystem as a whole. Having a collection of solutions multiples the attack surface area. It is not established that we would choose Marlin BB as that single content protection system.
5 3rd party device certification Dedicated service for only Sony devices This requirement is a response to the limitations of self certification that have caused endless problems in other ecosystems. Having established new C&R rules, the requirement is that a 3rd party certify implementations.
6 Active monitoring and response
Player Integrity Check by Security Code cannot be applicable to Uniphier
This requirement refers to the need to identify breaches and respond to them with countermeasures. Player integrity checking is an important feature but does not address the requirement.
7 Renew security with every download or with every title
See question 7 above
7-1 Individualized Encryption Multiple Segments encrypted with Different Keys
Please provide details. What is the granularity of the individualization?
7-2 Individualized Key Retrieval Key Retrieval from Security Code cannot be applicable to Uniphier
Please explain
8 Hardware protected video path
Cannot run snooping applications to retrieve decoded frames due to secure boot.
Please describe how each segment of the video path is protected
9 Hardware root of trust Trusted Execution Environment available (e.g. Secure Boot, DRM process in H/W)
Please describe how these features are utilized by the F1 Box solution
10 HDCP 2.1 only Planning to support HDCP2.x 11 Verance watermark
detection Will support Cinavia (Note: AACS flags which need AACS approval ?)
Is this for all content played on the box?
12 Playback license tied to consumer’s Online Account
Will be supported by Marlin BB
13 Forensic watermark traceable to consumer’s Online Account
Will introduce AACS Sequence Key like approach. Server will prepare several segments which have different watermark and distribute unique combination of segments to user.
Please confirm your specific plans for handling forensic marking. Can F1 box support client side forensic marking such as the Civolution or Verimatrix Premium VOD systems (not a baseband watermarking, but in compressed domain)? If not, what level of collusion can be detected in one ripped file? How many seconds of content is required to recover the watermark?(FYI, for Phsae-0, SPE decided not to use Civolution solution.)
SPE requirements(1)
• Requirements:– A new approach to security
• F1 box security:– Marlin BB + Enhanced New Feature (Forensic
watermark capable etc.)• SPE Comments / Questions:
– What is the set of “Enhanced New Feature” that will be provided by the F1 Box solution?
• Sony Comments:– Hardware root of trust and HDCP 2.2 at Phase 1.
2012/10/23 Sony Confidential 18
SPE requirements(2)
• Requirements:– New compliance & robustness requirements
• F1 box security:– Trusted Execution Environment based on Uniphier security
(e.g. Secure Boot, DRM process in H/W) • SPE Comments / Questions:
– This requirement speaks to the need of moving beyond the limitations of existing C&R rules used in the industry. How does the F1 Box solution meet this requirement?
• Sony Comments:– Sony will define new service requirements for 4k/F1.
2012/10/23 Sony Confidential 19
SPE requirements(3)
• Requirements:– Designed and reviewed by organizations expert in security
• F1 box security:– Combination of Established Technologies
• SPE Comments / Questions:– This requirement is directed at the process of establishing a
new standard for C&R rules. How does a “combination of established technologies” achieve this goal?
• Sony Comments:– Hardware root of trust and HDCP 2.2 according to new
service requirements will achieve this goal. 2012/10/23 Sony Confidential 20
SPE requirements(4)
• Requirements:– Single content protection system
• F1 box security:– Only “Marlin BB + Enhanced New Feature”
• SPE Comments / Questions:– This requirement speaks to the ECP ecosystem as a whole. Having
a collection of solutions multiples the attack surface area. It is not established that we would choose Marlin BB as that single content protection system.
• Sony Comments:– What are the concerns for Marlin BB + Hardware root of trust +
HDCP 2.2?
2012/10/23 Sony Confidential 21
SPE requirements(5)
• Requirements:– 3rd party device certification
• F1 box security:– Dedicated service for only Sony devices
• SPE Comments / Questions:– This requirement is a response to the limitations of self
certification that have caused endless problems in other ecosystems. Having established new C&R rules, the requirement is that a 3rd party certify implementations.
• Sony Comments:– 3rd party device certification is not necessary because any F1
capable devices are produced by Sony.2012/10/23 Sony Confidential 22
SPE requirements(6)
• Requirements:– Active monitoring and response
• F1 box security:– Player Integrity Check by Security Code cannot be applicable to
Uniphier• SPE Comments / Questions:
– This requirement refers to the need to identify breaches and respond to them with countermeasures. Player integrity checking is an important feature but does not address the requirement.
• Sony Comments:– Understood that the player integrity checking does not address the
requirement.
2012/10/23 Sony Confidential 23
SPE requirements(7)• Requirements:
– Renew security with every download or with every title• 1. Individualized Encryption• 2. Individualized Key Retrieval
• F1 box security:– 1. Multiple Segments encrypted with Different Keys– 2. Key Retrieval from Security Code cannot be applicable to Uniphier
• SPE Comments / Questions:– 1. Please provide details. What is the granularity of the individualization?– 2. Please explain
• Sony Comments:– 1. Individualized Encryption is out of scope for Phase 1.– 2. Study of renewability of NDS for Phase 2
2012/10/23 Sony Confidential 24
SPE requirements(8)
• Requirements:– Hardware protected video path
• F1 box security:– Cannot run snooping applications to retrieve decoded
frames due to secure boot.• SPE Comments / Questions:
– Please describe how each segment of the video path is protected
• Sony Comments:– Decoded video cannot be accessed by a malicious process.
2012/10/23 Sony Confidential 25
SPE requirements(9)
• Requirements:– Hardware root of trust
• F1 box security:– Trusted Execution Environment available (e.g. Secure Boot,
DRM process in H/W)• SPE Comments / Questions:
– Please describe how these features are utilized by the F1 Box solution
• Sony Comments:– Core functions are processed in secure H/W and malicious
applications cannot be executed.
2012/10/23 Sony Confidential 26
SPE requirements(10)
• Requirements:– HDCP 2.1 only
• F1 box security:– Planning to support HDCP2.x
• SPE Comments / Questions:– N/A
• Sony Comments:– N/A
2012/10/23 Sony Confidential 27
SPE requirements(11)
• Requirements:– Verance watermark detection
• F1 box security:– Will support Cinavia (Note: AACS flags which need
AACS approval ?) • SPE Comments / Questions:
– Is this for all content played on the box?• Sony Comments:
– Yes.2012/10/23 Sony Confidential 28
SPE requirements(12)
• Requirements:– Playback license tied to consumer’s Online
Account• F1 box security:
– Will be supported by Marlin BB• SPE Comments / Questions:
– N/A• Sony Comments:
– N/A2012/10/23 Sony Confidential 29
SPE requirements(13)• Requirements:
– Forensic watermark traceable to consumer’s Online Account• F1 box security:
– Will introduce AACS Sequence Key like approach. Server will prepare several segments which have different watermark and distribute unique combination of segments to user.
• SPE Comments / Questions:– Please confirm your specific plans for handling forensic marking. Can F1 box support
client side forensic marking such as the Civolution or Verimatrix Premium VOD systems (not a baseband watermarking, but in compressed domain)? If not, what level of collusion can be detected in one ripped file? How many seconds of content is required to recover the watermark? (FYI, for Phsae-0, SPE decided not to use Civolution solution.)
• Sony Comments:– No Sony proprietary Forensic WM solution are being planned. – Our understanding is that the level of collusion detection study is being handled by SPE. – Client side implementation of SmartEmbedder still under study.
2012/10/23 Sony Confidential 30
Marlin + NDS
• Currently Sony is in a study phase.• Basic Concept:
– Renewability would be introduced using NDS DRM Agent and Moving Target.
– Marlin License File (incl. content key) is distributed to F1 Box protected by Moving Target.
• i.e. Moving Target securely contains Marlin License File by encryption/obfuscation.
– For non-compliant device (e.g. emulator), the Moving Target doesn’t work.
2012/10/23 Sony Confidential 31
Basic Concept; Marlin + NDS
2012/10/23 Sony Confidential 32
F1 Box
F1 encrypted
content
Marlin Server
1, Marlin Protocol; Request
4, Marlin Protocol; Response
Decrypt
F1 TV
Content Key
NDS Server
2, B2B Protocol; Request
3, B
2B P
roto
col;
Resp
onse
User/Device ID
User/Device ID
Moving Target
Marlin License
Marlin License
Moving TargetMarlin License
Moving TargetMarlin License
NDSExecute
MarlinProcess License
Marlin License
Moving Target
CDN
DRM Agent
Marlin Module
Basic Architecture; Marlin + NDS
2012/10/23 Sony Confidential 33
SoC
OS (e.g. Linux)
A/V Process HDMI Marlin
Module
Moving Target
… NDS DRM Agent
Device Specific Call
Standard OS Call
Implemented by NDS
Created by NDS and downloaded with content
• Currently Sony is in a study of NDS Calls (APIs). Are they feasible to be implemented?• APIs:
– Device Specific Calls:• DRM_SEC_GetUniqueIdentifier (To get MAC address)• HW based AES encryption and decryption API• Non Volatile memory – API for RW access• Etc.
– Standard OS Calls:• memcpy• Etc.
• Idea to implement:– Sony provides libraries to support all the NDS proposed APIs.– Then, NDS implement the DRM Agent for Sony F1 Box.– Sony does porting to F1 Box.
Top Related