USI - CPTWG Home Page
Download
Report
Transcript USI - CPTWG Home Page
Content bulk encryption
in DRM engineering
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
DRM components
Example: Nagravision payTV CAS
Generic DRM System
17/07/2015
Content under
DRM protection
(bulk encryption
«scrambling»)
MPEG Content under
DVB protection
(Common Scrambling Algorithm)
[Standard]
Key Management System
Rights Expression Language
ECM & EMM
Relational Rights Language
[Private]
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
2
Cipher vs Scrambler
Encrypted text
Clear text
…0001011…
16 bytes
Cipher
e.g. AES …
…0100101…
16 bytes
Practical engineering problem:
1.
Most valuable content to protect is more than 16 bytes long ;-)
2.
Most real-life content handling applications (transmission, storage) cannot afford segmenting the
content bulk and rotating/sync’ing the crypto key over 16 bytes chunks
=> specifying a cipher is not enough
Initialization
vector
padding
…0001011… …0011001… …0001… 00
Scrambler(*)
…1101011… …0000011… …010101 10
n bytes
n bytes
n+p bytes
e.g. AES with CBC mode, with padding and IV feed
AES-CBC, with CTS and IV feed
AES-CTR, with variable counter side information
etc…
(*) PayTV engineering nickname for academic crypto terminology « cipher mode of initialization, operation
and termination for content bulk encryption»
17/07/2015
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
3
Application-dependent requirements
• Bandwidth constrained packetized endless
streams?
Forget about padding…
• No extra side information transport & sync?
Forget about CTR mode…
• Encrypt then packetize… or packetize then
encrypt?
Is persistent protection required beyond
transmission (e.g. for storage)?
What is the underlying content
format/transport/network?
Practical scrambling engineering cannot be agnostic
to all of them at once!
17/07/2015
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
4
Interoperability layers in ISO model
Application
Presentation
Application
Codecs: MPEG-2
AVC, VC1…
Session
Transport
Network
Session
MPEG-2 PS [TS] over HTTP
MPEG-2 PS [TS] over RTP/UDP
IPv4/6
Link
Physical
Device A
Presentation
Transport
Network
Link
Ethernet
Wireless 802.11a/b/g
Digital content transmission
Physical
Device B
Conceptual data flow
Actual data flow
17/07/2015
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
5
Which layer for scrambling?
DRM KMS/REL
Application
Control of the A/V content scrambling by DRM within the device
(1)
ISMAcryp for MPEG-4 A/V
MPEG-2/DVB CSA PES level encryption for MPEG-2 A/V
Presentation
Session
(2)
SRTP
MPEG-2/DVB CSA TS level encryption
Transport
(3)
IPSEC
Network
(4)
DTCP, HDCP link encryption
Link
Physical
•
•
•
17/07/2015
Options (1, 2, 3, 4) coexist today
No universal practice, e.g. ISO, on choice of layer for encryption
Driven by specific application/ecosystem technical requirements
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
6
Diversity of applications/ecosystems
Distribution
Digital TV
Technology
DVB-S,C,T
ATSC, ARIB
OpenCable
Device gateway
Digital Home Network consumption
Home
Set-top box
Bedroom
Home Video
Children room
CSS
AACS
[HD] DVD player
Internet
Apple, MS
DSLForum
ISMA
DLNA
PC
CE
Media Center
Mobile Network
3GPP
DVB-H
OMA
Living room
kitchen
Mobile
Portable Media Player
Mobile
17/07/2015
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
7
Why bulk encryption matters
Authorized Content Transfer
Content under
DRM A protection
(AES based)
If A scrambling differs from B scrambling…
A
DSCR
Clear Content
Descrambling
keys
KMS A
REL A
B
SCR
New scrambling
keys
KMS B
REL B
Rights mapping
System A
17/07/2015
Content under
DRM B protection
(AES based)
System B
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
8
Zoom on a PayTV ecosystem
17/07/2015
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
9
Conclusions
• «AES-based» does not warrant
interoperability at content bulk level
• Practical DRM cannot be engineered fully
agnostic of the actual content «packaging»
Format, transport and/or network
No universal solution for different
applications/ecosystems
• Content bulk encryption is the most
important component in DRM
interoperability for A/V content
Bulk handling requires b/w, CPU and… trust
KMS design is closely related (e.g. embedded
license formatting, sync’ing of keys…)
17/07/2015
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
10
Questions?
[email protected]
http://www.nagra.com
http://www.dvb.org
17/07/2015
CPTWG Jan 06 – C. Le Buhan Jordan
© 2005-2006 Nagravision – A Kudelski Group Company
11