Privacy, Security And Content Protection Peter N. Biddle Technical Evangelist Marcus Peinado, Architect Digital Media Division Dennis Flanagan, GPM Windows AV Platform, Digital Media Division Microsoft Corporation.
Download ReportTranscript Privacy, Security And Content Protection Peter N. Biddle Technical Evangelist Marcus Peinado, Architect Digital Media Division Dennis Flanagan, GPM Windows AV Platform, Digital Media Division Microsoft Corporation.
Privacy, Security And Content Protection
Peter N. Biddle Technical Evangelist Marcus Peinado, Architect Digital Media Division Dennis Flanagan, GPM Windows AV Platform, Digital Media Division Microsoft Corporation
Agenda
Privacy and Copyrights
Peter N. Biddle, MS Technical Evangelist Digital Rights Management and Hardware
Marcus Peinado, Architect, Digital Media Division, Microsoft Secure Video in Windows
Dennis Flanagan, GPM Windows AV Platform, Digital Media Division, Microsoft
Our Goals In This Arena
Provide Windows customers with the most complete content availability
Legal access to all legitimate content, all the time, all (of the appropriate) devices
No system-level restrictions against unknown content Avoid new legal mandates for PC’s to “behave” in certain ways Keep Windows open
Arbitrary code still runs Unknown content still “plays”
Privacy And Copyright
Privacy is good
Users have rights to their own privacy Invading people’s privacy is bad We have processes in place to protect privacy Copyright is good
People have legal rights over their copyrighted work Stealing is bad We have processes in place to protect copyrights
Privacy
How do you want me to protect your privacy?
Strong crypto Authentication Regulation via Licensing
Only things you trust get your privacy content Things you trust are able to prove to you that you can trust them They can also prove that they can’t subvert the use of your privacy content They can prove they won’t share your privacy content with others without your permission
Copyright
How do you want me to protect your copyright?
Strong crypto
Authentication Regulation via Licensing
Only things you trust get your copyrighted content Things you trust are able to prove to you that you can trust them They can also prove that they can’t subvert the use of your copyrighted content They can prove they won’t share your copyrighted content with others without your permission
Privacy And Copyright In An Open System
Is one of these more important than the other?
Can you take a hard-line in favor of both?
Can you “do” both technically?
You can honor and enforce both for content that arrives into your domain in an encrypted fashion What about content that is not protected?
Should we tell the police if we “see” other people’s credit-card numbers in a text file on your hard drive?
Should we “look at” every un-encrypted file on your system and try to decide if you have the rights to them?
What Is Piracy?
Piracy is the un-licensed use of someone’s digital property
Piracy does not automatically result in lost revenue EG, if I were to make a copy of MS Office on a CD R, and then destroy the CD-R, there would be no lost revenue Some piracy can even foster sales of some kinds of digital property However, we do think that piracy is “bad” Eliminating all piracy is prohibitively expensive
It also pisses off your loyal customers
Does Microsoft Want To Make Piracy On The Windows Platform Impossible?
We are not police officers, nor do we play them on TV Designing an OS that eliminates piracy would be like trying to design a car that can’t be used as a getaway vehicle
We don’t know how to do this We don’t want to do this
Content We Cannot Protect From Piracy
Unknown Content
Content that looks “free” to the OS
Redbook Audio
Un-encrypted software
Content that is free to the OS ASCII text files HTML
Content we cannot understand Content that has been encrypted or formatted using proprietary schemes
Content We Can Protect From Piracy
Content that is encrypted or scrambled,
Windows And Enforcement
We enforce our own copyrights
WPA We enforce others copyrights
DRM We enforce users privacy
Passport We do not and will not act as technical gatekeepers over content in Windows
Windows will continue to be an Open Platform
Open Platforms allow for any content It’s that simple
Trusted Windows
Create a platform that will protect users from “us”
This is trust Make it extremely difficult to break Windows trust Technical means are a cornerstone of trust
Technology can protect against invasions Laws can lock up violators
I Want To Eliminate Our Ability To Invade Anybody Else’s Privacy
There Is No Technical Difference Between Privacy And Copyright Protection
Summary
Privacy Protection is Good Copyright Protection is Good Piracy is Bad We are working towards:
Good Protection Reduced Piracy Happy Customers Healthy Content Ecosystem
Privacy, Security And Content In Windows
®
Platforms
Digital Rights Management And Hardware
Marcus Peinado Digital Media Division Microsoft Corporation
Overview
Introduction to DRM
Goals, principles, techniques The DRM platform Interfaces to hardware
Portable players (audio, video) Smart cards Digital audio receivers Audio cards Video cards
Introduction To DRM
E-Commerce / Electronic Distribution
Commerce site (Store front) internet customer 1. Customer selects product (book, audio, video, software) IE 2. Customer pays
credit card
3. Customer downloads digital content internet customer friend 4.
customer friend friend friend friend
E-commerce / electronic distribution Digital Rights Management /
0. Content owner specifies how content may be accessed (off line) Commerce site (Store front) internet customer 1. 2. 3. Customer selects content (book, audio, video) and access option , pays, downloads content 4. DRM system tries to enforce access rules
DRM: General Model
Goals
Enable commerce in digital goods Bring premium content to the PC Content owner specifies how the content may be accessed Access specification will be enforced subject to the overall security level of the system Access specifications enable business models (e.g. pay-per-view, rental etc) Compare with Pay-TV schemes
The DRM Platform
DRM Evolution
So far
DRM tied to specific content types Audio Video Books In the future
Move toward a DRM platform
The DRM Platform
General-purpose DRM client API Anybody can use DRM functionality by
Writing applications to the DRM API Building hardware DRM Platform is content agnostic Key functional components are pluggable Central Services Content distribution services
The DRM Platform Provides
An authenticated content channel
from web servers to end-user PCs from end-user PCs to rendering HW Rights management
License evaluation and enforcement Platform authentication Content encryption / decryption Watermarking
Rights Management
XrML rights language Public standard ( http://www.xrml.org
) Flexible specification of
Rights (play, transfer, print etc.) Conditions (time, count, fee) Principals (any piece of SW or HW)
Interfacing With DRM
Other Authenticated Device Authenticated Digital Audio Receiver Authenticated Portable device (music player) WMDM/Transfer tool Authenticated SW application (e.g. Windows Mediaplayer) DRM API Watermarking Encryption Authenticator Binding point Smart card Authenticated video card Authenticated Sound card
Digital Asset Server Operated by content provider Content Monitor sound card End-user machine DRM Enabled AV hardware DRM Enabled Application Components Central DRM services
Activation
License Roaming
Authorization / control
Backup / restore DRM Client Platform DRM Enabled External Devices (e.g. DAR, portable players)
Interfaces To Hardware
Goals
Allow rendering hardware to access protected content
in accordance with the specifications of the content owner External devices (e.g. players, DARs, speakers), video cards, audio cards Enable interoperability between security hardware and DRM
Smart cards CA systems
Taxonomy
rendering DRM HW DRM support PC cards CE devices Smart cards Audio cards Video cards Portable (e.g. WMA player) Fixed (e.g. DAR)
Approach
Support published algorithms and formats
Licensing: XrML Public-key cryptography: RSA, ECC Bulk encryption: AES etc. Advantages:
No surprises with well-known algorithms Easy and cheap access for everyone Enable interoperability with proprietary systems
Target: Closed Devices
Definition: Closed Device
No unauthenticated software downloads hardware robustness IHV owns security on the device
Protection of secret keys Protection from “content leaks” Device authorization process
Rendering HW Must Implement
Authentication:
Rendering HW must be able to authenticate itself to a content source (DRM) Public-key protocol; HW hides private key Content decryption:
If the content is encrypted, the rendering HW must be able to decrypt it.
DRM will support a variety of symmetric ciphers Rights management:
Multi-function rendering HW may evaluate access rules (set by content owner).
Subset of XrML (not needed everywhere)
…More Precisely
Must be a closed device:
If software or firmware is field upgradeable there must be a gate keeper (signature check).
Hide a private key Individualization at some level of granularity Secure state information Resources (CPU, ROM, RAM) to perform
Public key operations Evaluate simple licenses Decrypt content
Example: Portable Music Players
Each player
Stores a unique private key for authentication and content access Evaluates reduced XrML license Decrypts and plays content
Example: DAR
Each DAR
Stores a unique private key for authentication and content access Evaluates reduced XrML license Decrypts and plays content
Example: Video Card
Goals:
Protection for compressed content (DirectXVA) Protection for uncompressed content Need:
Authentication of the video card High-speed content decryption (for DirectXVA) Write-only VRAM (for uncompressed content)
Example: Audio Card
Each sound card
Stores a unique private key for authentication and content access Decrypts and plays content
Example: Premium Video On The PC Option 1:
PC Content source Trans DRM Smart card Video card Screen DRM
Example: Premium Video On The PC Option 2:
Content source PC DRM Smart card Video card Screen
Summary
Summary
DRM system on the PC will integrate with a broad range of hardware devices Hardware device will be able to take part in the DRM content chain Hardware devices have to implement DRM functionality (e.g. security)
Microsoft Is Working On
Specifications of algorithms, protocols, APIs, license formats (look out for white papers) Low-footprint reference implementations of public key algorithms Specifications of low gate count hardware implementations Low-footprint reference implementation of reduced XrML license evaluator.
Low-footprint reference implementation of content decryption
More Details In Other Sessions
Portable players
Foundation Technologies for Digital Devices Digital Audio Receivers
the Home Connecting Video Cards
Entertainment this session, TV Audio Cards
Audio Technologies
Call To Action
Provide feedback on this proposal
Winhec session feedback forms [email protected]
Participate in Windows SVP Forum
Specification and forum forthcoming Target: early 3Q01 More details and contact points at the device specific talks
Secure Video In Windows
Dennis Flanagan GPM – Windows AV Platform Microsoft Windows DMD
Why Secure Video?
Ensure legal access to premium content
Napster ruling indicates industry direction Movie services will be secure Grow business opportunities
Labels, studios, ICPs, networks New devices/systems to work with new services
Corporations Sensitive corporate communications Pay for use (training, market data, etc.) PC platform as home media center/server Avoid legislated mandates
What Needs To Be Secured
Content source Processing/decoding
User mode software Kernel mode software/drivers Bus transfer to graphics chip Graphics memory (VRAM) Graphics Link to Monitor DRM/SC Secure Process ??
??
DVI
The Situation Today
Application Content Reader Content Processing Video Renderer
User Kernel
Source Driver Content Source Device Encrypted/authenticated Potential attack GPU Video Driver VRAM DVILink Untrusted Processing Untrusted Driver Untrusted Monitor Monitor
The Proposed Solution
Application x Content Reader Content Processing Video Renderer Untrusted Processing
user kernel
Source Driver Content Source Device Encrypted/authenticated Potential attack Authenticator x Video Driver Untrusted Driver GPU Crypto VRAM Read only x Untrusted Monitor x Monitor DVILink
Authenticator And Software
Authenticator ensures only trusted components in the process
Components must be signed Tamper resistance
Obfuscation Anti-debugging measures Authenticator periodically checks for signed components
Authenticator And GPU
Authenticates driver and GPU using public key encryption Generates symmetric session key for the GPU to use to decrypt secure content Passes symmetric session key to GPU using public key encryption Periodically checks for signed components Performs HDCP status check and revocation May periodically change the session key to defend against hacks
GPU Security Features
Supports public-key encryption for:
Authentication of GPU to source Receiving the session key from the authenticator Protects session key (cannot retrieve) Protects Data
Option 1: Data in VRAM is always encrypted. Supports symmetric session key algorithm for all VRAM reads and writes.
Option 2: Session key decrypts frames once when they arrive. VRAM is write-only.
Implementing The Solution
Support for public key encryption for session key exchange
RSA accelerator (~10k gates, <<0.1sec, now) 8-bit micro (2-10K gates, 1 10 sec’s, need code) Support for symmetric session key encryption
Stream Cipher (e.g., RC4) small, fast, proprietary Block cipher (e.g., DES, AES) larger, slower, open Write-only VRAM Authenticated components only
Signed drivers, certification of hardware
Signing/licensing process
Conclusions
Secure video is needed to grow the business
PC as a platform for premium content services New, innovative pay-per-use scenarios Platform for home media services The technology exists to do this today
Public domain crypto algorithms Digital Rights Management DVI Better to do this now than wait for lawmakers to enter the picture
Call To Action
Provide feedback on this proposal
Winhec session feedback forms [email protected]
Participate in Windows SVP Forum
Specification and forum forthcoming Target: early 3Q01