cptwg jan05© copyright svp1 secure video processor eli hibshoosh [email protected] open...
TRANSCRIPT
CPTWG Jan05 © Copyright SVP 1
Secure Video Processor
Open Platform for Content Protection
CPTWG Jan05 © Copyright SVP 2
CPTWG Jan05 CPTWG Jan05© Copyright SVP 3
Content Protection Agenda
Set the driving principles for
– E2E Security
– Open Content Protection model
– Interoperability for consumers and devices
CPTWG Jan05 © Copyright SVP 4
Driving Principles for Market Adoption
Enable the interests of all the players: from content creators, distributors…device manufacturers, consumers– E.g., robust security, level-field competition, cost, interoperability
Pay TV security lessons applied cost-effectively to “horizontal” market to promote hi-quality content consumption
Enable interaction between the CA/DRM and standard SVP Open-CP
Flexibility Built-in to allow the market to reach its equilibrium – Enabling not Mandating rules, e.g., – No immutable encoding rules; – Embracing technological change
CPTWG Jan05 © Copyright SVP 5
Opportunities & Threats
Threats: Theft and distribution of clear content Theft and distribution of broadcast (global) keys - McCormac Circumvention of content usage rights Technology potentially outpaces protection
– BB, Internet, p2p, compression tools, SW debug tools, ubiquitous cheap storage, media writers…
– Broadcast-key servers to non compliant devices Regulation – questionable role and sluggish relative to
technology
Opportunities: Quality content, secure, profitable, … Anytime, Everywhere
CPTWG Jan05 © Copyright SVP 6
SVP Open Content Protection (CP) - Inside the Device
CA/DRM Business Model Enforcement
SW Chip Driver
TRS-SW Enforcement for (Domain, Proximity, B-Flag, Private Extensions)
CA / DRM / FTA Agent
Usage Model Definition and Billing
HW Chip Requirements e.g, Personalization, Compliance and Robustness
Core Security Functions: Certificates handling, SAC, CryptoTools., Time, Key-Mgmt, Content License (UsageRules & content-keys), Export content control, revocation
Content processing: Content De/Scrambling, Content Decoding
Secure Boot Loader in HWHA
RD
WA
RE
SO
FT
WA
RE
Open CP
CPTWG Jan05 © Copyright SVP 7
SVP – Home Network and Beyond
BroadbandDelivery by
Internet
PortablePVR
STB/PVR
Domain AAcquistion Location
Terrestrial
Satellite
Content Server
Domain ARemote Location
Domain B
Digital TV
PortablePVR
Digital TV
Proximity Boundary
Digital TV
Distance >Proximity Limit?
If YesProximity Control
Asserted
PortablePVR
Storage(Bit Bucket)
2
1
3
4
5
6
3
2
4
5
6
1 A
R
S
R
R
S
S X
X
S
Device Functionality
4
5
4
5 OtherDevice
AnalogTV
CA /DRM
ECMSVP CL
A
S
R
X
SVP compliant Device
Acquisition: Mapping external license to SVP
Rendering
Storage (internal) - under device control
Export to analog, clear digital, or othercontent protection (leaving SVP protection)
Transfer of SVP protected(compressed) output
CL SVP Content License
DSL
Cable
T
T
T
T
ContentBroadbandRcvr
Mobile AnalogTV
CL
CL
DVD
CPTWG Jan05 © Copyright SVP 8
Open Content Protection (CP)Operational Definition
Enforce Spatial and Temporal content-usage rights related to – Acquisition– Consumption – Storage (Copy/Move)– Distribution: intra- (Proximity) and inter-user domain– Content processing, e.g., watermarking detection/insertion– Time (Retention, rental control)– Export to other approved CP systems– Analog-hole - Map analog protection– “Adoption” by network operator
Shared content control - Enable Persistent CA/DRM control: Interaction between: Open-CP (standard SVP in horizontal device) with CA/DRM systems
CPTWG Jan05 © Copyright SVP 9
Inter-Device
Device A Device B
StorageIs
Optional
HardwareSAC
SVP Manager (SW)Extensible CP Functionality
{License} {Content}
SVP-Enabled Media Chip
Core SecurityFunctions
ContentProcessing
Request Response
Applications
Content Keys & Control Switches
Chip Unique:Pub ID and Secret
SVP Manager (SW)Extensible CP Functionality
{License} {Content}
SVP-Enabled MediaChip
Core SecurityFunctions
ContentProcessing
Request Response
Applications
Content Keys & Control Switches
{Protected Content}
{SVP Content License}
{Protected Content}
Software SAC
Hardware SAC
Secure Authenticated Channel (SAC)
{ }Protection:Content is scrambledContent license is partially encrypted, and signed
{SVP Content License}
Chip Unique:Pub ID and Secret
CA/DRM
CA/DRM
CPTWG Jan05 © Copyright SVP 10
SVP E2E Security for Compressed Content
Under SVP E2E: Clear Content and its License (content keys & rights) are always inside secure chip silicon, Not in the device!
No global secrets in SVP; Only single device compromise is possible; no system-wide compromise
Recovery of a single device compromise via revocation Content encrypted by Unique-Device-Key or Domain-Key When content goes from device A to C through B, unlike
pipe protection, only A and C know the encryption keys
BA C
CPTWG Jan05 © Copyright SVP 11
Interoperability
Via Compliant Acquisition – Input from any CA/DRM– Input from Fixed-media Many-to-One content protection
system– Input from VOD server
Controlled Export to Authorized CP systems– Desirable - To enhance security export-CP is built into SVP
chip– Less desirable - clear content is exported to Authorized CP in
the device; protected by device compliance & robustness rules
CPTWG Jan05 © Copyright SVP 12
Certificates
Certificates TreeCertification authority: Root or manufacturer or
network operatorDevice Attributes, restrictions on content usageCertificate attributes and content license
Together determine content usage ( in conflict – use the stricter of the two)
Issuer: Device manufacturer, Network operator
CPTWG Jan05 © Copyright SVP 13
Recovery
Content revocation – content license specifies whether the content is to be sent to (accessed) by a revoked device
Revocation criteria/procedureCRL – list of revoked device IDs delivered
securely via SAC
CPTWG Jan05 © Copyright SVP 14
Compliance and Robustness (C&R)the What and How
Acquisition point and SVP-enabled Media Chip must be externally certified by accredited SVPLA lab.
Media devices are certified either by:– External entity - By accredited SVPLA lab, or– Internal entity - By device manufacturer
Acquisition points (examples): – Smart Card– Fixed Media– VOD server at the headend
CPTWG Jan05 © Copyright SVP 15
Organization and Legal
SVP Alliance SVPLA
Members
Associates
Technology and Rights Licensing
Compliance &Accreditation
Root Certificate Authority
Impact technical and commercial operations
Support
CPTWG Jan05 © Copyright SVP 16
SVPLA LLC*
Publish complete SVP specification Set criteria for eligibility for licensing (RaND) and then license Operate root certificate authority Implement SVP specification change procedures Implement revocation procedures Establish and implement prices for licensing Set rules for compliance and robustness Accredit testing labs Authorize non-SVP content protection systems as trusted for purposes
of Export Provide support services
*Wholly-owned subsidiary of NDS
CPTWG Jan05 © Copyright SVP 17
SVP Alliance Inc.*
Act as an advisory committee to SVPLA– Propose changes to specification and procedures– Set accreditation rules for testing labs – Promote SVP adoption and usage– Technical Working Groups
Initiate and second revocation Lobby standards bodies Responsible for marketing – website, shows and
events Encourage interoperability
– Recommend non-SVP content protection systems to be authorized as trusted for purposes of export
*Not-for-profit organization
CPTWG Jan05 © Copyright SVP 18
SVP Advantages - Conclusion
OpenSecure FlexibleLow-CostInteroperable
CPTWG Jan05 © Copyright SVP 19
Bottom line
For high-quality, valuable contentthe lesson is:
Use SVP Open CP!
CPTWG Jan05 © Copyright SVP 20
For More Info
www.svpalliance.org