Processing What are Computer Graphics & Computer Graphics & Image
A Digital Rights Enabled Graphics Processing System
description
Transcript of A Digital Rights Enabled Graphics Processing System
![Page 1: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/1.jpg)
A Digital Rights Enabled Graphics Processing System
A Digital Rights Enabled Graphics Processing System
Weidong Shi
Hsien-Hsin “Sean” Lee
Richard M. Yoo
Alexandra Boldyreva
Motorola Labs
Georgia Tech
Georgia Tech
Georgia Tech
![Page 2: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/2.jpg)
Why Digital Rights Management (DRM) and Content Protection? Why Digital Rights Management (DRM) and Content Protection?
• id software Kevin Cloud
• "this (piracy) is what’s killing
PC games"
• “… but you may literally have more games being played illegitimately than being played
legitimately.”
• “… it is a very serious problem.
There isn’t any magical solution, or else we’d solve
it.”
![Page 3: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/3.jpg)
Graphics As AssetsGraphics As Assets
• Protect graphics apps by protecting the graphics assets instead of the sw.
• Avatars, in-game graphics assets sale raise steadily
• $10M per month in-game assets sale in Korea alone
• $880M trading in US (2004)
![Page 4: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/4.jpg)
It is a non-trivial taskIt is a non-trivial task
• If security is easy to add, it is easy to remove.
• Never underestimate the hackers (XBOX incidence)
• Graphics DRM
• Protect against SW attacks
• Protect against simple
“Radioshack” HW attacks
![Page 5: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/5.jpg)
Software-based DRMSoftware-based DRM
• Disadvantages
• Insecure
• Not tamper proof
• Advantages
• Easy to change
• Flexible
3D apps3D apps
meshmesh texturetexture shadershader
OpenGL/Direct3DOpenGL/Direct3D SW
DRMDRM
Frame Buffer
![Page 6: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/6.jpg)
DRM Design SpaceDRM Design Space
• Many design choices for unlocking DRMed contents.
• Hackers can always go to the level below to defeat a DRM system.
• Typical SW DRM unlocks at App level.
Real time3D apps
Real time3D apps
Graphics API(OpenGL/Direct3D)
Graphics API(OpenGL/Direct3D)
Device Driver
Device Driver
DRMed Contents
Unlock at App level
Unlock at API level
Unlock at Driver level
Unlock at Device level
![Page 7: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/7.jpg)
Our Idea – DRM Enabled GPUOur Idea – DRM Enabled GPU
DRM Enabled GPU
Protected Graphics Assets
(mesh, textures, shaders)
• Protect graphics assets with encryption and rights licenses.
• Decrypt graphics assets by a DRM enabled GPU
DRMDRM
![Page 8: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/8.jpg)
DRM Enabled GPUDRM Enabled GPU
• Advantages
• Strong security protection, contents decrypted
right before their consumption
• Against SW tampers/attacks
• API hijack, graphics file reverse engineering, etc.
• High performance
• HW decryption vs. SW decryption
• Disadvantages
• Less flexible
![Page 9: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/9.jpg)
GPU with DRM BlockGPU with DRM Block
PCI-ExpressPCI-Express
Host/MemoryInterface
Host/MemoryInterface
Graphics/VideoMemory
Graphics/VideoMemory
GPU PipelineGPU Pipeline
VertexCacheVertexCache
TextureCache
TextureCache
CryptographicUnit
CryptographicUnit
LicenseProcessing Unit
LicenseProcessing Unit
Context Information
Context Information
DRMBlock
![Page 10: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/10.jpg)
Rights License and Content KeysRights License and Content Keys
Public(GPU)
Private-pair(GPU)
license
licenseContent keys
• Graphics contents or assets are licensed
• Graphics contents or assets are encrypted with content keys. Encrypted content keys included in graphics content licenses.
• Content licenses are certified and distributed
• Only targeted GPU can extract/use the content keys from the licenses.
![Page 11: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/11.jpg)
Binding ContextBinding Context
• Constraints of binding among vertex data, textures, and shaders
• Created based on graphics assets licenses
• Security context (protected when stored in exposed storage)
• Contains all information for decrypting graphics assets by a GPU
Binding Context
Vertex Attr Decryption Key, Digest Key
Texture Decryption Key, Digest Key
Shader Digest Key
![Page 12: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/12.jpg)
Graphics API ExtensionGraphics API Extension
• Encrypted Data Array/Texture Types
• Encrypted{234}f, Encrypted_R8G8B8A8, …
• Encrypt collection of vertex attributes or texture tile as a chunk.
• Compute a digest or hashed MAC for each encrypted chunk
• Protected Graphics ObjectsglVertexAttribPointerPrivateARB(
0, Encrypted4f, GL_FALSE, 0, &vertex);
glVertexAttribPointerPrivateARB(8, Encrypted2f, GL_FALSE, 0,
&text_coord);
![Page 13: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/13.jpg)
Graphics API ExtensionGraphics API Extension
• API Extension
• GenBindingContext(int size, int* ptr_to_handles)
• ConfigBindingContext( int handle, enum type, int graphics_object_handle, unsigned char* license)
type = Encrypted_VERTEX_ATTR0..15
type = PRIVATE_TEXTURE0..7 type = VERTEX_SHADER|FRAGMENT_SHADER|…
graphics_object_handle = handle to vertex,texture,or shader
license = license byte array
• EnableBindingContext(int handle)
• DisableBindingContext(int handle)
• DeleteBindingContext(int handle)
![Page 14: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/14.jpg)
Graphics Data Protection Check Graphics Data Protection Check
Vertex/TexCache
&Vertex/TexFetch Unit
Vertex/TexCache
&Vertex/TexFetch Unit
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles…
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles
Digest/HMAC
Digest/HMAC
Digest/HMAC
Digest/HMAC
Digest/HMAC
Digest/HMAC
DecryptionUnit
DecryptionUnit
Vertex Attr
Decryption Key,
Digest Key
Texture Decryption Key,
Digest Key
Shader Digest Key
Binding Context
HMACUnit
HMACUnit
?
GPU Front-End
![Page 15: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/15.jpg)
Counter Mode Example (Encrypted Texels)Counter Mode Example (Encrypted Texels)
Vertex/TexCache
&Vertex/TexFetch Unit
Vertex/TexCache
&Vertex/TexFetch Unit
EncryptedTexels
EncryptedTexels
Decryption KeyBinding Context GPU Front-End
Memory UnitMemory Unit
Graphics Memory
Graphics Memory
Graphics Memory
Graphics Memory
…Decryption
PadDecryption
PadAES EngineAES Engine
Texel TileCoord
Texel TileCoord OffsetOffset PaddingPadding
Counter value
Fetch AddressCal/Translation Fetch AddressCal/Translation
XOR
![Page 16: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/16.jpg)
Division of Labor CPU-GPU Level-of-Detail Division of Labor CPU-GPU Level-of-Detail
CPU
GPU
Collision detection
Coarse backface culling
Transformation
Lighting
Animation
Unprotected Graphics Data
Protected Graphics Data
• CPU processes unprotected coarse level graphics data
• GPU processes protected fine-grained graphics data
![Page 17: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/17.jpg)
Optional Depth Buffer ProtectionOptional Depth Buffer Protection
Frame BufferOperation UnitFrame Buffer
Operation Unit
Depth BufferDepth Buffer
DepthDecryption Unit
DepthDecryption Unit
Depth
Buffer
Symmetric Key
Context
DepthEncryption Unit
DepthEncryption Unit
Z-tile Z-tile
• Depth buffer key is applied to an application.
![Page 18: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/18.jpg)
EvaluationEvaluation
Setting
Apps Quake 3D — 4 demo maps
GPU Simulator Qsilver (UVa)
AES unit # 8 (400K gates each)
Decryption Throughput/Latency
40Gb/ps x 8,
2.5ns per stage x 11 = 27.5ns
HMAC Unit # 8 (19K gates each)
HMAC Latency 74ns
Graphics Memory GDDR3 latency
![Page 19: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/19.jpg)
Frame Rate ImpactFrame Rate Impact
• Frame rate slowdown using protected assets against regular assets
• Reasonable impact on frame rate
Normalized Frame Rate (%)
50
60
70
80
90
100
q3dm1 q3dm7 q3dm17 q3tourney average
![Page 20: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/20.jpg)
Decryption Latency Sensitivity Decryption Latency Sensitivity
Normalized Frame Rate (%)
50
55
60
65
7075
80
85
90
95
100
q3dm1 q3dm7 q3dm17 q3tourney average
27.5ns Decryption Lat 40ns Decryption Lat
![Page 21: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/21.jpg)
Sensitivity of Cache Miss RateSensitivity of Cache Miss RateNormalized Frame Rate (%)
50
55
6065
70
75
80
8590
95
100
q3dm1 q3dm7 q3dm17 q3tourney average
Low Miss (5%) Med Miss (10%) High Miss (20%)
![Page 22: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/22.jpg)
ConclusionsConclusions
• Time to introduce DRM protection on real time graphics assets.
• The trend of GPU advancement enables new ways of protecting graphics assets.
• Graphics assets protection advocates joint research from DRM, Graphics, and GPU community.
• GPU-based graphics assets protection is more effective.
• We studied feasibility of GPU based graphics DRM.
• Further research is required.
![Page 23: A Digital Rights Enabled Graphics Processing System](https://reader035.fdocuments.net/reader035/viewer/2022062500/56815969550346895dc6a86f/html5/thumbnails/23.jpg)
Thank You!Thank You!
http://arch.ece.gatech.edu