Digital Rights Management

A brief introduction

November 2010

Rajaram Pejaverraj@pejaver.com

Note: The views presented here are solely those of the author and do not necessarily reflect any views of any MSO. Please contact the author if you have comments or any objections regarding the content.

2

OutlineDigital Rights Management

CA vs. DRM Definitions The Players The Technologies Apple Fairplay Typical Cable CA Microsoft PlayReady DECE UltraViolet Issues & Open Questions

Outline

•Blah blah•More blah

3

CA vs. DRMWhat’s the difference?

While both are used to protect content,

“Conditional Access” is the term typically used in Cable & Satellite TV.

The operator has control over the STBs and the software on them.

Connectivity between STBs and Billing Systems are well defined and reliable.

Simple model: Subscriber either gets to watch HBO or not.

The media being controlled is limited to video.

In general, the requirements on the architecture are much simpler.

“Digital Rights Management” is the term typically used for Internet based systems.

The ecosystem is wild and dynamic with little control and many more threats.

Connectivity to DRM License servers over the Internet is much less reliable.

DRM supports many more usage options and modes (disconnected, rights transfer.)

DRM is expected to protect more than just video.

As we will see, the architecture can be horribly more complex.

4

DefinitionsWhat is this all about?

Digital Rights Management:– A way to limit access to content to Authorized users.– A Technology for Distributors to Control Use of Content.

Which Distribution Models use DRM?

Content: “Soft” products that can be stolen, including– Video: Movies, Seminars, …– Audio: Music, …– Software: Games, programs.– Books: Soft books, …

Distribution Technology Examples

Intra Company Encryption Documents, Sales data, …

Limited / Corporate License keys Software, Garmin Map data, …

Consumer DRM Video, Music, books…

5

Definitionsmore terms

Control over content:– Copy control: How many times can an item be copied (like CCI bits.)

Never. N times (typically N = 1) Freely, within domain (typically Domain == devices in a household.) Really freely, anywhere, to the Internet, i.e. no copy control.

– Expiry date on content Usually varies from 90 minutes to 2 days. How many times can it be watched?

– What device is used to watch it? iPod like device or Home Theater PC. Device usually has special player software to interpret DRM.

– What time of day? (business hours, evenings, …) – Who can watch it (user authentication required.)

6

The PlayersWhere are they coming from?

Content Distributors: They care most about protecting content

– Copy & Viewer Control. Vendors of CE Equipment: They care about most about profits

– Stable DRM standards so that they can build products.– Reasonable DRM licensing terms.

Consumers: Just wanna have fun– Flexibility in choosing content providers, equipment, delivery channel.– Replay reliability & ability to back up purchased content.– Privacy of usage.

MSOs (Delivery Channel) Stuck in the middle– Goal: just to keep all other players happy.– DRM is really not an MSO’s war; they do it only because they have to.

7

The TechnologiesEveryone has something to say.

DRM Technologies from the past– CSS for DVDs – Royally hacked (remember DeCSS?)– AACS for DVDs – Practically hacked.– BD+ for BluRay – Mostly hacked.

Current DRM Technologies– Apple FairPlay (in iTunes)– Microsoft PlayReady (in Zune, SilverLight.)– Adobe Flash Access (Flash streams.)– Marlin (PS3), Widevine (NetFlix), …

Upcoming Technologies.– DECE’s Ultraviolet: "Digital Locker" by Neustar.

Comcast is part of DECE.

– Disney’s KeyChest.

8

Apple iTunes FairplayUsed for video & books only, not for audio.

Content in MP4 container file is encrypted with a AES MasterKey. When a user purchases a title:

– A random UserKey is created and stored in the user’s account at Apple.– MasterKey is encrypted with a random UserKey and added to MP4 file.– MP4 file is sent to user’s device.– UserKey is sent to iTunes repository on user’s device.

When user wants to play title:– UserKey is retrieved and used to decrypt MasterKey.– MasterKey is used to decrypt content.

When user wants to copy or transfer title to another device:– User may need to first de-authorize existing device to stay within limits.– Apple checks for the 5 device limit.– Apple sends a copy of UserKey to device.– Apple sends a copy of encrypted content to device.

9

Apple iTunes FairplayIn animated action.

ContentA MasterKeyA

MasterKey & Encrypted ContentA

Stored on Apple Servers

User1KeyA

iTunes repository

Encrypted file

User1KeyA

User1KeyA

Encrypted MasterKey

MasterKey

User1KeyA

Encrypted Content

UserKeys are stored in an Apple database

10

Typical CA systemConceptually similar, but simpler than DRM

CableCard (aka POD, aka M-Card / S-Card)– Does all the decryptions.– Has a unique User Key preprogrammed into it.– Stores all keys: User Key + a key for each authorized Service.

Control Word

Encrypted Video Stream

Service Key

Encrypted Control Word

User Key

Encrypted Service KeyEMM

ECM

Video

All EMMs for each CableCard are retransmitted OOB every ~10secs.

ECMs are retransmitted inband every ~2secs, in separate PES.

Control Word (Video encryption key) is changed every ~2secs.

11

Microsoft PlayReadyOriginally intended for mobile devices.

Used by Netflix (v2) for video content Used by Microsoft SilverLight for active web content. It supports a wide variety of business models.

– subscriptions, rentals, purchases, gifting, pay-per-view and preview. Allows

– ‘Side-loading’ between devices in user’s domain.– Streaming.– ‘Superdistribution’, users forward content, but receiver has to pay to access.

Much more intelligence ‘in the cloud’– Needs connectivity to ‘cloud’ servers.– Much more susceptible to glitches in service.

Uses a lot of Public Key Crypto.

12

Microsoft PlayReadyToo many things in the clouds.

13

DECE UltraVioletDigital Entertainment Content Ecosystem

Members include:– Adobe, Alcatel-Lucent, Best Buy, CableLabs, Cisco, Comcast, Cox

Communications, Fox Entertainment, Hewlett-Packard, Huawei Technologies, IBM, Intel, Microsoft, Motorola, Nagravision, NBC Universal, Sony, DivX, Dolby, DTS, Nokia, Panasonic, Paramount Pictures, Philips,…

Combination of five existing DRM technologies: – Adobe Flash Access, CMLA-OMA V2, Marlin DRM Open Standard, Microsoft

PlayReady and Widevine. Basic idea:

– Content encrypted with one MasterKey.– File contains MasterKey protected five ways.

Note: I said “protected”, not just “encrypted”– System is five times more vulnerable?

Nonparticipants: – Apple FairPlay, – Disney KeyChest.

Content encrypted with MasterKey

MasterKey protected with

Flash

MasterKey protected with

Marlin

MasterKey protected with

PlayReady

MasterKey protected with

WideVine

MasterKey protected with

CMLA

14

Issues & Open QuestionsWhen will it all go away?

Watermarking– Need to indelibly associate a copy with a purchaser.

Fingerprinting– Associating a copy with its creator.

Revocation of rights– The amazing Amazon story.

Transferring rights– Users selling & trading content.

Secure audio & video paths– Does not stop piracy.

It is a never ending chase…– Every system will be hacked.

Thank you for listening!!Now get back to work

15

My solution?– Make most content affordable.– So that it is not worth the effort to hack it for profit.