Digital Rights Management
Embed Size (px)
Transcript of Digital Rights Management
Digital Rights ManagementA brief introduction
November 2010Rajaram Pejaverraj@pejaver.comNote: The views presented here are solely those of the author and do not necessarily reflect any views of any MSO. Please contact the author if you have comments or any objections regarding the content.
*OutlineDigital Rights ManagementCA vs. DRMDefinitionsThe PlayersThe TechnologiesApple FairplayTypical Cable CAMicrosoft PlayReadyDECE UltraVioletIssues & Open QuestionsOutlineBlah blahMore blah
*CA vs. DRMWhats the difference?While both are used to protect content,Conditional Access is the term typically used in Cable & Satellite TV.The operator has control over the STBs and the software on them.Connectivity between STBs and Billing Systems are well defined and reliable.Simple model: Subscriber either gets to watch HBO or not.The media being controlled is limited to video.In general, the requirements on the architecture are much simpler.Digital Rights Management is the term typically used for Internet based systems.The ecosystem is wild and dynamic with little control and many more threats.Connectivity to DRM License servers over the Internet is much less reliable.DRM supports many more usage options and modes (disconnected, rights transfer.)DRM is expected to protect more than just video.As we will see, the architecture can be horribly more complex.
*DefinitionsWhat is this all about?Digital Rights Management:A way to limit access to content to Authorized users.A Technology for Distributors to Control Use of Content.Which Distribution Models use DRM?
Content: Soft products that can be stolen, includingVideo: Movies, Seminars, Audio: Music, Software: Games, programs.Books: Soft books,
DistributionTechnologyExamplesIntra CompanyEncryptionDocuments, Sales data, Limited / CorporateLicense keysSoftware, Garmin Map data, Consumer DRM Video, Music, books
*Definitionsmore termsControl over content:Copy control: How many times can an item be copied (like CCI bits.)Never.N times (typically N = 1)Freely, within domain (typically Domain == devices in a household.)Really freely, anywhere, to the Internet, i.e. no copy control.Expiry date on contentUsually varies from 90 minutes to 2 days.How many times can it be watched?What device is used to watch it?iPod like device or Home Theater PC.Device usually has special player software to interpret DRM.What time of day? (business hours, evenings, ) Who can watch it (user authentication required.)
*The PlayersWhere are they coming from?Content Distributors: They care most about protecting contentCopy & Viewer Control.Vendors of CE Equipment:They care about most about profitsStable DRM standards so that they can build products.Reasonable DRM licensing terms.Consumers:Just wanna have funFlexibility in choosing content providers, equipment, delivery channel.Replay reliability & ability to back up purchased content.Privacy of usage.MSOs (Delivery Channel)Stuck in the middleGoal: just to keep all other players happy.DRM is really not an MSOs war; they do it only because they have to.
*The TechnologiesEveryone has something to say.DRM Technologies from the pastCSS for DVDs Royally hacked (remember DeCSS?)AACS for DVDs Practically hacked.BD+ for BluRay Mostly hacked.Current DRM TechnologiesApple FairPlay (in iTunes)Microsoft PlayReady (in Zune, SilverLight.)Adobe Flash Access (Flash streams.)Marlin (PS3), Widevine (NetFlix), Upcoming Technologies.DECEs Ultraviolet: "Digital Locker" by Neustar.Comcast is part of DECE.Disneys KeyChest.
*Apple iTunes FairplayUsed for video & books only, not for audio.Content in MP4 container file is encrypted with a AES MasterKey.When a user purchases a title:A random UserKey is created and stored in the users account at Apple.MasterKey is encrypted with a random UserKey and added to MP4 file.MP4 file is sent to users device.UserKey is sent to iTunes repository on users device.When user wants to play title:UserKey is retrieved and used to decrypt MasterKey.MasterKey is used to decrypt content.When user wants to copy or transfer title to another device:User may need to first de-authorize existing device to stay within limits.Apple checks for the 5 device limit.Apple sends a copy of UserKey to device.Apple sends a copy of encrypted content to device.
*Apple iTunes FairplayIn animated action.ContentAMasterKeyAMasterKey & Encrypted ContentA Stored on Apple ServersUser1KeyAiTunes repositoryUser1KeyAUser1KeyAEncrypted MasterKeyMasterKeyUser1KeyAEncrypted ContentUserKeys are stored in an Apple database
*Typical CA systemConceptually similar, but simpler than DRMCableCard (aka POD, aka M-Card / S-Card)Does all the decryptions.Has a unique User Key preprogrammed into it.Stores all keys: User Key + a key for each authorized Service.
Encrypted Video Stream
Encrypted Control Word
Encrypted Service Key
All EMMs for each CableCard are retransmitted OOB every ~10secs.
ECMs are retransmitted inband every ~2secs, in separate PES.
Control Word (Video encryption key) is changed every ~2secs.
*Microsoft PlayReadyOriginally intended for mobile devices.Used by Netflix (v2) for video contentUsed by Microsoft SilverLight for active web content.It supports a wide variety of business models.subscriptions, rentals, purchases, gifting, pay-per-view and preview.Allows Side-loading between devices in users domain.Streaming.Superdistribution, users forward content, but receiver has to pay to access.Much more intelligence in the cloudNeeds connectivity to cloud servers.Much more susceptible to glitches in service.Uses a lot of Public Key Crypto.
*Microsoft PlayReadyToo many things in the clouds.
*DECE UltraVioletDigital Entertainment Content EcosystemMembers include:Adobe, Alcatel-Lucent, Best Buy, CableLabs, Cisco, Comcast, Cox Communications, Fox Entertainment, Hewlett-Packard, Huawei Technologies, IBM, Intel, Microsoft, Motorola, Nagravision, NBC Universal, Sony, DivX, Dolby, DTS, Nokia, Panasonic, Paramount Pictures, Philips,Combination of five existing DRM technologies: Adobe Flash Access, CMLA-OMA V2, Marlin DRM Open Standard, Microsoft PlayReady and Widevine.Basic idea:Content encrypted with one MasterKey.File contains MasterKey protected five ways.Note: I said protected, not just encryptedSystem is five times more vulnerable?Nonparticipants: Apple FairPlay, Disney KeyChest.
Content encrypted with MasterKey
MasterKey protected with Flash
MasterKey protected with Marlin
MasterKey protected with PlayReady
MasterKey protected with WideVine
MasterKey protected with CMLA
*Issues & Open QuestionsWhen will it all go away?WatermarkingNeed to indelibly associate a copy with a purchaser.FingerprintingAssociating a copy with its creator.Revocation of rightsThe amazing Amazon story.Transferring rightsUsers selling & trading content.Secure audio & video pathsDoes not stop piracy.It is a never ending chaseEvery system will be hacked.
Thank you for listening!! Now get back to work*My solution?Make most content affordable.So that it is not worth the effort to hack it for profit.