monetizing multiscreen video services: securing the endpoint...pirates upload the content to...

Avi Ben Simon Video Security Software Solutions Product Director Avigail Gutman Operational Security & OpSec New Initiatives

May 18, 2016

Monetizing Multiscreen Video Services: Securing the Endpoint

Think Beyond Technology Think SECURITY

3 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Evolution of video content security

1990s Pay TV services being shared ! Conditional Access protection

Late 1990s Broader security approach needed ! Service protection

Card hacks ! Robust card protection Early 2000s Mid 2000s Late 2000s

Control word sharing ! Hardware based protection

OTT service sharing, app hacks ! Software based service protection

Since 2014 OTT content leak ! Stronger service & streaming piracy protection

Now & onward HDR/UHD challenges ! Integrated hardware & software protection


MultiDRM Gateway

OTT

Gateway/PVR

Video delivery is getting complex

DLNA TV

Mobiles Computers

OTT Multi-DRM

IPC DRM

3rd party DRM devices: * PlayReady – xBox 360, STV * FPS – Old AppleTV * Widevine – Chromecast

CA DRM

DR

M

3rd Party OTT Services Netflix, YoutubeTV etc.)

OTT

•  PC, Mac •  iOS, New AppleTV •  Android (AndroidTV, FireTV) •  Windows Mobiles, METRO... •  xBox ONE •  PS3/4 •  Roku •  HDMI dongles

Multi-DRM Backend

Home Network


Attacks happen across the value chain

Direct to Consumer

Acquisition Distribution Consumer Experience Production

Secondary Primary

Content Provider

Malware

Device Jailbreaking /

Rooting

Credential Sharing/Theft

Illegal Live Restreaming

DRM Hacking

Consumer App Hacking

Content Theft

Ransom-ware

Service Provider

Signal Theft

Server Exploit Denial of

Service


What hackers are looking for in the endpoint

CONTENT sharing / stealing

SERVICE sharing / stealing

License encryption key (device private key in certificate-based devices) Enables opening all present and future licenses of a user Content encryption key (broadcast key) Allows opening specific content, but most importantly allows key redistribution (aka. key-sharing) attack Identity cloning or impersonation Allows attacker to access the same services as original identity

Clear compressed content or local/session encryption key Better quality than the re-encoded content Business rules abuse Expiration dates, rental periods etc. Clear uncompressed content Can be re-encoded


Most enabling mechanism for hacking First obstacle (far from being the only one!) an attacker should overcome, therefore most popular on hackers forums

Studios require jailbreak (JB) / rooting detection in order to distribute premium content

Device jailbreaking / rooting Jailbreaking: The process of bypassing restrictions on iPhones and iPads to install other apps and tweaks not approved by Apple.

Rooting: A process similar to jailbreaking for hacking Android devices, game consoles, and so on. "Rooting" and "jailbreaking" are often used interchangeably.

Source: PCWorld


Hide jailbreaking/rooting detection code in lower levels

Set business rule NOT allowing jailbroken/rooted devices when possible

Control via back end through license business rules

Continuously follow hacker communities and trends

Jailbreak / rooting detection best practices


Looking for JB detection workaround


Still looking for JB detection workaround…


Others join the effort


Looks harder than initially thought


Defeating xCon


Eventually …


App hacking •  Most of the hacks in OTT •  Simpler than DRM hacks

•  Mainly to overcome: JB/Root detection User credential/rights checks Counters – playback, rental, etc. Concurrency Whitelisting Geo-blocking

•  Used also to extend the possibilities beyond what the service allows


Master key exploit

•  Exploiting the difference in implementations •  Hack the app, keep the signature

All your Java code Name: classes.dex SHA1-Digest: Mmg9clyqCVUNs31ywF0h71nNbfw=

•  Present for a very long time on older Androids (4.x) •  Cisco resolves this with package integrity technology

All your native code

Java verifies the last file

Native installs the first file


Easy to change Java Application Code and repackage (Android signature check easily bypassed)

Secure Kernel should share include knowledge of the original certificate of application

At any startup the secure code should check that application was still using the right certificate

Ensure that the check is disabled on debug versions

Android package integrity


Live streaming piracy is a growing problem

Easy to pirate Content redistributed live, in high quality, from legitimate devices

Growth in broadband increases viewer reach

Hard to stop Pirates’ operations are resilient, quick and inexpensive to restore

Take-down notices are ineffective especially for live events

Costly for rights owners FIFA World Cup 2014:

>20M illegal viewers and >$250M estimated revenue loss


Digital Hole Analog Hole

Problem: illegal live streaming

Threat is growing as technology, infrastructure and connectivity evolves

Relatively easy to perform

Viewing experience is improving

Transition from card sharing networks to streaming networks


Pirates upload the content to distribution infrastructure: CDNs, UGC, Cyberlockers, P2P

Revenue model – advertising Content quality – varies, from medium to high

Usually event based – content available during specific events

Content type – mainly live sports and premium TV-Series

Open for all, viewers usually watch for free Delay from live – minimal, from several seconds to few minutes

Problem: open internet streaming


Pirates build a full service streaming networks Using “private” infrastructure or existing one Channel sources: Their own and/or from others Invest in looking legit

Revenue model – subscription, HW, ads Content quality – high

Usually channel based – content available 24/7 Content type – all, entertainment, sports

Delay from live – typically around 2-4 minutes Content taken from more than one broadcaster

Problem: pirate (closed) streaming networks


Automatic/manual Internet monitoring – to locate the content

Advanced solutions include identification techniques like watermarking technology

Legal – copy protection laws (e.g. DMCA) Targets distribution infrastructure and ISPs

Minimal influence on the pirate

Usually not in “real time” Covers mainly open internet streaming

Existing solutions


Verify the pirate’s ID by sending a unique

command to the suspicious source

Identify piracy source with advanced fingerprint

techniques

Eliminate the piracy by deactivating subscriber access to content

Locate illegal streams automatically with StreamLocator or with OpSec

Best practice

Locate Identify

Eliminate Verify

LIVE Cycle

Technologies and intelligence to terminate illegal live streaming in real time


Credential sharing and theft – many forms

$500 million lost revenue due to credential sharing

in 2015

Sharing with friends

Casual sharing (collusion)

Swapping of accounts Pooling accounts Selling valid or fraudulent accounts to many buyers

Business sharing (collusion)

Thief uses stolen credentials for his own viewing Thief sells stolen credentials to many buyers

Stolen accounts (parasitical) Source: Parks Associates


Recommended approach: credential sharing piracy detection with analytics

Detection

Classification

Scoring

Policy

Detect that sharing occurs Differentiate between legal and illegal sharing

Classify into sharing types Continuously improve classification based on feedback

Calculate sharing likelihood score Define thresholds

Define challenges per sharing type Define actions per sharing type


AccountOwner

ProjectedSharer1

ProjectedSharer2 0

20

40

60

Casual Sharing

Business Sharing

Stolen Account

Likelihood Score

Likelihood Score

0 2 4 6 8

10

21-Jan 21-Feb

Num Users

Date

Sharing Type Detection Stolen Accounts

Business Sharing

Casual Sharing

Classify

Score

Media Sharing Protection: How it works


Technology solutions to hacks on the endpoint

Direct to Consumer

Acquisition Distribution Consumer Experience Production

Secondary Primary

Content Provider

Malware

Device Jailbreaking /

Rooting

Credential Sharing/Theft

Illegal Live Restreaming

DRM Hacking

Consumer App Hacking

Content Theft

Ransom-ware

Service Provider

Signal Theft

Server Exploit Denial of

Service

Streaming Piracy Prevention

Media Sharing Protection

VideoGuard Everywhere

VideoGuard Everywhere

•  Content protection •  Service protection •  Device protection •  App protection •  Prevention of streaming and media sharing piracy

•  But that is not enough…


Functional

Regional

Technology Forensics

Security Investigations

Cyber-Defense

APJC EMEA Americas

Research and Intelligence

Security Architecture

Global, holistic, specialized, long-term and ongoing

Beyond technology ! intelligence


Tracking and evaluation of DRM removal / circumvention tools: Analysis of DRM-removal or circumvention tools that we find

Hacker motivation assessment: Analysis reports on changes in hacker types and motivations.

Market-wide security reports: Analysis of hacking-related data, on DRM solutions, implementations, vulnerabilities and exploits Examining hackers’ specific target types (content, DRM, SP-operators, etc.)

Evaluation and monitoring of back-end deployment models: Back-end security design reviews, pen-testing / auditing of OTT-security implementations vis-à-vis the up-to-date best practices

Proactively addressing piracy


Cisco Operational Security researched a potential customer’s OTT service and identified piracy activity based on three methods:

Case in point


Some final recommendations…


Customize protection per device

One size fits all Platform/project customized security

Common DRM components: one per development language

Platform porting & security components: one per platform

Device & project security components: one per device or project

Common DRM library: Platform DRM library provided in the form of portable source code

Gain robust security while maintaining consistent user experience across platforms


Defense in depth Beyond content protection

Interlaced and upgradable security modules

Utilization of device and software platform unique capabilities

Trusted path implementation

Intelligence and proactivity

Think holistic!


Contact us to: •  Learn more about potential security threats to your video service and

solutions

•  Schedule a deep dive session to learn how to protect your Content, Service, Device an Application in a simple and cost-effective manner

•  Discuss a security analysis service engagement

We look forward to continuing the discussion

Avi Ben Simon Email: [email protected]

LinkedIn: https://il.linkedin.com/in/avi-ben-simon-1a2aa9

monetizing multiscreen video services: securing the endpoint...pirates upload the content to...

Documents