securing 4k content christopher taylor director of content protection sony pictures technologies
TRANSCRIPT
![Page 1: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/1.jpg)
SECURING 4K CONTENT
Christopher TaylorDirector of Content Protection
Sony Pictures Technologies
![Page 2: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/2.jpg)
Review of Video Path
![Page 3: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/3.jpg)
(1) Decryption / Decoding Threats
• Attacker extracts Device Key• Attacker extracts Content Key• Attacker captures decrypted
compressed content
![Page 4: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/4.jpg)
Content encryption methods (1)Content delivery method
Global or unique?
How obtained by device
Issues Comments
Disc Global Complaint devices can derive from key block on disc
Compromise of a single device key set breaks the system
This is how BD is secured, and is vulnerable to single device failure
Disc Global Compliant devices are given key during online authentication at first play of a title. Key is then securely stored on device for <n> days
Need an online connection at first title signature. We think we can assume this.
Still vulnerable to single device failure, but once the device (type) identified, we can exclude vulnerable device types (but can we really?)
Online Unique, per device and per session
During online auth of the device
Online connection required
Some of the content is only delivered online. CP can decide if this content can be cached by device
![Page 5: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/5.jpg)
Content encryption methods (2)Content delivery method
Global or unique?
How obtained by device
Issues Comments
Disc Hybrid Use m from n. Key is encrypted with a key derived via m from n method. Compliant device have m-1 parameters, and get the m’th online
Not really any more secure than delivery of the whole key at online authentication. But some mileage here?
Disc Global with diversity
Compliant devices are given key during online authentication at first play of a title. Key is then securely stored on device for <n> days
This content will be expensive – having different CEKs for different sku’s and maybe rev’ing the CEK every week or for every 1000 discs is not so expensive, comparatively. We should look into the cost of this.
![Page 6: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/6.jpg)
(1) Decryption / Decoding Mitigations
• Actively monitor for DRM circumventions
• Watermark content to identify source of leaks
• Automatically revoke devices and/or device classes used for theft
• Unique obfuscation per Device/Title• Unique obfuscation per playback
session• Decode in Trusted Execution
Environment
![Page 7: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/7.jpg)
(2) Framebuffer Threats
• Attacker captures raw frames from framebuffer
![Page 8: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/8.jpg)
(2) Framebuffer Mitigations
• Encrypt frame data• Use protected framebuffer (e.g.
TrustZone)
![Page 9: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/9.jpg)
(3) HDCP Source Threats
• Attacker captures raw frames from hacked driver
• Attacker captures raw frames from hacked video hardware
![Page 10: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/10.jpg)
(3) HDCP Source Mitigations
• Require trusted drivers• Never send unencrypted frame data
to video drivers/hardware• Only send frame data to protected
video hardware on SoC (e.g. TrustZone)
• Require 3rd party verification of trusted hardware
![Page 11: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/11.jpg)
(4) HDCP Sink Threats
• Attacker captures video from HDMI to analog interface
• Attacker creates HDCP stripper with stolen/generated Device Key
![Page 12: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/12.jpg)
(4) HDCP Sink Mitigations
• Forensically watermark content to identify HDCP device
• Unique software obfuscation for HDCP sink session
• Automatic renewal of HDCP devices and/or device classes used for content theft
![Page 13: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/13.jpg)
(5) Screen Threats
• Attacker captures video from screen using camera
![Page 14: SECURING 4K CONTENT Christopher Taylor Director of Content Protection Sony Pictures Technologies](https://reader033.vdocument.in/reader033/viewer/2022051416/56649e4d5503460f94b426c2/html5/thumbnails/14.jpg)
(6) Screen Mitigations
• Forensically watermark content to identify user and playback devices
• Revoke devices that have been used for content theft