190 likes | 203 Views
This presentation outlines high-level security requirements for early window consumer content, including technical issues and solutions for broadcasters. Covering disabling outputs except HDMI, watermarking, and meeting requirements.
E N D
Security requirements for early window consumer services Spencer Stephens and Tim Wright Version 0.1 SONY PICTURES CONFIDENTIAL SONY PICTURES ENTERTAINMENT CONFIDENTIAL
What is this presentation for? • To present the high level security requirements for early window consumer content • To describe the technical issues behind achieving the requirements • To record detail within those technical issues • To act as the basis for a presentation we could share with broadcasters to discuss the security requirements and associated technical issues SONY PICTURES ENTERTAINMENT CONFIDENTIAL
High level requirements 10,000 feet SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Broadcast system diagram Upload broadcast stream to satellite Satellite broadcast STB Upload facility (e.g. operated by Arquiva) HDMI cable Broadcaster playout servers SONY PICTURES ENTERTAINMENT CONFIDENTIAL
High level requirements and rationale • There are only two: • Disabling all outputs apart from HDCP over HDMI • Analogue outputs cannot be effectively protected • DTCP (a type of protected digital output) allows analogue outputs downstream • Watermarking the content displayed on the user’s TV • As a deterrent to user camcording and distribution SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Disabling all outputs apart from HDCP over HDMI • All analogue outputs must be disabled • Even if the outputs are only SD (an early window SD version could be used for counterfeit DVDs) • Analogue output protections (CGMS-A, Macrovision) are not effective measures, even against only modestly capable attackers • All unprotected digital outputs must be disabled • All protected digital outputs apart from HDCP must be disabled • DTCP allows for analogue outputs from devices connected to the DTCP output SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Watermarking • Content must be forensically watermarked on the user’s display • So that camcorded copies of the movie, put out on the internet, can be examined and the source of the recording determined • In order for this measure to act as a real deterrent • Watermark must identify the device/subscription on which the movie was displayed • Users must know the movie is watermarked • SPE must have a process to: • Check the internet for copies of EW releaseed movies • Determine if the movie was recorded from an EW offering and which device/subscription • Arrangements with service providers to take action against offending users SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Meeting the requirements SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Disabling all outputs except HDMI over HDCP • No STBs in the field support this at present • However, it looks like this could be achieved via a software update • See later slides on software update • Changes required – client side • Update low level software controlling outputs • Update middleware interpreting signals coming from head end to understand new signal requiring output control • Changes required – server side • Update to be able to add signal for output control for selected programmes SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Disabling outputs – user aspects • Unless the service provider knows that the non-HDMI outputs can be disabled AND that HDCP over HDMI is enabled… • ideally, the offer should not be made in the first place • but there must certainly be no acceptance of the offer by the user unless we know the non-HDMI outputs can be disabled • Therefore: • The service provider must know that: • the user’s STB has had the necessary software update • the user has an HD-ready HDTV with an HDMI cable • The acceptance of the offer (or some other part of the process) must take place over HDCP over HDMI only • So if HDCP over HDMI is not enabled, the user will not see the screen requiring them to confirm acceptance SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Forensic watermarking • Watermarking can be done either at the client or the server • Server side • Server side watermarking can only be done for point to point transmissions, e.g. over cable or IPTV, but NOT broadcast • Does not require any update to STB • Deemed not to need further investigation at this time – its feasible • Client side • Only a few hospitality clients support this, so client update almost always needed • Needed for transmission over broadcast bearer (e.g. satellite) • Can be done on the compressed content (e.g. whilst still in H.264 encoded form) or uncompressed content • Watermarking compressed content is less processor intensive and better for more complex STBs supporting SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Client side watermarking of compressed content • Broadcast stream is comprised of the encrypted un-watermarked content… • Plus encrypted, watermarked versions of portions of the content • Client replaces unwatermarked content with equivalent versions of some portions of watermarked content, in a unique fashion • So that resulting stream, once decrypted and decompressed, is watermarked individually to that client • Addition of watermarked versions of content increases bandwidth needed for the broadcast • Around 3%, but further investigation needed here • Broadcast bandwidth is generally fairly precious SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Processor support for client side watermarking (1) • Civolution say that the following STB processors can “support” watermarking with their solution: • Broadcom BCM7038 • Broadcom BCM7401 (very popular STB processor) • Broadcom BCM7405 (very popular STB processor) • Broadcom BCM3549 • Broadcom BCM3556 • ST STi7100 • ST STi7109 • ST STi7105 • NXP PNX8935 • TI Davinc SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Processor support for client side watermarking (2) • But “support” here means “can support”, but not necessarily “does support” • This is because watermarking is done in software (but low level software, which is specific to a particular processor) • “Supports” means that the software stack (issued by the processor provider, e.g. Broadcom) includes the watermarking software, and that the STB middleware can call and use this low level watermarking software • In this sense, no consumer STBs “support” watermarking apart from those used by DirecTV, since no other consumer STBs include the low level software needed for watermarking SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Client side watermarking and software update (1) • Client software to be updated: • Low level software from processor supplier • Software performing content assembly (if watermarking compressed content, selection of unique set of watermarked content slices) • Software to watermark content (if watermarking uncompressed content) • Upgrade to latest release of s/w from processor supplier (see over) • Middleware • Addition of software to recognise and follow signal to watermark content SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Client side watermarking and software update (2) • Updating processor software to latest version • A processor (e.g. the Broadcom 7405) comes with low level software (e.g. handling digital outputs) from Broadcom • Over the 2+ year lifetime of the processor, Broadcom will update the low level software, to add new features and correct bugs • The version of the low level software an STB manufacturer will use at STB launch depends on when in the processor lifecycle the STB manufacturer builds their STBs • The later you make your boxes, the later a version of the software you will use • Broadcom will generally only add new features like watermarking to the latest version of the software • So an STB manufacturer who released product on an early version of the software will need to upgrade to the latest version in order to get watermarking • As there will be a lot of differences between the early and late versions, the manufacturer/operator will want “full regression testing” of the STB • This is a full test of ALL of the functions of the STB, not just the functions which are being changed to add watermarking • Full regression testing takes time! SONY PICTURES ENTERTAINMENT CONFIDENTIAL
How hard is a software update? • The time taken to get a software update ready depends on how much functionality is being changed • But the testing that must be done before s/w update is a big part of the work involved • Software update for watermarking will likely require full regression testing, so will be a non-trivial effort • And the companies doing this will need to see a clear and significant benefit SONY PICTURES ENTERTAINMENT CONFIDENTIAL
(Steps in a software update) • Specify functions to be changed • Develop software in individual programmes and test (“unit tests”) • Combine software changes together and test them (“integration tests”) • Perform full testing of all STB functions (“regression testing”) • Distribute software update to update servers • Distribute software update over broadcast bearer and trigger STBs to adopt • This is likely to require a reboot of the STB SONY PICTURES ENTERTAINMENT CONFIDENTIAL
Grab bag of remaining technical issues • Which version of HDMI is needed? • Which version do most cables support? • SRM transport for HDCP • Processes for finding content on the net and determining if is a camcorded EW copy and action taken • This is probably clear, needs to be written up and responsibilities agreed • Bandwidth increase for watermarking • Question sent to Civolution on this SONY PICTURES ENTERTAINMENT CONFIDENTIAL