Watermarking in DRM systems

Watermarking in DRM systems B. Macq Communications and Remote Sensing Laboratory École Polytechnique de Louvain UCL - Belgium B-Crypt/ESAT:KUL/May 2009

Outline • DRM in an heterogeneous world • Business • Law • Technology • Conditional Access • DRM for digital cinema • Exhibition watermarks

Broadcast Home network Conditional Access Receiver Distribution Render. Unit Receiver Broadband DRM Mobile Terminal Business Models Protected Support Packaging Creation Value chain

Law expressivity oSDML - Signed Document Markup Language oSyncML - Synchronization Markup Language oTML - Telephony Markup Language oWML - Wireless Markup Language oXACL - XML Access Control Language oXACML - Extensible Access Control Markup Language oXFDL - Extensible Forms Description Language oXMCL - Extensible Media Commerce Language oXML-F - XML-for-Fax oXOL - XML-based Ontology Exchange Language oXrML - eXtensible Rights Markup Language

Introduction Watermarking’s communication scheme. • Communication channel with side-information. • Information hiding game. Cover media Distorting channel Watermark detector & decoder Detection confidence Watermark encoder & embedder Deformation Input message Output message Noise Key

Why digital cinema? • D-cinema needs specific solutions • Standard-based interfaces • Open & Interoperable system • Independent actor Confidential

Digital Cinema Specificity Very High Added-Value Content Security&Flexibility Confidential

Market model Distributors Intermediate actors • High level of security • Full end-to-end control • Projection rights enforcement • Security policy management • Secured audit trail reports Business rules Theaters Theaters Theatres Studios Players Players • Hidden security • Balance between enforcement and audit trail monitoring • In-theater screen and device management Confidential

Design philosophy • Respect cinema business rules ! • Strongcryptographic design • No security by obscurity • Public encryption algorithms & protocols • Platform protection • Interoperability • Open & standard based interfaces • Evolutivity • Component-based design • Built-in secure & dynamic renewability Confidential

Conditional Access ? • Conventional CA System = prevent unauthorized ‘access’ • CA for DC requires more than conventional CA ! • Content protection • & Rights enforcement • & Secured audit trails • & Modules & equipment certification • & Renewability • & Support of business agreements Confidential

Why NOT a pay-TV CA system? • Different markets • B2B and not B2C • Known and (a priori) trustworth actors • Bi-directional contractual relations • Actors can make economic pressure • Flexible system • Different techologies • File-based approach and not stream-oriented • Different paths for content and authorizations • Flexible individual and group theater management Confidential

Outline • Octalis introduction • System Overview • Technical Description • How does it work ? • Key technologies • System advantages • Roadmap & Business Model • Conclusions Confidential

Octalis’ system Three modules Two information paths: movies and rights Confidential

How does it work? Confidential

Octalis’ system Confidential

Key Technologies (1)XML-based entitlements • Description language • Unlimited expressiveness • Open and de-facto standard for e-business • Key advantages: • Built-in cryptography (encryption, signature) • Extensible • Fully integrated in the Dynamic Security Platform Confidential

Key Technologies (2)Dynamic Security • Component certification • Component revocation • Per-component access control • Role-based authorizations • Smart cards for strong security • Dynamic component downloading • Extensions, upgrades, patches • Component-level renewability • Immediate response to security attacks Preventinsiderattacks Confidential

Key Technologies (3)Equipment Certification • Equipment-level protection • certification & revocation • Manufacturer responsibility • Security policy • per studio • list of trusted manufacturers • per movie • security requirement Confidential

Key Technologies (3)Equipment Certification • IETF’s SPKI standard • Localnames • No root Certification Authority • Truststarts at the user/actor Confidential

System Architecture Octalis’ CA System Digital Rights Evaluator Engine Equipment Validation Engine Time Sched. Condition Evaluation Manager Security Policy Verifier Trusted Info. Manager Certificate Database Certificate Manager Logs Certificate Verifier Capability Registry Show time Min proj/day Max # shows … ACL Secured Database Smart Card Manager System monitoring and logging Confidential

Dynamic security platform Comp. 1 Comp. 2 Engine 3 Engine 4 Dynamic security platform Secure Device Authentication Protocol Certification Engine ... Confidential

Key distribution procedure • Studios and distributors: • generate their own keys • Theatres • receive their keys with the smart cards • Public keys • exchanged securely • guaranteed with certificates Confidential

Smart Cards • Store keys and SW modules of the DRM to increase the system security • Theatre: 1 smart card for all distributors No card swapping! • If different CA systems: • 1 additional smart card • /additional CA system • or /external distributor Confidential

Exhibition watermarking Cinema A Cinema E Cinema B Cinema D Cinema C

Digital Cinema Forensic Marking • Cryptography only protects content while transmission • Exhibition capture piracy happens at the end of the distribution pathway • Forensic Marking embeds tracking information into content at the time of playback (option in the Digital Cinema Initiatives – DCI Specs) – indicating time, date and location of playback FM

Survivability • Transparency • Adaptive method based on original image characteristics to decrease watermarking artifacts • Robustness • Image processing attacks (filtering, noise addition, resizing, brightness …) • Video processing attacks (time shifts, frame rate, …) • Format conversion (frequency, spatial resolution, …) • Camcorder capture & low bit-rate compression Note: we do not address in this paper collusion attacks

Transparency DCI Standard Eval. Material

Robustness to Camcorder capture and Compression 640x480 spatial resolution 470x260

Original image Captured image

Watermarking Resistant against Geometrical Transforms Benoit Macq www.tele.ucl.ac.be ACIVS 2003 Gent

Watermarking Cover media Watermarked media Embedding 010110100 Message Attacking channel key Extracted Message 010110100 Detection Attacked media < D Threshold > Confidence ACIVS 2003 Gent

Watermarking robustness Information made unreadable (Detection Scheme Weakness) Information removed, made irrelevant, or misused (Cryptographic, System-protocol Weakness) Synchronous Distortions (e.g. additive noise, Compression, Linear Filtering) Asynchronous Distortions (e.g. Geometrical & Temporal deformations) ACIVS 2003 Gent

Origin of the distortion • Usual processing : Distortion = unavoidable consequence • Editing • D/A & A/D Conversions • Malicious manipulation (tampering) : Distortion = target under constraints Constraints : quality, (complexity) Qualification of the origin depends on distortion’s nature and severity ACIVS 2003 Gent

Origin: Digital Cinema ACIVS 2003 Gent

Digital projector Digital Cinema Scenario Decompression module Compression module Central server Compressed Movie Files STUDIO/DISTRIBUTOR THEATRE ACIVS 2003 Gent

Digital projector Security Threads Decompression module Compression module Central server Compressed Movie Files STUDIO/DISTRIBUTOR THEATRE ACIVS 2003 Gent

Digital projector Watermarking Tracability of the source of piracy: exhibition fingerprint Unique identifier of the exhibition: -Unique ID of playback equipement -Date & Time Stamp ~ 40-60 bits payload Decryption Decompression & Fingerprinting module Smart Card Copy Control Watermark ? Encryption module Central server Central server Local server Compressed Movie Files Encrypted Movie Files STUDIO/DISTRIBUTOR THEATRE Find the movie theater that let somebody enter with a camera ! ACIVS 2003 Gent

ACIVS 2003 Gent

Origin: Print & Scan ACIVS 2003 Gent

Watermarking in DRM systems

Watermarking in DRM systems

Presentation Transcript

Digital Image Watermarking

Digital Watermarking

Watermarking

DRM

WATERMARKING

Watermarking and Steganography

11336: DRM

Spread Spectrum Watermarking

Reversible watermarking

Digital Watermarking

Investment in DRM Vanuatu

Multiple watermarking

Watermarking Video Content

OMA DRM

Watermarking Printed Images *

DRM networks in Russia

The DRM Component in DivX Certification

Image Watermarking

DRM/Computational Grids

DRM update