Simplifying Our Brand and Our Message

Information Security – Theory vs. Reality

0368-4474-01, Winter 2011

Lecture 13: Conditional Access and Digital Right Management Guest Lecturer: Itsik Mantin

1 CA/DRM Security

Itsik Mantin NDS

• Introduction – About NDS – Cryptography and security – Content Delivery Systems • CA/DRM Systems • On Smart Card Security • On STB Security • Content Protection Standards • Meeting Reality • Epilog

Digital Rights Management • A class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale Conditional Access • The protection of content by requiring certain criteria to be met before granting access to this content. The term is commonly used in relation to digital television systems, most notably satellite television.

Program Content

Satellite dish

Access ECM Generator Criteria of ECM (ECMG) the Program Traffic

• Block cipher: AES, DES, TDES, … • Authentication protocols: Fiat-Shamir • Mode of operation: ECB, CBC, CTR, … • Padding • Stream Cipher: RC4, A51/2… • Entropy • Hash functions: SHA-1, MD5, SHA-2, … • Key management • Symmetric signatures: HMAC, CMAC • Key derivation • Digital Signatures: RSA, El-Gamal • Certificates • Key exchange protocols: Diffie- • Public-key infrastructure Hellman

• Cryptography – Encryption vs. Authentication – Randomness vs. pseudo-randomness – Symmetric-key encryption vs. asymmetric-key encryption – Symmetric-key authentication vs. asymmetric-key authentication • Security – Global/universal key vs. unique key – Software security vs. hardware security – “Regular mode” vs. privileged mode – What can happen vs. what is supposed to happen – Device security vs. end-to-end security

• Cryptography: – Message confidentiality: Only the intended recipient(s) can read the message – Message integrity: Recipient can verify that sender’s message has not been altered – Message non-repudiation: Sender cannot deny generation of the message – Entity authentication: People and machines can authenticate the identity of an entity • Security = Policy Enforcement

Conditions Entity Resource

• Security vs. cryptography is similar to … – … Restauranting vs. Cooking

• The heart of restauranting is cooking, but you need more…

Still, a good restaurant will always rely on a good chef

Satellite Cellular Digital Closed IP Internet Terrestrial

Cables

Subscription

Pay per view/listen/read Ad-based

Confidential ©NDS Ltd 2011. All rights reserved. • Who am I? DRM Flow • What am I entitled to? • What is this piece of content? • Hmmmmm… Client Activation Service enabling • Device keys • Service keys • Device license • Service terms

Content provisioning License provisioning • Get content • Get content keys • Get content terms

• Introduction • CA/DRM Systems • On Securing Smart Cards • On Securing STBs • On Securing DRM Software • Content Protection Standards • Meeting Reality • Epilog

Crypto-privacy: encrypt a message between Alice and Bob. They trust each other but do not trust Eve. The DRM problem: Bob is the potential enemy!!!

Alice (sender) Bob (recipient) Client Client Cloning and Reverse Service Engineering Eve Abuse

1. Bob’s the enemy Digital fortress for: 2. Broadcast 1. Entitlement resolution 3. One-way 2. Key management

Threat Analysis • Put security “goals”

Security Design • Obtaining these goals (PRIORITIZATION!!!)

Security analysis • Figure out what threats remain applicable

Security maintenance • Monitoring • Security updates • Security responses

Service attack Content attack Hardware attack

Unauthorized usage of Getting the service Content stealing hardware (e.g., STB, iPhone, without paying PS3)

Content consumption not Distribution (e.g., black Who cares? according to usage “rules” market DVDs)

Operator Content provider Device vendor

• One-time process • May take significant effort (and $$$) • Research: Reverse engineering the device and security analysis • Development: designing methods and tools for attacking a single R&D device

• Per-device effort • Invest a moderate effort in attacking a single device Production • Distribution over the Internet or technical agents

From where will the Hacker Get in?

Threat Hack

• What does the attacker want to • How would the attacker achieve achieve? (land a UAV in hostile his goal? (flood frequencies for land) DoS + forge headquarters)

• Motivation (billions of dollars) • Required resources (technical skills, data, time, money) • Attacker’s profile (powerful government) • Likelihood

• Potential Damage • Easiness

A downloadable program that allows: 1. Unlimited view 2. Getting the content 3. For good!

NO Single point of failure Layered security architecture (“Security Fences”) • Security component with minimal • Prevent cloning function (aka kernel) • But also detect cloning • “Assume” hacks for the rest Think as an attacker

Dynamics No game over • Moving target • Renewability: recovery procedures • Differentiate (anti domino effect)

 Belt and suspenders  Multiple, diversified defenses  Force adversary to master several disciplines

 Examples  Secrets dispersed between system components  Combine math tricks with engineering tricks

Anti- Tamper- Security Reverse- Resistance Engineering

Performance Footprint Hardware Overhead Overhead

$$$$$

 Applicable for small non-critical-path components  Used for sensitive functions  Key processing  Business rules processing  Logging  Content processing

• Differentiate between systems: prevent domino-effect

• Make the system a moving target: – Change algorithms – Change flows (time, memory)

• Minimize the attacker’s ROI (Return on Investment)

• Recovery procedures • Renewable security

DecryptCw(BR, ECW) DecryptCw(BR, ECW) { { If CheckBR(BR) == True If CheckBR(BR) == True { { KLoadCWEKey() KLoadCWEKey() CWDec(K, ECW) TK  Hash(BR, K) } CWDec(TK, ECW) } } }

Book Selling over Pay-TV over Satellite Security Mechanisms Internet: 1. Bob’s the enemy 1. Bob’s still the enemy 1. Bob’s still the enemy 2. Broadcast 2. Per-client encryption 2. Unicast 3. One-way 3. Online authentication 3. Two-way 4. Large consumable 4. Fingerprinting 4. Smaller consumable

We would not to secure ourselves out of business!

• Introduction • CA/DRM Systems • On Securing Smart Cards – Smart Card Security – Coping with Fault Analysis • On Securing STBs • On Securing DRM Software • Content Protection Standards • Meeting Reality • Epilog

Pirate registration to • Pirate cloned cards (green cards, blue cards) the service

More time • Block service cancellation messages

More entitlements • Change entitlements to “Premium”

NDS cards CA are too Battlefield hard to is now the hack STB

Execution fault

• Skipping one or more instructions Limited control on the exact line (can be overcome through iterative process) • Replacing one or more instructions Limited control on which instructions are put instead • Changing some control data A status variable or the address of a JMP/ Branch

Data fault

• Change volatile/non-volatile memory (registers, RAM, EEPROM)

Crypto Data Exec. Exec. Faults Faults

Bypass “Better” Attack Control Crypto Security Code Crypto Data Keys Mech. Regions Algo.

Side- Break Read- Hybrid Channel Access through- FA/PA Crypto Control Write Attacks Attacks

• Introduction • CA/DRM Systems • On Securing Smart Cards • On Securing STBs • On Securing DRM Software • Content Protection Standards • Meeting Reality • Epilog

• Closed platform (STB) or an open one (PC, tablet) Robust • Software obfuscation software • Moving target approach

Secure CPU • Secure execution environment

Fixed Secure • Applicable also to horizontal markets HW • GAME OVER avoided by revocation

• Tamper-resistance Replaceable • Rev-enge resistance Secure HW • Applicable only to vertical markets • No GAME OVER situation

Vertical software- only devices Secure • Mobile handsets replaceable • Digital radio hardware • Qisda • STB+SC • Legacy STBs

Secure hardware Horizontal devices • VGS • iPad • NSK • Samsung Galaxy • Smart phones • Digital TV • PC

STB PCB Code RAM Content RAM Code

STB Chip Flash

Co-processor

Content

• Introduction • CA/DRM Systems • On Securing Smart Cards • On Securing STBs • On Securing DRM Software • Content Protection Standards • Meeting Reality • Epilog

Business Business rules rules resolution

Content Keys Descrambling

Rendering

App1 App2 Bad DRM App3 App Client

Applications

Storage

Transport API OS Kernel

• Introduction • CA/DRM Systems • On Securing Smart Cards • On Securing STBs • On Securing DRM Software • Content Protection Standards • Meeting Reality • Epilog

Devices are leaves of a complete binary tree Collection of Subsets: S := {all complete subtrees}

k00

k001

k0011

D1 D2 … D4………………………………………………… Dn

Di gets keys of sub-trees of which it is a leaf:

D4 := {k, k0, k00, k001, k0011} In other words:

Di gets keys associated with nodes on path from root to Di

k00

k001

k0011

D1 D2 … D4………………………………………………… Dn

Confidential ©NDS Ltd 2011. All rights reserved. Broadcast Encryption for Stateless Receivers 03/11/200449 Complete Subtree Method (III) Revoking a set of receivers R: Find a minimal cover of non-revoked devices ! Algorithm: Trees hanging off Steiner Tree of R Example: R = {D1, D2, D4}

 encrypt with k1, k01, k0010

ST{D1, D2, D4} k01

D D … D4………………………………………………… D 1 2 k0010 n

• Content Protection standards • Targeted for horizontal markets

• DVD protection (CSS, AACS) • Link protection (HDCP, DTCP, CI+)

Content

License

Secure Channel

Policy Crypto • Content usage rules • Public key infrastructure • Device authorizations – Mutual authentication • Content consumption licenses – Device Certificates – Revocation scheme • Session key establishment • Content scrambling

• A single broken device affects the security of the entire ecosystem

• Only way to limit the damage is device revocation

• DVB (Digital Video Broadcasting) – the standardization body for broadcast

• DVB-CSA2: a 12-old cipher used in most of the European satellite broadcasting networks

• DVB-CSA3: a replacement cipher

• Introduction • CA/DRM Systems • On Securing Smart Cards • On Securing STBs • On Securing DRM Software • Content Protection Standards • Meeting Reality • Epilog

Understand the battlefield: Functions and constraints

Put security goals: threat analysis

Security design

Security maintenance

מתוך דו"ח מבקר המדינה 58א כלפי התנהלות צה"ל משנת 2000 עד מלחמת לבנון השניה

מעיון קיצוצים בפרוטוקול בתקציב, הדיון הנהגתעולה כי שיטות הפרטההמשתתפים בצהבדיון", ל, לרבות מדיניות ראש כלכלית הממשלה, גרועה, לא הביאוהגיבו על .דבריו אלה. לתוצאות כמו כן, שליליות לא נמצאשפגעו כי ביכולת הממשלה הצבא דנה בנושאוהמילואים חיוני לפעול זה כפי בעקבות שנדרשדבריו ."המהותיים של שר הביטחון וניתחה את המשמעות הנובעת מהם באותו דו"ח הוסיף המבקר, כי "בשנים 2003 עד 2005 דיווח צה"ל לדרג המדיני כי קיימת פגיעה מתמשכת באימוני מערך המילואים בכוחות היבשה עקב קיצוצים בתקציב, אך לא הציג את המשמעויות המבצעיות של פגיעה זו ואת השפעתה על כשירות מערך המילואים למלחמה, כגון: פגיעה ביכולת לממש תכניות מבצעיות, בין השאר, הכרסום מבחינת בלגיטימציהמשך של הזמן כוחות הנדרש המילואים לביצוען או והצבא הפגיעה בחברה נתן ביכולת של אותותיו החיילים באופן להפעילמובהק . אמצעי בהתנהלות לחימה מלחמת שונים. לבנון בדיון על השניה. תקציב התנהלות מערכת לקויה הביטחוןאשר לשנת שורשיה 2006 שנים קודם שהתקיים לכן באוגוסט 2005 בראשות ראש הממשלה דאז מר אריאל שרון, ציין שר הביטחון דאז, מר שאול מופז, כי מערך המילואים של צה"ל אינו כשיר עקב הפגיעה באימוניו.

• When security is OK, resources are cut – “There is no war. Why invest XXX Giga-$ in a military?”

• However, when security fails...