Downloadable Security Discussion

DOWNLOADABLE SECURITY DISCUSSION

Bryant Tan May 2015

C ONNECTED DIGITAL HOME

• Platform Security • CA/DRM descrambling • Content • Local PVR encryption/ IEEE 1905.1 Protection decryption • HDCP /1.4 for HDMI1.4 • CableCard/smartcard OTT / Media Playerlayer• DTCP-IP for DLNA • HDCP2.x for Miracast Content IP (Client)ent) Delivery CableCCable GGateway STBB VoIP Gateway CableCable (Client)(Cl STBB Content Decoding Display Content/ 4K Video PortablePor DVRVR Data/ 4K Video Voice DBSD STB HDTV

xDSLxDSL Gateway PC Smart Tablet Phone

ARRIS Cisco CableCard JCAS/KLAD DTA/UDTA/HD-DTA EchoStar DIRECTV Cisco/NDS Nagra/Conax Irdeto Viaccess Verimatrix Latens Secure Media

Ericsson Mediaroom Widevine Microsoft PlayReady (WMDRM Portable and Network Device) DivX Marlin/Intertrust Netflix VUDU Amazon Adobe Pro:Idiom Tivo Rhapsody YouView CinemaNow Pandora Internet Radio Hulu ViewRight Web

Other Copy Protection System: DVB-CI DVB-CI+ CSS for legacy DVD CPPM/CPRM HDCP DTCP DTCP-IP Analog Copy Protection: Macrovision Dwight Cavendish Systems (DCS) CGMS-A

Anti-Clone Unique non-modifiable Hardware IDs/Keys per part Content Protection Conditional Access (CA) Descrambling Secure Key Path Content Key encryption and renewal Local PVR encryption/decryption Watermarking and fingerprinting tracing Secure Video Path Memory Protection Platform Protection Bootloader verification and Software Chain of Trust Debug Interfaces Protection Countermeasures for Side Channel Attacks Trusted Execution Environment/TEE (Security Processor, TPM, TrustZone)

Digital Output and Link Protection HDCP1.4/HDCP2.2 for HDMI1.4/HDMI2.0 DTCP-IP for DLNA HDCP2.x for Miracast Different schemes from DRM and CA vendors Gateway/Terminal to Terminal Protection SSL/TLS Breach Response Intrusion Detection Software Revocation and Renewal Certification/Robustness Rules Common Security Method/Standard/Implementation Liability

Intrusion Host Detection CPU

Local Encryption/ Conditional Memory Protection Decryption Access Descrambler

External Memory

TEE CPU 1) Non-Modifiable information 2) Root Key Derivation HDMI Transmitter 3) Crypto Accelerators (HDCP key protection) 4) 3rd Party Crypto Hardware

5) Secure Boot 6) Debug Interfaces Protection 7) Secure Key Path 8) Secure Video Path 9) Watermarking 10) Countermeasures

The black box is kept physically secure, with controlled and accountable access to the room/cage in which it resides

HW/SW NIC AUTOMATED TEST EQUIPMENT

BLACK (PRIVATE NETWORK) BOX AUTOMATED TEST HW/SW NIC EQUIPMENT SECURED CAGE

AUTOMATED TEST HW/SW NIC EQUIPMENT

HW/SW NIC AUTOMATED TEST EQUIPMENT

Side Channel Attacks Rather than Brute Force attack, these are attacks based on information gained from the physical implementation of a cryptosystem.

Timing Attack attacks based on measuring how much time various computations take to perform Glitch Attacks Voltage, Frequency,. Power Analysis Attacks Simple Power Analysis (SPA) Differential Power Analysis (DPA) Electromagnetic Analysis Attacks Simple Electromagnetic Analysis (SEMA) Differential Electromagnetic Analysis (DEMA)

Bootloader Verification/Decryption Loader Verification/Decryption Kernel/Rootfs Verification/Decryption TEE Software/Firmware Verification/Decryption, Renewability and Revocation Decoder Firmwares Verification/Decryption, Renewability and Revocation System Root of Trust RSA Public Key Chain or X509 Certificates Secure Bootrom or Security Processor

Downloadable Security Software Module (security module driver/ application to filter License Information (for eg EMM/ECM) and convert License Information into Key ladder information Each CA/DRM vendor can download its own Security SW Module, after passing the RSA signature verification. Need to define a set of common Software APIs and configuration file in loader SW so that we can download Security SW Module

General overview of the different approaches for providing secure processing on SOC’s – TEE, Root of Trust, etc. General overview of the partitioning between hardware and software for security functions General overview of how secure areas are ‘partitioned’ so that secrets for different services are kept separate or managed General overview of the types of threats that are being addressed and any specific threats out of scope General overview of security testing techniques, weak links, etc General overview of manufacturing considerations and platform requirements for the security elements Thoughts on the security risk associated with using a common security method/standard for a broad range of uses The challenges associated with supporting secure downloading of software security functionality Specific adaptations made for secure processing of MVPD content – compare and contrast any differing requirements for each MVPD vertical Specific adaptations made for secure processing of OTT content General thoughts on the necessary business relationships needed for securing content, division of liability, etc. Relevant specifications, standards, certifications, IPR, licenses, etc.