DOWNLOADABLE SECURITY DISCUSSION Bryant Tan May 2015 Copyright 2015 Broadcom Corporation. All rights reserved. 1 TRADITIONAL VIDEO PROTECTION C ONNECTED DIGITAL HOME • Platform Security • CA/DRM descrambling • Content • Local PVR encryption/ IEEE 1905.1 Protection decryption • HDCP /1.4 for HDMI1.4 • CableCard/smartcard OTT / Media Playerlayer• DTCP-IP for DLNA • HDCP2.x for Miracast Content IP (Client)ent) Delivery CableCCable GGateway STBB VoIP Gateway CableCable (Client)(Cl STBB Content Decoding Display Content/ 4K Video PortablePor DVRVR Data/ 4K Video Voice DBSD STB HDTV xDSLxDSL Gateway PC Smart Tablet Phone Copyright 2015 Broadcom Corporation. All rights reserved. 2 CONDITIONAL ACCESS ARRIS Cisco CableCard JCAS/KLAD DTA/UDTA/HD-DTA EchoStar DIRECTV Cisco/NDS Nagra/Conax Irdeto Viaccess Verimatrix Latens Secure Media Copyright 2015 Broadcom Corporation. All rights reserved. 3 DIGITAL RIGHTS MANAGEMENT/DRM Ericsson Mediaroom Widevine Microsoft PlayReady (WMDRM Portable and Network Device) DivX Marlin/Intertrust Netflix VUDU Amazon Adobe Pro:Idiom Tivo Rhapsody YouView CinemaNow Pandora Internet Radio Hulu ViewRight Web Copyright 2015 Broadcom Corporation. All rights reserved. 4 COPY PROTECTION Other Copy Protection System: DVB-CI DVB-CI+ CSS for legacy DVD CPPM/CPRM HDCP DTCP DTCP-IP Analog Copy Protection: Macrovision Dwight Cavendish Systems (DCS) CGMS-A Copyright 2015 Broadcom Corporation. All rights reserved. 5 MOVIELABS 1.1 SPECIFICATION Anti-Clone Unique non-modifiable Hardware IDs/Keys per part Content Protection Conditional Access (CA) Descrambling Secure Key Path Content Key encryption and renewal Local PVR encryption/decryption Watermarking and fingerprinting tracing Secure Video Path Memory Protection Platform Protection Bootloader verification and Software Chain of Trust Debug Interfaces Protection Countermeasures for Side Channel Attacks Trusted Execution Environment/TEE (Security Processor, TPM, TrustZone) Copyright 2015 Broadcom Corporation. All rights reserved. 6 MOVIELABS 1.1 SPECIFICATION (CONT) Digital Output and Link Protection HDCP1.4/HDCP2.2 for HDMI1.4/HDMI2.0 DTCP-IP for DLNA HDCP2.x for Miracast Different schemes from DRM and CA vendors Gateway/Terminal to Terminal Protection SSL/TLS Breach Response Intrusion Detection Software Revocation and Renewal Certification/Robustness Rules Common Security Method/Standard/Implementation Liability Copyright 2015 Broadcom Corporation. All rights reserved. 7 HIGH LEVEL SECURITY MODULES Intrusion Host Detection CPU Local Encryption/ Conditional Memory Protection Decryption Access Descrambler External Memory TEE CPU 1) Non-Modifiable information 2) Root Key Derivation HDMI Transmitter 3) Crypto Accelerators (HDCP key protection) 4) 3rd Party Crypto Hardware 5) Secure Boot 6) Debug Interfaces Protection 7) Secure Key Path 8) Secure Video Path 9) Watermarking 10) Countermeasures Copyright 2015 Broadcom Corporation. All rights reserved. 8 BLACK BOX/UNIQUE KEY PROVISION SYSTEM The black box is kept physically secure, with controlled and accountable access to the room/cage in which it resides AUTOMATED TEST HW/SW NIC EQUIPMENT BLACK (PRIVATE NETWORK) BOX AUTOMATED TEST HW/SW NIC EQUIPMENT SECURED CAGE AUTOMATED TEST HW/SW NIC EQUIPMENT HW/SW NIC AUTOMATED TEST EQUIPMENT Copyright 2015 Broadcom Corporation. All rights reserved. 9 COUNTERMEASURES FOR SIDE CHANNEL ATTACKS Side Channel Attacks Rather than Brute Force attack, these are attacks based on information gained from the physical implementation of a cryptosystem. Timing Attack attacks based on measuring how much time various computations take to perform Glitch Attacks Voltage, Frequency,. Power Analysis Attacks Simple Power Analysis (SPA) Differential Power Analysis (DPA) Electromagnetic Analysis Attacks Simple Electromagnetic Analysis (SEMA) Differential Electromagnetic Analysis (DEMA) Copyright 2015 Broadcom Corporation. All rights reserved. 10 SOFTWARE/FIRMWARE VERIFICATION Bootloader Verification/Decryption Loader Verification/Decryption Kernel/Rootfs Verification/Decryption TEE Software/Firmware Verification/Decryption, Renewability and Revocation Decoder Firmwares Verification/Decryption, Renewability and Revocation System Root of Trust RSA Public Key Chain or X509 Certificates Secure Bootrom or Security Processor Copyright 2015 Broadcom Corporation. All rights reserved. 11 COMMON SOFTWARE API FOR DOWNLOADABLE SECURITY MODULE Downloadable Security Software Module (security module driver/ application to filter License Information (for eg EMM/ECM) and convert License Information into Key ladder information Each CA/DRM vendor can download its own Security SW Module, after passing the RSA signature verification. Need to define a set of common Software APIs and configuration file in loader SW so that we can download Security SW Module Copyright 2015 Broadcom Corporation. All rights reserved. 12 Q & A General overview of the different approaches for providing secure processing on SOC’s – TEE, Root of Trust, etc. General overview of the partitioning between hardware and software for security functions General overview of how secure areas are ‘partitioned’ so that secrets for different services are kept separate or managed General overview of the types of threats that are being addressed and any specific threats out of scope General overview of security testing techniques, weak links, etc General overview of manufacturing considerations and platform requirements for the security elements Thoughts on the security risk associated with using a common security method/standard for a broad range of uses The challenges associated with supporting secure downloading of software security functionality Specific adaptations made for secure processing of MVPD content – compare and contrast any differing requirements for each MVPD vertical Specific adaptations made for secure processing of OTT content General thoughts on the necessary business relationships needed for securing content, division of liability, etc. Relevant specifications, standards, certifications, IPR, licenses, etc. Copyright 2015 Broadcom Corporation. All rights reserved. 13 .