DRM

Digital Rights Management





A brief introduction

November 2010



Rajaram Pejaver

raj@pejaver.com









Note: The views presented here are solely those of

the author and do not necessarily reflect any views

of any MSO. Please contact the author if you have

comments or any objections regarding the content.

Outline

•Blah blah

•More blah









Outline

Digital Rights Management





 CA vs. DRM

 Definitions

 The Players

 The Technologies

 Apple Fairplay

 Typical Cable CA

 Microsoft PlayReady

 DECE UltraViolet

 Issues & Open Questions



2

CA vs. DRM

What’s the difference?



While both are used to protect content,

 “Conditional Access” is the term  “Digital Rights Management” is the term

typically used in Cable & Satellite TV. typically used for Internet based systems.

 The operator has control over the  The ecosystem is wild and dynamic with

STBs and the software on them. little control and many more threats.

 Connectivity between STBs and Billing  Connectivity to DRM License servers over

Systems are well defined and reliable. the Internet is much less reliable.

 Simple model: Subscriber either gets  DRM supports many more usage options

to watch HBO or not. and modes (disconnected, rights transfer.)

 The media being controlled is limited  DRM is expected to protect more than just

to video. video.

 In general, the requirements on the  As we will see, the architecture can be

architecture are much simpler. horribly more complex.





3

Definitions

What is this all about?



 Digital Rights Management:

– A way to limit access to content to Authorized users.

– A Technology for Distributors to Control Use of Content.

 Which Distribution Models use DRM?

Distribution Technology Examples

Intra Company Encryption Documents, Sales data, …

Limited / Corporate License keys Software, Garmin Map data, …

Consumer  DRM  Video, Music, books…



 Content: “Soft” products that can be stolen, including

– Video: Movies, Seminars, …

– Audio: Music, …

– Software: Games, programs.

– Books: Soft books, …



4

Definitions

more terms



 Control over content:

– Copy control: How many times can an item be copied (like CCI bits.)

 Never.

 N times (typically N = 1)

 Freely, within domain (typically Domain == devices in a household.)

 Really freely, anywhere, to the Internet, i.e. no copy control.

– Expiry date on content

 Usually varies from 90 minutes to 2 days.

 How many times can it be watched?

– What device is used to watch it?

 iPod like device or Home Theater PC.

 Device usually has special player software to interpret DRM.

– What time of day? (business hours, evenings, …)

– Who can watch it (user authentication required.)



5

The Players

Where are they coming from?



 Content Distributors: They care most about protecting content

– Copy & Viewer Control.

 Vendors of CE Equipment: They care about most about profits

– Stable DRM standards so that they can build products.

– Reasonable DRM licensing terms.

 Consumers: Just wanna have fun

– Flexibility in choosing content providers, equipment, delivery channel.

– Replay reliability & ability to back up purchased content.

– Privacy of usage.

 MSOs (Delivery Channel) Stuck in the middle

– Goal: just to keep all other players happy.

– DRM is really not an MSO’s war; they do it only because they have to.





6

The Technologies

Everyone has something to say.



 DRM Technologies from the past

– CSS for DVDs – Royally hacked (remember DeCSS?)

– AACS for DVDs – Practically hacked.

– BD+ for BluRay – Mostly hacked.

 Current DRM Technologies

– Apple FairPlay (in iTunes)

– Microsoft PlayReady (in Zune, SilverLight.)

– Adobe Flash Access (Flash streams.)

– Marlin (PS3), Widevine (NetFlix), …

 Upcoming Technologies.

– DECE’s Ultraviolet: "Digital Locker" by Neustar.

 Comcast is part of DECE.

– Disney’s KeyChest.



7

Apple iTunes Fairplay

Used for video & books only, not for audio.



 Content in MP4 container file is encrypted with a AES MasterKey.

 When a user purchases a title:

– A random UserKey is created and stored in the user’s account at Apple.

– MasterKey is encrypted with a random UserKey and added to MP4 file.

– MP4 file is sent to user’s device.

– UserKey is sent to iTunes repository on user’s device.

 When user wants to play title:

– UserKey is retrieved and used to decrypt MasterKey.

– MasterKey is used to decrypt content.

 When user wants to copy or transfer title to another device:

– User may need to first de-authorize existing device to stay within limits.

– Apple checks for the 5 device limit.

– Apple sends a copy of UserKey to device.

– Apple sends a copy of encrypted content to device.



8

Apple iTunes Fairplay

In animated action.



ContentA MasterKeyA User1KeyA

iTunes

repository

User1KeyA









User1KeyA

Encrypted User1KeyA



file

MasterKey

Encrypted MasterKey



Encrypted Content



MasterKey & UserKeys

Encrypted ContentA are stored in

Stored on Apple an Apple

Servers database







9

Typical CA system

Conceptually similar, but simpler than DRM





 CableCard (aka POD, aka M-Card / S-Card)

– Does all the decryptions.

– Has a unique User Key preprogrammed into it.

– Stores all keys: User Key + a key for each authorized Service.

User Key

All EMMs for each CableCard are

EMM Encrypted Service Key

retransmitted OOB every ~10secs.



Service Key

ECMs are retransmitted inband

ECM Encrypted Control Word

every ~2secs, in separate PES.



Control Word

Control Word (Video encryption

Video Encrypted Video Stream

key) is changed every ~2secs.



10

Microsoft PlayReady

Originally intended for mobile devices.



 Used by Netflix (v2) for video content

 Used by Microsoft SilverLight for active web content.

 It supports a wide variety of business models.

– subscriptions, rentals, purchases, gifting, pay-per-view and preview.

 Allows

– ‘Side-loading’ between devices in user’s domain.

– Streaming.

– ‘Superdistribution’, users forward content, but receiver has to pay to access.

 Much more intelligence ‘in the cloud’

– Needs connectivity to ‘cloud’ servers.

– Much more susceptible to glitches in service.

 Uses a lot of Public Key Crypto.



11

Microsoft PlayReady

Too many things in the clouds.









12

DECE UltraViolet

Digital Entertainment Content Ecosystem



 Members include:

– Adobe, Alcatel-Lucent, Best Buy, CableLabs, Cisco, Comcast, Cox

Communications, Fox Entertainment, Hewlett-Packard, Huawei Technologies,

IBM, Intel, Microsoft, Motorola, Nagravision, NBC Universal, Sony, DivX,

Dolby, DTS, Nokia, Panasonic, Paramount Pictures, Philips,…

 Combination of five existing DRM technologies:

– Adobe Flash Access, CMLA-OMA V2, Marlin DRM Open Standard,

Microsoft PlayReady and Widevine.

 Basic idea:

– Content encrypted with one MasterKey. Content encrypted with

– File contains MasterKey protected five ways. MasterKey

 Note: I said “protected”, not just “encrypted” MasterKey

– System is five times more vulnerable? protected with

CMLA

 Nonparticipants: MasterKey MasterKey

– Apple FairPlay, protected with protected with

Flash PlayReady

– Disney KeyChest.

MasterKey MasterKey

protected with protected with

Marlin WideVine

13

Issues & Open Questions

When will it all go away?



 Watermarking

– Need to indelibly associate a copy with a purchaser.

 Fingerprinting

– Associating a copy with its creator.

 Revocation of rights

– The amazing Amazon story.

 Transferring rights

– Users selling & trading content.

 Secure audio & video paths

– Does not stop piracy.

 It is a never ending chase…

– Every system will be hacked.



14

Thank you for listening!!

Now get back to work







 My solution?

– Make most content affordable.

– So that it is not worth the effort to hack it for profit.









15