Post on 02-Feb-2016
description
A Digital Rights Enabled Graphics Processing System
A Digital Rights Enabled Graphics Processing System
Weidong Shi
Hsien-Hsin “Sean” Lee
Richard M. Yoo
Alexandra Boldyreva
Motorola Labs
Georgia Tech
Georgia Tech
Georgia Tech
Why Digital Rights Management (DRM) and Content Protection? Why Digital Rights Management (DRM) and Content Protection?
• id software Kevin Cloud
• "this (piracy) is what’s killing
PC games"
• “… but you may literally have more games being played illegitimately than being played
legitimately.”
• “… it is a very serious problem.
There isn’t any magical solution, or else we’d solve
it.”
Graphics As AssetsGraphics As Assets
• Protect graphics apps by protecting the graphics assets instead of the sw.
• Avatars, in-game graphics assets sale raise steadily
• $10M per month in-game assets sale in Korea alone
• $880M trading in US (2004)
It is a non-trivial taskIt is a non-trivial task
• If security is easy to add, it is easy to remove.
• Never underestimate the hackers (XBOX incidence)
• Graphics DRM
• Protect against SW attacks
• Protect against simple
“Radioshack” HW attacks
Software-based DRMSoftware-based DRM
• Disadvantages
• Insecure
• Not tamper proof
• Advantages
• Easy to change
• Flexible
3D apps3D apps
meshmesh texturetexture shadershader
OpenGL/Direct3DOpenGL/Direct3D SW
DRMDRM
Frame Buffer
DRM Design SpaceDRM Design Space
• Many design choices for unlocking DRMed contents.
• Hackers can always go to the level below to defeat a DRM system.
• Typical SW DRM unlocks at App level.
Real time3D apps
Real time3D apps
Graphics API(OpenGL/Direct3D)
Graphics API(OpenGL/Direct3D)
Device Driver
Device Driver
DRMed Contents
Unlock at App level
Unlock at API level
Unlock at Driver level
Unlock at Device level
Our Idea – DRM Enabled GPUOur Idea – DRM Enabled GPU
DRM Enabled GPU
Protected Graphics Assets
(mesh, textures, shaders)
• Protect graphics assets with encryption and rights licenses.
• Decrypt graphics assets by a DRM enabled GPU
DRMDRM
DRM Enabled GPUDRM Enabled GPU
• Advantages
• Strong security protection, contents decrypted
right before their consumption
• Against SW tampers/attacks
• API hijack, graphics file reverse engineering, etc.
• High performance
• HW decryption vs. SW decryption
• Disadvantages
• Less flexible
GPU with DRM BlockGPU with DRM Block
PCI-ExpressPCI-Express
Host/MemoryInterface
Host/MemoryInterface
Graphics/VideoMemory
Graphics/VideoMemory
GPU PipelineGPU Pipeline
VertexCacheVertexCache
TextureCache
TextureCache
CryptographicUnit
CryptographicUnit
LicenseProcessing Unit
LicenseProcessing Unit
Context Information
Context Information
DRMBlock
Rights License and Content KeysRights License and Content Keys
Public(GPU)
Private-pair(GPU)
license
licenseContent keys
• Graphics contents or assets are licensed
• Graphics contents or assets are encrypted with content keys. Encrypted content keys included in graphics content licenses.
• Content licenses are certified and distributed
• Only targeted GPU can extract/use the content keys from the licenses.
Binding ContextBinding Context
• Constraints of binding among vertex data, textures, and shaders
• Created based on graphics assets licenses
• Security context (protected when stored in exposed storage)
• Contains all information for decrypting graphics assets by a GPU
Binding Context
Vertex Attr Decryption Key, Digest Key
Texture Decryption Key, Digest Key
Shader Digest Key
Graphics API ExtensionGraphics API Extension
• Encrypted Data Array/Texture Types
• Encrypted{234}f, Encrypted_R8G8B8A8, …
• Encrypt collection of vertex attributes or texture tile as a chunk.
• Compute a digest or hashed MAC for each encrypted chunk
• Protected Graphics ObjectsglVertexAttribPointerPrivateARB(
0, Encrypted4f, GL_FALSE, 0, &vertex);
glVertexAttribPointerPrivateARB(8, Encrypted2f, GL_FALSE, 0,
&text_coord);
Graphics API ExtensionGraphics API Extension
• API Extension
• GenBindingContext(int size, int* ptr_to_handles)
• ConfigBindingContext( int handle, enum type, int graphics_object_handle, unsigned char* license)
type = Encrypted_VERTEX_ATTR0..15
type = PRIVATE_TEXTURE0..7 type = VERTEX_SHADER|FRAGMENT_SHADER|…
graphics_object_handle = handle to vertex,texture,or shader
license = license byte array
• EnableBindingContext(int handle)
• DisableBindingContext(int handle)
• DeleteBindingContext(int handle)
Graphics Data Protection Check Graphics Data Protection Check
Vertex/TexCache
&Vertex/TexFetch Unit
Vertex/TexCache
&Vertex/TexFetch Unit
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles…
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles
Digest/HMAC
Digest/HMAC
Digest/HMAC
Digest/HMAC
Digest/HMAC
Digest/HMAC
DecryptionUnit
DecryptionUnit
Vertex Attr
Decryption Key,
Digest Key
Texture Decryption Key,
Digest Key
Shader Digest Key
Binding Context
HMACUnit
HMACUnit
?
GPU Front-End
Counter Mode Example (Encrypted Texels)Counter Mode Example (Encrypted Texels)
Vertex/TexCache
&Vertex/TexFetch Unit
Vertex/TexCache
&Vertex/TexFetch Unit
EncryptedTexels
EncryptedTexels
Decryption KeyBinding Context GPU Front-End
Memory UnitMemory Unit
Graphics Memory
Graphics Memory
Graphics Memory
Graphics Memory
…Decryption
PadDecryption
PadAES EngineAES Engine
Texel TileCoord
Texel TileCoord OffsetOffset PaddingPadding
Counter value
Fetch AddressCal/Translation Fetch AddressCal/Translation
XOR
Division of Labor CPU-GPU Level-of-Detail Division of Labor CPU-GPU Level-of-Detail
CPU
GPU
Collision detection
Coarse backface culling
Transformation
Lighting
Animation
Unprotected Graphics Data
Protected Graphics Data
• CPU processes unprotected coarse level graphics data
• GPU processes protected fine-grained graphics data
Optional Depth Buffer ProtectionOptional Depth Buffer Protection
Frame BufferOperation UnitFrame Buffer
Operation Unit
Depth BufferDepth Buffer
DepthDecryption Unit
DepthDecryption Unit
Depth
Buffer
Symmetric Key
Context
DepthEncryption Unit
DepthEncryption Unit
Z-tile Z-tile
• Depth buffer key is applied to an application.
EvaluationEvaluation
Setting
Apps Quake 3D — 4 demo maps
GPU Simulator Qsilver (UVa)
AES unit # 8 (400K gates each)
Decryption Throughput/Latency
40Gb/ps x 8,
2.5ns per stage x 11 = 27.5ns
HMAC Unit # 8 (19K gates each)
HMAC Latency 74ns
Graphics Memory GDDR3 latency
Frame Rate ImpactFrame Rate Impact
• Frame rate slowdown using protected assets against regular assets
• Reasonable impact on frame rate
Normalized Frame Rate (%)
50
60
70
80
90
100
q3dm1 q3dm7 q3dm17 q3tourney average
Decryption Latency Sensitivity Decryption Latency Sensitivity
Normalized Frame Rate (%)
50
55
60
65
7075
80
85
90
95
100
q3dm1 q3dm7 q3dm17 q3tourney average
27.5ns Decryption Lat 40ns Decryption Lat
Sensitivity of Cache Miss RateSensitivity of Cache Miss RateNormalized Frame Rate (%)
50
55
6065
70
75
80
8590
95
100
q3dm1 q3dm7 q3dm17 q3tourney average
Low Miss (5%) Med Miss (10%) High Miss (20%)
ConclusionsConclusions
• Time to introduce DRM protection on real time graphics assets.
• The trend of GPU advancement enables new ways of protecting graphics assets.
• Graphics assets protection advocates joint research from DRM, Graphics, and GPU community.
• GPU-based graphics assets protection is more effective.
• We studied feasibility of GPU based graphics DRM.
• Further research is required.
Thank You!Thank You!
http://arch.ece.gatech.edu