[F1] Security Discussion with SPE 2012/10/23(Tue) Sony Corporation 2012/10/23Sony Confidential1.

[F1]Security Discussion with SPE

2012/10/23(Tue)Sony Corporation

2012/10/23 Sony Confidential 1

Agenda

• Introduction• High level Questions• SPE requirements• Phase 2: Marlin + NDS


Introduction(1)

• This presentation is for a security discussion according to an e-mail from Yoshi/SPE:– Subject:

• F1 Phase-1 security questions

– Date: • 2012/10/18(Thu)PDT• 2012/10/19(Fri) JST

• This answers the questions in the e-mail above.


Introduction(2)

• DRM structure:– Phase 1:

• Marlin BB• Hardware root of trust

– Phase 2:• Marlin BB• Will study Additional Features:

– Renew security with every download or with every title– Forensic watermark traceable to consumer’s Online Account


Introduction (3)

• For Forensic WM and NDS the following business factors need to be clarified and considered together with the technical feasibility. – Royalty– Multiple platform support (e.g. future TV chipsets)– Influence on future TV architecture


High level Questions1. By what means has the Marlin BB implementation been certified to meet the Marlin

C&R rules?2. How does the Marlin BB implementation enforce all Usage Rules?

1. For example, how does the system guarantee that only the F1 Box can receive licenses for 4k content?

3. What outputs are available on the F1 Box?4. What inputs are available on display devices that are able to connect to the F1 Box?5. What capabilities does the Marlin BB implementation have for determining whether

HDCP 2.0 or greater is enabled in display devices and HDCP 2.1 or greater is enabled in repeaters?

6. What is the behavior of the F1 Box if HDCP 2.x is not enabled? What if HDCP 1.x is available?

7. It is our understanding that compliant Marlin implementation must support renewability. Please explain how the Marlin BB implementation on the F1 Box can meet Marlin C&R rules without also providing renewability.

8. How does renewability propagate to F1 Boxes if the content is loaded from physical media?

9. How is content being transferred from one F1 box to another F1 box handled?10. Please provide feedback to the deck titled “F1 Box/security/server system, SPTECH

Feedback” that Yoshi presented in Tokyo on Sep.24.2012/10/23 Sony Confidential 6

High level Questions(1)

• Q: – By what means has the Marlin BB implementation

been certified to meet the Marlin C&R rules?• A:

– Marlin C&R rules will be applied to Marlin implementation portion. In addition to that, Sony will define new service requirements for 4k/F1.

– Sony thinks that 3rd party device certification is not necessary because any F1 capable devices are produced by Sony.



• Q:– How does the Marlin BB implementation enforce all Usage Rules?

• For example, how does the system guarantee that only the F1 Box can receive licenses for 4k content?

• A:– Marlin C&R rules will be applied to Marlin implementation

portion. In addition to that, Sony will define new service requirements for 4k/F1.

– F1 service provider will manage all the Marlin user/device keys and distribute content key encrypted by managed user/device keys for F1 service. This means that only the F1 Box can decrypt 4k content.



• Q:– What outputs are available on the F1 Box?

• A:– HDMI 1.4 w/ HDCP 2.x for Video. No analog ports.– No down conversion function is supported.



• Q: – What inputs are available on display devices that

are able to connect to the F1 Box?• A:

– 4K TVs should have inputs currently supported by 2K TVs. It must have an input that supports HDCP2.2.



• Q:– What capabilities does the Marlin BB implementation have for

determining whether HDCP 2.0 or greater is enabled in display devices and HDCP 2.1 or greater is enabled in repeaters?

• A:– The method of HDCP version determination will be supported

by F1 Box/HDCP mechanism (not defined by Marlin BB). • F1 Box only transfers any content by HDCP2.x. (not HDCP 1.x)• HDCP 2.1/2.2 defines the authentication method as follows:

– Source and Sink exchange AKE_Transmitter_Info (Tx) and AKE_Receiver_Info (Rx). This scheme is not defined in HDCP 2.0. That means that HDCP 2.1 or greater is enabled in repeaters if this exchange is completed.



• Q:– What is the behavior of the F1 Box if HDCP 2.x is

not enabled? What if HDCP 1.x is available?• A:

– For HDCP 1.4, content is not transferred and down conversion is not supported. Error message (notice) may be thrown to the display (TBD).



• Q:– It is our understanding that compliant Marlin

implementation must support renewability. Please explain how the Marlin BB implementation on the F1 Box can meet Marlin C&R rules without also providing renewability.

• A:– Marlin specification refers to renewability.

However, the details of renewability is not defined and is not implemented in Marlin device.


High level Questions(8)• Q:

– How does renewability propagate to F1 Boxes if the content is loaded from physical media?

• A:– Moving Target (program for renewability including

content key) are not recorded in physical media. They would be distributed by F1 server at the Phase 2.


F1 Box

Physical Media

F1 encrypted

content

F1 Server

Request

Moving Target (Phase 1: Marlin License)

Moving Target

Decrypt

F1 TV

Content Key


• Q:– How is content being transferred from one F1 box

to another F1 box handled?• A:

– Would not be supported at Phase 1.



• Q:– Please provide feedback to the deck titled “F1

Box/security/server system, SPTECH Feedback” that Yoshi presented in Tokyo on Sep.24.

• A:– What kind of feedback is necessary?


SPE requirements


Items SPE Requirements F1 box security SPE Comments / Questions 1 A new approach to security Marlin BB + Enhanced New Feature

(Forensic watermark capable etc.) What is the set of “Enhanced New Feature” that will be provided by the F1 Box solution?

2 New compliance & robustness requirements

Trusted Execution Environment based on Uniphier security(e.g. Secure Boot, DRM process in H/W)

This requirement speaks to the need of moving beyond the limitations of existing C&R rules used in the industry. How does the F1 Box solution meet this requirement?

3 Designed and reviewed by organizations expert in security

Combination of Established Technologies This requirement is directed at the process of establishing a new standard for C&R rules. How does a “combination of established technologies” achieve this goal?

4 Single content protection system

Only “Marlin BB + Enhanced New Feature”

This requirement speaks to the ECP ecosystem as a whole. Having a collection of solutions multiples the attack surface area. It is not established that we would choose Marlin BB as that single content protection system.

5 3rd party device certification Dedicated service for only Sony devices This requirement is a response to the limitations of self certification that have caused endless problems in other ecosystems. Having established new C&R rules, the requirement is that a 3rd party certify implementations.

6 Active monitoring and response

Player Integrity Check by Security Code cannot be applicable to Uniphier

This requirement refers to the need to identify breaches and respond to them with countermeasures. Player integrity checking is an important feature but does not address the requirement.

7 Renew security with every download or with every title

See question 7 above

7-1 Individualized Encryption Multiple Segments encrypted with Different Keys

Please provide details. What is the granularity of the individualization?

7-2 Individualized Key Retrieval Key Retrieval from Security Code cannot be applicable to Uniphier

Please explain

8 Hardware protected video path

Cannot run snooping applications to retrieve decoded frames due to secure boot.

Please describe how each segment of the video path is protected

9 Hardware root of trust Trusted Execution Environment available (e.g. Secure Boot, DRM process in H/W)

Please describe how these features are utilized by the F1 Box solution

10 HDCP 2.1 only Planning to support HDCP2.x 11 Verance watermark

detection Will support Cinavia (Note: AACS flags which need AACS approval ?)

Is this for all content played on the box?

12 Playback license tied to consumer’s Online Account

Will be supported by Marlin BB

13 Forensic watermark traceable to consumer’s Online Account

Will introduce AACS Sequence Key like approach. Server will prepare several segments which have different watermark and distribute unique combination of segments to user.

Please confirm your specific plans for handling forensic marking. Can F1 box support client side forensic marking such as the Civolution or Verimatrix Premium VOD systems (not a baseband watermarking, but in compressed domain)? If not, what level of collusion can be detected in one ripped file? How many seconds of content is required to recover the watermark?(FYI, for Phsae-0, SPE decided not to use Civolution solution.)

SPE requirements(1)

• Requirements:– A new approach to security

• F1 box security:– Marlin BB + Enhanced New Feature (Forensic

watermark capable etc.)• SPE Comments / Questions:

– What is the set of “Enhanced New Feature” that will be provided by the F1 Box solution?

• Sony Comments:– Hardware root of trust and HDCP 2.2 at Phase 1.


SPE requirements(2)

• Requirements:– New compliance & robustness requirements

• F1 box security:– Trusted Execution Environment based on Uniphier security

(e.g. Secure Boot, DRM process in H/W) • SPE Comments / Questions:

– This requirement speaks to the need of moving beyond the limitations of existing C&R rules used in the industry. How does the F1 Box solution meet this requirement?

• Sony Comments:– Sony will define new service requirements for 4k/F1.


SPE requirements(3)

• Requirements:– Designed and reviewed by organizations expert in security

• F1 box security:– Combination of Established Technologies

• SPE Comments / Questions:– This requirement is directed at the process of establishing a

new standard for C&R rules. How does a “combination of established technologies” achieve this goal?

• Sony Comments:– Hardware root of trust and HDCP 2.2 according to new

service requirements will achieve this goal. 2012/10/23 Sony Confidential 20

SPE requirements(4)

• Requirements:– Single content protection system

• F1 box security:– Only “Marlin BB + Enhanced New Feature”

• SPE Comments / Questions:– This requirement speaks to the ECP ecosystem as a whole. Having

a collection of solutions multiples the attack surface area. It is not established that we would choose Marlin BB as that single content protection system.

• Sony Comments:– What are the concerns for Marlin BB + Hardware root of trust +

HDCP 2.2?


SPE requirements(5)

• Requirements:– 3rd party device certification

• F1 box security:– Dedicated service for only Sony devices

• SPE Comments / Questions:– This requirement is a response to the limitations of self

certification that have caused endless problems in other ecosystems. Having established new C&R rules, the requirement is that a 3rd party certify implementations.

• Sony Comments:– 3rd party device certification is not necessary because any F1

capable devices are produced by Sony.2012/10/23 Sony Confidential 22

SPE requirements(6)

• Requirements:– Active monitoring and response

• F1 box security:– Player Integrity Check by Security Code cannot be applicable to

Uniphier• SPE Comments / Questions:

– This requirement refers to the need to identify breaches and respond to them with countermeasures. Player integrity checking is an important feature but does not address the requirement.

• Sony Comments:– Understood that the player integrity checking does not address the

requirement.


SPE requirements(7)• Requirements:

– Renew security with every download or with every title• 1. Individualized Encryption• 2. Individualized Key Retrieval

• F1 box security:– 1. Multiple Segments encrypted with Different Keys– 2. Key Retrieval from Security Code cannot be applicable to Uniphier

• SPE Comments / Questions:– 1. Please provide details. What is the granularity of the individualization?– 2. Please explain

• Sony Comments:– 1. Individualized Encryption is out of scope for Phase 1.– 2. Study of renewability of NDS for Phase 2


SPE requirements(8)

• Requirements:– Hardware protected video path

• F1 box security:– Cannot run snooping applications to retrieve decoded

frames due to secure boot.• SPE Comments / Questions:

– Please describe how each segment of the video path is protected

• Sony Comments:– Decoded video cannot be accessed by a malicious process.


SPE requirements(9)

• Requirements:– Hardware root of trust

• F1 box security:– Trusted Execution Environment available (e.g. Secure Boot,

DRM process in H/W)• SPE Comments / Questions:

– Please describe how these features are utilized by the F1 Box solution

• Sony Comments:– Core functions are processed in secure H/W and malicious

applications cannot be executed.


SPE requirements(10)

• Requirements:– HDCP 2.1 only

• F1 box security:– Planning to support HDCP2.x

• SPE Comments / Questions:– N/A

• Sony Comments:– N/A



• Requirements:– Verance watermark detection

• F1 box security:– Will support Cinavia (Note: AACS flags which need

AACS approval ?) • SPE Comments / Questions:

– Is this for all content played on the box?• Sony Comments:

– Yes.2012/10/23 Sony Confidential 28


• Requirements:– Playback license tied to consumer’s Online

Account• F1 box security:

– Will be supported by Marlin BB• SPE Comments / Questions:

– N/A• Sony Comments:

– N/A2012/10/23 Sony Confidential 29

SPE requirements(13)• Requirements:

– Forensic watermark traceable to consumer’s Online Account• F1 box security:

– Will introduce AACS Sequence Key like approach. Server will prepare several segments which have different watermark and distribute unique combination of segments to user.

• SPE Comments / Questions:– Please confirm your specific plans for handling forensic marking. Can F1 box support

client side forensic marking such as the Civolution or Verimatrix Premium VOD systems (not a baseband watermarking, but in compressed domain)? If not, what level of collusion can be detected in one ripped file? How many seconds of content is required to recover the watermark? (FYI, for Phsae-0, SPE decided not to use Civolution solution.)

• Sony Comments:– No Sony proprietary Forensic WM solution are being planned. – Our understanding is that the level of collusion detection study is being handled by SPE. – Client side implementation of SmartEmbedder still under study.


Marlin + NDS

• Currently Sony is in a study phase.• Basic Concept:

– Renewability would be introduced using NDS DRM Agent and Moving Target.

– Marlin License File (incl. content key) is distributed to F1 Box protected by Moving Target.

• i.e. Moving Target securely contains Marlin License File by encryption/obfuscation.

– For non-compliant device (e.g. emulator), the Moving Target doesn’t work.


Basic Concept; Marlin + NDS


F1 Box

F1 encrypted

content

Marlin Server

1, Marlin Protocol; Request

4, Marlin Protocol; Response

Decrypt

F1 TV

Content Key

NDS Server

2, B2B Protocol; Request

3, B

2B P

roto

col;

Resp

onse

User/Device ID

User/Device ID

Moving Target

Marlin License

Marlin License

Moving TargetMarlin License

Moving TargetMarlin License

NDSExecute

MarlinProcess License

Marlin License

Moving Target

CDN

DRM Agent

Marlin Module

Basic Architecture; Marlin + NDS


SoC

OS (e.g. Linux)

A/V Process HDMI Marlin

Module

Moving Target

… NDS DRM Agent

Device Specific Call

Standard OS Call

Implemented by NDS

Created by NDS and downloaded with content

• Currently Sony is in a study of NDS Calls (APIs). Are they feasible to be implemented?• APIs:

– Device Specific Calls:• DRM_SEC_GetUniqueIdentifier (To get MAC address)• HW based AES encryption and decryption API• Non Volatile memory – API for RW access• Etc.

– Standard OS Calls:• memcpy• Etc.

• Idea to implement:– Sony provides libraries to support all the NDS proposed APIs.– Then, NDS implement the DRM Agent for Sony F1 Box.– Sony does porting to F1 Box.

[F1] Security Discussion with SPE 2012/10/23(Tue) Sony Corporation 2012/10/23Sony Confidential1.

Documents

Transcript of [F1] Security Discussion with SPE 2012/10/23(Tue) Sony Corporation 2012/10/23Sony Confidential1.