Monetizing Multiscreen Video Services: Securing the Endpoint...Pirates upload the content to...
Transcript of Monetizing Multiscreen Video Services: Securing the Endpoint...Pirates upload the content to...
Avi Ben Simon Video Security Software Solutions Product Director Avigail Gutman Operational Security & OpSec New Initiatives
May 18, 2016
Monetizing Multiscreen Video Services: Securing the Endpoint
Think Beyond Technology Think SECURITY
3 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Evolution of video content security
1990s Pay TV services being shared ! Conditional Access protection
Late 1990s Broader security approach needed ! Service protection
Card hacks ! Robust card protection Early 2000s Mid 2000s Late 2000s
Control word sharing ! Hardware based protection
OTT service sharing, app hacks ! Software based service protection
Since 2014 OTT content leak ! Stronger service & streaming piracy protection
Now & onward HDR/UHD challenges ! Integrated hardware & software protection
4 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MultiDRM Gateway
OTT
Gateway/PVR
Video delivery is getting complex
DLNA TV
Mobiles Computers
OTT Multi-DRM
IPC DRM
3rd party DRM devices: * PlayReady – xBox 360, STV * FPS – Old AppleTV * Widevine – Chromecast
CA DRM
DR
M
3rd Party OTT Services Netflix, YoutubeTV etc.)
OTT
• PC, Mac • iOS, New AppleTV • Android (AndroidTV, FireTV) • Windows Mobiles, METRO... • xBox ONE • PS3/4 • Roku • HDMI dongles
Multi-DRM Backend
Home Network
5 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Attacks happen across the value chain
Direct to Consumer
Acquisition Distribution Consumer Experience Production
Secondary Primary
Content Provider
Malware
Device Jailbreaking /
Rooting
Credential Sharing/Theft
Illegal Live Restreaming
DRM Hacking
Consumer App Hacking
Content Theft
Ransom-ware
Service Provider
Signal Theft
Server Exploit Denial of
Service
6 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What hackers are looking for in the endpoint
CONTENT sharing / stealing
SERVICE sharing / stealing
License encryption key (device private key in certificate-based devices) Enables opening all present and future licenses of a user Content encryption key (broadcast key) Allows opening specific content, but most importantly allows key redistribution (aka. key-sharing) attack Identity cloning or impersonation Allows attacker to access the same services as original identity
Clear compressed content or local/session encryption key Better quality than the re-encoded content Business rules abuse Expiration dates, rental periods etc. Clear uncompressed content Can be re-encoded
7 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Most enabling mechanism for hacking First obstacle (far from being the only one!) an attacker should overcome, therefore most popular on hackers forums
Studios require jailbreak (JB) / rooting detection in order to distribute premium content
Device jailbreaking / rooting Jailbreaking: The process of bypassing restrictions on iPhones and iPads to install other apps and tweaks not approved by Apple.
Rooting: A process similar to jailbreaking for hacking Android devices, game consoles, and so on. "Rooting" and "jailbreaking" are often used interchangeably.
Source: PCWorld
8 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Hide jailbreaking/rooting detection code in lower levels
Set business rule NOT allowing jailbroken/rooted devices when possible
Control via back end through license business rules
Continuously follow hacker communities and trends
Jailbreak / rooting detection best practices
9 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Looking for JB detection workaround
10 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Still looking for JB detection workaround…
11 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Others join the effort
12 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
13 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Looks harder than initially thought
14 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Defeating xCon
15 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Eventually …
16 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
App hacking • Most of the hacks in OTT • Simpler than DRM hacks
• Mainly to overcome: JB/Root detection User credential/rights checks Counters – playback, rental, etc. Concurrency Whitelisting Geo-blocking
• Used also to extend the possibilities beyond what the service allows
17 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Master key exploit
• Exploiting the difference in implementations • Hack the app, keep the signature
All your Java code Name: classes.dex SHA1-Digest: Mmg9clyqCVUNs31ywF0h71nNbfw=
• Present for a very long time on older Androids (4.x) • Cisco resolves this with package integrity technology
All your native code
Java verifies the last file
Native installs the first file
18 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Easy to change Java Application Code and repackage (Android signature check easily bypassed)
Secure Kernel should share include knowledge of the original certificate of application
At any startup the secure code should check that application was still using the right certificate
Ensure that the check is disabled on debug versions
Android package integrity
19 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Live streaming piracy is a growing problem
Easy to pirate Content redistributed live, in high quality, from legitimate devices
Growth in broadband increases viewer reach
Hard to stop Pirates’ operations are resilient, quick and inexpensive to restore
Take-down notices are ineffective especially for live events
Costly for rights owners FIFA World Cup 2014:
>20M illegal viewers and >$250M estimated revenue loss
20 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Digital Hole Analog Hole
Problem: illegal live streaming
Threat is growing as technology, infrastructure and connectivity evolves
Relatively easy to perform
Viewing experience is improving
Transition from card sharing networks to streaming networks
21 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Pirates upload the content to distribution infrastructure: CDNs, UGC, Cyberlockers, P2P
Revenue model – advertising Content quality – varies, from medium to high
Usually event based – content available during specific events
Content type – mainly live sports and premium TV-Series
Open for all, viewers usually watch for free Delay from live – minimal, from several seconds to few minutes
Problem: open internet streaming
22 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Pirates build a full service streaming networks Using “private” infrastructure or existing one Channel sources: Their own and/or from others Invest in looking legit
Revenue model – subscription, HW, ads Content quality – high
Usually channel based – content available 24/7 Content type – all, entertainment, sports
Delay from live – typically around 2-4 minutes Content taken from more than one broadcaster
Problem: pirate (closed) streaming networks
23 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automatic/manual Internet monitoring – to locate the content
Advanced solutions include identification techniques like watermarking technology
Legal – copy protection laws (e.g. DMCA) Targets distribution infrastructure and ISPs
Minimal influence on the pirate
Usually not in “real time” Covers mainly open internet streaming
Existing solutions
24 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Verify the pirate’s ID by sending a unique
command to the suspicious source
Identify piracy source with advanced fingerprint
techniques
Eliminate the piracy by deactivating subscriber access to content
Locate illegal streams automatically with StreamLocator or with OpSec
Best practice
Locate Identify
Eliminate Verify
LIVE Cycle
Technologies and intelligence to terminate illegal live streaming in real time
25 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Credential sharing and theft – many forms
$500 million lost revenue due to credential sharing
in 2015
Sharing with friends
Casual sharing (collusion)
Swapping of accounts Pooling accounts Selling valid or fraudulent accounts to many buyers
Business sharing (collusion)
Thief uses stolen credentials for his own viewing Thief sells stolen credentials to many buyers
Stolen accounts (parasitical) Source: Parks Associates
26 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Recommended approach: credential sharing piracy detection with analytics
Detection
Classification
Scoring
Policy
Detect that sharing occurs Differentiate between legal and illegal sharing
Classify into sharing types Continuously improve classification based on feedback
Calculate sharing likelihood score Define thresholds
Define challenges per sharing type Define actions per sharing type
27 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
AccountOwner
ProjectedSharer1
ProjectedSharer2 0
20
40
60
Casual Sharing
Business Sharing
Stolen Account
Likelihood Score
Likelihood Score
0 2 4 6 8
10
21-Jan 21-Feb
Num Users
Date
Sharing Type Detection Stolen Accounts
Business Sharing
Casual Sharing
Classify
Score
Media Sharing Protection: How it works
28 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Technology solutions to hacks on the endpoint
Direct to Consumer
Acquisition Distribution Consumer Experience Production
Secondary Primary
Content Provider
Malware
Device Jailbreaking /
Rooting
Credential Sharing/Theft
Illegal Live Restreaming
DRM Hacking
Consumer App Hacking
Content Theft
Ransom-ware
Service Provider
Signal Theft
Server Exploit Denial of
Service
Streaming Piracy Prevention
Media Sharing Protection
VideoGuard Everywhere
VideoGuard Everywhere
• Content protection • Service protection • Device protection • App protection • Prevention of streaming and media sharing piracy
• But that is not enough…
29 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Functional
Regional
Technology Forensics
Security Investigations
Cyber-Defense
APJC EMEA Americas
Research and Intelligence
Security Architecture
Global, holistic, specialized, long-term and ongoing
Beyond technology ! intelligence
30 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tracking and evaluation of DRM removal / circumvention tools: Analysis of DRM-removal or circumvention tools that we find
Hacker motivation assessment: Analysis reports on changes in hacker types and motivations.
Market-wide security reports: Analysis of hacking-related data, on DRM solutions, implementations, vulnerabilities and exploits Examining hackers’ specific target types (content, DRM, SP-operators, etc.)
Evaluation and monitoring of back-end deployment models: Back-end security design reviews, pen-testing / auditing of OTT-security implementations vis-à-vis the up-to-date best practices
Proactively addressing piracy
31 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Operational Security researched a potential customer’s OTT service and identified piracy activity based on three methods:
Case in point
32 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Some final recommendations…
33 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Customize protection per device
One size fits all Platform/project customized security
Common DRM components: one per development language
Platform porting & security components: one per platform
Device & project security components: one per device or project
Common DRM library: Platform DRM library provided in the form of portable source code
Gain robust security while maintaining consistent user experience across platforms
34 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Defense in depth Beyond content protection
Interlaced and upgradable security modules
Utilization of device and software platform unique capabilities
Trusted path implementation
Intelligence and proactivity
Think holistic!
35 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Contact us to: • Learn more about potential security threats to your video service and
solutions
• Schedule a deep dive session to learn how to protect your Content, Service, Device an Application in a simple and cost-effective manner
• Discuss a security analysis service engagement
We look forward to continuing the discussion
Avi Ben Simon Email: [email protected]
LinkedIn: https://il.linkedin.com/in/avi-ben-simon-1a2aa9