DRM landscape and online streaming

Transcript

1. DRM LANDSCAPE AND ONLINE STREAMING Jas (Jasmeet Chhabra) Jas Chhabra

2. Outline • What is DRM? • DRM standards • Microsoft Playready , Apple

   FairPlay , OMA DRM • DRM Techniques • Streaming standards • HTTP live stream, MPEG DASH etc. • DRM content playback • Silverlight, Flash, HTML5 Premium Video Extensions

3. DRM: what is it? • Digital rights management • Separates protected content

   and license rights. • DRM may be viewed as content owner’s effort to exert “remote control” over content after it is delivered to the recipient • Accomplished through cryptographic controls and controls on user platforms.

4. DRM : The reality • Cryptography is necessary but not sufficient

   for DRM • Cryptography was designed to deliver bits securely, not to protect them after they have been delivered. DRM is opposite of that. • DRM will always suffer from analog hole • For example you can record music being played by using a microphone

5. Basic Terms • Rights expression language: Defines rights and constraints on

   content • License server: issues licenses • License: Contains keys to access content and use REL to express rights and constraints • Secure player: Enforces the rules and constraints • Domain: Common group of devices that allow single domain license to be used. For example all of the devices in a household

6. Movie DRM standards for Disks •  CSS (Content Scrambling System)

   •  Used for DVD. •  Advanced Access Content System (AACS) •  Used for HD-DVD and blue Ray

7. Online Streaming services •  Current •  Microsoft PlayReady •  Apple

   Fairplay •  Future: •  Lots of players planning to move to HTML5 DRM •  HTML5 Premium Video Extensions This is our Focus

8. Other DRM technologies •  OMA DRM: Used by operators for

   Ringtones, Music, Wallpapers etc.

9. Relationship of various pieces • DRM: Defines how to protect content

   • Streaming standards: Define how content can be streamed adaptively • Player: Implementations of content viewer that include many DRM technologies and streaming standards

10. DRM: MICROSOFT PLAYREADY

11. Microsoft PlayReady Packaging Server: Packages content for distribution

12. Microsoft PlayReady Send appropriate data to various servers

13. Microsoft PlayReady License Server: •  Stores rights info for clients.

    •  Provide content right licenses to the client

14. Quick Note: Domain • A set of devices that belong to

    the same user • They may share content based on the rights granted by the content owner. • User may add or remove devices to the domain

15. Microsoft PlayReady Domain Controller: Stores domain membership info

16. Microsoft PlayReady Distribution Server: Distribute the actual content files

17. Microsoft PlayReady PlayReady Clients: Clients that play the media

18. Microsoft PlayReady Metering Server: Device maintains info on playback count

    etc.

19. Microsoft PlayReady: Business Models • Subscription • Purchase • Pay per view • Rental

    : Time based • Gifting

20. Distribution options • Download • Progressive Download •  Start playing when partially

    downloaded • Streaming • Sideloading content from PC to mobile phone •  Sync PC content to mobile device • Over the air distribution •  Direct delivery over wireless network rather than sideloading • Super Distribution •  Send and share with other users over email, wireless etc.

21. DRM: APPLE FAIRPLAY

22. FairPlay Overview • Apple’s closed format • Files are MP4 containers with

    an encrypted content •  MP4 can handle audio, video, images, text and other digital content • User keys decrypt the master key for the content • iTunes server keeps track of domain info and allows up to 5 machines to be authorized. • User keys are stored in key repository on the machine

23. DRM: OMA DRM

24. OMA DRM •  OMA: Open Mobile Alliance: Consortium of various

    mobile communication companies. •  OMA DRM 2.0 provides complete end-to-end protection system •  Based on concept of separating the license and content •  License is called Rights object (RO) •  RO contains content encryption keys and basic usage rules. •  License is generally created for a particular device

25. OMA DRM Architecture / Operation Rights issuer (RI) DRM Agent

    on Device Content issuer Usage rules + CEK Rights object (RO) Rights object acquisition protocol (ROAP) HTTP, … Protected Content 1 1.  DRM client requests protected content 2.  Rights issuer handles generation and delivery of rights object. •  Rights object includes usage rules and a CEK. •  If this is the first time RI and the device are communicating, RI also performs an enrollment process. 3.  DRM agent on device decrypts CEK and enforces usage rules 2 3

26. Other OMA DRM Concept • Domain: Set of devices where content

    can be shared • Super-distribution: separation of license and content allows content to be distributed through any channel. • Subscription: Enables business models based on subscriptions service. • Backup: Allows backup to external storage • Export: Enables export of OMA DRM content and rights to devices using other DRM protection.

27. DRM IMPLEMENTATION TECHNIQUES

28. DRM Techniques: Software Defense • Goal: Make it harder to reverse

    engineer • Common Techniques •  Anti-Debug •  Anti-Disassembly •  Obfuscation •  Guards: Tamper check parts of code •  Combining proprietary crypto with the standard crypto algorithm •  Using a combination of above is generally good. • Arxan is one company that employs many of these techniques

29. DRM Technique: BOBE-Resistance • Personalize each copy of software • Metamorphic software

    like Viruses • Functionally equivalent software with different internal structure on each machine • Update software in Real time

30. DRM Techniques: Hardware assisted • ARM TrustZone • Discretix

31. ONLINE STREAMING

32. HTTP Live Streaming(HLS) • Created by Apple • Used to distribute both

    live and on-demand files • Used to adaptively stream • Widely supported : Microsoft, RealNetworks, Wowza, Akamai • Exclusive way to deliver video in the apple ecosystem

33. HLS Overview • Server: •  Encode source into multiple files at

    different data rate •  Each chunk should be short: 5-10 seconds •  Load on http server with text based manifest fil3 (.m3u8) •  Manifest directs the player to additional manifest files for each of the encoded streams. • Client: •  Player adaptively selects the content chunks at different bitrates depending on the bandwidth/network quality, buffer status, CPU utilization etc.

34. HLS server side : One Video file Index File.m3u8 Alt

    Low index Alt Med index Alt High index Low_01.ts Low_02.ts Low_03.ts Med_01.ts Med_02.ts Med_03.ts Hi_01.ts Hi_02.ts Hi_03.ts

35. MPEG DASH • DASH: Dynamic adaptive streaming over HTTP • Codec agnostic

    • Core adaptive streaming similar to HLS • Manifest files and alternate stream urls. • ISO standard • Not as well supported as HLS

36. Other online streaming standards • HDS: HTTP Dynamic streaming •  Used

    for Flash video • HSS: HTTP smooth streaming •  Microsoft standard •  Part of IIS media server •  Enables streaming media to Silverlight

37. PLAYERS

38. Silverlight & Flash • Application frameworks for writing and running rich

    internet applications. • Similar to each other • Silverlight : Microsoft • Flash: Adobe • Used to deliver video : •  SilverLight: Netflix, Amazon •  Flash : Youtube

39. HTTP Premium Video Extensions • Media Source extensions • Encrypted Media Extensions

    • Web Cryptography API (WebCrypto)

40. HTTP Premium Video Extensions : Media Source extensions • Extends HTMLMediaElement

    to allow JavaScript to generate media streams for playback • Allows streaming service to use CDN to download content and feed to video tag for playback • Allows customized adaptive streaming

41. HTTP Premium Video Extensions : Encrypted Media Extensions • Extends HTMLMediaElement

    providing APIs to control playback of protected content • Provides standardized way from DRM systems to be used in browser • DRM standard agnostic

42. HTTP Premium Video Extensions : Web Cryptography API (WebCrypto) • Defines

    an API for "basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption.” • Allows Server to encrypt and decrypt communication between javascript and itself • Protects user data from inspection and tampring

43. Summary: Relationship of various pieces • DRM: Defines how to protect

    content • Streaming standards: Define how content can be streamed adaptively • Player: Implementations of content viewer that include many DRM technologies and streaming standards