anycast connect - federal communications commission · anycast connect 2-way embedded client for...
TRANSCRIPT
© 2014 KUDELSKI GROUP / All rights reserved.
anyCAST CONNECT June 2, 2015
2 C O N F I D E N T I A L 222 2
KUDELSKI MAIN BRANDS AND ACTIVITY LINES
INTEGRATED DIGITAL TV
CYBER SECURITY
PUBLIC ACCESS
Integrated security and multiscreen user experience solutions for the monetization of digital media.
Innovative, flexible and cost-efficient solutions to deliver premium content securely over broadcast,
broadband and connected devices.
Renewable Conditional Access Modules for digital TV access; full range of SD and HD
set-top boxes and chipsets.
Integrated access and management solutions for car parks, ski lifts, sports, entertainment
and exhibition facilities.
Tailor-made cyber security solutions and services for enterprises, financial institutions,
government agencies and media customers.
3 C O N F I D E N T I A L 333 3
NAGRA Digital TV: 3 Product Units
C o n t e n t & A s s e t S e c u r i t y
C o n n e c t e d D e v i c e s & U s e r E x p e r i e n c e
M u l t i s c r e e n
DIGITAL TV SOLUTIONS
pp
anyCAST CAS/DRM/MDRM
OpenTV STB Middleware & Applications
MediaLive Service Platform & Secure Player
4 C O N F I D E N T I A L 444444444 4
CONNECT Clients: STB, TV, Open Devices
5 C O N F I D E N T I A L 555 5
anyCAST CONNECT 2-way embedded client for STB, Gateways and mobile devices Includes PRM (Nagra DRM)
Security adapted for any device Nagra HW RoT, 3rd Party RoT or pure software
Converged Security Service Platform for single product definition and SMS integration
Supports Broadcast & OTT distribution
6 C O N F I D E N T I A L 6666666666 6
anyCAST PRM (DRM)
DRM for MVPD “rich” use cases
1-way and 2-way
multiple devices STB, iOS, Android, Mac, PC
DECE and DTLA approved DRM solution for OTT and Home Networking
7 C O N F I D E N T I A L 7777777 7
anyCAST CAS & PRM (DRM) in Mixed Use Cases
8 C O N F I D E N T I A L 88888888 8
Merged CAS & DRM Platform - anyCAST
MANY previous CAS and DRM platforms Now all combined with “common crypto” including across CAS and DRM
9 C O N F I D E N T I A L 999 9
Server Infrastructure Server Infrastructure
Device Device
Messaging: a CAS that works like a DRM
Middleware manages connection Head-End Encrypted Media Extensions (EME) Compatable In Band (Broadcast) EMM no longer needed
SMS / CMS CAS HE
Middleware CAS Client
Broadcast system
Portal CAS HE
Middleware Connect Client
Connected system
1.1 Right request 1.3 Broadcast notification 2.1 Get right
2.2 Set right
1.1 Right request
1.2 Send right 1.2 Assign right
1.5 right update notification
1.4 Get right
10 C O N F I D E N T I A L 110000000000 10
BROADBAND CAS
Kernel
Middleware / TV OS
BROADBAND CONNECT
Secure Client
Middleware / TV OS
CONNECT REE Client
TEE
DRM DVL
11 C O N F I D E N T I A L 11111111111 11
REE: Rich OS Execution Environment TEE: Trusted Execution Environment
Moving Security Critical Elements into the TEE
Operator Pay-TV application
CONNECT-TEE client
Hardware security resources
Browser/app framework
Secure Player CONNECT-REE
client
Platform resources
12 C O N F I D E N T I A L 1222 12
FRAND - Security & Indemnification - I Nagra uses uses FRAND (actually free) content cyphers with fully disclosed operating modes
DVB CSA2, (CSA3), AES 128 Allows unilateral simulcrypt (operators can replace us somewhat economically) Follows Kirchoff’s Theorem on security disclosure Signaling and packet structure framework follows DVB, SCTE, HLS and MPEG-DASH standards .
13 C O N F I D E N T I A L 1333 13
FRAND - Security Indemnification - II Root of Trust and associated Key Ladder can be FRAND (or free i.e. ETSI) or proprietary or both
If we use our own proprietary one we have increased security guarantees through hidden counter measures and recovery options If we use FRAND for Root of Trust and Key Ladder, the security guarantees are less as there are no hidden counter measures or recovery mechanisms FRAND Root of Trust likely “keyed” by third party so indemnification further fragmented
14 C O N F I D E N T I A L 114444444444 14
Security as a Service Who is responsible? It’s Obvious!
Threat models vary by network topology, network fragmentation, geographical footprint and content values What works today or at launch may not hold tomorrow
License Agreement/Contract
Security Data Hardware/Software
Secure Key Provisioning Service(s)**
Database Chip
Qualifier(s)
Chip Manufacturer(s)
Set-top Box Manufacturer(s)
Box/SW Qualifier(s)
Subscriber
Set-top Application Provider(s)
Content Providers
MVPD(s)
CAS Vendor(s)
*In some implementations one or more of these functions are performed by the same entity or organization **Also known as Black Box Operator $ – flow of payment L – incurred liability
Metadata Provider(s)
Separable security HW renewal, e.g. card swap
1
2
3
4
5 6
7
8
9
10
11
12
13
14
15
17
18
19
20 21
16 22 23
24
Middleware Provider(s)
25
26
Advertisers
27 28
$L $
$$
$
$L
$
$L $
$$
L
L
L L
L
License Agreement/Contract
Security Data Hardware/Software/Content
Database Chip
Qualifier(s)
Chip Manufacturer(s)
Subscriber
Content Providers
Video Distributor
DRM Vendor(s)
*In some implementations one or more of these functions are performed by the same entity or organization $ – flow of payment L – incurred liability
1
13 14
16
Advertisers
17 $L
$L
$
$L
Application Integration
(Mobile)
2
Device Qualifier(s)
Retail Device Manufacturer e.g. VidiPath
Browser App Player Plug-in
(PC/Mac)
$
3
4
5
2
6
8 L
7
15
9
10
11 12
$L
L
L
L
L
15 C O N F I D E N T I A L 1555 15
Device and Security Diversity Our customers need security on anything from a several year old smart phone to a hardened 4K capable multi-tuner home gateway / DVR
The same signal may have to be decrypted in a range of devices Wide range of operating environments from secure processor (TEE, Secure Micro) to open SW systems Wide range of security maturity in SoC suppliers Wide range of features like Root of Trust in secure HW to SW emulation Protected and unprotected video paths and outputs
Permissions and security expectations vary widely and no one size fits all “Best Effort” is not always a negative phrase Best Effort on so many platforms requires huge efforts
16 C O N F I D E N T I A L 1666 16
Content Security, Meta Data and User Interfaces - I Primary content – audio, video, description, essential captioning - protected by CAS and DRM Additional meta data – guide descriptions, graphics, links etc. – can also be protected by CAS or DRM especially if broadcast/multicast
Represents a fraction of 1% in overhead Represents a smaller fraction of 1% in threat model
17 C O N F I D E N T I A L 1777 17
Content Security, Meta Data and User Interfaces - II The extent to which a viewer or viewing device can bundle or unbundle meta-data and UEX is 99%+ a Policy decision by the operator with little impact on content security If viewing device is breaking UEX Policy it can be revoked!
Requires meta-data / UEX policy and rules tied to CAS/DRM (code signing, certificates or similar) or perhaps server certificates as suggested in CVP-2Easily enforced by CAS and DRM systems or by cloud servers
Without a clear policy on UEX disaggregation anything and everything is possible but nothing gets focused on or accomplished? DCAS Technology and UEX Policy are 99% separable
18 C O N F I D E N T I A L 118888888888 18