Monday, July 1, 2013
Introduction::
Inaugurated in November 1998,
Digital Television promises a sweeping(wide) revolution in home entertainment.
With high definition digital pictures, multi-channel digital sound and
near-perfect transmission, Digital Television will dramatically enrich the
entire home entertainment experience. This fundamental change in broadcasting
is the harbinger (indication) of a new generation of products and services: new
television displays, new video recording formats, digital satellite, digital
cable, digital terrestrial set top boxes, interactive set top boxes, new digital
service applications and PC integration with home entertainment.
However, to fully realize the
potential of Digital Television, the home entertainment industry must meet two
important practical requirements.
First, this new
world requires digital content protection to guard copyrighted works like movies
from piracy. Otherwise, digital recording would enable unlimited, unauthorized,
near-perfect copying that could destroy the economic foundation of the content
creation
industries. Secure content protection
will encourage the release of high-quality content onto digital media.
Second, consumers would
benefit from a standard interface for digital transport of audio, video and control
information. Tested, robust solutions are now ready to meet both of these requirements.
Digital Transmission Content
Protection (DTCP) {— the so-called “5C” system
-}provides
secure transmission of content and prevents unauthorized digital copying. And
high-speed networks like the IEEE 1394 interface represent the new standard for
digital inter connection.
In
traditional audio/video systems the quality of the audio/video content
deteriorate as the copy generations increase (1 st copy is never as good as the
original, 2 nd copy is worse than the 1 st and so on). In digital systems
however the nth generation of copy is as good as the original. This stresses
the necessity of a robust(strong) copy protection system for digital content. The
DTCP defines such a copy protection system for Digital Content.
The DTCP specification defines a
cryptographic protocol for protecting audio/video entertainment content from
illegal copying, intercepting and tampering as it traverses high performance digital
buses, such as the IEEE 1394 standard. Only legitimate(legal) entertainment content
delivered to a source device via another approved copy protection system (such
as the DVD Content Scrambling System) will be protected by this copy protection
system.
The DTCP ensures that the copy
protection mechanism is built into Digital Audio/Video devices themselves (in
addition to traditional encryption).
1394 Content Protection
Architecture::
Copy Protection Layers
The new content protection system
addresses four fundamental layers of copy protection:
• Authentication and key exchange
• Content encryption
• Copy control information
• System renewability
Authentication
and Key Exchange (AKE)::
Before sharing valuable
information, a connected device must first verify that another connected device
is authentic. In an effort to balance the protection requirements of the film
and recording industries with the real-world requirements of PC and CE users,
the specification includes two authentication levels - full and restricted.
·
Full authentication can be
used with all content protected by the system, and must be used for copy-never
content.
·
Restricted authentication
enables the protection of copy-one-generation and no-more-copies content. If a
device handles either copy-one-generation or no-more-copies protection schemes,
the device must support restricted authentication. Copying devices such as DV
recorders or D-VHS recorders and devices communicating with them employ this
kind of authentication and key exchange. No authentication is required for
copy-freely content.
Both the above kinds of authentication
involve the calculation of three encryption keys:
• An authentication key,
established during authentication that is used to encrypt the exchange key.
• An exchange key that is used
to set up and manage the security of copyrighted content streams.
• A content key that is used
to encrypt the content being exchanged.
When executing AKE, information
should be exchanged using 1394 asynchronous
packets between source and sink devices. This mechanism of exchange using
asynchronous 1394 packets is based upon the IEC-61883 specification and the
AV/C Digital Interface Command Set.
Content
Encryption::
The content cipher(secret
message), that is, the algorithm used to encrypt the digital content itself,
must be robust enough to protect the content yet efficient enough to implement
in PCs and CE devices. To ensure interoperability, all devices must support the
specific cipher specified as the baseline cipher. The channel cipher subsystem
can also support additional ciphers, the use of which is negotiated during
authentication. All ciphers are used in the converted cipher block-chaining
mode. Converted cipher block chaining provides greater security than ordinary cipher
block chaining.
The
DTCP specification requires Hitachi’s M6 as the baseline cipher. The M6 cipher
is a common-key block cipher algorithm based on permutation-substitution. This
rotation-based algorithm works the same way as encryption algorithms currently
used in Japanese digital satellite broadcasting systems. Optional, additional
ciphers include the Modified Blowfish cipher and the Data Encryption Standard
(DES) cipher.
Copy
Control Information (CCI)::
Content owners need a way
to specify whether their content can be duplicated. The content protection
system must therefore support transmission of encrypted data between devices, utilizing
Copy Control Information (CCI). If source and sink devices have conflicting
capabilities, they should follow the most restrictive CCI method(s) available,
which is determined by the source device.
The Encryption Mode Indicator (EMI)
provides easily accessible yet secure transmission of CCI via the most
significant two bits of the synch field of the isochronous packet header (In a 1394
Packet). The encoding used for the EMI bits distinguishes the content
encryption/ decryption mode: copy-freely, copy-never, copy-one-generation, or
no-more-copies.
– No authentication or
encryption is required to protect content that can be copied freely. This mode
is used for Broadcast channels or commercials.
– Content that is never to be copied (e.g.
content from prerecorded media like a DVD Movie, a Pay Preview movie), with an
EMI of Copy-Never can be displayed only. The Sink Devices are not allowed to
copy the content. Such a content can only be exchanged between devices that
have succesfully completed full authentication. Also a VCR supporting Full authentication
will never record a content marked Copy-Never.
– Content that can be copied
one generation, with an EMI of Copy-One-Generation such as a Premium Channel
Movie, can be exchanged between devices using either full or restricted
authentication.
– For content marked
no-more-copies, future exchanges are marked to indicate that a single-generation
copy has already been made. This content can be exchanged between devices using
either full or restricted authentication.
For example a VCR after recording
a Content Marked Copy-One-Generation will play back marking the content with
EMI set to no-more-copies indicating that a Single-Generation copy has already
been made. As a result the receiving devices will not record such a content.
System
Renewability::
Devices that support full
authentication can receive and process System Renewability Messages (SRMs).
These SRMs are generated by the Digital Transmission Licensing Administrator (DTLA)
and delivered via content and new devices. System renewability ensures the long-term
integrity of the system and provides the capability for revoking unauthorized
devices.
The SRMs carry what are known as
System Revocation Lists (SRL) that carry a List of Revoked or Rouge devices.
– Prerecorded content source
devices such as DVD players should be able to update an SRM from prerecorded
content media (such as a DVD disc). In addition, prerecorded content should
carry a system renewability message current as of the time the content is mastered.
They should also be able to update an SRM from another compliant device with a newer
SRM.
– Devices such as a digital
set-top box (STB) serving as a digital cable receiver or DBS digital broadcast
satellite receivers are a real-time delivery source of copyrighted con-tent.
They should be able to update a
SRM from content stream or from another compliant device with a newer SRM.
– Devices such as digital
televisions are a receiver of copyrighted content. These devices should be able
to update a SRM from another compliant device with a newer SRM.
1394 Content Protection
Protocol::
Figure 1 gives an overview of the
content protection protocol flow. Here, the source device has been instructed
to transmit a copy protection stream of content. In this and subsequent diagrams,
a source device is one that can send a stream of content. A sink device is one
that can receive a stream of content. Multifunction devices such as PCs and
record/playback
devices such as digital VCRs can be
both source and sink devices.
The source device initiates the
transmission of a stream of encrypted content marked with the appropriate copy
protection status (e.g. copy-one-generation, copy-never, or no-more-copies) via
the EMI bits.
– Upon receiving the content stream, the
sink device inspects the EMI bits to determine the copy protection status of
the content. If the content is marked copy-never the sink device requests that
the source device initiate Full AKE. If the content is marked
copy-one-generation
or no-more-copies the sink device will
request Full AKE, if supported, or Restricted AKE. If the sink device has
already performed the appropriate authentication, it can immediately proceed to
Step 4.
– When the source device
receives the authentication request it proceeds with the type of authentication
requested by the sink device. If the sink device requests Full AKE and the
source device is only capable of Restricted AKE, the authentication performed
will beRestricted Authentication. While performing Full Authentication both the
source and Sink Devices check their System Revocation List (SRL) to determine
whether the other device has been revoked or not. If the other device has been
revoked the Authentication will fail.
– Once the devices have
completed the require AKE procedure, a
content channel encryption key (content key) can be exchanged between them.
This key is used to encrypt the content at the source device and decrypt the
content at the sink.
Full
Authentication::
Full authentication can be used
with all content protected by the system, and must be used for copy-never
content. The full authentication protocol employs the public-key-based Digital Signature
Algorithm (DSA) algorithm and the Diffie-Hellman (DH) key-exchange algorithm. Both
the DSA and Diffie-Hellman implementations for the system employ Elliptic Curve
(EC) cryptography. This technique offers superior performance compared to
systems based on calculating discrete logarithms in a finite field.
– EC-DSA is a method for
digitally signing and verifying the signatures of digital documents to verify
the integrity of the data.
– EC-DH key exchange is
used during full authentication to establish control channel symmetric cipher
keys, allowing two or more parties to generate a shared key. Developed more
than 20 years ago, the DH algorithm is considered secure when combined with
digital signatures to prevent a so-called “man-in-the-middle” attack.
Restricted
Authentication::
Restricted authentication is
an AKE method for devices with limited computing resources.This method is used
by copying devices of any kind (such as DV recorders or D-VHS recorders) and devices
communicating with them for authenticating copy-one-generation and
no-more-copies contents.
The restricted authentication
protocol employs asymmetric key management and common key cryptography and
relies on the use of shared secrets and hash functions to respond to a random
challenge. This method is based on a device being able to prove that it holds a
secret shared with other devices. One device authenticates another by issuing a
random challenge that is responded to by modifying it with the shared secrets
and multiple hashings.
Content Channel Management
and Protection::
Content channel management and
protection mechanisms are used to establish and man-age the encrypted channel
through which protected content flows. Either full or restricted authentication
(depending on the capability of the device) must be completed before
estab-lishing
a content channel. Upon authentication
of the devices, the source device sends an exchange key, encrypted with the
authentication key, to the sink device.
The Sink and the Source
Devices compute the Content key based on this exchange key, using M6KE56
Algorithm and a Random Number that is sent to the Sink by the source. The Source
device is expected to change the content keys every 30 to 120 Seconds.
Content keys are established between
the source device and the sink device as follows:
1. When
the source device starts sending the content, it generates a random number as
an initial value of the seed of the content key. The initial seed is referred
to as Odd or Even
from its least significant bit.
2 . The source device begins transmitting the
content using the Odd or Even content key corresponding to the above reference
of the initial seed to encrypt the content. The content key is computed by the
source. A bit in the IEEE 1394 packet header is used to indicate which key (ODD
or EVEN) is being used to encrypt a particular packet of content. If
the initial seed is ODD, The Odd/Even
bit in the 1394 packet header is set to Odd, otherwise it is set to Even. Upon
receiving the seed, the sink device checks if the least significant bit of the
seed matches the status of the Odd/Even bit. If both bits are identical, the
sink computes the current content key. If those bits are different, it shows
the key has been changed and the sink device computes the current content key.
The source device prepares the next content key by computing the seed using the
same process used for the initial calculation with exception that the seed is
incremented.
3. Periodically, the source device shall change
content keys to maintain robust content protection. To change keys, the source
device starts encrypting with the new key computed above and indicates this
change by switching the state of the Odd/Even bit in the IEEE 1394 packet
header. The minimum period for change of the content key is defined as 30
seconds. The maximum period is defined as 120 seconds.
Implementation Details::
In a typical
implementation the Authentication and Key Exchange and SRM checks are
imple-mented through software. A Full Authentication is expected to complete
within 30 seconds and restricted authentication is expected to complete within
6 Seconds. The content Encryp-tionis implemented in Hardware.
Case Study -
D-STB/D-TV/D-VCR System::
Take the case of a simple
digital entertainment network comprising of Digital Set-Top-Box (D-STB), Digital
Television (D-TV) and a Digital VCR (D-VCR).
The D-STB receives a
Digital Transmission through a Dish Antenna or a Cable connection. The D-STB
extracts the Embedded CCI from the Received Content Stream. The Received
content could be marked Copy-Freely, Copy-Never, Copy-One-Generation and
Copy-No-More Depending on the nature of the content).
Content Marked Copy Freely::
The D-STB Re-Transmits the Movie over
1394. The D-TV displays it and the D-VCR Records the Data.
Content Marked Copy Never::
The D-STB starts
re-transmitting the encrypted Movie over 1394(Using an initial Key), with the EMI
bits set as copy-never. The D-TV and the D-VCR looking at the content stream
initiate Full Authentication. When the authentication succeeds the D-TV, D-VCR
and the D-STB establishcontent keys. The D-TV will be able to display the
transmitted Movie. The D-VCR being a compliant device will not record the Movie
(since the content was marked copy never).
Content Marked Copy-One-Generation::
The D-STB starts
re-transmitting the encrypted Movie over 1394(Using an initial Key), with the EMI
bits set as copy-One-Generation. The D-TV and the D-VCR looking at the content
stream initiate restricted/Full Authentication. When the authentication
succeeds the D-TV, D-VCR and the D-STB establish content keys. The D-TV will be
able to display the transmitted Movie. The D-VCR being a compliant device will
be able to record the movie but will mark the content as Copy-No-
More (indicating that one copy has
already been made).
Content Marked Copy-no-More::
The D-STB starts
re-transmitting the encrypted Movie over 1394(Using an initial Key), with the EMI
bits set as copy-No-More. The D-TV and the D-VCR looking at the content stream
initiate Restricted/Full Authentication. When the authentication succeeds the
D-TV, D-VCR and the D-STB establish content keys. The D-TV will be able to
display the transmitted Movie. The D-VCR being a compliant device will not
record the movie. Same condition is true, if a D-VCR Plays a Content that was
originally transmitted as Copy-One Generation. The D-VCR would have recorded
the movie as Copy-No_More. When the D-VCR plays back the movie, it plays it
back with EMI set to Copy-No-More. As a result no other recording device
(Compliant) will record this movie.
Non-Compliant Devices::
If the D-TV or the D-VCR
was a non compliant device, then the authentication will fail and the D-TV/ D-VCR
will not be able to Decrypt the content hence will not be able to display the
movie or record the movie (In all cases other than Copy-Freely).
Conclusion::
Together, Digital
Transmission Content Protection and the IEEE 1394 bus help fulfill the promise of
Digital Television. Consumers will enjoy digital pictures and sound, multiple
services and recording capability over true digital links. Considered on its
own, DTCP offers advantages no other content protection system can claim. It
already has broad support among equipment companies, because the five
sponsoring companies include Hitachi, Intel, Matsushita (Panasonic), Sony and
Toshiba. It was created with the advice and support of the Motion Picture,
Information Technology and Consumer
Electronics industries. And the Cable Television industry has already adopted
DTCP with 1394 as an official standard. Finally, DTCP is a fully developed, mature
technology with semiconductors already available from several manufacturers in
sample quantities. DTCP is ready to go
as an essential element in realizing the full potential of digital television.
