The security certification program for UHD capable chipsets we unveiled at NAB 2016 is a significant development for Ultra HD because it enables production of set top boxes and client devices trusted to deliver premium content to consumers at the highest quality possible. The program entitled, “Ultra Security certification,” enables components including set-top boxes in UHD ecosystems to meet the strongest security requirements specified by premium rights holders and, in particular, the MovieLabs’ Specifications for Next Generation Video and Enhanced Content Protection. In turn, the program will give pay-TV operators the assurance that the consumer devices they select for UHD really are compliant with the guidelines that have emerged in response to the concerns of major rights holders.
The context is that while UHD presents a great opportunity for all parties including content owners and operators to add value and derive new revenues, it also raises the stakes regarding content piracy – potentially offering a much more economically attractive and viable target. This is the case not just for VoD content such as movies, but also live services, for which UHD makes illicit stream redistribution at the highest quality over the Internet much easier. As a result of this rising threat from illicit stream redistribution, holders of premium sports rights are starting to insist on the same stringent security as the movie studios.
Ultra Security certification goes a long way towards allaying these concerns with its focus on the whole ecosystem rather than individual components in isolation. The program addresses the chipsets, since security must be embedded there to provide the underlying hardware’s root of trust and to give maximum protection to core credentials. It also addresses the devices designed around the chipsets, since correct implementation is essential for ensuring adherence to the guidelines. We are very pleased that the leading chipset vendors of our industry, including Broadcom, Marvel, MStar and HiSilicon, have introduced families of SoCs that support Ultra Security under our certification program. This allows STB vendors to develop designs based on a variety of chipsets in preparation for delivering systems that fully meet UHD security requirements.
Broadly, these new security requirements are divided into three logical components that are intimately connected and strongly dependent on the core SoC functionality. The three logical pillars are: hardware-based security, trusted software security and forensic watermarking – which are all designed and implemented in such a way that all reinforce each other. If any of the three are compromised individually, the other two will still operate and protect against content theft or illicit redistribution, while the issue is being resolved. Ultra Security Certification ensures that all of your bases are covered.
The first pillar is the hardware pillar, which includes subsystems embedded on the SoCs at the time of manufacture, embodying the keys and secret material known only to the device itself and to the security authority that provided it. These keys are inaccessible to any other processes running in the SoC. As a result this pillar provides a mechanism to underpin device authentication, revocation and trusted renewability of the software logic, which is the second pillar that exploits this hardware root of trust.
The job of the second software pillar is to make sure this root of trust is not undone by attempts to obtain secret information during code execution. It makes use of hardening techniques such as code obfuscation and the leverage of available Trusted Execution Environment (TEE) resources, which makes software very difficult to reverse engineer and nearly impossible to hack.
The third pillar, watermarking, is there to cater for compromise of the first two pillars by enabling individual streams to be tracked back to their source in that event and then taken down almost instantly. The watermarking pillar depends on both of the other pillars for the trusted insertion of unique and visually imperceptible identifiers into payloads, which again live inside the SoC. This is essential so that potential hackers cannot readily determine what the identifiers are in an attempt to undo the watermarking. However, if pillars one and two are effectively bypassed by somebody who is or pretends to be a legitimate subscriber, watermarking is still there and able to pinpoint the illegitimate source quickly.
It is clear then that the active participation of both SoC and device makers is critical for ensuring that the UHD security model based on the three pillars, and which has emerged as the gold standard, actually delivers the expected level of protection. It completely reconciles the long-standing debate between hardware and software based securities, since it incorporates the best of both worlds.
The Ultra Security certification combines the resistance to attack enabled by hardware, with the flexibility and upgradeability of software. As a result the whole system can be upgraded as required to make changes in both the industry and security requirements for different types of premium content. This presents a formidable barrier against piracy in a form that can be updated readily to keep pace with the evolving threat landscape.