The secrets of secret-keeping are revealed.
Digital rights management (DRM) has come to mean the combination of content protection (by means of encryption) with entitlement rules (conditional access, or CA) to protect consumable content. In the analog world, content providers often achieved both objectives by means of video signal scrambling. With digital technology, the two elements can be integrated into a system or managed separately. Although different solutions exist to implement DRM, systems deployed around the world incorporate a number of similar elements.
Content and message security
For ATSC broadcast, encryption initially was specified as the FIPS 46-2 DES Digital Encryption Standard of the National Institute of Standards and Technology (NIST). The limited key size of DES, however, was viewed as a vulnerability for other national security implementations, resulting in the withdrawal of DES as a standard by NIST. ATSC allows for a replaceable conditional-access module, so other encryption algorithms such as AES are possible, although encryption rarely has been used in the broadcast multiplex. In a practical sense, the strength of the encryption itself is perhaps not as important as the protection of the encryption keys themselves.
The ATSC broadcast standard also was updated last year to provide support for conditional access using Simulcrypt for IP-delivered services. Although the standard does not mandate any specific multiplexer or scrambler interface, it does recommend compliance with the Head-end Implementation of DVB Simulcrypt. (More on that later.)
OMA BCAST is part of a suite of specifications developed by the Open Mobile Alliance, an international consortium formed to drive global user adoption of mobile data services. ATSC Mobile DTV (MDTV) service protection, although built on the OMA BCAST DRM Profile, is not really DRM per se, as it only addresses the protection of content during its delivery to an MDTV receiver. Service protection (also called conditional access) is only responsible for protecting the service, i.e., the transmission “pipe,” and not for the content in the pipe.
Service protection imposes no controls on content after delivery to a receiver. DRM, on the other hand, refers to the process of protecting the content itself. In the ATSC A/153 mobile standard, content protection means protection of content subsequent to delivery through the service protection system and defines post-delivery usage rights.
ATSC A/153 service protection consists of the following components: key provisioning; registration; long-term key messages (LTKM), including the use of broadcast rights objects to deliver LTKMs; short-term key messages (STKM); and traffic encryption. The service protection system uses a form of the AES, as defined in the IP security encapsulating security protocol (IPsec ESP), and traffic encryption keys (TEK). TEK is based on public-key cryptography, a system for providing access to encrypted files by a protected method of secret key exchange. (See Figure 1.)
In the OMA BCAST DRM Profile for service protection, post-delivery usage rights can be communicated in rights objects (ROs) to a receiver. ROs may be delivered over an interaction channel (interactive mode) or the broadcast channel (broadcast-only mode). Note that broadcast mode implies a high bandwidth cost, as all receivers will need individual updates of their ROs, possibly on a frequent basis. Interactive mode, on the other hand, relies on an ongoing (but likely intermittent) out-of-band connection to the receivers. In this age of constant connectivity, this is not an unlikely scenario, especially when a user's home is the mobile device base.
Encryption of content over A/153 is conducted on the traffic encryption layer according to AES-128, which uses 128-bit symmetric TEKs. The broadcast messages carrying TEKs are called short-term key messages (STKMs). The TEKs are protected with a service encryption key (SEK) (used e.g., for subscriptions) or program encryption key (PEK) on the STKM layer, above the traffic encryption layer. The SEKs or PEKs are delivered to receivers within ROs.
Mobile DTV Trust Authority
Last year marked the Open Mobile Video Coalition's (OMVC) announcement that it had defined a Mobile DTV Trust Authority, specifying a secure infrastructure for delivering live DTV content to mobile video-enabled devices. (A trust authority is an independent entity that safely manages keys and associated transactions for protecting content.) One potential component of this solution is the UltraViolet digital rights locker that the Digital Entertainment Content Ecosystem (DECE) consortium developed.
DECE specifies various security protocols for use within the DECE (which extends to other media), including mechanisms for authentication, integrity and confidentiality protection, as well as means for sharing information necessary for carrying out content authorization. It is important to note that the actual content encryption method used by any content owner can be unique, and different DRM systems can even be used within a media container (a file or stream). DECE also provides a method for protection of out-of-band content, including keys sent in an interaction channel.
The mechanisms a trust authority uses are based on existing global Internet security technologies, including Security Assertion Markup Language (SAML), HTTP Authentication and TLS/SSL. The last two protocols, the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) protocols, provide a number of security features for Internet transactions, including protection against unauthorized connections to services and protection against malicious code execution.
The SSL protocol provides mutual authentication between a client and server, as well as the establishment of an authenticated and encrypted connection. Originally invented by Netscape, SSL runs above TCP/IP and below HTTP and other high-level network protocols; the protocol has become essentially a de facto Internet standard.
In the authentication process, a TLS/SSL client (e.g., a content display device connected to the Internet) sends a message to a TLS/SSL server, and the server responds with the information needed to authenticate itself. The client and server exchange session keys, and the authentication dialog is concluded. An SSL-secured communication then can begin between the server and the client, using the encryption keys that were established during the authentication process. For servers to authenticate to clients, TLS/SSL does not require keys to be stored on client domain controllers or in a database; clients confirm the validity of a server's credentials with a trusted root certification authority's certificates, which are maintained by a trusted authority.
DVB conditional access
DVB conditional access defines elements used in many DRM systems. Conditional access in the DVB system consists of three main functions: scrambling and descrambling, entitlement checking, and entitlement management. Scrambling can be applied to service components, either using a common secret control word (CW) or using separate CWs for each component. Descrambling in a receiver requires the possession of an appropriate CW. Entitlement checking includes encrypted CWs, sent inside DVB tables called entitlement control messages (ECMs). Entitlement management provides options for different end-user subscription arrangements. This information is carried inside entitlement management messages (EMMs), which can be broadcast or sent over an interaction channel.
DVB Simulcrypt allows the use of different conditional access systems at the same time. In this way, keys, ECMs and EMMs can be protected using cryptographic algorithms such as DES, while simpler scrambling algorithms can be used to encode the actual content essence. ECMs and EMMs are carried as IP packets within broadcast streams for both DVB and ATSC.
Definition of concept
There is confusion in the industry as to the correct meaning of Digital Rights Management. Some say the term DRM Profile has (unfortunately) been incorrectly applied to the OMA BCAST specifications, which essentially define a conditional access system modeled on prior DRM work. Others confuse conditional access with encryption. It has been suggested that a better approach would be to treat the terms DRM and conditional access as two aspects of the more general notion of content protection.
Aldo Cugnini is a consultant in the digital television industry and a partner in a mobile services company.
Send questions and comments to: firstname.lastname@example.org