Drm landscape and online streaming

DRM LANDSCAPE AND ONLINE STREAMINGJasmeet (Jas) Chhabra

Outline• What is DRM?• DRM standards

• Microsoft Playready , Apple FairPlay , OMA DRM

• DRM Techniques• Streaming standards

• HTTP live stream, MPEG DASH etc.

• DRM content playback• Silverlight, Flash, HTML5 Premium Video Extensions

DRM: what is it?

• Digital rights management• Separates protected content and license rights.

• DRM may be viewed as content owner’s effort to exert “remote control” over content after it is delivered to the recipient

• Accomplished through cryptographic controls and controls on user platforms.

DRM : The reality

• Cryptography is necessary but not sufficient for DRM

• Cryptography was designed to deliver bits securely, not to protect them after they have been delivered. DRM is opposite of that.

• DRM will always suffer from analog hole• For example you can record music being played by using a microphone

Basic Terms

• Rights expression language: Defines rights and constraints on content

• License server: issues licenses• License: Contains keys to access content and use REL to express rights and constraints

• Secure player: Enforces the rules and constraints• Domain: Common group of devices that allow single domain license to be used. For example all of the devices in a household

Movie DRM standards for Disks• CSS (Content Scrambling System)

• Used for DVD.

• Advanced Access Content System (AACS)• Used for HD-DVD and blue Ray

Online Streaming services• Current

• Microsoft PlayReady• Apple Fairplay

• Future:• Lots of players planning to move to HTML5 DRM

• HTML5 Premium Video Extensions

This is our Focus

Other DRM technologies• OMA DRM: Used by operators for Ringtones, Music,

Wallpapers etc.

Relationship of various pieces

• DRM: Defines how to protect content• Streaming standards: Define how content can be streamed adaptively

• Player: Implementations of content viewer that include many DRM technologies and streaming standards

DRM: MICROSOFT PLAYREADY

Microsoft PlayReady

Packaging Server:Packages content for distribution

Microsoft PlayReady

Send appropriate data to various servers

Microsoft PlayReady

License Server:

• Stores rights info for clients.

• Provide content right licenses to the client

Quick Note: Domain

• A set of devices that belong to the same user

• They may share content based on the rights granted by the content owner.

• User may add or remove devices to the domain

Microsoft PlayReady

Domain Controller:Stores domain membership info

Microsoft PlayReady

Distribution Server:Distribute the actual content files

Microsoft PlayReady

PlayReady Clients:Clients that play the media

Microsoft PlayReady

Metering Server:Device maintains info on playback count etc.

Microsoft PlayReady: Business Models

• Subscription• Purchase• Pay per view• Rental : Time based• Gifting

Distribution options

• Download• Progressive Download

• Start playing when partially downloaded

• Streaming• Sideloading content from PC to mobile phone

• Sync PC content to mobile device

• Over the air distribution• Direct delivery over wireless network rather than sideloading

• Super Distribution• Send and share with other users over email, wireless etc.

DRM: APPLE FAIRPLAY

FairPlay Overview

• Apple’s closed format• Files are MP4 containers with an encrypted content• MP4 can handle audio, video, images, text and other

digital content

• User keys decrypt the master key for the content• iTunes server keeps track of domain info and allows up to 5 machines to be authorized.

• User keys are stored in key repository on the machine

DRM: OMA DRM

OMA DRM• OMA: Open Mobile Alliance: Consortium of various mobile

communication companies.• OMA DRM 2.0 provides complete end-to-end protection

system • Based on concept of separating the license and content• License is called Rights object (RO)• RO contains content encryption keys and basic usage

rules.• License is generally created for a particular device

OMA DRM Architecture / OperationRights

issuer (RI)

DRM Agent on Device

Content issuer

Usage rules +CEK

Rights object (RO)

Rights object acquisition protocol (ROAP)

HTTP,…

Protected Content

1

1. DRM client requests protected content2. Rights issuer handles generation and delivery of rights object.

• Rights object includes usage rules and a CEK.• If this is the first time RI and the device are communicating, RI also

performs an enrollment process.3. DRM agent on device decrypts CEK and enforces usage rules

2

3

Other OMA DRM Concept• Domain: Set of devices where content can be shared

• Super-distribution: separation of license and content allows content to be distributed through any channel.

• Subscription: Enables business models based on subscriptions service.

• Backup: Allows backup to external storage• Export: Enables export of OMA DRM content and rights to devices using other DRM protection.

DRM IMPLEMENTATION TECHNIQUES

DRM Techniques: Software Defense

• Goal: Make it harder to reverse engineer• Common Techniques

• Anti-Debug • Anti-Disassembly• Obfuscation• Guards: Tamper check parts of code• Combining proprietary crypto with the standard crypto algorithm • Using a combination of above is generally good.

• Arxan is one company that employs many of these techniques

DRM Technique: BOBE-Resistance

• Personalize each copy of software• Metamorphic software like Viruses

• Functionally equivalent software with different internal structure on each machine

• Update software in Real time

DRM Techniques: Hardware assisted

• ARM TrustZone• Discretix

ONLINE STREAMING

HTTP Live Streaming(HLS)

• Created by Apple• Used to distribute both live and on-demand files

• Used to adaptively stream • Widely supported : Microsoft, RealNetworks, Wowza, Akamai

• Exclusive way to deliver video in the apple ecosystem

HLS Overview

• Server: • Encode source into multiple files at different data rate• Each chunk should be short: 5-10 seconds• Load on http server with text based manifest fil3

(.m3u8)• Manifest directs the player to additional manifest files

for each of the encoded streams.

• Client:• Player adaptively selects the content chunks at different

bitrates depending on the bandwidth/network quality, buffer status, CPU utilization etc.

HLS server side : One Video file

IndexFile.m3u8

Alt Low index

Alt Med index

Alt High index

Low_01.ts

Low_02.ts

Low_03.ts

Med_01.ts

Med_02.ts

Med_03.ts

Hi_01.ts

Hi_02.ts

Hi_03.ts

MPEG DASH

• DASH: Dynamic adaptive streaming over HTTP

• Codec agnostic• Core adaptive streaming similar to HLS

• Manifest files and alternate stream urls.

• ISO standard• Not as well supported as HLS

Other online streaming standards

• HDS: HTTP Dynamic streaming• Used for Flash video

• HSS: HTTP smooth streaming• Microsoft standard• Part of IIS media server• Enables streaming media to Silverlight

PLAYERS

Silverlight & Flash

• Application frameworks for writing and running rich internet applications.

• Similar to each other• Silverlight : Microsoft• Flash: Adobe• Used to deliver video :

• SilverLight: Netflix, Amazon• Flash : Youtube

HTTP Premium Video Extensions

• Media Source extensions• Encrypted Media Extensions• Web Cryptography API (WebCrypto)

HTTP Premium Video Extensions :Media Source extensions

• Extends HTMLMediaElement to allow JavaScript to generate media streams for playback

• Allows streaming service to use CDN to download content and feed to video tag for playback

• Allows customized adaptive streaming

HTTP Premium Video Extensions :Encrypted Media Extensions

• Extends HTMLMediaElement providing APIs to control playback of protected content

• Provides standardized way from DRM systems to be used in browser• DRM standard agnostic

HTTP Premium Video Extensions :Web Cryptography API (WebCrypto)

• Defines an API for "basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption.”

• Allows Server to encrypt and decrypt communication between javascript and itself

• Protects user data from inspection and tampring

Summary: Relationship of various pieces

• DRM: Defines how to protect content• Streaming standards: Define how content can be streamed adaptively

• Player: Implementations of content viewer that include many DRM technologies and streaming standards