Hollywood and IPTV
p2pnet.net News View:- Hollywood Studios are planning to impose a strict regime on IPTV installations in their fight against piracy, and smart card based conditional access systems are likely to be considered not good enough for the job.
That’s the interpretation that conditional access and DRM specialist Widevine is putting on what it has been told by content owners, who say that new pay TV operators will be asked to build systems which can revoke and then renew encryption keys within 24 hours of a piracy event being discovered.
While it is fairly clear that a new smart card can’t be issued inside 24 hours, which presents many existing Conditional Access (CA) players, in particularly NDS and Irdeto, with special challenges, what is unclear is whether or not Microsoft can qualify on this point. Quite clearly Widevine doesn’t think it can.
Widevine offers a software based conditional access system that has found favour at a number of high profile IPTV installations including the 600,000 customer Chunghwa Telecom operation in Taiwan which is expected eventually to rise to over 6 million. It also has IPTV DRM deals at TDS Telecom, NovaMedia in Iceland Sasktel and CenturyTel.
“Our Cyber Broadcast System sits between the head end and the customer in an IPTV system. It looks upstream for content coming down in MPEG 2, H.264 or VC 1 compression formats, in both standard and high definition TV streams, and encrypts it and sends it on,” explained Widevine head of marketing Matt Cannard.
“Widevine wraps electronic encryption keys into the content itself, and decryption occurs at the last possible moment before rendering. The encryption can persist onto portable devices,” explained Cannard.
But he raised issues over the Microsoft Janus DRM that comes free with Windows Media 10, which appears at first glance to work in a very similar way to Widevine. He suggested that it has not passed muster among content owners. “Content owners rely on cable and satellite as their bread and butter and will not be changing any protection requirements for these formats, but they consider Telco TV as the icing on the cake and they are going to insist on more stringent protection for these new systems.”
But surely Microsoft offers key revocation and renewability? Well, it says it does in speeches given by Microsoft executives and it bases its encryption processes on RSA encryption that certainly has these concepts built into it. Microsoft claims that it is committed to key renewability, but the issue may relate to the way it treats networked and portable devices.
They can only be revoked if they ever re-contact the original server which issued a key to them in the first place. “In order for revocation to occur, a portable device must visit a license server or attempt to update a license,” says Microsoft’s own web site, and that may not be enough for content owners concerned with piracy, who are telling Widevine that all rights must be revoked in 24 hours from end to end, including portable devices.
Widevine says it is being told by content majors that “if DRM keys can’t be renewed within 24 hours then we will shut down an operator’s content.”
This should be easy enough to get around by insisting that all portable devices reconnect to the server every 24 hours or lose their rights to render content. But that’s not exactly going to endear any consumer to a service that insists on this and all CA systems will have the same problem given that they are all now working on methods for copying content onto portable players.
“There is no working demo of Microsoft IPTV today, so we only have Microsoft’s word for how its DRM works. Microsoft is deliberately stalling the IPTV market so that it can try to catch up and this is one of the areas where it needs to catch up,” claimed Cannard, “It won’t be ready until the middle of 2006.”
“There are existing hacks downloadable on the internet today for Microsoft Media DRM and its keys are non-revocable.”
“Some of our customers are seeing this stall in the market as a great opportunity to get a year’s head start on their Microsoft based competition,” Cannard added
And there’s no guarantee that Microsoft IPTV will work even when it does come out. “Our customers have told us that in demos they have seen, Microsoft systems take about 17 seconds to change a channel. This is because the Microsoft system does not use Multicast channels, but instead runs all of its IPTV from a server. Some of them are saying that it’s going to take a new server for every 3 subscribers,” said Cannard.
The way Microsoft says its Windows Media DRM works is that the first time a device is used, it must be registered and authorized by the server using Universal Plug and Play. Registration involves a device ID number supplied during manufacturing, and a signed XML device certificate.
The Microsoft system relies on the internet “ping” command, to decide if a device is local by only allowing a connection to be made if the ping happens within 7 milliseconds.
Any home server then validates the device and checks its own policy regarding the content which has been requested by the portable device, and sends a response containing a new, encrypted session key, and a rights policy statement.
The content is then encrypted using either AES or RSA encryption, by the new session key, differently from the original server. So if the device never connects to the server again, it will have whatever policy was set up when the content copy was made and its own method of decrypting the content.
Faultline has been trying to get an interview with Microsoft for two years on the details behind its DRM, but it remains circumspect about the exact details of its technology when speaking to analysts.
“Smart cards are definitely a problem for this new content policy,” said Cannard, “within 2 to 6 weeks of any card being issued in Europe the encryption is broken and pirated. Up to 30% of the viewers of these pay TV systems are pirates.
“The content majors have an even greater concern where HDTV and VoD services are concerned, and operators don’t want the expense of renewing and supporting the renewal process associated with smart cards,” said Cannard.
“Irdeto is trying to offer what it calls “Obfuscation Technology” to revoke smart cards that may be pirated, but it’s not as good and we don’t think the content owners are going to accept it,” added Cannard.
The Widevine approach must be compelling because Motorola is weeks way from implementing it in the US for IPTV conditional access services. Given that Motorola has long been a leader in CA systems for cable operators in the US, and it would have wanted to offer its own service written from the ground up, this is quite an endorsement and seems to confirm what Widevine is saying about the approach of the content owners.
Motorola will push the technology when it supplies turnkey IPTV systems in the US from the head end right the way through to set tops, especially to smaller telcos and Competitive Exchange Carriers that use unbundled lines from the bigger US Telcos.
At present Widevine, like other CA providers to IPTV networks such as Latens and Secure Media, has more secret laboratory test customers than it has existing rollouts, and it expects to announce more major European customers in the next few months.
“In the end, cable operators like Comcast are saying quite openly that they hope that SBC Communications and other US telcos continue to go down the Microsoft route,” said Cannard
“They know that they had a tough time after accepting free proprietary Conditional Access systems from Motorola and Scientific Atlanta. It has taken them years to get to a position where they could take much of the margin out of expensive set tops. But Microsoft wants the world to buy into its VoD servers, its middleware, its DRM and its operating system on the set top. The cable operators hope the telcos go ahead and do that, and then they can feel some of the pain that cable has felt in the past,” said Cannard.
Peter White - Faultline, UK
===================
Something you think we should know? tips[at]p2pnet.net
July 18th, 2005 at 4:05 pm
Scramble scramble scramble.. like the rats you are…grasp at straws and gradually alienate even the sell out consumer electronics makers willing to allow your wicked puppeteering.
In the mean time we will continue to crack and crack and crack until you FINALLY realize we won’t take it.
July 18th, 2005 at 8:59 pm
Well I guess that leaves out us folks that are concerned with security. Hackers normally use pings to find computers and see if they can hack into them. One of the best ways to prevent this attempt is to block the computer from responding to the ping. While it is normally setup that a computer waits and listens for the ping, another part is setup to respond to that ping with an equivalent of “I am here and waiting” responce. The return message is the hackers invitation to where you are on the net.
Typically, I block all responses to pings with the firewall. Doing so helps stealth your computer from prying eyes. So it appears that to use this sort of encryption you gotta open yourself up to responses in the computer world. In otherwords, if you want to “enjoy” content, you are going to do so at the cost of security. So you will have to purchase yet more programs to try and protect yourself from prying eyes.
This is a setup for another security breach and I for one don’t like it, won’t have it, and won’t be using it.
July 20th, 2005 at 12:27 am
While you can’t blame a deadline driven journalist entirely for being spoon-fed on disjointed drivel, perhaps Peter could have made at least some sanity checks here.
Yes, Microsoft may have many issues, but flailing around with disjointed drivel is not going to help anyone least of all Widevine. Also Microsoft does answer questions. You just need to know what to ask, or listen to one of their many public presentations or read their web site. I didn’t see 17 seconds. I did see a lot of “instantaneous” and you can too if you take 5 second to do a Google search. Could “Microsoft TV instant channel change” be that hard?
And how many times can Widevine re-release the same press release about the 600K customers that they might have had by 2007 if their system actually worked? How do you have 600K customers on 20K non-working STB’s? How can you have 600K customers if you are about to be fired from the deal? A few phone calls please before publishing…
August 2nd, 2005 at 12:38 am
The Studios are far from monolithic in their approaches and requirements for IPTV content security. The ground-floor Studio questions are simple enough:
1) Are these software-only solutions proven security solutions? Answer:there are no proven software-only security solutions at this point. 2) Are they superior to the proven physical (software and hardware) systems such as smart cards and SIMs? Maybe.. maybe not. There are advantags and disadvantages, security-wise - to both types. They - and the revocation and key schemes used with them - will continue to develop - especially after challenge by commercial realities.
Binary Obfuscation is a recognized and ever-morphing toolbox of measures to create an increase in difficulty for hackers who rely on decompile methodology and the like.
The Studios recognize the need to monetize, keep track of and be able to revoke access to their content. They also recognize that sorry state that the ’security duopoly’ has created in US markets - a situation MS simply wants to replace with its own ’security monopoly’.
The world of IPTV content security is still in its infancy. The more security players a device can utilize, the healthier the market and the more rigorous the security regimens will become. Its too early to say that one players is the winner. The game is yet to begin.
April 21st, 2007 at 8:00 pm
Hmmm…it is 2007 and last I checked Widevine is still running well at ChungHwa. I guess they did not get fired yet.
July 10th, 2007 at 10:48 pm
so what’s the latest on Widevine?