Transcript Applying DRM Techniques to Video on the Internet: Characterizing

Protecting Publicly
Released Videos
Ensuring Proper Rights
Management in the Digital
Entertainment Era
CPTWG, July 2002
By: Eric Grab ([email protected])
Director of Engineering
http://www.divxnetworks.com and http://www.divx.com
Who is DivXNetworks, Inc?
• The DivXNetworks Codecs were written from scratch by
DivXNetworks. The DivX™ Codec 5.x is MPEG-4 Advanced
Simple Profile compliant.
• Starting with the most widely used MPEG-4 Codec (60
million downloads), named the DivX™ Codec, DivXNetworks
added software to enable a fully secure video-on-demand
system. The DivX™ Open Video System is hosted in a
redundant, high bandwidth facility. This system allows full
screen DVD-like quality video (~700kbps) to be rented and
delivered across the Internet. It is currently in operation with
15 content providers.
• DivXNetworks offers a video-on-demand service, and
licenses all aspects of its software technology to companies
to a variety of industries including content providers, network
operators, enterprise market, and entertainment.
2
What are we going to cover?
• We made a VOD solution, so what did we learn?
• Where do videos get attacked?
• What is a reasonable approach to video considering the the
current state of technology?
• How should we treat content?
3
Where do the attacks happen?
• A couple things to remember…
– Video always has to reach your eyes and ears, thus
it always becomes unprotected at some point.
– Principle of easiest penetration: An intruder must be
expected to use any available means of
penetration. This will not necessarily be the most
obvious means, nor will it necessarily be the one
against which the most solid defense has been
installed.
• See the Reality to Reality Reproduction diagram on
the next slide.
4
From Reality to Reality Reproduction
5
What is a reasonable technical approach
to protect digital video right now?
•
•
•
•
•
•
•
•
•
Encrypt the video. Use high speed decryption and allow trick play.
Content watermark to find illegal distributed content.
Transaction watermark to find and prosecute attackers.
Software based solution for rapid response, such as encryption rotation,
protocol rotation, and tamper resistance improvements.
Networks are everywhere so use server side business rules and key
management to improve security and stay flexible. In other words,
network authentication is required to start playing video. Think banking
transaction.
Check geographic region via IP address, and enforce it as part of the
business rules.
Associate content to users (username and password), not devices.
Add tamper resistance to software to reduce common software attacks.
Monitor “channels” with content mark or image recognition, or even
works pretty well using title.
6
How do we treat entertainment
industry content?
• Digital technology enabled new things for the financial
industry years ago.
– The entertainment industry is going through the same thing.
– Assertion: Handling content is very similar to handling money. Thus
we can learn quite a bit about how to protect things from the financial
industry.
• Financial industry expanded from coins and paper.
– Consumer move money and shares move fluidly giving them great
control via wire transfers, ATMs, credit cards, web stock trading, etc.
– Many technologies combined with operational process make it work.
• Entertainment industry will expand from film and discs.
– Consumers will have great control over selecting content.
– Many technologies combined with operational process will make it
work.
7
Does technology solve all the problems?
• It is not just about technology, there are other aspects.
• Psychology – Do not restrict things too far as to create the
perceived need to crack, or wait too long for a solution.
Overall make it easier to buy than to steal.
• Legal – Dedication to follow through and have the right
evidence.
• Business – Take the time to train users and dealmakers on
the value of new video services.
• Operational / Rapid Response – Put the procedures in
place to respond to threats and protect critical aspects. Give
the system checks and balances. Keep adding more
technology.
8
Are there any questions?
•
•
•
•
[email protected]
http://www.DivXNetworks.com
http://www.DivX.com
April 2002 SMPTE Journal
9