4K Content protection overview Sony Pictures Technologies June 19th, 2012 12/7/2018

Introduction 4k is a new opportunity for Sony, Consumers and Content Providers 4k is a “green field”, there are no legacy 4k devices in the hands of consumers The Studios will set a high bar for 4k content protection 12/7/2018

Security Solution Characteristics Comprehensive security ecosystem All devices meet the same standard No assumption that any particular class of devices is more difficult to hack “Hack once, hack all” is not possible Breach limited to a single title Breach response is rapid Within days Security solution provider has a proven track record Similar idea of per title diversity as BD+ but very different approach BD+ is not effective

High-Level Model of Video Path 12/7/2018

Decryption / Decoding Threats Mitigations Attacker extracts Device Key Attacker extracts Content Key Attacker captures decrypted compressed content Attacker captures decrypted uncompressed content Mitigations Software diversity per title Decode in Trusted Execution Environment Device keys protected by a Hardware Root of Trust Require 3rd party verification of trusted DRM software 12/7/2018

Framebuffer Threats Mitigations Attacker captures raw frames from framebuffer E.g. Screen scraping Mitigations Use protected framebuffer (e.g. TrustZone) Use secured links to video hardware (e.g. Nvidia) 12/7/2018

HDCP Source Threats Mitigations Attacker captures raw frames from hacked driver Attacker captures raw frames from hacked video hardware Mitigations Require HDCP 2.1 for source devices and repeaters HDCP 2.x increases security and robustness Never send unencrypted frame data to video drivers/hardware Only send frame data to protected video hardware on SoC (e.g. TrustZone) Require 3rd party verification of trusted hardware 12/7/2018

HDCP Sink Threats Mitigations Attacker captures video from HDMI to screen driver interface Attacker uses HDCP stripper with valid HDCP 1.x Device Keys Since attackers can generate valid HDCP 1.x device keys revocation is ineffective Mitigations Require HDCP 2.0 or higher for sink devices HDCP source only transmits 4k content to HDCP 2.x devices 12/7/2018

Screen Threats Threats Mitigations Attacker captures video from screen using camera Mitigations Security solution inserts forensic watermark that can be used to identify user account and playback device 12/7/2018

Breach Management Security provider monitors Internet (websites, chat rooms, IRC, etc) for indications of security breaches Security provider works with manufacturers to identify circumventions used by attackers Countermeasures developed and deployed immediately a breach is detected Some new content may prevent playback on certain devices until firmware is up-to-date 12/7/2018

Example of Renewability on Android/ARM Video player app (which includes content protection) is renewed by security provider as part of content licensing Video player app verifies that OS and TrustZone have not been hacked If OS or TrustZone have been hacked video app will not play content but will alert consumer that device needs to be updated. Device maker has the option of renewing OS and Trustzone components or leaving consumer with a device that won’t play content 12/7/2018

Example: NDS Security Solutions Function NDS Solution Platforms Android IOS Win 8 MacOS PS3 XBox CE (TV, Blu-ray) Software diversity Moving target technology ✔ Trusted Execution Environment TZ Intel, AMD Custom in SoC Hardware Root of Trust ? Secure boot, root/jailbreak detect Code hardening Watermark insertion [what is their watermark technology called?] Breach monitoring & response

Security Management 12/7/2018