Building Secure, DRM-Enabled Devices Avni Rambhia Program Manager John C. Simmons Program Manager Strategic Relations & Policy Windows Client Division

2 Session Outline Introduction Introduction The importance of secure DRM implementations The importance of secure DRM implementations Anatomy of robustness rules – content, assets and security levels Anatomy of robustness rules – content, assets and security levels The general threat surface for DRM-enabled devices The general threat surface for DRM-enabled devices The design of secure DRM-enabled devices The design of secure DRM-enabled devices Protecting device assets Protecting device assets Device asset threat surface and robustness rules Device asset threat surface and robustness rules Robust hardware, firmware and software best practices Robust hardware, firmware and software best practices Protecting controlled content Protecting controlled content Controlled content threat surface and robustness rules Controlled content threat surface and robustness rules Best practices for robust protection of controlled content Best practices for robust protection of controlled content Design pitfalls to be avoided Design pitfalls to be avoided The secure development environment The secure development environment Call to action Call to action Questions and answers Questions and answers

3 The Importance Of Secure DRM Implementations Secure DRM technology is required for access to valued content Secure DRM technology is required for access to valued content Access to valued content can be denied to implementations which do not meet robustness rules Access to valued content can be denied to implementations which do not meet robustness rules After deployment, access can be revoked for implementations which are shown to violate robustness rules After deployment, access can be revoked for implementations which are shown to violate robustness rules The robustness requirements for DRM-enabled devices are likely to increase with the value of deployed content The robustness requirements for DRM-enabled devices are likely to increase with the value of deployed content

4

5

7

8 Robust Hardware-Firmware Best Practices Robust hardware design Robust hardware design Put critical data bus traces below the surface of the board Put critical data bus traces below the surface of the board Use a highly-integrated chip design or high-density packaging Use a highly-integrated chip design or high-density packaging Use on-chip RAM to secure keys during decryption Use on-chip RAM to secure keys during decryption Use a CPU that supports segment-level cache locking Use a CPU that supports segment-level cache locking Support the use of a Smart or SIM card Support the use of a Smart or SIM card Use chassis tamper-detecting hardware Use chassis tamper-detecting hardware Robustness and manufacturability Robustness and manufacturability Disable all on-chip debugging resources in production Disable all on-chip debugging resources in production Do not run Security Functions with JTAG-enabled hardware Do not run Security Functions with JTAG-enabled hardware Cover Test Points with Epoxy Cover Test Points with Epoxy Robustness and device tamper-resistance Robustness and device tamper-resistance Establish a secure platform, based upon one strong root of trust Establish a secure platform, based upon one strong root of trust Extend chain of trust to the software applications running on the device Extend chain of trust to the software applications running on the device Don’t run security functions if environment does not match production specifications Don’t run security functions if environment does not match production specifications

9 Robust Software Design Best Practices Robust software design Robust software design Use high resolution performance timer to detect kernel level debuggers Use high resolution performance timer to detect kernel level debuggers Link select C runtime code directly into your binary Link select C runtime code directly into your binary If keys must be held in virtual memory, lock the key in memory If keys must be held in virtual memory, lock the key in memory Minimize the time that secrets are kept in the clear in memory Minimize the time that secrets are kept in the clear in memory Verify compiler optimizations do not undo your buffer zeroing operations Verify compiler optimizations do not undo your buffer zeroing operations Scrub memory which has contained secrets before passing to free() Scrub memory which has contained secrets before passing to free() Robustness and device key concealment Robustness and device key concealment De-randomize key information when obfuscating it in storage De-randomize key information when obfuscating it in storage Ensure that the obfuscation algorithm is one-way Ensure that the obfuscation algorithm is one-way Obfuscate key information in a binary object at least 1 KB in size Obfuscate key information in a binary object at least 1 KB in size Robustness and the product life cycle Robustness and the product life cycle Use a program obfuscation tool to frustrate reverse engineering attempts Use a program obfuscation tool to frustrate reverse engineering attempts Exclude private key concealment software from pre-release devices Exclude private key concealment software from pre-release devices Enforce physical access and security rights to all code during production Enforce physical access and security rights to all code during production

10

11 Best Practices For Robust Protection Of Controlled Content Integrate components whenever feasible Integrate components whenever feasible If asset must flow over a bus If asset must flow over a bus Provide cryptographic protection to the asset (not 'unprotected') Provide cryptographic protection to the asset (not 'unprotected') Provide structural protection to the bus (not 'accessible') Provide structural protection to the bus (not 'accessible') Minimize vulnerability to peripheral attacks. Examples Minimize vulnerability to peripheral attacks. Examples use non-paged memory when feasible use non-paged memory when feasible use design with on-chip RAM whenever feasible use design with on-chip RAM whenever feasible do not buffer structured cleartext compressed content to one memory chip do not buffer structured cleartext compressed content to one memory chip minimize time for which clear asset is in process memory minimize time for which clear asset is in process memory Provide layered protection for assets in storage Provide layered protection for assets in storage Layer 1: Cryptographically protect the content key Layer 1: Cryptographically protect the content key Layer 2: Obfuscate the secret which protects the license Layer 2: Obfuscate the secret which protects the license Layer 3: Obfuscate the code which extracts this secret Layer 3: Obfuscate the code which extracts this secret

12 Design Pitfalls To Be Avoided Not verifying/tamper-protecting root public keys Not verifying/tamper-protecting root public keys Not protecting the key that protects the key Not protecting the key that protects the key Seeding a robust pseudo-random number generator with poor entropy Seeding a robust pseudo-random number generator with poor entropy Ignoring bus vulnerabilities in a System-on-Chip design Ignoring bus vulnerabilities in a System-on-Chip design Not incorporating threat modeling as part of the design process Not incorporating threat modeling as part of the design process Designing to today’s industry requirements/constraints, without consideration of the future Designing to today’s industry requirements/constraints, without consideration of the future Not incorporating security into the development and manufacturing process Not incorporating security into the development and manufacturing process

13 Secure Development Environment Enforce physical access and security rights to security code Enforce physical access and security rights to security code Access and use policy around secure code Access and use policy around secure code Secure lab for Device key development Secure lab for Device key development Control access to Device key design documentation Control access to Device key design documentation Control access to Device key source code Control access to Device key source code Build the Device key software on a secure machine Build the Device key software on a secure machine Manufacturing security Manufacturing security Never expose device secrets in the manufacturing environment Never expose device secrets in the manufacturing environment Make sure repair instructions do not inadvertently leak confidential information Make sure repair instructions do not inadvertently leak confidential information Ensure mechanical restrictions imposed by Robustness rules are met by post-repair devices Ensure mechanical restrictions imposed by Robustness rules are met by post-repair devices

14 Call To Action Understand all compliance and robustness rules requirements for your device before beginning the design process Understand all compliance and robustness rules requirements for your device before beginning the design process For example, the compliance and robustness rules for Microsoft’s next generation Windows Media DRM for Portable and Network Devices For example, the compliance and robustness rules for Microsoft’s next generation Windows Media DRM for Portable and Network Devices Anticipate future trends in robustness requirements by discussing with Microsoft, content providers, and chip manufacturers Anticipate future trends in robustness requirements by discussing with Microsoft, content providers, and chip manufacturers Perform threat modeling at all stages of the design process – make asset protection and content protection integral to your design process Perform threat modeling at all stages of the design process – make asset protection and content protection integral to your design process Audit your development environment and manufacturing process for vulnerabilities Audit your development environment and manufacturing process for vulnerabilities

15 Additional Resources microsoft.com microsoft.com microsoft.com microsoft.com Web Resources: Web Resources: WM DRM Web Site: WM DRM Web Site: WM DRM Partners WM DRM Partners Windows Media Community Windows Media Community Windows Media DRM Newsgroup Windows Media DRM Newsgroup news://msnews.microsoft.com/microsoft.public.windowsmedia.drm news://msnews.microsoft.com/microsoft.public.windowsmedia.drm news://msnews.microsoft.com/microsoft.public.windowsmedia.drm Related Sessions Related Sessions Business Opportunities with WM DRM (SW04004) Business Opportunities with WM DRM (SW04004) Designing Portable Media Players for Windows (TW04050) Designing Portable Media Players for Windows (TW04050) Media Transfer Protocol (TW04083) Media Transfer Protocol (TW04083) Windows Media Connect (TW04081) Windows Media Connect (TW04081) Certified Output Protection Protocol (TW04066) Certified Output Protection Protocol (TW04066) Next Generation Windows Media DRM for Consumer Electronics Devices (TW04014) Next Generation Windows Media DRM for Consumer Electronics Devices (TW04014)

16 Community Resources Community Sites Community Sites List of Newsgroups List of Newsgroups us/default.aspx us/default.aspx us/default.aspx us/default.aspx Attend a free chat or webcast Attend a free chat or webcast Locate a local user group(s) Locate a local user group(s) Non-Microsoft Community Sites Non-Microsoft Community Sites