Hollywood: How do we secure high-def 4K content? Easy. Just BRAND the pirates
'You only have to get it wrong once, and you end up in prison'
Movielabs, the R&D business for Hollywood studios, has just issued a new specification for securing 4K high-def streaming video content, and one of the things that it’s going to demand is forensic watermarking.
This spec is being described as “recommendations”, but studios will need to adopt these overnight as the hard and fast rules if they want to gain security approval to distribute quality 4K video.
A watermark has to be introduced in all 4K delivery, at the worst case at the server streaming the content (so that each stream is unique), or better still at the device. The latter will mean that the guilty party customer can be identified from the source of any copy found on the internet.
How it works
By now forensic watermarking is becoming tougher and tougher to break. In some systems, the watermarking process writes a unique device number into the content over a large number of frames in code, using key pixels, and in others it is only measurement against a pristine version of the file that reveals randomly placed pixels in a key coded sequence, which depict the device or stream identity.
Most systems these days use more than one single set of algorithms to rigidly record the device identity being used to render the stream. As one cryptographer we discussed it with this week said to us: “With encryption you know when you have broken it, because the content just plays, but in removing watermarks there is always an element of doubt, and you only have to get it wrong once, and you end up in prison.”
The same expert said to us, “Watermarking has been used a lot by studios to protect content prior to its release. In 4K now we will see the onus placed on operators who deliver that content, either to cinemas or to pay TV systems.”
In order to be sure you have got rid of a video watermark, you either have to spend a lot of money, getting lots and lots of copies of the movie and comparing them and removing the differences, but then also changing it further. In the end you can only be sure you are not identifiable as a pirate after you have compromised the quality of the output, and in 4K that defeats the object. At least this is the thinking of the studios.
Movielabs said: “The system shall have the ability to securely forensically mark video at the server and/or client to recover information necessary to address breaches. The watermarking shall be robust against corruption of the forensic information.
"The watermark shall be inserted on the server or on the client such that the valid insertion is guaranteed even if the device and its secrets are compromised.”
Hang on, how are we supposed to get up to scratch?
This kind of demand is perhaps the one that is going to stretch most of the security businesses out there. We know that some media content management industry leaders – including Verimatrix, Irdeto and Civolution – have systems that can already meet these criteria, but a number of other players will have to go back to the drawing board or license the techniques.
We understand that many of them, including Nagra (another secure digital media player), have a system through partnership with Civolution. Widevine, now owned by Google, is also known to have its own watermarking system, but this has not been heard of since the acquisition and it may not have kept up with recent innovations in watermarking.
Blu-ray player makers and their component suppliers may be forced to license this type of technology in a rush – creating a windfall for one or two of these players.
In audio watermarking, the industry has standardised the Cinavia system – an analogue watermarking and steganography system supported by default on Blu-ray players – and a similar standardisation process may occur as we move into 4K in video.
Movielabs is also insisting on Cinavia in protecting 4K. This is a system which was first proposed by Verance in 1999, but only finally came to market in 2010. It alters frequencies in the normal hearing range for humans – previous methods used sounds outside the hearing range, but these were too easily removed. The Cinavia system is of course already used in Blu-ray players, so those should have that capability already.
Milk that serial
Another aspect of the protection for 4K is that players must have access to key identifiers for the individual device – its serial number – and this must, under these new 4K rules, be somehow bound to the version of the content. In other words, the content doesn’t play without that device, because its serial number needs to be present – some part of it needs to be mixed up in the authentication process – before that version of the content can play. Apparently this has to be designed so that if a piece of content is hacked, it is only hacked for that device and this gives no clue as to how to hack another movie or another device.
Another technical requirement is revocation and renewal of key algorithms. The system has to be able to revoke any client that is breaching the rules, and at the same time, renew and refresh the algorithms that are running on any device out there. The idea is that once a device has been caught spawning a pirated copy, it can either be switched off permanently or it can only play what has already been bought or lower density copies of future content.
And for an operator to be able to offer 4K content, there must be processes and agreements in place to respond rapidly to renew compromised software components.
Now what that means is that not only does it have to be renewable, but someone has to get paid to watch the internet to see if this particular version of the 4K file emerges anywhere. That will suit security businesses like the Irdeto’s Intelligence offering – which came out of its purchase of Bay TSP a few years back. This is its main job, to scour the internet for illegal copies. It detected about 15 billion piracy instances during 2012 and that number is sure to rise with the advent of 4K.
If the 4K content is being moved as a stream off the key player such as a set top or Blu-ray player, it must use HDCP 2.2 or better and each output should only go to authorised devices.
But Hollywood has not stopped there. It wants to see a secure or trusted execution environment on any device that it runs on. Again this is fine for a set top vendor or a Blu-ray manufacturer, but we cannot see Apple putting this into its tablets and phones. Apple has the ability to run such a system from its silicon, but it does not extend that ability to App developers that want to offer video.
Right now this spec is not about Apple devices, because they cannot handle 4K as yet, but this is aimed fairly and squarely at general pur-pose devices, including PCs and Tablets, to keep them out of the 4K loop until they change their ways and get onboard with hardware based protection.
Not only must the execution environment be secure when processing keys, but it must have a hardware based root of trust. It must also support runtime integrity checking of secure applications, something that companies like Arxan, Irdeto and AuthenTec have been pushing in their software only security implementations, but they do not have hardware root of trust.
This means 4K, at least right now, will not be able to go to general purpose devices at all, until they have a permanent, factory-burned encryption facility. Such a system will also have to use 128 bit encryption and above, and be resistant to side-channel attacks, which includes differential power analysis among others.
This whole enterprise is fraught with layer upon layer of security that will require mass cross licensing between major security players – one strong in one area, and another strong in another and we would not be surprised to see a single or maybe two reference designs put together by consortia, that can supply every step in the IPR chain.
While Movielabs has not yet said which trusted implementers can manage compliance to these tests, they are bound to be the usual 2 or 3 security specialists globally that run these checks.
Faultline's take on this is that this is a holding action that cannot be sustained. It is really trying to keep 4K in with the specialist hardware players that are totally reliant on the studios for content to play, and preventing general purpose devices to enter until they get their act together.
We think that once 4K has been out for a while, these restrictions will become relaxed, otherwise the multiscreen revolution will restricted to HD, and that will not satisfy an increasingly difficult to impress video consumer. Similar moves were put in place informally for HD when tablets hit the market, but within a year all the guidelines were swept aside by the studios own need to get onto the iPad. And this will almost certainly happen once again.
MovieLabs was formed by Paramount, Sony, Twentieth Century Fox, Universal Studios, Disney and Warner Brothers and is funded by its members.
Copyright © 2013, Faultline
Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of the week's events in the world of digital media. Faultline is where media meets technology. Subscription details here.
Sponsored: Becoming a Pragmatic Security Leader