www.mobilevce.com

© 2004 Mobile VCE3G 20041

www.mobilevce.com

© 2004 Mobile VCE3G 20042

19th October 2004

Regional Blackouts: Protection of Broadcast Content on 3G Networks

Alexander W. Dent Allan Tomlinson, Information Security Group, Royal Holloway, University of London

www.mobilevce.com

© 2004 Mobile VCE3G 20043

Introduction

Motivation

Collaboration between broadcast and mobile networks

Potential to deliver broadcast content over 3G networks

Potential issues with content protectionDigital Rights Management (DRM)Ownership of ContentDistribution RightsLicensing

www.mobilevce.com

© 2004 Mobile VCE3G 20044

Background

Regional Blackouts

Broadcast Content subject to restrictions

GeographicalIn the region around a stadium where a live event

is taking place

TimeDuring the time when a live event takes placeImmediately after the event

www.mobilevce.com

© 2004 Mobile VCE3G 20045

Background

Current Solutions

Conditional Access systemsScrambled content

Regional codesEmbedded in receivers

Entitlement managementDescrambling authorised according to regional

codesBroadcast time controlled by broadcaster

www.mobilevce.com

© 2004 Mobile VCE3G 20046

Background

Blackout Region

STB

TelevisionStadium

STB

STB

STB

STBTelevision

Stadium

www.mobilevce.com

© 2004 Mobile VCE3G 20047

Background

Mobile Receivers

Current solutions assumeRelatively static receiversBroadcaster controls play-out and billing

Mobile receiversNo longer staticContent forwarding

www.mobilevce.com

© 2004 Mobile VCE3G 20048

Blackout Region

Stadium

ModemSTB

Television

Video Source

Content Provider(s)

DVB-S DVB-T

DVB-C

Broadcaster(s)

Initial Receiver Intermediary Network End Device

End Device

untrusted

Broadcast Network

Background

www.mobilevce.com

© 2004 Mobile VCE3G 20049

New Problem

Content Provider may trust broadcaster to control distribution to initial receiver

Content Provider cannot trust initial receiver to control further distribution

Further distribution is controlled by the userEnd Device can be any IP enabled deviceEnd Device may be completely controlled by user

Impact on future mobile services

www.mobilevce.com

© 2004 Mobile VCE3G 200410

Potential Solutions

Trusted Hardware Insist on trusted hardware on End Device Install GPS on end device Expensive

Trusted Network Network provides time and location data End Device must be connected directly to network

Secure Protocols

www.mobilevce.com

© 2004 Mobile VCE3G 200411

Blackout Region

Stadium

Trusted Network

ModemSTB

Television

Video Source

Content Provider(s)

DVB-S DVB-T

DVB-C

Broadcaster(s)

Initial Receiver Intermediary Network End Device

End Device

Server

untrusted

Broadcast Network

Network Model

www.mobilevce.com

© 2004 Mobile VCE3G 200412

Assumptions

STB and ED have a secure execution environment and a tamper-proof data storage area

All cryptographic processing on STB and ED is carried out in the secure execution environment

Only applications running in the secure execution environment have access to the tamper-proof data storage areas in the STB and the ED

At least one authenticated key, K, is shared by STB and ED and is stored in the tamper-proof data storage areas

www.mobilevce.com

© 2004 Mobile VCE3G 200413

Assumptions

At least one of the ED or STB possesses a public verification transform, VCA, for a certification authority CA, stored in its tamper-proof data storage area

At least one of the ED or STB possesses a DRM application stored in its tamper-proof data storage area

At least one of the ED or STB has knowledge of the usage criteria for each service received

www.mobilevce.com

© 2004 Mobile VCE3G 200414

Protocol 1

Trusted Network

ModemSTBEnd Device

Server

nonce ti

signed(nonce,time,loc) tjdt

EK(service)

www.mobilevce.com

© 2004 Mobile VCE3G 200415

Protocol 1

Advantages Simple

Disadvantages Heavy computational load on the intermediary

network.

Heavy computational load on the end device (which may have limited computational power)

Trust in DRM application on the end device

www.mobilevce.com

© 2004 Mobile VCE3G 200416

MACK(nonce)

nonce

tj

dtsigned(MACK(nonce),time,loc)

Protocol 2

Trusted Network

ModemSTBEnd Device

Server

ti nonce

EK(service)

www.mobilevce.com

© 2004 Mobile VCE3G 200417

Protocol 2

Advantages Simple Low computational load for the end device Good source of nonces from scrambled broadcasts Most DRM performed on STB, less trust in ED

Disadvantages Still heavy computational load on the intermediary

network

www.mobilevce.com

© 2004 Mobile VCE3G 200418

Conclusions

Protocols deliver secure time and location information from mobile devices to DRM applications.

Computational load on intermediary network.

Potential for Denial of Service attacks

www.mobilevce.com

© 2004 Mobile VCE3G 200419

Thank you !

For further information please contact:Dr. Allan Tomlinson

E-mail: allan.tomlinson@rhul.ac.ukTel: +44 (1784) 414346WWW: www.mobilevce.com