Presentation to HPA Tech Retreat 2014

Accessing Encrypted Assets in Mac OS

Mathew Gilliat-Smith, CEO Fortium Technologies

Content Security • Severity of leaks and comment• Studios don’t like to publicise breaches - privately its a continual battle

• the Tarantino script• well known series premier leaked one month early from a special effects house

• Comments on social networking and physical leaks are a Post Supervisor’s worst nightmare – ‘it happened on my watch’

• Concern in being connected to the internet• Concern in Cloud workflows • MPAA audits try and ensure facilities are secure & have teams to track leaked

content but…..• Proxy files in editing & authoring systems present a security vulnerability

• Files reside ‘in the clear’ for anyone on the network to access• No encryption ‘at rest’

• NBC Universal identified specific risk in professional editing systems and designed the MediaSeal encrypted video system

Reduced Viewing

Cost of piracy $$

Remarks on Social Networks

The Dilemma

• Mac OS does not support modified files types e.g. encrypted files – security solutions need to be cross platform

• Why don’t professional editing and authoring systems build in file security?

• Complexity• Proprietary systems are not portable - what works for one

system does work for another

• Other security solutions (encrypted drives & delivery systems)

• Encryption is removed for access & playback • In the clear once copied

• How to create a reliable end to end encryption system

The Challenge

• To create a compatible encryption system that ticks all the boxes

• Centrally Managed• File and application agnostic - transparent to the system it is

running in• No altering of file• Handles everything from low end files to high end DPX sequences

• Suitable for closed network AND for cloud workflows• Must not cause any delays or complications in the workflow• Complementary to existing systems

Solution to create a File System Filter Driver for MediaSeal video encryption

• Technical description: “An optional driver that adds value to or modifies the behaviour of a file system”

• Log, observe, modify, or prevent

• Typical applications for filter drivers include antivirus utilities, encryption programs and hierarchical storage management systems.

• A kernel-mode component that runs as part of the OS • Filters I/O operations for one or more file systems.

• Modify data that is returned to applications (editing programs) as the file is read

• Method gives full control how the file is processed on the OS • Ideal for MediaSeal video encryption – not just video files, audio, docs, images• Facilitated in Windows OS but it didn’t exist in Mac OS

Collaboration

Where MediaSeal FSFD resides (File System Filter Driver)

Storage

KernelLevel

UserLevel

Extension

FSFD

Kernel Level• Layer between user applications and

hardware• Removes complexities as it provides

common interface for file operations - i.e. open, close, read, seek

• Example of User level is WinZip – once opened its in the clear

Kernel Extensions• Provides much more functionality &

control• Increase hardware support• Expands capabilities of kernel

USB

BlueTooth

Playback & Editing in ProTools

How FSFD enables MediaSeal

• During access FSFD recognises if file is encrypted

• User is prompted for authentication - by password, iLok key/soft key and by remote authentication

• Contents of file only decrypted into the memory buffer associated with the file read

• File remains encrypted at rest on disk – ability to revoke later

Media Seal Not Present

IncorrectCredentials

TrustedRecipient

Behaviour

User Application

Kernel + FSFD Extension

Storage

How MediaSeal Works

• AES encryption - Security tested by NGS Secure• Change DRM rules after transfer - set viewing criteria –

who & when, sunset sunrise viewing• For use behind the firewall with no exposure to the

internet• Recommended for protecting content in the cloud

1. Database Key Server

2. Encryption software 3. Decryptor license + iLok key

Step1: Log in to Encryptor & Set Up Job

Step 2: Import Files to Encrypt

Step 3: Key Server Select Trusted Users, Set DRM, Add Password

Step 4: Encrypt Files in Seconds

Access with Password & Key – File remains encrypted

Playback & Edit in ProTools

No Unauthorised Playback – Blank Screen

Reporting Analytics

Sort by Who, What , When

Title, Version, User ID, Code

Granted/DeniedDate & Time Export to CSV

User ID

Case Study

• NBCU Post Production• Fast & Furious 6• Box Office Opening Weekend

• $97m US 24 May 2013

• No Leaks prior to release• Sound mixing, internal & external depts• Endless Love

Cloud Workflows

• Cloud collaboration tools will give greater efficiency – faster, quicker, lower cost

• Typical production environments mean many more people need to work on the same assets, often externally to the production studios – means more exposure

• Integration into automated asset control• Files do need to be downloaded to attach local content –

this is the vulnerability – no end point security – files can be copied

• MediaSeal FSFD means files remain encrypted in the cloud workflow with cross platform cloud security

The “Anywhere” Solutions

Cloud Based Collaboration

Wrap your media with MediaSeal Encryptor

Software

Share your encrypted media safely using any common file sharing

method Drop Box, iCloud,

Google Drive,etc.

Your collaboration team can access the encrypted

media only when they have MediaSeal Decryptor

software, have a registered iLok installed, and have permissions for

the media.

Apply encryption locally or in the cloud after transcoding

API Methodology for 3rd Party Solutions

• Encryption systems• FTP delivery • Editing Systems• Authoring Systems• Scriptable through command line

Further Informationinfo@fortiumtech.comwww.mediaseal.com

Support of MediaSeal in LABy Audio Intervisual Design

email: sales@aidinc.com1155 N. La Brea Avenue, West Hollywood, CA 9003

Tel: 323 845-1155