When it comes to digital rights management (DRM), about the only point of agreement among the different factions is that it is a problem that has yet to be resolved. DRM is caught in the middle of a digital content revolution that over a decade is completely changing long established business relationships linking content owners, distributors and consumers. DRM has to balance the rights of all these parties at a time when content has become divorced from the physical medium of its distribution, in a digital form that can be almost instantly copied and distributed over the Internet in the absence of specific measures to prevent this from happening.
This was the background faced first by the music industry before television and video, leading to business models enforced via DRM that consumers became aware of only when they were denied copying rights. This led to DRM getting a bad name once consumers learned that it curtailed a freedom they had long taken for granted – to play their music on all their devices. As a result, there have even been suggestions that the name DRM should be changed to accompany new technologies that balance consumers’ and content owners’ rights more equitably. Apple has been in the thick of the controversy with its FairPlay DRM, accused by some European governments, such as Norway and France, of violating consumer rights to fair use of content.
Meanwhile, in the pay TV world, conditional access (CA) mechanisms were deployed in a slightly different context. While the purpose of DRM is to protect content from unauthorized use and illegal distribution, CA is designed to restrict access to a service just to those people who have paid for it. CA therefore protects service revenue, while DRM enforces rights over individual content that may be distributed within that service.
But the distinction between content and service is eroding, and with it CA and DRM are converging into a common protection framework that combines authentication of the user with technologies that police rights over content at different stages of the distribution chain. Meanwhile, though, a further problem has emerged with the convergence among different channels of distribution. The growth in video consumption through the Internet, television, video on demand (VOD) and mobile networks make it possible for the same content to end up being played or viewed on a multitude of different devices. If each device has different DRM installed, the question is how to ensure that rights are maintained and applied consistently as content is transmitted, which may be with or without wires, via Bluetooth for example. The new challenge, then, is to make DRM interoperable, as will be discussed later.
For today’s cable TV industry though, there is an even more pressing challenge. This is to find a next-generation CA/DRM mechanism that can be downloaded and controlled centrally and yet is sufficiently secure to protect the service and keep content owners happy. In addition, this CA/DRM must be capable of supporting a range of devices, including TV sets themselves, without the need for dedicated hardware. Encryption The first thing to recognize is that encryption is the fundamental mechanism of both CA and DRM because without it, there is nothing to stop anyone from either viewing or copying the content. It is easy enough to encrypt data using a key sufficiently long to provide almost absolute protection, but only if the algorithm applied to the data to scramble it is unknown. The other two points of weakness lie in distributing the decryption keys to recipients and on the path where content is transmitted in the clear after decryption.
This last point of weakness can be addressed by keeping content encrypted throughout its distribution cycle. For premium video content, end-to-end encryption is a requirement to protect against theft. Therefore, content is typically encrypted from the moment it leaves the content originator until it arrives at an operator’s headend. As an example, satellites typically enforce their own encryption scheme. From this point, the content is once again encrypted as it is transmitted to the end-user device, typically a set-top box.
During the broadcast or on-demand distribution of content, operators typically deploy one of two encryption methodologies. One option is session-based encryption. In this case, the content is encrypted on the fly, and the decryption keys are rotated periodically. This key rotation helps further protect the content from being cracked. In other schemes, typically where VOD is employed, content is pre-encrypted during ingest into the VOD server and then decrypted by the set-top box’s CA system. In many deployments, session-based encryption has been introduced through the use of encryption in the network quadrature amplitude modulation (QAM) modulators or through a standalone appliance that bulk-encrypts the video, downstream from the VOD server.
In practice, a combination of session-based encryption and pre-encryption may be deployed to suit the varying needs of live and pre-recorded content. In any case, the cable TV industry recognized that it needed a more flexible encryption platform for next generation DRM/CA, allowing the system to be changed, but at the same incorporating some level of hardware protection. This led to the solution currently on the table from CableLabs, called downloadable conditional access system (DCAS). This requires compliant devices such as TV sets to have a dedicated application specific integrated circuit (ASIC) embedded on the motherboard. DCAS The design of DCAS can only be understood in the context of the peculiar distortions and tensions within the digital content security field. This has led to a rather misleading debate between "hardware" and "software" based CA.
To provide reasonable protection against other points of weakness, the cable industry originally developed a conditional access system (CAS) built right into the motherboard of the set-top box. However, in some parts of the world, including much of Europe, smart cards were developed to host the CA mechanism and which could be replaced in the event of the encryption algorithm being hacked.
Then in the United States, the CableCard technologies were developed in response to a demand from the Federal Communications Commission for the cable TV industry there to move away from integrated security within the set-top box. Theoretically, this will open up competition in set-top boxes and consumer devices, even going as far as avoiding the need for a set-top box at all. This ruling is mandatory after July 1 2007, with many devices such as digital video recorders (DVRs), PCs, and TV sets now available with plug-in PCMCIA cards, similar in function to smart cards, but able to slot into standard readers.
However, CableCard still requires a hard coded device, and so CableLabs has come up with a fresh proposal, DCAS. (See Figure 1.) DCAS is designed to eliminate fixed, hard coded CA, though it does require a custom ASIC to be soldered onto the circuit board of any cable-ready device. Also, devices may require additional capacity to run the OpenCable Application Platform (OCAP), which is middleware specified by CableLabs to support two-way interactive services and has become associated with DCAS. DCAS does deliver several important features for next-generation digital protection. It avoids the need for dedicated cards as well as for set-top boxes. Most importantly, it enables the security logic, including the decryption algorithm, to be updated by downloading software, without the need for physically updating the box. This in itself increases security because once a particular encryption/decryption algorithm has been cracked, it can be replaced. DCAS also stimulates innovation and competition within the CAS market by opening it up to competition, which should reduce prices for these components.
Yet there is controversy here, too, in the role of hardware. The notion that a pay TV system can only be secure if there is hardware involved is almost axiomatic for many of the traditional CA vendors on the basis that if CA relies totally on software, the encryption algorithm is vulnerable to attack. On the other hand, although less vulnerable, if permanent physical circuitry is compromised, then there is no way the system can be replaced, and so all devices relying on DCAS would in theory have to be thrown away.
The DCAS response in turn is that the ASIC is in effect just a hardware container for software that can be completely replaced. In this way, DCAS combines the security of hardware with the flexibility of software, so the argument runs. The truth of these claims and counter-claims can ultimately only be tested in the court of active deployment, assuming DCAS does gain momentum.
At least DCAS does combine CA and DRM and therefore satisfies the needs of content providers as well as cable operators. Aided by the OCAP middleware, DCAS not only supports decryption, but can also enforce rights, specifying for example whether content should be deleted straight after viewing, after a specified number of viewings, or after a period of time. It can also specify to which devices content may be transferred and whether it can be recorded. Interoperability However, as with any CA/DRM system, DCAS can only enforce rights on devices that support it. At present, there is a plethora of DRM systems and standards, and for content to flow freely and securely among all devices within the digital universe, there has to be some means of interoperability. There are three options, not necessarily exclusive.
Firstly, everybody could support the same proprietary DRM, of which there are only two serious contenders, Apple’s FairPlay and Microsoft‘s Windows Media DRM. Although well-seasoned and with some useful features, neither of these is likely to gain universal support, least of all from the opposing camp.
The second option is for everyone to adopt a common open standard DRM not owned by any one vendor, and there have been signs of this happening within particular domains of devices. There is for example the Open Media Alliance DRM, designed for mobile devices, and Marlin, which is supported by four consumer electronics companies – Sony, Philips, Samsung, and Matsushita – as well as DRM pioneer Intertrust.
In fact, Marlin and OMA are closely related, combining an interoperability mechanism with a DRM engine with encryption management. The relevance for cable TV operators could be that these DRM systems will be implemented within devices in a home network, which will be a growing hunting ground and zone of competition with Internet protocol TV (IPTV) providers.
But there is no sign of either of these, or any other single DRM system, being universally adopted across all platforms, so the only real hope of implementing DRM effectively across the whole content distribution chain lies with interoperability mechanisms. Here there seems to be just one real contender, from the Coral consortium, given the effort involved in defining a universal set of standards for DRM interoperability.
Coral has defined a standard framework for defining rights so that they can be transmitted between different DRM systems. Rights are conveyed via a token, which is translated into an appropriate DRM license managed by the underlying DRM on each device. When a consumer tries to access content, for example to play a song or watch a movie, the token created and managed by Coral ultimately determines whether this can happen. The consumer then does not need to know about DRM systems, and device makers and content providers are free to choose the one that best suits their needs.
Coral allows different DRM to be used at various stages of the distribution chain to cater for the varying requirements. There is no need, for instance, to specify end use rights, such as how many times content can be viewed, while content is still within the studio or production network.
Yet, there is an implementation problem here if two interoperating DRM systems are almost totally out of tune, with no overlap between the specified rights. For interoperability to work, there has to be some compatibility between business models. If one DRM system implements a subscription model, and another a once off purchase model, it is hard for them to interoperate. This point in turn could encourage deployment of the standard Marlin DRM described earlier, which incorporates aspects of the Coral interoperability mechanism.
However, Coral does attempt to resolve mismatches resulting from incompatible DRM systems within its framework. This framework is the basis of the Coral interoperability mechanism, comprising a set of specifications for secure interoperability among applications and services.
Yet, although Coral incorporates a certification process and trust management infrastructure within this framework, neither it nor any interoperability mechanism based on software can guarantee security of content and the rights associated with during transit between devices, whether within wires or over the air. This inevitably lies within the DRM domain, so the question is how to ensure security when there are multiple DRM systems.
One approach that has gained some traction on this front is the secure video processor (SVP). This is a chip that provides a secure place to store content in encrypted form, so that it is only decrypted at the point of play. Only encrypted content is transmitted between devices. But while SVP has gained some support within the home network environment, there is little sign of its being adopted elsewhere.
Furthermore, SVP does not provide any record of the content’s history or means of tracing abuses. For this reason, digital watermarking is generating growing interest, activity and optimism. Watermarking At first, it seemed impossible to insert digital traces into content without affecting quality at least a little, but the technology is now much more sophisticated, and its appeal lies partly in being totally transparent to the consumer. The focus at first sight is on detection of content theft or abuse rather than prevention. But because it will increasingly allow theft to be traced wherever it takes place in the distribution chain, it could effectively reduce abuse by acting as a deterrent. Although video piracy by end users tends to receive most attention, abuses can occur further upstream with greater potential for damage. A corrupt employee of a cable TV company could copy high resolution content from a hard disk before it has been compressed. A watermark could identify the machine with that hard drive, narrowing down any subsequent investigation considerably.
Watermarks also have the potential for helping implement business models, by embedding rights management information into content. This has not been done yet, but future watermarking in this context could play a vital role in emerging super-distribution models, where users are actually encouraged to pass content on and get paid for doing so. A watermark could record instances of such distribution, which could then trigger an automated credit for that user.
On the other hand the emergence of watermarking does sow further confusion in the DRM field, which remains in a state of flux. The field is in need of some positive spin among consumers, and there are questions over whether the DRM approach can keep pace with the revolutionary developments in content production and distribution. It could yet prove hard to stem a black market in unprotected content, although there is little doubt that digital watermarking will play a growing role in detection and enforcement of rights. The field still has a long way to run. Tom Rosenstein is vice president of Product and Alliances for SeaChange International. Reach him at firstname.lastname@example.org.