CONTENT PROTECTION – Methods and Practices for protecting audiovisual content

[Note: I orginally wrote this in early 2009 as an introduction to the landscpe of content protection. The audience at that time consisted of content owners and producers (studios, etc.) who had (and have!) concern over illegal reproduction and distribution of their copyrighted material – i.e. piracy. With this issue only becoming bigger, and as a follow-up to my recent article on proposed piracy legislation (SOPA-PIPA) I felt it timely to reprint this here. Although a few small technical details have been added to the ecosystem, essentially the primer is as accurate and germane today as it was 3 years ago. While this is somewhat technical I believe that it will be of interest to this wider audience.]

What is Content Protection?

The term ‘Copy Protection’ is often used to describe the technical aspect of Content Protection.
Copy Protection is a limiting and often inaccurate term, as technical forms of Content Protection often include more aspects than just limiting or prohibiting copies of content.
Other forms of Technical Content Protection include:
- Display Protection
  - Restrictions on type, resolution, etc. of display devices
- Transmission Protection
  - Restrictions on retransmission or forwarding of content
- Fingerprinting, Watermarks, etc.
  - Forensic marks to allows tracing of versions of content

Content Protection is the enforcement of DRM

Digital Rights Management (DRM)
- A more accurate term would be ‘Content Rights Management’ (CRM) as this describes what is actually being managed [the word digital is now so overused that we see digital shoes (with LEDs), digital batteries, etc.)
- Simply put, DRM is a set of policies that describe how content may be used in alignment with contractual agreements to ensure content owners a fair return on their investment in creating and distributing their content.
- These policies can be enforced by legal, social and technical means.
  - Legal enforcement is almost always ex post facto
    - Civil and criminal penalties brought against parties suspected of violating DRM policies
  - Typically used in circumstances involving significant financial losses, due to time and costs involved
  - Is the most reactive and never prevents policy misuse in the first place
- Social enforcement is a complex array of measures that will be discussed later in this article
- Technical enforcement is what most of think about when we mention ‘Content Protection’ or ‘Copy Protection’
  - This is often a very proactive form of rights enforcement, as it can prevent misuse in the first place
  - It has costs, both in terms of actual cost of implementation and often a “social cost” in terms of customer alienation
  - Many forms of technical enforcement are percieved by customers as unfairly limiting their ‘fair use’ of content they have legally obtained

Technical Content Protection

To be effective, must have these attributes:
- DRM policies must be well defined and be expressible with rules or formulas that are mechanically reproducible
- Implementations should match the environment in terms of complexity, cost, reliability and lifespan
  - Protecting Digital Cinema content is a different process than protecting a low-resolution streaming internet file
  - The costs of these techniques should be included in mastering or distribution, as consumers see no “value” in content protection – it is not a ‘feature’ they will pay for
  - There are challenges in the disparate environments in which content is transmitted and viewed
    - CE (Consumer Electronics) has a very different viewpoint (and price point) on content protection than the PC industry
- A balance is required in terms of the level of effectiveness vs. cost and perceived “hassle factor”
  - A “layered defense” and the concept of using technical content protection as a significant “speed bump” as opposed to a “Berlin Wall” will be most efficient
  - A combination of all three content protection methods (legal, social and technical) will ultimately provide the best overall protection at a realistic cost
  - The goal should not be to prohibit any possible breach of DRM policy, but rather to maximize the ROI to the content owner/distributor at an acceptable cost
  - All technical content protection methods will eventually fail
    - As general technology and computational power moves forward, techniques that were “unbreakable” a few years in the past will be defeated in the future
  - The technical protection mechanisms and algorithms are highly asymmetrical in terms of “cat & mouse” – i.e. there are a few hundred developers and potentially millions or tens of millions of users working to defeat these systems
- The methods employed should work across international boundaries and should to the greatest degree possible be agnostic to language, culture, custom and other localization issues
- Any particular deployment of a content protection system (usually a combination of protected content and a licensed playback mechanism) must be persistent, particularly in the consumer electronics environment
  - For example, users will expect DVDs to play correctly in both PCs and DVD player appliances for many years to come

Challenges for Technical Content Protection

Ubiquitous use
- Users desire to consume content on a variety of devices of their choosing
  - “Anytime, anywhere, anyhow”
- New technologies often outpace Rights Management policies
  - Example: a DVD is region-coded for North America, cannot be played in Europe; but the same content can be purchased via iTunes and downloaded to iPod and played anywhere in the world
- How to define “home use” in the face of Wi-Fi, Wi-Max, ipsec tunneling to remote servers, etc.
Persistent Use
- Technical schemes must continue to work long after original deployment
- In the CE (Consumer Electronics) environment older technology seldom dies, it is “handed down” the economic ladder. Just as DC-3 airplanes are still routinely hauling cargo in South America and Alaska some 50 years after the end of its design lifetime, VHS and DVD players will be expected to work decades from now
- Particular care must be taken with some newer schemes that are contemplating the need for a network connection – that may be very difficult to make persistent
Adaptable Use
- This is one of the more difficult technical issues to overcome simply
- The basic premise is the user legally purchases content, then desires to consume it personally across a large inventory of playback devices
  - TV
  - PC
  - iPod
  - Cell phone
  - Portable DVD/BD player
  - Networked DVD/BD player in the home
- How do both Rights Management policies and technical content protection handle this use case?
- This is a currently evolving area and will require adaptation by both content owners, content distributors as well as content protection designers and device manufacturers
- What will the future bring?
  - One protection scheme for enforcing “home network use” analyzes the “hop time” [how long it takes a packet to get to a destination] – a long hop time assumes an “out of home” destination and this use would be disallowed. How does this stop users in a peer-to-peer wireless environment that are close together (in a plane, at a party?)
  - DVD region codes were an interesting discussion when players were installed in the ISS (International Space Station)
  - A UK company (Techtronics) “de-regionalized” a Sony unit…
  - Technologies such as MOST (Media Oriented Systems Transport) – the new network system for vehicles
  - Sophisticated retransmission systems – such as SlingBox

Technical Content Protection Methods

Content protection schemes may be divided into several classes
- Copy Protection – mechanisms to prevent or selectively restrict the ability of a user to make copies of the content
- Display Protection – mechanisms to control various parameters of how content may be displayed
- Transmission Protection – mechanisms to prevent or selectively restrict the ability of a user to retransmit content, or copy content that has been received from a transmission that is licensed for viewing but not recording
Legacy analog methods
- APS (Analog Protection System) often known by its original developer name (Macrovision). Also known as Copyguard. This is a copy protection scheme primarily targeted at preventing VHS tape copies from VHS or DVD original content.
- CGMS-A (Copy Generation Management System – Analog) is a copy protection scheme for analog television signals. It is in use by certain tv broadcasts, PVRs, DVRs, DVD players/recorders, D-VHS, STBs, Blu-ray and recent versions of TiVo. 2 bits in the VBI (Vertical Blanking Interval) carry CCI (Copy Control Information) that signals to the downstream device what it can copy:
  - 00 CopyFreely (unlimited copies allowed)
  - 01 CopyNoMore (one copy made already, no more allowed)
  - 10 CopyOnce (one copy allowed)
  - 11 CopyNever (no copies allowed)
- Current digital methods
- CGMS-D (Copy Generation Management System – Digital). Basically the digital form of CGMS-A with the CCI bits inserted into the digital bitstream in defined locations instead of using analog vertical blanking real estate.
- DTCP (Digital Transmission Content Protection) is designed for the “digital home” environment. This scheme links technologies such as BD/DVD player/recorders, SD/HD televisions, PCs, portable media players, etc. with encrypted channels to enforce Rights Management policies. Also known as “5C” for the 5 founding companies.
- AACS (Advanced Access Content System), the copy protection scheme used by Blu-ray (BD) and other digital content distribution mechanisms. This is a sophisticated encryption and key management system.
- HDCP (High-bandwidth Digital Content Protection) is really a form of display protection, although that use implies a form of copy protection as well. This technology restricts certain formats or resolutions from being displayed on non-compliant devices. Typically protected HD digital signals will only be routed to compliant display devices, not to recordable output ports. In this use case, only analog signals would be available at output ports.
- Patronus – various copy protection schemes targeted at the DVD market: anti-rip (for both burned and replicated disks) and CSS (Content Scramble System) for DTO (Download To Own)
- CPRM (Content Protection for Recordable Media), a technology for protecting content on recordable DVDs and SD memory cards
- CPPM (Content Protection for Pre-recorded Media), a technology for protecting content on DVD audio and other pre-recorded disks
- CPSA (Content Protection Systems Architecture) which defines an overall framework for integration of many of the above systems
- CPXM (Content Protection for eXtended Media) An extension of CPRM to other forms of media, most often SD memory cards and similar devices. Allows licensed content to be consumed by many devices that can load the SD card (or other storage medium)
- CMLA (Content Management License Administration), a consortium of Intel, Nokia, Panasonic and Samsung that administers and provided key management for mobile handsets and other devices that employ the OMA (Open Mobile Appliance ) spec, allowing the distribution of protected content to mobile devices.
- DTLA (Digital Transmission Licensing Administrator) provides the administration and key management for DTCP.

Home Networking – the DTCP model

As one of the most deployed content protection systems, a further explanation of the DTCP environment:
- DTCP works in conjunction with other content protection technologies to provide an unbroken chain of encrypted content from content provider to the display device
- Each piece has its own key management system and protects a portion of the distribution chain:
  - CA (Conditional Access) – cable/satellite/telco
  - DTCP – the PVR/DVR/DVD recorder
  - CPRM – recordable disks, personal computer
  - HDCP – display device

DTCP and Transmission Protection

One important feature of DTCP is the enabling of the so called “Broadcast Flag”
- Accepted by the FCC as an “approved technology”, the CCI information embedded in the DTV (Digital Television) signal is used by DTCP-compliant devices to regulate the use of digitally broadcast content
- The technology will allow free-to-air digital broadcast for live viewing while at the same time prohibit recording or retransmission of the digital signal.

DTCP and the future

A number of recent extensions to the original DTCP standard have been published:
- The original DTCP standard was designed for the first digital interface implemented on set top boxes: FireWire (1394a).
- The original standard has now been extended to 7 new types of interfaces:
  - USB
  - MOST
  - Bluetooth
  - i.Link & IDB1394 (FireWire for cars)
  - IP
  - AL (Additional Localization)
    - New restrictions to insure all DTCP devices are in 1 home
  - WirelessHD

DTCP Summary

With probably the largest installed base of devices, DTCP is the backbone of most “home digital network content protection” schemes in use today.
- As DTCP only protects data transmission interfaces, the other ‘partners’ (CA, CSS, CPRM, CPPM, HDCP) are all required to provide the end-to-end protection from content source to the display screen.
- The extensions that govern IP and WirelessHD in particular allows the protection of HD content in the home.
- The underlying design principles of DTCP are not limited by bandwidth or resolution, improved future implementations will undoubtedly keep pace with advances in content and display technology.

Underlying mechanisms that enable Technical Content Protection

All forms of digital content protection are comprised of two parts:
- Some form of encryption of content in order that the content is unusable without a method of decoding the content before display, copying or retransmission
- A repeatable and reliable method for decrypting the content for allowed use in the presence of a suitable key – the presence of which is assumed to equivalent to a license to perform the allowed actions
- The encryption part of the process uses well-known and proven methods from the cryptographic community that are appropriate for this task:
- The cipher (encryption algorithm) must be robust, reliable, persistent, immutable and easily implemented
- The encryption/decryption process must be fast
  - At a minimum must support real-time crypto at any required resolution to allow for broadcast and playback
  - Ideally should allow for significantly faster than real-time encryption to maximize the efficiency of production and distribution entities that must handle large amounts of content quickly
- All encryption techniques use a process that can be simplified to the following:
  - Content [C] and a key [K] are inputs to an encryption process [E], which produces encrypted content [C_E]
- In a similar but inverse action, decryption uses a process:
- Encrypted content [C_E], and a key [K] are inputs to a decryption process [D], which produces a replica of the original content [C]

Encryption methods

This is a huge science in and of itself. Leaving the high mathematics behind, a form of cipher known as a symmetrical cipher is best suited for encryption of large amounts of audiovisual content.
It is fast, secure and can be implemented in hardware or software.
Many forms of symmetrical ciphers exist, the most common is a block cipher known as AES which is currently used in 3 variants (cipher strengths): AES128, AES192 and AES256
AES (Advanced Encryption Standard) is approved by the NIST (National Institute of Standards) for use by military, government and civilian use. The 128-bit variant is more than secure enough for protecting audiovisual content, and the encryption meets the speed requirements for video.

Keys

Symmetrical block ciphers (such as AES128) use the principle of a “shared secret key”
The challenge is how to create and manage keys that can be kept secret while being used to encrypt and decrypt content in many places with devices as diverse as DVD players, PCs, set top boxes, etc.
In practice, this is an enormously complex process, but this has been solved and implemented in a number of different DRM environments including all DTCP-compliant devices, most content application software available on PCs, etc.
It is possible to revoke keys (that is, deny their future ability to decode content) if the implementation allows for that. This makes it possible for known compromised keys to no longer be able to decrypt content.

Forensics

Forensic science (often shortened to forensics) is the application of a broad spectrum of sciences to answer questions of interest to a legal system.
- Although technically not a form of Content Protection, the technologies associated with forensics in relation to audiovisual content (watermarking, fingerprinting, hashing, etc.) are vitally important as tools to support Legal Content Protection.
- Without the verification and proof that Content Forensics can offer, it would be impossible to bring civil or criminal charges against parties suspected of subverting DRM agreements.
Watermarking
- A method of embedding a permanent mark into content such that this mark, if recovered from content in the field, is proof that the content is either the original content or a copy of that content.
- There are two forms of watermark:
  - Visible Watermarking, often known as a “bug” or a “burn-in”
    - This is frequently used by tv broadcasters to define ownership and copyright on material
    - Also used on screeners and other preview material where the visual detraction is secondary to rendering the content unsuitable for general use or possible resale.
    - Is subject to compromise due to:
      - Since it is visible, the presence of a watermark is known
      - Can be covered or removed without evidence of this action
    - Invisible Watermarking
      - The watermark can be patterns, glyphs or other visual information that can be recognized when looked for
      - Various visual techniques are used to render the watermarks “invisible” to the end user when watching or listening to content for entertainment.
      - Since the exact type, placement, timing and other information on embedding the watermark is known by the watermarking authority, this information is used during forensic recovery to assist in reading the embedded watermarks.
      - Frequently many versions of a watermark are used on a single source item of content, in order to narrow the distribution channel represented by a given watermark.
        
        Challenges to invisible watermarking
      - Users attempting to subvert invisible watermarks have become very sophisticated and a number of attacks are now common against embedded watermarks.
      - A high quality watermarking method must offer the following capabilities:
        
        Robustness against attacks such as geometric rotation, random bending, cropping, contrast alteration, time compression/expansion and re-encoding using different codecs or bit rates.
        
        Robustness against the “analog hole” is also a requirement of a high quality watermark. (The “analog hole” is a hole in the security chain that could be broken by taking a new video of the playback of the original content, such as a camcorder in a theater).
        
        Security of the watermark against competent attacks such as image region detection, collusion (parallel comparison and averaging of watermarked materials) and repetition detection.
        
        Invisible watermarking must be “invisible”
        
        The watermark must not degrade the image nor be easily detectable by eye (if one is not looking for it)
        
        Various algorithms are commonly used to select geometric areas of certain frames that are better suited than others to “hide” watermarks. In addition, “tube” or “sliding” techniques can be applied to move the watermark in subsequent frames as an object in the frame moves. This lessens the chance for visual detection.
Fingerprinting
- As opposed to watermarking, fingerprinting makes no prior “marks” to the source content, but rather measures the source content in a very precise way that allows subsequent comparison to forensically prove that the content is identical.
- Both video and audio can be fingerprinted, but video is of more use and is more common. Audio is easily manipulated, and sufficient changes can be made to “break” a fingerprint comparison without rendering the audio unusable.
- The video fingerprint files are quite small, and can be stored in databases and used for monitoring of internet sites, broadcasts, DVDs, etc.
Hashing
- In this context, cryptographic hash functions have been explored as a form of “digital fingerprint”
- This is different from “content fingerprinting” discussed in the previous section, a hash value is a purely numerical value derived via formula from an analysis of all the bits in a digital file.
- If the hash values of two files are the same, the files are identical.
- Hashing turns out to be unreliable for use as a forensic tool in this context:
  - A change of just a few bits in an entire file (such as trimming 1 second off the runtime of a movie) will cause a different hash value to be computed.
    - Essentially the same content can have multiple hash values, therefore the hash cannot be used as forensic evidence.
    - Content fingerprinting or watermarking are superior techniques in this regard.
- Cryptographic hashes have great value in the underlying mechanisms of technical content protection, they are just not suitable as an alternative for watermarking or fingerprinting.
  - As checksums to insure accidental data corruption of critical information (encrypted keys, master key blocks, etc.)
  - As part of the technology that allows “digital signatures”, a method of insuring data has not been changed.
  - As a part of MACs (Message Authentication Codes) used to verify exchanges of privileged data.

Social Content Protection

Of the three forms of Rights Management enforcement (Legal, Social, Technical) this is probably the least recognized but if applied properly, the most effective form of enforcement
- All the forms of Content Protection discussed overlap with each other to some extent
  - Forensics, a part of Technical protection, is what allows Legal protection to work, it gives the basis for claims.
  - Legal protection, in the form of original agreements, precedes all other forms, as Rights cannot be enforced until they are accurately described and agreed upon.
  - Social content protection is an aggregate of methods such as business policies, release strategies, pricing and distribution strategies and similar practices.
Back to the future… what is the goal of content protection?
- It’s really to protect the future revenues of proprietary content – to achieve the projected ROI on this asset
- Ultimately, the most efficient method (or combination of methods) will demonstrate simplicity, low cost, wide user acceptance, ease of deployment and maintenance, and robustness in the face of current and future attempts at subversion.
- The solution will be heterogeneous and will differentiate across various needs and groups – there is no “one size fits all” in terms of content protection.
- Recognize the differences in content to be protected
  - Much content is ephemeral, it does not hold value for long
    - Newscasts, commercials, user-contributed content that is topical in nature, etc.
    - This content can be weakly protected, or left unprotected
  - Some content has a long lifespan and is deserving of strong protection
    - Feature movies, music, books, works of art, etc.
    - Even in this category, there will be differentiation:
      - Bottom line is assets that have a high net worth demand a higher level of protection
- Recognize that effective content protection is a shared responsibility
- It cannot be universally accomplished at the point of origin
- Effective content protection involves content creators, owners, distributors (physical and online), package design, hardware and software designers and manufacturers, etc.
- Each step must integrate successfully or a “break in the chain” can occur, which can be exploited by those that wish to subvert content protection.
- Understand that most users see content protection as a “negative” – the implementation of various forms of social or technical content protection are perceived as “roadblocks” to the user’s enjoyment of content.
- Purchasing a DVD while overseas on vacation and finding it will not play in their home DVD player;
- Discovering that they have purchased the same content 3 or 4 times in order to play in various devices in their home, car, person (VHS, DVD, Blu-ray, iPod, Zune)
- Purchasing a Blu-ray movie, playing it back in the user’s laptop (since they don’t have a stand-alone BD player and the laptop has a BD drive), finding it plays on the laptop screen but when connected via DVI to their large LCD display nothing is visible, and no error message is displayed[in this case HDCP content protection has disallowed the digital output from the laptop, but the user thinks either their laptop or monitor is broken]
- One of the least successful attributes of technical content protection is notifying users when content copying/display/retransmission is disallowed.
- Understand the history and philosophy of content protection in order to get the best worldview on the full ecosystem of this issue
  - The social dilemma is this: in the past, all content was free as we had only an oral tradition. There was no recording, the only “cost” was that of moving your eyes and ears to where the content was being created (play, song, speech).
  - In order to share content across a wider audience (and to experience content in its original form, as opposed to how uncle Harry described what he heard…) books were invented. This allowed distribution across distance, time and language. The cost of producing was borne by the user (sale of books).
  - Eventually the concept of copyright was formed, a radical idea at the time, as it enriched content owners as well as distributors. The original reason for copyrights was to protect content creators/owners from unscrupulous distributors, not end users.
  - Similar protections were later applied to artwork, music, films, photographs, software and even inventions (in the form of patents).
  - Current patent law protects original inventions for 20 years, copyrights by individual authors survive for the life of the author plus 70 years, “works for hire” [just about all music and movies today] are protected for 120 years from creation.
  - Both patents and copyrights have no value except in the face of enforcement.
  - The IPP (Intellectual Property Protection) business has grown to a multi-billion dollar business

Social Content Protection – New Ideas

The scale of the problem may not be accurately stated
Current “losses” claimed by content owners (whether they are software, film, books, music the issue is identical) assume every pirated or “use out of license” occurrence should have produced the equivalent income as if a copy of the content was sold at retail.
This is unrealistic with a majority of the world’s population having insufficient earning power to purchase content at 1^st world prices. For example, Indonesia, a country with high rates of DVD piracy, has an average per capita income of US$150 per month. Given the choice of a $15 legitimate DVD or a $1 pirated copy the vast majority will either do without or purchase an illegal copy.
With burgeoning markets in India, China and other non-European countries, a reconsideration of content protection is in order.
Even in North America and Western Europe “casual piracy” has become endemic due to high bandwidth pipes, fast PCs, and file sharing networks. These technologies will not go away, they will only get better.
A different solution is required – a mix of concepts, business strategies and technology that together will provide a realistic ROI without an excessive cost.
Old models that are not working must be retired.
New “Social Content Protection” schemes to consider:
- Differential pricing based on affordability (price localization)
- Differential pricing based on package (multi-level packaging)
  - Top tier DVD has full clamshell, insert, bonus material
  - Low tier has basic DVD only, no bonus material, paper slipcover
- Differential pricing based on resolution (for online)
  - Top tier is 16:9 @ 1920×1080, 5.1, etc.
  - Lower tier is 16:9 @ 720×408, stereo, etc.
- Bottom line is for content to have strong technical protection matched with variable economic thresholds to match the user thresholds in order that users will find less resistance to legally purchasing content than looking for alternatives
Most “alternatively supplied” content is of inferior quality, this can become a marketing advantage.
Although file-sharing networks and other technological ‘work-arounds’ exist today, they can be cumbersome and require a certain level of skill, many users will opt away from those if a more attractive option is presented.
The current economic situation will be exploited, it only remains to be seen whether that is by “alternative distributors” (aka Blackbeard) or by clever legitimate content owners and distributors.
The evolving industry practice of “Day and Date” releasing is another useful tactic.
As traditional DVD sales continue to flatten, careful consideration of alternatives to insure an increase in legal sales will be necessary.

Posted In: Content Protection, post-production
Tagged: content protection, copy protection, digital rights management, encryption, piracy