MovieLabs Updates Enhanced Content Protection Specification

MovieLabs has released the latest Version 1.3 of its enhanced content security specifications for 4K, HDR and premium window content, with additional guidance on disabling debugging interfaces and handling security software updates.

This update was required to cope with growing demand for premium movie content on devices such as smartphones and tablets not under the control of video service providers in the manner of traditional set top boxes issued by pay TV operators.

MovieLabs was set up in 2006 as an independent non-profit organization for research and development in secure motion picture distribution by the six major Hollywood studios, at that time Disney, Paramount, Twentieth Century Fox, Sony Pictures, Universal, and Warner Bros. It then published its first Enhanced Content Protection Specification in 2013 addressing the impending issue of protecting 4K, HDR and early window content during consumer distribution, which was starting to be streamed. The ECP spec has since been widely implemented by industry partners and been updated in line with developments and trends in the field.

The first version, updated with greater clarity to Version 1.1 in February 2016, established the basic framework, with the key step forward being mandation of forensic watermarking to combat both camcording and direct illicit redistribution of streamed content that may have been legitimately received in the first place. As MovieLabs observed at the time, little can be done directly to disrupt such activity, but at least forensic watermarking ensures that illicit streams can be traced quite quickly back to their source with the help of other network forensic techniques so that actions such as immediate blocking of the primary stream can be invoked.

Then Version 1.2 published in August 2018 addressed primarily new side channel threats, while updating requirements on link protection and random number generators. Side channel attacks exploit information escaping in some way from the cryptographic system itself, such as electromagnetic radiation that can allow unencrypted keys to be determined.

Now ECP 1.3 addresses mainly threats posed by debugging interfaces left open in production units and by devices past their end-of-life for DRM and security updates that then fail to patch known vulnerabilities. Debugging interfaces are present in device SoCs (System on Chips) to allow execution of testing processes that enable detection of errors in code causing malfunctions. But as MovieLabs pointed out, when these are left open in consumer devices during normal operation, such interfaces can allow pernicious code to enter and enable theft of content, constituting a significant attack surface in the jargon of cybersecurity. MovieLabs has recommended that such interfaces be disabled by default.

Although the security context is new, some of the underlying issues are old, revolving around a balance between security, usability and performance. SoCs increasingly incorporate Trusted Execution environments (TEEs) where secure processes such as cryptographic key management are run in isolation from the device’s primary OS. If access to debugging interfaces is blocked in the non-secure OS, this can be more readily bypassed, but if done in the TEE where by design there is less capacity, it can impair performance. So there may have to be additional hardware protections alongside the TEE that block debugging interfaces without holding up processes running either in the device OS or TEE.

Another point is that protection against these debugging interface threats requires awareness on the part of key participants in the video chain, including not just SoC and device makers, but also providers of video services. That is where MovieLabs comes in.

You might also like...

Standards: Part 20 - ST 2110-4x Metadata Standards

Our series continues with Metadata. It is the glue that connects all your media assets to each other and steers your workflow. You cannot find content in the library or manage your creative processes without it. Metadata can also control…

C-Suite Insight: The Broadcast Bridge In Discussion With MainStreaming CEO Tassilo Raesig

Tassilo Raesig became CEO at MainStreaming this year straight from being CEO of the German Streaming Service Joyn (part of ProSieben). We sat down with him to discuss his unique perspectives on the state of the streaming industry from the…

HDR & WCG For Broadcast: Part 2 - The Production Challenges Of HDR & WCG

Welcome to Part 2 of ‘HDR & WCG For Broadcast’ - a major 10 article exploration of the science and practical applications of all aspects of High Dynamic Range and Wide Color Gamut for broadcast production. Part 2 discusses expanding display capabilities and…

Great Things Happen When We Learn To Work Together

Why doesn’t everything “just work together”? And how much better would it be if it did? This is an in-depth look at the issues around why production and broadcast systems typically don’t work together and how we can change …

Microphones: Part 1 - Basic Principles

This 11 part series by John Watkinson looks at the scientific theory of microphone design and use, to create a technical reference resource for professional broadcast audio engineers. It begins with the basic principles of what a microphone is and does.