Leveraging content protection
for Web distribution
Romain Bouqueau – GPAC Licensing
romain.bouqueau@gpac-licensing.com
2/2...
Me, myself, and I
• Open-Source contributor on
–
–
–
–
–

GPAC

Rich-media: mix of VLC and Web browser
MP4Box packager, Os...
Overview
• Abstracting encryption from DRMs:
– MPEG CENC (Common Encryption)

• Abstracting Key Management from Browsers:
...
MPEG CENC
(Common Encryption)

2/27/2014

Hangout Squad #2

4
One standard to rule them all
2/27/2014

Hangout Squad #2

5
A new standard, what for?
• Abstracting encryption from DRMs
• Allows DRMs to share:
– keys, key identifiers, encryption a...
Did you say standard?
•
•
•
•
•
•

MPEG ISO Standard 23001-1 (2012, CENC)
MPEG ISO Standard 23001-7 (2012, ISOBMF)
MPEG IS...
Buzz word slide
• Protection System Specific Header (PSSH) in file header
–
–
–
–

Possibly several PSSH boxes = several D...
Example: AES/CTR for AVC

• Different IV for each sample
• Note: clear and encrypted data in NAL Unit
2/27/2014

Hangout S...
Deployments
• HbbTV 1.5+
• CFF (Common File Format), DECE, UltraViolet
• Current HTML5/EME demos
• Implementations:
– Prop...
HTML5 EME
(Encrypted Media Extensions)

2/27/2014

Hangout Squad #2

11
EME
•

EME is not:
– Not a DRM
– Not an official W3C recommendation:
•

Only a Working Draft since May 2013 --------------...
Overview
• JavaScript API
– permits a Web application to hand Key Material to
a Content Decryption Module (CDM)
Browser (J...
CDM
• Nature of the Key Material unspecified.
– i.e. “Key Material” is not simply a key
– Likely encrypted
• Not accessibl...
2/27/2014

Hangout Squad #2

15
2/27/2014

Hangout Squad #2

16
But EME still unsufficient

•

CDMi by Microsoft:
http://download.microsoft.com/download/E/A/4/EA470677-6C3C-4AFE-8A86A196...
Controversy
•

Not the role of W3C?

•

CDM = black box
– Return of our beloved: Flash, Silverlight, NaCl, …
– DMCA forbid...
Deployment
• Internet Explorer 11 + Windows 8.1
– Microsoft announces to leverage EME (and DASH
through MSE) for PlayReady...
Netflix and Microsoft IE11

2/27/2014

Hangout Squad #2

20
Buzzword demo

2/27/2014

Hangout Squad #2

21
Performance demo
• Microsoft IE11/Win8.1
– MSE:
• hardware (GPU) accelerated by WMF

– EME:
• with PlayReady CDM

– WebCry...
Thank you
romain.bouqueau@gpac-licensing.com
@rbouqueau @gpaclicensing

2/27/2014

Hangout Squad #2

23
Prochain SlideShare
Chargement dans... 5
×

HTM5/CENC par Romain Bouqueau de Gpac Licensing

7,906

Published on

Published in: Technologies
0 commentaires
5 mentions J'aime
Statistiques
Remarques
  • Soyez le premier à commenter

Aucun téléchargement
Vues
Total des vues
7,906
Sur Slideshare
0
À partir des ajouts
0
Nombre d'ajouts
17
Actions
Partages
0
Téléchargements
1
Commentaires
0
J'aime
5
Ajouts 0
No embeds

No notes for slide

HTM5/CENC par Romain Bouqueau de Gpac Licensing

  1. 1. Leveraging content protection for Web distribution Romain Bouqueau – GPAC Licensing romain.bouqueau@gpac-licensing.com 2/27/2014 Hangout Squad #2 1
  2. 2. Me, myself, and I • Open-Source contributor on – – – – – GPAC Rich-media: mix of VLC and Web browser MP4Box packager, Osmo player, streaming tools Building standards (MPEG/W3C/…) ISOBMF(MP4), M2TS, DASH, CENC, HEVC, … www.gpac.io • CEO of professional entity: GPAC Licensing • Acknowledgements 2/27/2014 Hangout Squad #2 2
  3. 3. Overview • Abstracting encryption from DRMs: – MPEG CENC (Common Encryption) • Abstracting Key Management from Browsers: – HTML5 EME (Encrypted Media Extensions) • Use-case: – Netflix and Microsoft IE11 2/27/2014 Hangout Squad #2 3
  4. 4. MPEG CENC (Common Encryption) 2/27/2014 Hangout Squad #2 4
  5. 5. One standard to rule them all 2/27/2014 Hangout Squad #2 5
  6. 6. A new standard, what for? • Abstracting encryption from DRMs • Allows DRMs to share: – keys, key identifiers, encryption algorithm, parameters and signaling – location to store proprietary data • Protection System Specific Header (PSSH ISOBMF box) – leaves DRM implementation to individual systems • Prior to this standard: – different set of files required for each different DRM type – interchange of files between authorized devices generally not possible because of different DRMs. 2/27/2014 Hangout Squad #2 6
  7. 7. Did you say standard? • • • • • • MPEG ISO Standard 23001-1 (2012, CENC) MPEG ISO Standard 23001-7 (2012, ISOBMF) MPEG ISO Standard 23001-9 (2014, MPEG-TS) Natural fit with MPEG-DASH Base of DECE CFF (UltraViolet) More on that later… 2/27/2014 Hangout Squad #2 7
  8. 8. Buzz word slide • Protection System Specific Header (PSSH) in file header – – – – Possibly several PSSH boxes = several DRMs For all tracks or a single track Association done via Key ID (128 bits): KID Crypto System • AES-CTR and AES-CBC 128 bits • InitializationVector (IV) : 64 or 128 bits (8 or 16 bytes) • Default key + key-roll • Storage of cypher instructions: – senc box (HbbTV, CFF) – or saiz/saio boxes 2/27/2014 Hangout Squad #2 8
  9. 9. Example: AES/CTR for AVC • Different IV for each sample • Note: clear and encrypted data in NAL Unit 2/27/2014 Hangout Squad #2 9
  10. 10. Deployments • HbbTV 1.5+ • CFF (Common File Format), DECE, UltraViolet • Current HTML5/EME demos • Implementations: – Proprietary (interoperability?) – GPAC 2/27/2014 Hangout Squad #2 10
  11. 11. HTML5 EME (Encrypted Media Extensions) 2/27/2014 Hangout Squad #2 11
  12. 12. EME • EME is not: – Not a DRM – Not an official W3C recommendation: • Only a Working Draft since May 2013 ------------------------> – Not a mandatory part of HTML5 • EME is: – A HTML 5 Media Elements extension: • • Mandatory: <audio>, <video> Optional extensions: – – – Media Source Extensions (MSE) Encrypted Media Extensions (EME) Web Crypto Extensions (WebCrypto) – Editors: • • • David Dorwin, Google, Inc. Adrian Bateman, Microsoft Corporation Mark Watson, Netflix, Inc. – Jeff Jaffe, W3C (quote): • • • • 2/27/2014 APIs that would provide access to content decryption modules (CDMs) part of DRM systems. W3C is not standardizing CDM technology Hangout Squad #2 12
  13. 13. Overview • JavaScript API – permits a Web application to hand Key Material to a Content Decryption Module (CDM) Browser (Javascript) Key Material CDM (blackbox) 2/27/2014 Hangout Squad #2 13
  14. 14. CDM • Nature of the Key Material unspecified. – i.e. “Key Material” is not simply a key – Likely encrypted • Not accessible in the browser • Large scope – Decoder or not – No codec/container specified (H264/VP8, ISOBMF/WebM, *can* use CENC) – Deployed with the browser or within the OS or the hardware (ARM trusted zone…) • The EME draft defines one very simple CDM – Clear Key – Not realistic because Key Material is accessible to the Web application and the browser – permits the HTML WG to demonstrate interoperability of the API 2/27/2014 Hangout Squad #2 14
  15. 15. 2/27/2014 Hangout Squad #2 15
  16. 16. 2/27/2014 Hangout Squad #2 16
  17. 17. But EME still unsufficient • CDMi by Microsoft: http://download.microsoft.com/download/E/A/4/EA470677-6C3C-4AFE-8A86A196ADFD0F78/Content%20Decryption%20Module%20Interface%20Specificatio n.pdf 2/27/2014 Hangout Squad #2 17
  18. 18. Controversy • Not the role of W3C? • CDM = black box – Return of our beloved: Flash, Silverlight, NaCl, … – DMCA forbids inspection of DRMs – Platform independence • EME not self-sufficient (CDMi) • Privacy: – not only ask a server for a key, but also allow the CDM to transmit back a session id – control who views what when with which software – PKI (revocable certificates) • “Watermarking is better than DRM” – OTOY/ORBX.js: https://brendaneich.com/2013/05/today-i-saw-the-future/ 2/27/2014 Hangout Squad #2 18
  19. 19. Deployment • Internet Explorer 11 + Windows 8.1 – Microsoft announces to leverage EME (and DASH through MSE) for PlayReady: • http://www.microsoft.com/playready/features/ClientO ptions.aspx • Google Chrome (multi-platform): Widevine – Chrome OS 2/27/2014 Hangout Squad #2 19
  20. 20. Netflix and Microsoft IE11 2/27/2014 Hangout Squad #2 20
  21. 21. Buzzword demo 2/27/2014 Hangout Squad #2 21
  22. 22. Performance demo • Microsoft IE11/Win8.1 – MSE: • hardware (GPU) accelerated by WMF – EME: • with PlayReady CDM – WebCrypto: • Encrypt communications between the Netflix JavaScript application and the Netflix servers 2/27/2014 Hangout Squad #2 22
  23. 23. Thank you romain.bouqueau@gpac-licensing.com @rbouqueau @gpaclicensing 2/27/2014 Hangout Squad #2 23

×