Digital Transmission Content Protection

Abstract
WHITE PAPER

Author: P.Satish

The Digital Transmission Content Protection (DTCP) specification defines a cryptographic protocol for protecting audio/video entertainment content from illegal copying, intercepting and tampering as it traverses high performance digital buses, such as the IEEE 1394 standard. DTCP ensures that the copy protection mechanism is built into Digital Audio/ Video devices themselves (in addition to Traditional Encryption). This paper outlines the basic principles of DTCP including different layers of copy protection and some implementation aspects. This paper also provides case studies of typical uses of content protection in a Digital TV and Digital VCR implementation. Wipros Product solution includes Hardware and Software implementation for the Digital Transmission Content Protection mechanism.

WHITE PAPER

Digital Transmission Content Protection

Table of Content
Introduction....................................................................................................03 1394 Content Protection Architecture...............................................................03 1394 Content Protection Protocol.....................................................................06 Implementation Details....................................................................................08 Case Study - D-STB/D-TV/D-VCR System........................................................09 Conclusion.....................................................................................................10 About Wipro...................................................................................................11

Wipro Technologies

Page: Table of Content

WHITE PAPER

Digital Transmission Content Protection

Introduction
Inaugurated in November 1998, Digital Television promises a sweeping revolution in home entertainment. With high definition digital pictures, multi-channel digital sound and nearperfect transmission, Digital Television will dramatically enrich the entire home entertainment experience. This fundamental change in broadcasting is the harbinger of a new generation of products and services: new television displays, new video recording formats, digital satellite, digital cable, digital terrestrial set top boxes, interactive set top boxes, new digital service applications and PC integration with home entertainment. However, to fully realize the potential of Digital Television, the home entertainment industry must meet two important practical requirements. First, this new world requires digital content protection to guard copyrighted works like movies from piracy. Otherwise, digital recording would enable unlimited, unauthorized, near-perfect copying that could destroy the economic foundation of the content creation industries. Secure content protection will encourage the release of high-quality content onto digital media. Second, consumers would benefit from a standard interface for digital transport of audio, video and control information. Tested, robust solutions are now ready to meet both of these requirements. Digital Transmission Content Protection (DTCP) the so-called 5C system provides secure transmission of content and prevents unauthorized digital copying. And high-speed networks like the IEEE 1394 interface represent the new standard for digital interconnection. In traditional audio/video systems the quality of the audio/video content deteriorate as the copy generations increase (1st copy is never as good as the original, 2 nd copy is worse than the 1 st and so on). In digital systems however the nth generation of copy is as good as the original. This stresses the necessity of a robust copy protection system for digital content. The DTCP defines such a copy protection system for Digital Content. The DTCP specification defines a cryptographic protocol for protecting audio/video entertainment content from illegal copying, intercepting and tampering as it traverses high performance digital buses, such as the IEEE 1394 standard. Only legitimate entertainment content delivered to a source device via another approved copy protection system (such as the DVD Content Scrambling System) will be protected by this copy protection system. The DTCP ensures that the copy protection mechanism is built into Digital Audio/Video devices themselves (in addition to traditional encryption).

1394 Content Protection Architecture

Copy Protection Layers
The new content protection system addresses four fundamental layers of copy protection:

Wipro Technologies

Authentication and key exchange Content encryption

Page : 01 of 09

WHITE PAPER

Digital Transmission Content Protection

Copy control information System renewability

Authentication and Key Exchange (AKE)

Before sharing valuable information, a connected device must first verify that another connected device is authentic. In an effort to balance the protection requirements of the film and recording industries with the real-world requirements of PC and CE users, the specification includes two authentication levels - full and restricted. Full authentication can be used with all content protected by the system, and must be used for copy-never content. Restricted authentication enables the protection of copy-one-generation and no-morecopies content. If a device handles either copy-one-generation or no-more-copies protection schemes, the device must support restricted authentication. Copying devices such as DV recorders or D-VHS recorders and devices communicating with them employ this kind of authentication and key exchange. No authentication is required for copy-freely content. Both the above kinds of authentication involve the calculation of three encryption keys:

An authentication key, established during authentication that is used to encrypt the exchange key. An exchange key that is used to set up and manage the security of copyrighted content streams. A content key that is used to encrypt the content being exchanged.

When executing AKE, information should be exchanged using 1394 asynchronous packets between source and sink devices. This mechanism of exchange using asynchronous 1394 packets is based upon the IEC-61883 specification and the AV/C Digital Interface Command Set.

Content Encryption
The content cipher, that is, the algorithm used to encrypt the digital content itself, must be robust enough to protect the content yet efficient enough to implement in PCs and CE devices. To ensure interoperability, all devices must support the specific cipher specified as the baseline cipher. The channel cipher subsystem can also support additional ciphers, the use of which is negotiated during authentication. All ciphers are used in the converted cipher block-chaining mode. Converted cipher block chaining provides greater security than ordinary cipher block chaining. The DTCP specification requires Hitachis M6 as the baseline cipher. The M6 cipher is a common-key block cipher algorithm based on permutation-substitution. This rotation-based algorithm works the same way as encryption algorithms currently used in Japanese digital satellite broadcasting systems. Optional, additional ciphers include the Modified Blowfish cipher and the Data Encryption Standard (DES) cipher.

Wipro Technologies

Page : 02 of 09

WHITE PAPER

Digital Transmission Content Protection

Copy Control Information (CCI)

Content owners need a way to specify whether their content can be duplicated The content protection system must therefore support transmission of encrypted data between devices, utilizing Copy Control Information (CCI). If source and sink devices have conflicting capabilities, they should follow the most restrictive CCI method(s) available, which is determined by the source device. The Encryption Mode Indicator (EMI) provides easily accessible yet secure transmission of CCI via the most significant two bits of the synch field of the isochronous packet header (In a 1394 Packet). The encoding used for the EMI bits distinguishes the content encryption/ decryption mode: copy-freely, copy-never, copy-one-generation, or no-more-copies.

No authentication or encryption is required to protect content that can be copied freely. This mode is used for Broadcast channels or commercials. Content that is never to be copied (e.g. content from prerecorded media like a DVD Movie, a Pay Preview movie), with an EMI of Copy-Never can be displayed only. The Sink Devices are not allowed to copy the content. Such a content can only be exchanged between devices that have successfully completed full authentication. Also a VCR supporting Full authentication will never record a content marked Copy-Never. Content that can be copied one generation, with an EMI of Copy-One-Generation such as a Premium Channel Movie, can be exchanged between devices using either full or restricted authentication. For content marked no-more-copies, future exchanges are marked to indicate that a single-generation copy has already been made. This content can be exchanged between devices using either full or restricted authentication. For example a VCR after recording a Content Marked Copy-One-Generation will play back marking the content with EMI set to no-more-copies indicating that a Single-Generation copy has already been made. As a result the receiving devices will not record such a content.

System Renewability
Devices that support full authentication can receive and process System Renewability Messages (SRMs). These SRMs are generated by the Digital Transmission Licensing Administrator (DTLA) and delivered via content and new devices. System renewability ensures the long-term integrity of the system and provides the capability for revoking unauthorized devices. The SRMs carry what are known as System Revocation Lists (SRL) that carry a List of Revoked or Rouge devices.

Prerecorded content source devices such as DVD players should be able to update an SRM from prerecorded content media (such as a DVD disc). In addition, prerecorded content should carry a system renewability message current as of the time the content is mastered. They should also be able to update an SRM from another compliant device with a newer SRM.

Devices such as a digital set-top box (STB) serving as a digital cable receiver or DBS digital broadcast satellite receivers are a real-time delivery source of copyrighted content. They should be able to update a SRM from content stream or from another compliant device with a newer SRM.

Wipro Technologies

Page : 03 of 09

WHITE PAPER

Digital Transmission Content Protection

Devices such as digital televisions are a receiver of copyrighted content. These devices should be able to update a SRM from another compliant device with a newer SRM.

1394 Content Protection Protocol

Figure 1 gives an overview of the content protection protocol flow. Here, the source device has been instructed to transmit a copy protection stream of content. In this and subsequent diagrams, a source device is one that can send a stream of content. A sink device is one that can receive a stream of content. Multifunction devices such as PCs and record/playback devices such as digital VCRs can be both source and sink devices.

Figure 1: Content Protection Overview

The source device initiates the transmission of a stream of encrypted content marked with the appropriate copy protection status (e.g. copy-one-generation, copy-never, or nomore-copies) via the EMI bits.

Upon receiving the content stream, the sink device inspects the EMI bits to determine the copy protection status of the content. If the content is marked copy-never the sink device requests that the source device initiate Full AKE. If the content is marked copy-onegeneration or no-more-copies the sink device will request Full AKE, if supported, or Restricted AKE. If the sink device has already performed the appropriate authentication, it can immediately proceed to Step 4. When the source device receives the authentication request it proceeds with the type of authentication requested by the sink device. If the sink device requests Full AKE and the source device is only capable of Restricted AKE, the authentication performed will be Restricted Authentication. While performing Full Authentication both the source and Sink Devices check their System Revocation List (SRL) to determine whether the other device has been revoked or not. If the other device has been revoked the Authentication will fail.

Once the devices have completed the required AKE procedure, a content channel encryption key (content key) can be exchanged between them. This key is used to encrypt the content at the source device and decrypt the content at the sink. Wipro Technologies Page : 04 of 09

WHITE PAPER

Digital Transmission Content Protection

Full Authentication
Full authentication can be used with all content protected by the system, and must be used for copy-never content. The full authentication protocol employs the public-key-based Digital Signature Algorithm (DSA) algorithm and the Diffie-Hellman (DH) key-exchange algorithm. Both the DSA and Diffie-Hellman implementations for the system employ Elliptic Curve (EC) cryptography. This technique offers superior performance compared to systems based on calculating discrete logarithms in a finite field.

EC-DSA is a method for digitally signing and verifying the signatures of digital docu-

ments to verify the integrity of the data. EC-DH key exchange is used during full authentication to establish control channel symmetric cipher keys, allowing two or more parties to generate a shared key. Developed more than 20 years ago, the DH algorithm is considered secure when combined with digital signatures to prevent a so-called man-in-the-middle attack.

Restricted Authentication
Restricted authentication is an AKE method for devices with limited computing resources. This method is used by copying devices of any kind (such as DV recorders or D-VHS recorders) and devices communicating with them for authenticating copy-one-generation and nomore-copies contents. The restricted authentication protocol employs asymmetric key management and common key cryptography and relies on the use of shared secrets and hash functions to respond to a random challenge. This method is based on a device being able to prove that it holds a secret shared with other devices. One device authenticates another by issuing a random challenge that is responded to by modifying it with the shared secrets and multiple hashings.

Content Channel Management and Protection

Content channel management and protection mechanisms are used to establish and manage the encrypted channel through which protected content flows. Either full or restricted authentication (depending on the capability of the device) must be completed before establishing a content channel. Upon authentication of the devices, the source device sends an exchange key, encrypted with the authentication key, to the sink device. The Sink and the Source Devices compute the Content key based on this exchange key, using M6KE56 Algorithm and a Random Number that is sent to the Sink by the source. The Source device is expected to change the content keys every 30 to 120 Seconds.

Wipro Technologies

Page : 05 of 09

WHITE PAPER

Digital Transmission Content Protection

Figure 2: Content-Channel establishment and associated key management (overview)

Content keys are established between the source device and the sink device as follows: 1 When the source device starts sending the content, it generates a random number as an initial value of the seed of the content key. The initial seed is referred to as Odd or Even from its least significant bit. 2 The source device begins transmitting the content using the Odd or Even content key corresponding to the above reference of the initial seed to encrypt the content. The content key is computed by the source. A bit in the IEEE 1394 packet header is used to indicate which key (ODD or EVEN) is being used to encrypt a particular packet of content. If the initial seed is ODD, The Odd/Even bit in the 1394 packet header is set to Odd, otherwise it is set to Even. Upon receiving the seed, the sink device checks if the least significant bit of the seed matches the status of the Odd/Even bit. If both bits are identical, the sink computes the current content key. If those bits are different, it shows the key has been changed and the sink device computes the current content key. The source device prepares the next content key by computing the seed using the same process used for the initial calculation with exception that the seed is incremented. 3 Periodically, the source device shall change content keys to maintain robust content protection. To change keys, the source device starts encrypting with the new key computed above and indicates this change by switching the state of the Odd/Even bit in the IEEE 1394 packet header. The minimum period for change of the content key is defined as 30 seconds. The maximum period is defined as 120 seconds.

Implementation Details
In a typical implementation the Authentication and Key Exchange and SRM checks are implemented through software. A Full Authentication is expected to complete within 30 seconds and restricted authentication is expected to complete within 6 Seconds. The content Encryption is implemented in Hardware.

Wipro Technologies

Page : 06 of 09

WHITE PAPER

Digital Transmission Content Protection

Case Study - D-STB/D-TV/D-VCR System

Take the case of a simple digital entertainment network comprising of Digital Set-Top-Box (DSTB), Digital Television (D-TV) and a Digital VCR (D-VCR).

Figure 3: Digital Entertainment Home Network

The D-STB receives a Digital Transmission through a Dish Antenna or a Cable connection. The D-STB extracts the Embedded CCI from the Received Content Stream. The Received content could be marked Copy-Freely, Copy-Never, Copy-One-Generation and Copy-No-More (Depending on the nature of the content). Content Marked Copy Freely The D-STB Re-Transmits the Movie over 1394. The D-TV displays it and the D-VCR Records the Data. Content Marked Copy Never The D-STB starts re-transmitting the encrypted Movie over 1394(Using an initial Key), with the EMI bits set as copy-never. The D-TV and the D-VCR looking at the content stream initiate Full Authentication. When the authentication succeeds the D-TV, D-VCR and the D-STB establish content keys. The D-TV will be able to display the transmitted Movie. The D-VCR being a compliant device will not record the Movie (since the content was marked copy never). Content Marked Copy-One-Generation The D-STB starts re-transmitting the encrypted Movie over 1394(Using an initial Key), with the EMI bits set as copy-One-Generation. The D-TV and the D-VCR looking at the content stream initiate Restricted/Full Authentication. When the authentication succeeds the D-TV, D-VCR and the D-STB establish content keys. The D-TV will be able to display the transmitted Movie. The DVCR being a compliant device will be able to record the movie but will mark the content as CopyNo-More (indicating that one copy has already been made). Wipro Technologies Page : 07 of 09

WHITE PAPER

Digital Transmission Content Protection

Content Marked Copy-no-More The D-STB starts re-transmitting the encrypted Movie over 1394(Using an initial Key), with the EMI bits set as copy-No-More. The D-TV and the D-VCR looking at the content stream initiate Restricted/Full Authentication. When the authentication succeeds the D-TV, D-VCR and the DSTB establish content keys. The D-TV will be able to display the transmitted Movie. The D-VCR being a compliant device will not record the movie. Same condition is true, if a D-VCR Plays a Content that was originally transmitted as Copy-One Generation. The D-VCR would have recorded the movie as Copy-No_More. When the D-VCR plays back the movie, it plays it back with EMI set to Copy-No-More. As a result no other recording device (Compliant) will record this movie. Non-Compliant Devices If the D-TV or the D-VCR was a non compliant device, then the authentication will fail and the DTV/D-VCR will not be able to Decrypt the content hence will not be able to display the movie or record the movie (In all cases other than Copy-Freely).

Conclusion
Together, Digital Transmission Content Protection and the IEEE 1394 bus help fulfill the promise of Digital Television. Consumers will enjoy digital pictures and sound, multiple services and recording capability over true digital links. Considered on its own, DTCP offers advantages no other content protection system can claim. It already has broad support among equipment companies, because the five sponsoring companies include Hitachi, Intel, Matsushita (Panasonic), Sony and Toshiba. It was created with the advice and support of the Motion Picture, Information Technology and Consumer Electronics industries. And the Cable Television industry has already adopted DTCP with 1394 as an official standard. Finally, DTCP is a fully developed, mature technology with semiconductors already available from several manufacturers in sample quantities. DTCP is ready to go as an essential element in realizing the full potential of digital television.

Wipro Technologies

Page : 08 of 09

About Wipro
Wipro Technologies is a part of Wipro Limited (NYSE: WIT), and is a leading global rovider of high end IT solutions. The IT solutions provided include application development services to corporate enterprises and hardware and software design services to technology companies. The companys top clients include Lucent, Canon, Epson, Hitachi, Sony, Toshiba, Lucent, Cisco, IBM and ARM.

Wipro in IEEE 1394 marketplaces

Wipro focuses on supplying ready-for-use networking and connectivity solutions in the IEEE 1394 technology domain. At the heart of our 1394 IP portfolio is a comprehensive suite of reusable, high performance hardware and software solutions that include Physical Layer and Link Layer solutions for the 1394.a, as well as the next generation 1394.b specifications. Our offerings include the PHY, Link, Link with OHCI, Audio/Video Link, 5C Digital Transmission Content Protection along with the IP over 1394 and SBP-2 software stacks. With the ability to combine composite design skills and system level expertise with extensive integration and support services,we offer a truly well supported solution set, that gives customers an important time-to-market advantage.
Copyright 2001. Wipro Technologies. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without express written permission from Wipro Technologies. Specifications subject to change without notice. All other trademarks mentioned herein are the property of their respective owners. Specifications subject to change without notice.

America 1995 EI Camino Real, Suite 200 Santa Clara, CA 95050, USA Phone:+1 (408) 2496345 Fax: +1 (408) 6157174/6157178

Europe 137, Euston Road London NW12AA,UK Phone:+ (44) 020 73870606 Fax: + (44) 020 73870605

Japan Saint Paul Bldg, 5-14-11 Higashi-Oi, Shinagawa-Ku, Tokyo 140-0011,japan Phone:+(81) 354627921 Fax: +(81) 354627922

India-Worldwide HD Doddakannelli, Sarjapur Road Bangalore-560 035, India Phone:+ (91) 808440011 -15 Fax: +(91) 808440254 www.wipro.com eMail: [email protected]

Page : 09 of 09