[Meego-tv] White paper Security requirement for TV under MeeGo

[Dominig Ar Foll]

>
>
> A common use case will be that the actual and potentially protected content
> will not consume the entire screen but will share the screen with other
> applications let's say a web browser, a Facebook client etc. This means
> protected video will be overlaid, tiled, mixed etc. with unprotected content
> during rendition for output through digital (mostly) and/or analog
> (shrinking) video interfaces. The way how this is done can potentially
> create security loopholes allowing descrambled and decoded content to be
> siphoned off.
>

That is correct on a traditional PC architectures. Fortunatly on the SoC
that we use in TV (and many embedded devices), the video is rendered in an
independent graphic plan which is later mixed with other graphic plans by
the hardware and is generally not accessible by the the software.
I do agree with you that to get the maximum level of protection this type of
architecture will have to be generalised. In the embedded world this is more
than likely to come very soon because playing video as overlay is a very
efficient and simple way to reduce energy consumtion (a shared goal on any
embedded devices) but on general PC HW that may take a bit more time. It
also means that creating UI where protected video is played via an OpenGL
texture is probably not going to happen any time soon.

>
> Local transcryption of content with keys derived from a hardware key ladder
> etc. was described in the paper. A use case of an STB could allow users to
> store their own content such as photos or home videos on the STB. While
> users will typically not want to encrypt their own content a loophole in the
> architecture may accidentally allow them to do so. This could be exploited
> for so-called "known clear message pattern" attacks etc. (As a side note:
> the cipher alone e.g. AES128 does not guarantee the strength of the
> solution; equal attention needs to be paid to what cipher mode e.g. ECB,
> CBC, CFB etc. is used)
>
> Loop hole are the nightmare of any security system. Plan well, test a lot,
monitor issues and correct quickly are the only survival rules. The question
of a security system is not 'if' it will be broken but 'when' it will be
broken. On connected devices we have a privilege to be able to change the
software on the fly which is often the only way to stop the bleeding when a
loop hole as been found by the hackers.

It is very hard to anticipate potential vulnerabilities. And with the may
> new use cases for SmartTV will offer over the traditional TV consumption
> model it becomes very important to closely look at use cases and interaction
> themselves to identify the risks.
>
Perfection does not exists and our goal should be to be good enough to be
'certified' and quick enough to correct issues to 'keep' our certification.
I will happily leave the goal of implementing Perfection to someone else. I
am happy to keep it as a distant dream :-)

-- 
Dominig ar Foll
MeeGo TV
Intel Open Source Technology Centre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.meego.com/pipermail/meego-tv/attachments/20110324/e4d460ac/attachment.html>