DRM, Ensuring Secure Content Protection Solutions for Next Generation Consumer Devices
This white paper explains what is required to build a secure DRM solution and describes the joint Discretix and G&D secure DRM solution, based on ARM TrustZone® technology.
Secure Implementations of Content Protection (DRM) Schemes on Consumer Electronics Devices
Today's connected devices – including web TVs and hybrid STBs – embody a new era in consumer electronics, allowing unparalleled access to content and unlimited options to consumers. In this new age of over-the-top TV (OTT-TV), device manufacturers and service providers require robust content protection schemes that are approved by studios, yet are flexible enough to support multiple business models and new use cases. The need for secure DRM implementations is real, and it is happening nowSecure and robust DRM implementation, as defined by content owners, is mandatory in order to enable premium content licensing by the service provider. Such robust implementation requires an in-depth understanding of the security vulnerabilities of today's connected devices. This White Paper explains what is required to build a secure DRM solution. . The first part of the White Paper develops a DRM threat model. The second part presents some approaches to a secure DRM solution and describes the Discretix secure DRM solution.
This paper presents an internal information security services framework for vehicular environments. The framework consists of a logical toolbox - a set of logical modules that are installed in a variety of embodiments (e.g., controllers) and which provide security functionality that vehicular applications require. The framework also includes several enablers, which are higher-level security functions that are integrated into vehicular applications. These enablers use the aforementioned tools to provide for many typical use-cases, such as secure logging, secure code update, and secure feature activation.
The purpose of the toolbox is to provide some of the common security functions at the highest effective abstraction level, and to implement these functions securely in well suited embodiments. This detachment of security functions from the applications that use them shall allow developers to develop secure applications without requiring extensive security know-how, as well as to reduce the attack surface of their applications.
Security Challenges in Embedded Designs
Security is becoming a de-facto requirement in the embedded industry, where system integrity, content and connectivity are gaining increasing market attention. This naturally leads to security accounting for a more significant share of embedded designs cost. At the same time, with the prevalence of software there is also a need to meticulously build a design to guarantee the security, authenticity and availability properties of the overall solution.
As open mobile terminals become more prevalent across the user-base, developers want to be able to create innovative applications with access to all the features of the handset. Finding a balance which allows developers to cultivate the mobile community, yet which prevents malicious actions by a minority is a difficult yet necessary task.
Presentation given at the Symbian Smartphone Seminar, October 2006.
A Foundation for Secure Mobile DRM Embedded Security
Digital Rights Management(DRM) is a compelling reason to enhance security of mobile phones against attacks by the phone holder. DRM systems allow content owners to specify and control the usage policy for their content; such systems are crucial for the entertainment industry and for secure information handling in corporate environments.
This essay lists some of the challenges that are encountered when developing content-protection products. The focus is on the "designing" part, rather than on general difficulties of content protection, such as: legal issues, scheme design issues, fair-use issues, marketing issues, user acceptance, moral considerations, etc. Enough can never be written on all these subjects, although more than enough has already been. In this essay, I deal mostly with the decision points and the difficulties that are encountered by someone who tries to make a living off designing and implementing content protection products. Our main focus is security.
The effect of faults on electronic systems has been studied since the 1970s when it was noticed that radioactive particles caused errors in chips. This led to further research on the effect of charged particles on silicon, motivated by the aerospace industry who was becoming concerned about the effect of faults in airborn electronic systems. Since then various mechanisms for fault creation and propagation have been discovered and researched. This paper covers the various methods that can be used to induce faults in semiconductors and exploit such errors maliciously. Several examples of attacks stemming from the exploiting of faults are explained. Finally a series of countermeasures to thwart these attacks are described.
The increased interest in security stems from two main factors: First, the need to reduce threats and damage resulting from security breaches and second the opportunity to deploy new revenue-generating applications.
Challenges of Standardizing Renewable Broadcast Security
An important component of a secure broadcast scheme is a renewability mechanism. This mechanism enables the system to cope with successful attacks that are widely perceived to be inevitable. When standardizing a broadcast security scheme one needs to address not only the technical issues, such as secure delivery and update, but also the conceptual difficulty of overcoming the inherent unsuitability of standardization processes for providing timely response to attacks. This paper discusses some of the challenges of both types and suggests ways to overcome them.
Secure Flash Card Applications Hit the Horizon
New high-processing-power flash-card applications require a high level of security as well as high performance. This leads to a disruptive change in the architecture of the flash card and USB drive.
End-To-End Security for Firmware Updates - Whitepaper, v1.1
To ensure successful firmware and feature updates, an operator's network must be secure from end-to-end and include secure sessions between each network element. Protection of corporate applications, network elements and devices is very important. This document discusses end-to-end security and considers all network elements involved in firmware updates.
Securing New Revenues through Secure Storage
In the mobile space, even the base-line handsets support new, more advanced applications that require protection. These applications range from entertainment-oriented ones that enforce copyrights to personal secure storage that protects sensitive user information from prying eyes. In addition, high-end phones and Smartphones may be used for corporate communication, carrying sensitive corporate information that must be well protected. Mass storage devices gain increasing popularity with average capacity per device growing steadily (to over 300 Megabytes in 2007). As with handsets, these devices must also protect sensitive consumer or corporate information they carry.
DRM on Open Platforms - May be Possible After All
An essay presented at the 2nd IEE Secure Mobile Communications Forum, September 23, 2004. The essay, jointly written by Hagai Bar-El & Yoav Weiss, describes the minimal changes required for a typical open platform to make it capable of running DRM schemes securely, without violating its essential openness properties.
Firmware Update Security - The Need to Protect Updates
A presentation given at the The OTA Flash Forum Meeting, August 20, 2004. * Protecting update files* The need for receipts * Biggest challenges
Downloadable Content - Security and Robustness
Downloading mobile applications carries a serious security risk, read how a combination of OSE's real time operating system and Discretix's CryptoCell can be used to protect the stability and reliability of the mobile device.
Security Implications of Hardware vs. Software Cryptographic Modules
Cryptographic modules can be implemented either by hardware or by software. Whereas software implementations are known for being easier to develop and to maintain, when it comes to cryptographic modules or security-related applications in general, software implementations are significantly less secure than their hardware equivalents. The reason for this is mostly the fact that software solutions make use of shared memory space, are running on top of an operating system and are more fluid in terms of ease of modification.
Strength Assessment of Encryption Algorithms
This paper presents the results of a study undertaken to research some of the most commonly used encryption algorithms firstly to identify as many of their weaknesses and vulnerabilities as possible, and secondly to identify the aspects of these weaknesses that can be avoided by correct implementation.
Using Public Key Cryptography in Mobile Phones
As mobile networks expand their bandwidth, mobile phones, as with any other Internet device, become substantially exposed to Internet security vulnerabilities. Public key cryptography is a primary concept in implementing wireless device security. Many papers have been written about public key infrastructure, this paper does not delve into the deeper mechanisms of PKI. Instead, it describes the applicative use of PKI in current and future mobile phone applications, and shows how Discretix CryptoCell efficient, lightweight and standard-compliant implementation of cryptographic algorithms, enables wireless devices to become PKI-enabled.
Introduction to Side Channel Attacks
This document introduces Side-Channel attacks and is intended to assist in the decision making of how to protect cryptographic modules against such attacks. The document is divided into two parts: The first part presents Side-Channel attacks and provides introductory information about such attacks. The second part presents known methods for protection against such attacks with a brief effectiveness assessment, if such is available. This document is mainly intended for people who are considering the use of cryptographic modules and who need to compare several options with respect to their security.
Known Attacks Against Smartcards
This document analyzes, from a technical point of view, currently known attacks against smart card implementations.The purpose of this analysis is to give the necessary background for the assessment of the mechanisms that can enhance the security of smart cards. This document is mainly intended for people who are considering the use of cryptographic modules and who need to compare several options with respect to their security.
Cryptographic Hardware and Embedded Systems (Discretix innovation and enhanced Montgomery Multiplication.)
During CHES* 2002 conference, Session 2: Finite Field and Modular Arithmetic 1, at the Cryptographic Hardware and Embedded Systems conference, held in San Francisco Bay (Redwood City) U.S.A , Prof. Shay Gueron, Discretix' algorithm group manager, presented the principals behind Discretix innovation and enhanced Montgomery Multiplication.