Irdeto introduced its ActiveCloak for Media platform earlier this year as a way to facilitate content owners’ and distributors’ efforts to stay a step ahead of hackers (see March, pp. 10 & 20). Irdeto will be enhancing those capabilities for the Blu-ray market by integrating the BD+ techniques, which were standardized as part of the Blu-ray protection regime, with ActiveCloak, says Irdeo CEO Graham Kill.
“We are working closely with the studio community to ensure movie titles released on Blu-ray disc have the same rigorous protection standards we created for Irdeto ActiveCloak for Media,” Kill says. “This is the beginning of a new era of software security, and one that is certainly welcome for companies whose livelihood depends on digital entertainment.”
Such an era would come none too soon for the struggling Blu-ray market, where security breaches and slow sales of players have been double whammies for studios as they attempt to revive their disc sales business. Better protection could lead to earlier release windows and higher sales, says Yoav Schreiber, senior analyst at Current analysis.
“Enhancing the protection of Blu-ray content is a linchpin to extending the release windows for movie titles on physical media formats,” Schreiber notes. “With premium VOD and online content distribution encroaching on established physical distribution models, [the Irdeto BD+ strategy] should bolster the movie industry’s Blu-ray business model.”
When Blu-ray first hit the market, the expectation was that the new protection mechanisms embodied in the Advanced Access Content System (AACS) would be an improvement over the DVD system, but these hopes were quickly dashed with AACS hacks and distribution of Processing Keys over the Internet. BD+ was added as an additional security layer, but it, too, was compromised, notes Martin Sendyk, senior vice president of products in Irdeto’s Online Group.
“Since then it’s been a constant struggle to maintain security,” Sendyk says. “AACS never recovered. BD+ has had moments when renewed security updates were able to last a bit, but this wasn’t enough to meet the requirements of the studios.”
BD+ technology, based on the Self-Protecting Digital Content (SPDC) architecture, is by its nature a renewable security concept, given that its mechanisms are applied in post production prior to encryption with AACS, notes Greg McKesey, vice president of technology at Irdeto. “BD+ goes beyond DRM key management to verification of the platform and player itself,” McKesey says. “The idea is to validate the player before the content can be played back, which helps to make sure the content isn’t run in the clear by a ripper on an unauthorized device.”
The mechanisms used by BD+ are not publicly shared. Asked whether electronic fingerprinting or watermarking might be involved, McKesey replies, “The secret sauce is applied on a disc-by-disc basis. One can assume those types of techniques are used, but we can’t say anything about specifics.”
The chief problem with execution on the original Blu-ray protection concept was the vulnerability of the Blu-ray players to key theft, Sendyk says. “The AACS keys haven’t been adequately protected by players in the market,” he says, noting there’s no one consistent point of exposure across the player market. “DRM compliance and robustness rules are written in legal language that’s often difficult to interpret, which makes it hard to point a finger and say to the manufacturer, ‘You broke this rule.’”
Attempts to mitigate future attacks by refinements in hardware addressing the latest attack are not a practical solution, he adds. Not only are such efforts cumbersome and costly; they don’t address additional exposures where the next attack might be accomplished once the previous loophole is closed.
This is where ActiveCloak has a key role to play, Sendyk says. “The dynamic and renewable security elements are part of what makes ActiveCloak strong in the first place,” he notes.
The platform continuously monitors and manages potential threats as long as a piece of content is in circulation. A combination of server and client software allows security mechanisms to be reconfigured and automatically renewed on active devices to prevent loss of platform integrity over time. Requiring such software to be used in Blu-ray devices could make it possible to keep players updated against the latest modes of attack.
By combining the expertise of the CloakWare team with that of the 20 or so experts in BD+ technology Irdeto will be able to create a new level of robustness in the battle against piracy, Sendyk says. “The fact that the BD+ people have landed in a company whose mission is to solve this issue is something the studios are very interested in and watching very closely,” he adds.
The forthcoming hybrid BD+/ActiveCloak content security system will monitor and address threats throughout each Blu-ray disc’s economic life, allowing security mechanisms to be reconfigured and renewed for each movie title to prevent loss of platform integrity over time, he says. Then it will be up the studios whether to insist that this solution be made part of the Blu-ray ecosystem.
“You can expect more announcements in terms of the studios’ involvement in this effort,” Sendyk says.