Movielabs has recently announced the latest updates to the Enhanced Content Protection Specification in version 1.3. MovieLabs is a consortium of studios that joined forces to set an industry standard for the security of their content. As independent entities, the studious keep the full rights to negotiate with other market players about the security level. The new requirement set has emphasized that each studio may have different content distribution requirements, and hardware/software vendors shall discuss them with each studio. In this blog post, we will highlight some interesting developments introduced in this new version of the specification that are worth the attention of content protection professionals.
First of all, in version 1.3, the new set of requirements has been added to Revocation & Renewal section. One of the new requirements, for example, is the expectation of the system to securely enforce the installation of updates of system and platform components. Security updates are the critical aspect of security in todays’ struggle between adding more functionality and protecting the assets. More code usually introduces more vulnerabilities, and security updates are the main mitigation technique against them.
In this context, if the device is at the end-of-life, the operators should be able to restrict content when devices stop receiving DRM-related security updates. Furthermore, the firmware versions information of the operator should be securely provided. Tracking the versioning can aid in ensuring that old unpatched versions are not present on the device.
Another addition to the specification is the tracking of the security vulnerabilities and patching them with the support of DRM system providers to operators upon request. This comes with a list of the affected models by the vulnerabilities that will not be patched due to the end-of-life of the device.
Further changes are present in the forensic watermarking section. In the previous versions, the watermark was required to be inserted at the server. In the new spec, the watermark is required to be inserted so that the valid insertion is guaranteed during playback even if the device and its secrets are compromised. Therefore the specifications allow either server-side or client-side insertion. Additionally, unique identifiers propagation for the downstream link is required.
Finally, in the Certification section, the device debugging or tracing interfaces, such as JTAG, Serial Wire Debug, or MIPI, are required to be closed using physical or equally effective means. One of the largest attack vectors on any device is the debugging interface, which is left open for developers to address any issues in the field. However, debugging interface usually provides an attacker with access to the device on the highest privilege level opening up the path to assets protected by the DRM solution.
Riscure actively supports DRM and CAS vendors with our services and expertise to reduce risks of monetary, legal, and reputational damage and delayed time-to-market. To find out how Riscure can support your developments, contact us at firstname.lastname@example.org.