|
1. What is Content Protection?
Content protection technology performs a number of functions both protecting content from illegal usage and ensuring that the consumption of content is performed within the constraints of a well-defined set of business rules.
Content protection can be divided into two sub-groups, Conditional Access Systems (CAS) and Digital Rights Management (DRM). While these terms are sometimes used synonymously, there are actually subtle differences between the two; however, for the purpose of this discussion we will combine both into the term Content Protection.
For example a video distributor may sell content to a consumer on the basis that the consumer may watch the content within the confines of his home over a period of twenty-four hours. The function of the content protection system is to ensure that the content is protected as it is delivered to the set top box and ensures that the set top box only plays back the content over the defined period of twenty four hours.
The encryption of content is a critical element of the content protection system. If the content is in clear form that is easily accessible to the consumer it becomes impossible to ensure that the rules are adhered to or that the content is redistributed freely.
2. Why is Content Protection so important to IPTV?
The most important reason for using DRM in IPTV system is that content owners who license content to IPTV operators usually will only do this under specific conditions. For example, a studio may license an IPTV operator to allow a movie to be viewed by its customers over a single month. The content owner does not wish to have the movie available to operator's subscribers outside that month window. This requires that the operator can guarantee that its viewers will not have access to that movie outside of the month period, even if the movie has been downloaded to storage devices within the viewer's home.
Additionally content owners are very concerned
about redistribution of their content. They do not want to have a single
viewer download a movie and then redistribute the movie to their friends
either via a local network, the Internet or a DVD. They are particularly concerned that the digital copy that is provided to the viewer can be replicated indefinitely and that even copying 2nd, 3rd or nth generation copies of the movie results in a perfect copy. For this reason they are looking to have content distributed over IPTV networks protected. |
The protection of content using a content protection system creates the need to have a licensed technology to access the content. This is also important to the content owners who are able to enforce that only devices that obey the usage rules for the content have access to content. For example content owners do not wish to have their content output from the device in the clear, as this would enable the content to be consumed and redistributed freely in contravention of the licence for that content. As part of being licensed for a content protection technology, the manufacturer of the device must ensure that the device behaves in the desired manner.
For an IPTV operator, content protection is as essential as having the best or at least the same popular programming content as alternative television systems is necessary for competition. For example if a content owner is uncertain about the security of their content on an operator's network they may only allow the operator a later release window. Alternatively, they may allow the content onto the operator's network but with the threat of pulling the content if there are any security problems.
In addition, the operator itself can lose revenue through piracy. This could occur in the following ways. For example, with video on demand content, a single consumer could view one title and redistribute that title to their neighbours and friends using a DVD or some other form of sharing. Similarly for a broadcast stream the consumer may share their subscription with their neighbours by redistributing over a wireless LAN infrastructure. This ultimately undermines the IPTV operator's revenue. For the consumer this is perceived as gaining more value for their 20 Euro a month subscription to IPTV. For operators, this can quickly add up to multi millions of Euro per month loss of revenue if a few hundred thousand subscribers are lost to piracy in this manner.
The deployment of content protection is about risk management. The IPTV operator needs to consider the risks to their business that content theft creates and how they can manage these risks. Obviously these risks can be catastrophic to their business if they result in the loss of access to compelling content or to loss of revenue. |
|
3. Content Protection Options
There are a number of solutions that provide content security for IPTV networks. A typical solution includes a server that manages the encryption of content and the distribution of keys that can be used to unlock or view the content. The critical element of the content protection system is the implementation within the receiving device or set top box.
The security element within the set top box is the most exposed to attack as it sits within the customer premises and the customer does not necessarily have the same interest in protecting content as the IPTV operator.
There are two major options for securing the set top box client. The traditional method has been smart cards. These have the advantage of being based on hardware security, which has a significantly higher barrier to entry for hackers. They also have the advantage of being relatively easy to replace in the event of a breach of the system. They do have the disadvantage of requiring handling and logistics.
The second option for implementation in the set top box has been software
based security systems. These technologies make use of the return path to
ensure security. This technology avoids the logistics of smart cards.
However software has its own costs particularly in longer-term support and
maintenance. Many vendors claim that in the breach of software the
software can be updated easily over the network. This does not take into
account the problems of integrating the software into the existing set top
box. This can become extremely complex and in some cases impossible where
a large number of different models of set top box are used and the
manufacturers of set top box have no incentive to upgrade or integrate the
new versions of content protection. |
The content
protection can only be downloaded if the manufacturer can be convinced
to perform the integration. In the case of most manufacturers they
have no incentive to do this as the set top box has been sold and
there is no further revenue to be generated from fixing old models.
There are techniques being deployed by some vendors that overcome
this.
4. Studio Endorsements
Studios do
not endorse specific protection solutions and do not have any
exclusive choices of technology. For production studios, it is
important that there are competing innovative solutions in the market
to so that there is a continuous improvement in the technology as new
threats to content emerge. In addition, it is important to the studio that there is a roadmap for the upgrade of the technology. Of particular concern to content providers is what happens when the technology is compromised. Here they are looking at vendors who cannot only deliver systems today, but also have the wherewithal and commitment to fix breaches in the system as they occur over the life of the system.
Studios have become more and more expert on content protection issues and as digital distribution becomes more prevalent one can expect them to become more demanding on the technology used to protect their content.
5. What types of equipment are needed to implement Content Protection?
The content protection system comprises a head end server and some form of client that is implemented within the set top box. This client can also have associated with it a software security element or a smart card. The server should also include a secure key server to protect the keys used within the system. |
|
6. What are some of the IPTV Content Protection industry standards?
The development of IPTV is at a relatively immature stage in the development of rights management standards. Some of the digital rights management standards include extensible rights management language (XRML) and open digital rights language (ODRL). The DVB is developing the DVB IPI suite of standards for IP delivery.
7. Key compatibility issues
The most significant issue for compatibility is the ability of different content protection systems to interoperate. The DVB has been extremely successful in the past in creating standards that allow for CA systems to interoperate. These standards are applicable for IPTV as well as for traditional MPEG based systems.
8. Important features for Content Protection systems
The role of content protection in an IPTV system goes well beyond a bundle of features. Content protection plays a crucial role in the fundamental elements of an IPTV operators business. The long- term viability of the IPTV operator is dependent on their ability to source content and to ensure that they are able to collect revenue for that content. The nature of a security system is that it is not a static set of functionality that remains in perpetuity.
Security systems are forced to change over time due to the dynamic nature of technology and piracy. As time progresses, new techniques are being developed by pirates and these need to be countered as they are deployed. In addition a strong vendor will be proactive in monitoring pirate develops and technology develops that could aid piracy and develops technologies to counter these attacks proactively.
The development of secure systems requires specific development processes and audits to ensure that the implementation is secure. Very often developers will create systems that are theoretically secure, but the implementation leaves holes that are ruthlessly attacked by pirates. A development process for a security system should include a threat model as a benchmark for the system design and should incorporate a formal audit plan to evaluate the implementation of the security system against the threat model. This audit plan should include the usage of independent external auditors who are not part of the vendor.
These steps are important as they create visibility of what the content
protection system is protecting against and how the implementation of the
content protection system actually stacks up against what is being
protected against. |
One of the
problems that an acquirer of content protection technology faces is how to
evaluate the security of the system. Such a threat model and audit system
allows the operator to understand what they are purchasing and how this
fits into their overall security strategy.
In addition to deploying a content protection
system the IPTV operator needs to have a complete security strategy in
place to maintain the overall security of their system. This includes
operating procedures determining who has access to which parts of the
operation, designs of their network etc. A strong content protection
partner will be able to advise on these issues and provide guidelines for
such a security strategy.
For an IPTV operator to remain in business they need a content
protection partner who will stay the course with them. Important questions
to consider when making a content protection choice are the following:
1) What is the track record of the vendor in
the market place?
2) How have they responded to piracy in the past?
3) Are they going to be in business in 10 years time after the
IPTV operator has deployed a significant investment in customer
equipment?
4) How are they going to fix piracy when it occurs?
5) Does the vendor have an infrastructure in place to monitor
piracy and deal with it in a holistic manner?
6) Does the vendor have a development process that is geared
towards secure implementation?
7) Does the vendor have an audit trail with external auditors
for their technology?
8) Is the vendor willing to share with the operator the outcome
of the audit trail?
9) Is the vendor willing to allow the operator to speak to other
customers about their experiences with that vendor?
|
