Standardisation Activities for Security
in the field of Packaged Media, Internet and Digital TV

This document provides a short overview of standardisation activities for security in the field of packaged media, Internet and digital TV. Neither does the document claim to be complete nor does the ordering imply any order of importance of the activities.

Any comments or suggestions are very welcome; please contact the editor of this document at rump@iis.fhg.de.

This document briefly introduces the following activities:

1 Open Platform Initiative for Multimedia Access (OPIMA) *

2 Digital Versatile Disc Forum (DVD Forum) *

2.1 WG-9 / AH-1 *

2.2 WG-6 / AH-8 *

2.3 Copy Protection Technical Working Group (CPTWG) *

2.3.1 Digital Transmission Discussion Group (DTDG) *

2.3.2 Digital Transmission Discussion Group (DHSG) *

3 Moving Picture Experts Group (MPEG) *

3.1 Intellectual Property Management and Protection (IPMP) *

4 Digital Video Broadcasting (DVB) *

4.1 Multimedia Home Platform Local Cluster (MHP Local Cluster) *

5 Digital Audio-Visual Council (DAVIC) *

5.1 Content APIs Metadata & Security Technical Committee (CAMS-TC) *

6 Advanced Television Systems Committee (ATSC) *

6.1 T3S8 *

7 Society of Cable Telecommunications Engineers Inc. (SCTE) *

8 Audio Engineering Society (AESSC SC-06-04) *

9 Secure Digital Music Initiative (SDMI) *

10 Internet Engineering Task Force (IETF) *

10.1 IP Security (IPSec) *

11 Consumer Electronics Manufacturer Association (CEMA) *

12 Home Audio Video Interoperability (HAVi) *

1. Open Platform Initiative for Multimedia Access (OPIMA)

OPIMA works on the standardisation of an open generic framework for access control and content management and protection (CMP) tools. It works on downloadable and/or replaceable security for Internet and pay TV applications.

Information: http://drogo.cselt.it/ufv/leonardo/opima/

Contact: Leonardo Chiariglione (Leonardo.Chiariglione@CSELT.IT)

2. Digital Versatile Disc Forum (DVD Forum)

The DVD Forum works on the standardisation of DVD.

Information: http://www.dvdforum.org/

2.1 WG-9 / AH-1

The Working group 9 / Ad-hoc group 1 of the DVD Forum works on the standardisation of copy protection for DVD: System architecture.

Keywords: Disc type recognition, CGMS, Watermarking, Secure transmission, Encryption, Compliance marks

2.2 WG-6 / AH-8

The Working group 6 / Ad-hoc group 8 of the DVD Forum works on the standardisation of copy protection for DVD-R.

Keywords: Physical Marks for Discs

2.3 Copy Protection Technical Working Group (CPTWG)

CPTWG works on the standardisation of copy protection tools.

2.3.1 Digital Transmission Discussion Group (DTDG)

DTDG works on the standardisation of copy protection tools for digital interfaces (IEEE 1394). The work was completed in mid-98 without a single solution produced as a recommendation. One of the proposals is dubbed 5C (for 5 companies supporting it). Other proposals reviewed are from NDS and Picturetel. The NDS proposal has been revived as *C as an open proposal (The asterix »*« means, that the number of companies is not limited to any number) For more information on *C refer to http://www.ndsworld.com/cmp/).

Keywords: 5C proposal, *C initiative, DTLA, DTCP.

2.3.2 Digital Transmission Discussion Group (DHSG)

DHSG works on Watermarking for video for copy protection purposes.

Keywords: Watermarking, Embedded signalling

Information: http://www.dvcc.com/dhsg/HTML_May_cptwg_present/

3. Moving Picture Experts Group (MPEG)

ISO/IEC JTC1/SC/29/WG11 (MPEG) works on the standardisation of

• Video and audio object compression
• Representation of time-dependent synthetic 3D objects
• Object composition
• Intellectual Property Management and Protection framework
• File format
• Generic interface with delivery systems.

Information: http://drogo.cselt.stet.it/mpeg/

Contact: Leonardo Chiariglione (Leonardo.Chiariglione@CSELT.IT)

3.1 Intellectual Property Management and Protection (IPMP)

The IPMP group of MPEG works on hooks to associate IPMP information with audio-visual objects and to attach non-standardised IPMP systems to an MPEG-4 application.

MPEG-4 IPMP is a framework that allows the design of domain-specific (non-standardised) IPMP systems (IPMP-S). While MPEG-4 does not standardise IPMP systems, it does standardise the MPEG-4 IPMP interface. This interface was designed to be a simple extension of basic MPEG-4 systems constructs. It consists of IPMP-Descriptors (IPMP-Ds) and IPMP-Elementary Streams (IPMP-ES). IPMP Elementary Streams are like any other MPEG-4 elementary stream and IPMP Descriptors are extensions to MPEG-4 object descriptors.

Keywords: Security framework for MPEG-4

Contact: Niels Rump (rump@iis.fhg.de)

4. Digital Video Broadcasting (DVB)

DVB works on the standardisation of digital TV (Europe).

Information: http://www.dvb.org/

4.1 Multimedia Home Platform Local Cluster (MHP Local Cluster)

The DVB has started a project that aims to standardise the software elements of the home platform for digital TV. The objective is to create a software environment that allows broadcasters to provide their specific Electronic Program Guide. The MHP user requirements express the need for analogue copy protection signalling, a high level Conditional Access API and a copy protection signalling in a local cluster of digital TV devices. The MHP technical work is handled by the Technical Aspects of MHP subgroup (TAM), which has several ad-hoc groups working on issues such as Application Life Cycle and Signalling, JAVA and HTML.

Keywords: (Security for) local cluster, Requirements copy management signalling, copy management

5. Digital Audio-Visual Council (DAVIC)

DAVIC works on the standardisation of digital TV and interactive applications, TV-anytime, TV-anywhere. A very general Copy Protection Framework baseline document has been produced. Further development is expected, but not clear at the moment what shape it will take.

Information: http://www.davic.org/

5.1 Content APIs Metadata & Security Technical Committee (CAMS-TC)

CAMS-TC works on the standardisation of content representation, APIs, Metadata and Security

Keywords: Security for TV-anytime/TV-anywhere, copy protection, CMP

Contact: Gene Itkis (itkis@ndsisrael.com)

6. Advanced Television Systems Committee (ATSC)

ATSC works on the standardisation of Digital TV (US)

Information: http://www.atsc.org/

6.1 T3S8

Technology group 3 Sub group 8 of ATSC works on Transport

Keywords: Copy protection

7. Society of Cable Telecommunications Engineers Inc. (SCTE)

SCTE works on the standardisation of cable technologies

Information: http://www.scte.org/

Keywords: OpenCable, POD interface, 1394 interface

8. Audio Engineering Society (AESSC SC-06-04)

The Audio Engineering Societies Standards Committee’s Sub Committee 06-04 on »Internet Audio Delivery Systems« (AESSC SC-06-04) has two activities running, one of which deals with describing and quantifying sound qualities for audio compression systems (AES X-74). The other deals with on-line and off-line music delivery systems (AES X-79). Only the latter one is of importance to OPIMA.

AESSC SC-06-04 has defined a set of requirements of which the most important ones are the ease of use to the customers, implementability on PCs, signal processors and dedicated chips and some level of IP protection (though not 100%).

The current discussion unveiled two major open issues:

Firstly, it is unclear whether the AES X-79 specification should deliver a detailed working model (e.g. including the bulk cryptography used) or whether the specification should »only« contain a framework that has to be fulfilled by companies that plan to develop an AES X79 compliant application. This discussion included the question whether the AES X-79 specification would allow or require downloadability of code.

Secondly, it is still unclear to which extent the AES X-79 specification is to be made publicly available.

AESSC SC-06-04 will roll it’s activities on AES X-79 into the Secure Digital Music Initiative as soon as SDMI is up and running.

Information: http://www.aes.org/standards/

Contact: Niels Rump (rump@iis.fhg.de)

9. Secure Digital Music Initiative (SDMI)

The Secure Digital Music Initiative has been announced in December 1998 by RIAA, RIAJ and IFPI. The first meeting is expected to take place by the end of January or beginning of February 1999.

SDMI is organised by Global Integrity, a consultant firm for RIAA and will (most likely) consist of a plenary plus some working groups. The exact form is still to be decided but SDMI requires interested companies to become (paying) members.

SDMI was started because of the threat of »free« MP3 content in the Internet domain. It plans to establish a »secure« methodology to sell music in the digital domain, whether on PCs or on portable devices (such as MPMan, RIO, MPlayer3, ...). The press release of December 1998 ambitiously talks about having SDMI compliant products in the shelves for the Christmas season 1999.

Though the formal relationship between SDMI and AESSC SC-06-04 is still unclear, it seems likely that the AES X-79 specification will be (partly) adopted by SDMI as soon as SDMI is up and running. If the AES specification is not finished by that date, it is likely that the AES activities for AES X-79 will be continued under the guidance of SDMI.

Information: http://www.riaa.com/sdmi/

Contact: David Stebbings (stebbings@riaa.com).

10. Internet Engineering Task Force (IETF)

10.1 IP Security (IPSec)

The IETF Internet Protocol Security Working Group (IPSec) is developing standards for IP-layer security mechanisms for both IPv4 and IPv6. The group is also developing generic key management protocols for use in the Internet.

The current IPSec standards include 3 algorithm-independent base specifications which are currently standards-track Requests For Comments. These 3 RFCs are in the process of being revised (per usual IETF procedures) and the revisions will take into account a number of security issues with the current specifications, including some issues documented in a postscript pre-print from AT&T Research.

• The IP Security Architecture defines the overall architecture and specifies elements common to both the IP Authentication Header (AH) and the IP Encapsulating Security Payload (ESP).
• The IP Authentication Header (AH) defines an algorithm-independent mechanism for providing exportable cryptographic authentication without encryption to IPv4 and IPv6 packets.
• The IP Encapsulating Security Payload defines an algorithm-independent mechanism for providing encryption to IPv4 and IPv6 packets.

The current standards also include 2 algorithm-dependent transforms. Because of security issues with these transforms, they are likely to move to »historic« status in the near future:

• IP Authentication using MD5
• The DES-CBC Transform for ESP

There are three candidate replacements for the standards-track algorithm-dependent transforms. These include:

• Combined DES-CBC, HMAC MD5, and Replay Prevention Security Transform which combines the DES-CBC encryption algorithm, Keyed HMAC MD5 authentication algorithm, and a replay prevention technique into a single ESP transform.
• HMAC-MD5 IP Authentication with Replay Prevention combines the Keyed HMAC MD5 authentication algorithm and a replay prevention technique into a single AH transform.
• HMAC-SHA IP Authentication with Replay Prevention combines the Keyed HMAC-SHA IP Authentication algorithm and a replay prevention technique into a single AH transform.

Information: http://www.ietf.org/html.charters/ipsec-charter.html.

11. Consumer Electronics Manufacturer Association (CEMA)

CEMA’s Working Group 2 of sub-committee R4.8 works on copy protection mechanisms for digital interfaces, especially

• The interface between set-top box and display device or recorder (e.g., IEEE 1394, RF re-modulation) and
• The interface between set-top box and security module (i.e., the NRSS interface).

Philips has submitted the Open Copy Protection System (OCPS) to CEMA. OCPS establishes a secure authenticated channel on for example a 1394 interface. Its functionality is similar to the 5C proposal. A number of other proposals has been submitted. Some merges are likely (e.g. Philips and NDS).

Information: http://www.cemacity.org/

Contacts: Shazia Azhar (shaziaa@eia.org), Frank Kot (frank.kot@knox.pcec.philips.com)

12. Home Audio Video Interoperability (HAVi)

HAVi is a Consumer Electronics (CE) industry standard that will ensure interoperability between digital audio- and video devices from different vendors and brands that are connected via a network in the consumer’s home. The companies that participate in HAVi are Grundig AG, Hitachi Ltd, Matsushita Electrical Industrial Co. Ltd, Royal Philips Electronics N.V, Sharp Corporation, Sony Corporation, Thomson Multimedia S.A and Toshiba Corporation.

HAVi specifically focuses on the transfer of digital Audio/Video (AV) content between HAVi devices as well as the processing (rendering, record, play back) of this content by HAVi devices. Typical examples of AV content are digital broadcasts received by a Set Top Box or content produced by HAVi devices in the consumers home such as a digital video recorder, a digital camera, a CD (compact disc player/recorder) or MD (mini-disc player/recorder). With the growing importance of the Internet as a source of AV content or other data for CE devices, HAVi also addresses data such as HTML or images that can be retrieved from the Internet. Furthermore HAVi specifies the use of general utilities like a clock and a timer. A PC can be a HAVi device just like any other. Its use is neither required nor prohibited in a HAVi network.

It can control other HAVi devices and it can offer AV-related functionality that can be controlled by other HAVi devices. HAVi devices are intelligent and powerful devices capable of controlling other HAVi devices over the HAVi network. Typical HAVi devices are digital audio- and video products such as Cable Modems, Set Top Boxes, digital-TVs, internet-TVs or intelligent storage devices for AV content. However as technology advances and becomes cheaper, also other kinds of HAVi devices may appear on the market such as video-phones and internet-phones. Interoperability means that an application on a HAVi device can detect and use the functionality offered by other HAVi devices that are connected to the HAVi network. The HAVi standard specifies all the protocols over the HAVi network that are required to achieve this interoperability.