Securing 4K Content And Beyond Over HDMI

By Angela Raucher & Dana Neustadter
As we move into the era of transmitting and receiving 4K Ultra-High Definition (UHD), High Dynamic Range (HDR) and even 8K UHD content, robust security becomes even more important for the protection of premium content. Today, High-Definition Multimedia Interface (HDMI) is the most widely used, and sometimes the only interface to connect high-resolution components such as game consoles, set-top boxes and Blu-ray players to high-definition TVs and projectors.

This article describes the challenges system-on-chip (SoC) developers face in providing a secure solution to deliver UHD content over HDMI and the path to finding the right solution.

Securing 4K content over HDMI
Today’s users demand higher resolution content with crisp audio along with other features supported by the HDMI 2.0 standard, such as advanced remote control functionality and 21X9 frame format, to enable a true cinema experience. In order to deliver the premium content for this experience over the Internet, providers require higher security to be in place. The requirements related to security are driven mainly by MovieLabs, an organization founded by Disney, Paramount, Twentieth Century Fox, Sony Pictures, Universal and Warner Bros. The MovieLabs Enhanced Content Protection specification requires that devices such as tablets, smartphones and UHD TVs, receiving the highest quality commercial content, implement strict security measures to assure that content cannot be copied or freely redistributed from those devices. Among other items, the MovieLabs specification requires:

• Protection of content sent to a remote display using High-bandwidth Digital Content Protection (HDCP) 2.2 link protection (Figure 1)
• A hardware root of trust to protect Digital Rights Management (DRM) and link protection keys
• A protected video processing pipeline
• A random number generator compliant with NIST SP800-90

Figure 1: End-to-end premium content protection with HDCP 2.2.

Meeting these requirements entails significant investment in R&D and is easy to get wrong, leaving an implementation vulnerable to attacks and its implementer potentially open to liability.

For example, solutions based in the Trusted Execution Environment (TEE) alone may not be sufficient to face these attacks. Having it contained in an Embedded Security Module (ESM) helps address new and emerging threats in the field. Fault detection and side channel attack resistance must also be addressed as part of the security solution and adds growing set of requirements.

Finding the right solution
As an SoC developer planning to support the latest multimedia requirements, finding a pre-integrated, well tested, and certified technology for protection against vulnerabilities is imperative. When looking for HDMI 2.0 and HDCP 2.2 IP solutions, you should ask your supplier questions such as:

• Are all the features required by the market supported?
• How was this solution tested for interoperability?
• Is the solution certified by DCP (Digital Content Protection) licensing authority?
• Can you explain in detail how robustness criteria were met?
• What protection is provided against side channel attacks? Also against code modifications, fuzzing, glitching and fault injection? How have those been evaluated and what were the results?
• How many designs and devices in the market use this implementation?

Robustness requirements are increasingly demanding and specifications are open-ended with respect to resisting attacks, therefore, choosing a supplier who demonstrates an understanding of this is key to market success.

Make it future-proof
The right solution goes beyond just current specifications and mandates. While compliance is a challenging and necessary requirement, planning for future threats is even more arduous yet imperative to consider.

SoC developers must ask their supplier to present track records of successful, interoperable and secure solutions as well as plans to address future threats. The supplier of choice should be the one that has a complete, robust and tested solution that not only meets all of the specified requirements from relevant standards, but also has the ability to respond to ongoing changes. Such a supplier gives SoC developers the confidence that their device will work as expected so they can focus on product differentiation and innovation.

Figure 2: Certified and interoperable solution for the highest content protection over HDMI 2.0.

Synopsys and Elliptic provide a certified and interoperable solution that enables the highest content protection over the HDMI 2.0 interface for UHD multimedia SoCs. The Elliptic HDCP 2.2 Embedded Security Module is flexible, highly secure, and it includes the entire control plane processing with authentication and key exchange protocols, as well as the content encryption engine (Figure 2). Synopsys DesignWare HDMI 2.0 TX and RX IP solutions including controller, PHY, and example Linux drivers, reduce designer’s integration risk and time-to-market and have a long history of proven IP in volume production. Combined, it is the solution of choice that meets ultra-high definition 4K resolution, high frame rates and increased bandwidth requirements.

For more information, click here.

—Dana Neustadter is director of product management at Elliptic Technologies.