HDCP 2.3: Enabling Robust Security Of High-Res Displays

Protecting digitally copyrighted audio and video content as it travels across connections between devices.

popularity

Displays, monitors and touchscreens are the interface to our digital lives everywhere—at home, at work, and in the car. Display designers continuously upgrade their products with higher bandwidth, new technologies, and innovative features. New, modular products incorporate micro LEDs to allow new form factors, such as designing displays that are as thin as a canvas, can be rolled up, or can be seamlessly assembled into screens as big as 300 inches. In addition, higher variable refresh rates are moving 4K resolutions to a broader range of interfaces, including gaming applications.

To support new product and consumer requirements, designers integrate the latest DisplayPort, HDMI, and USB standards. The DisplayPort 2.0 standard gives consumers up to 80 Gbps bandwidth, and HDMI 2.1 offers 48 Gbps. A plethora of devices that make use of HDMI, DisplayPort, and USB Type-C interfaces that support large screens with higher resolutions are enriching our connected lives, from digital TVs, smartphones, tablets, monitors, audio/video bridges, converters, to projectors, dongles, gaming consoles, streaming boxes, docking stations, and set-top-boxes. These devices transmit or receive high-value premium content that is required to have robust security protection against malicious attacks.

What is HDCP 2.3?

High-Bandwidth Digital Content Protection (HDCP) is a widely adopted link security specification developed by Intel and licensed by Digital Content Protection LLC (DCP). HDCP is intended to protect digitally copyrighted audio and video content as it travels across connections. The connections can be between source devices like set-top-boxes or dongles, to sync devices, such as DTVs or other display devices (figure 1).


Fig. 1: HDCP 2.3 protects the data traveling over connections between devices such as set-top boxes and TVs.

The latest HDCP specification, HDCP version 2.3, was released in 2018 for HDMI interfaces and in 2019 for DisplayPort interfaces (which are used in USB Type-C) to augment the security protection level. Compared to the previous revision, HDCP 2.3 requires more stringent security mechanisms including hardware root of trust, hardened execution environment, runtime integrity checking and integrity check after unauthorized modification.

The HDCP 2.3 specification involves two components:

  • Authentication and key exchange, leveraging cryptographic algorithms such as RSA-3072 verify, RSA-2048 encrypt/decrypt, HMAC-SHA256 and AES-CTR-128
  • Audio/Video content encryption/decryption, leveraging AES-CTR-128 cryptographic algorithms

The specification is expected to continue to be modified as the interface technologies and types of threats evolve. For example, in July 2021, DCP LLC released an errata that requires updates for transmitter related applications to upgrade the locality check protocol. Solution providers have up to 18 months to comply with the latest updates. During this time older implementations can be tested and certified according to the pre-errata rules.

Finding a future-proof HDMI/DisplayPort/USB Type-C security solution

Chip developers planning to support the latest multimedia requirements for large, high-resolution screens need to bring to market products that support not only the latest security specifications, but also are proven to be compliant to stringent robustness rules, certified, highly interoperable in the field, and offer optimal area, performance, and power.

The right solutions go even beyond the current specifications and mandates. Planning for future threats and specification updates is even more arduous yet imperative to consider. Being able to upgrade devices securely in the field via software/firmware without the need to re-spin the silicon can be a competitive advantage.

To beat the competition, chip developers are relying on proven third-party security solutions that are readily available, certified, and future proof. Integrating third-party HDMI, DisplayPort, and USB-C IP allows design teams to innovate and focus on their core competencies while reducing risk and accelerating time to market in the competitive display markets.

IP security solutions supporting the HDCP 2.3 specification

The Synopsys DesignWare HDCP 2.3 IP Embedded Security Modules (ESMs) support the latest HDCP standards, including the errata changes released in July 2021 that affect the locality check protocol responsible for validating the distance between receivers and transmitters.

With DesignWare HDCP 2.3 IP, customers can choose whether they want to enable the changes as defined by the errata, or keep the pre-errata version to be compatible with the existing field deployments.

As specifications evolve, DesignWare HDCP 2.3 ESMs users can make upgrades easily, via firmware and potentially without the need for RTL changes. Synopsys’ flexible architecture enables a less-invasive upgrade that avoids silicon re-spins.

DesignWare HDCP 2.3 Security IP

The Synopsys HDCP 2.3 ESMs are complete security solutions that provide designers with a robust, standards-compliant implementation of the HDCP content-protection technology on HDMI 2.0/2.1, DisplayPort 1.4/2.0 and USB Type-C interfaces.

The HDCP ESMs include an authentication engine and a content encryption/decryption engine, as depicted in figure 2. The robust security architecture provides a hardware root of trust, secure boot, and runtime tamper protection for the HDCP ESM firmware, DCP key management, and system renewability. The firmware is located on the host, however, it is fully encrypted, and access to it is done by secure instruction memory controller buffers which are not addressable from the host infrastructure. The host is located outside of the secure perimeter and only minimal interaction is required from the host processor to control an ESM.

The HDCP ESMs are compact processor-based security modules that support encryption and decryption of high-resolution content streams, such as HD and Ultra HD for a broad number of use cases. The product family includes single, 2-port and 4-port solutions. Each port type can be configured individually, as Receiver (Rx), Transmitter (Tx), DisplayPort 1.4 or 2.0 single/multi stream (SST/MST), HDMI 2.0 or 2.1. The multi-port ESMs also support repeater use cases. For example, a 2-port ESM can be configured to support 1-to-1 repeater, DisplayPort in to DisplayPort out, HDMI in to HDMI out, or combinations HDMI in to DisplayPort out, DisplayPort in to HDMI out.


Fig. 2: DesignWare HDCP 2.3 Embedded Security Module block diagram.

When configured for multi-port use cases, the HDCP ESMs include a single authentication engine that services multiple ports in the content encryption/decryption engine to minimize area. The crypto cores are independently instantiated per content port to support the maximum transmission rates of HDMI 2.0, HDMI 2.1, DisplayPort 1.4 and DisplayPort 2.0.

The HDCP ESMs have been pre-integrated and pre-verified with Synopsys’ Receiver and Transmitter HDMI 2.0/2.1 controller and PHY IP (figure 3), as well as Synopsys’ Transmitter DisplayPort 1.4 controller IP and USB PHY IP to provide complete and compliant HDCP 2.3 solutions. Various configurations have received HDMI and VESA certifications, with extensive interoperability testing done in the lab and at plug fests.


Fig. 3: HDCP 2.3 Embedded Security Modules integrated with controllers.

Conclusion

Digital media and displays technologies are undergoing significant transformations. As more valuable video/audio content is streamed between a broad and growing range of large, high-resolution devices, system designers and content creators require that it is properly secured. The HDCP 2.3 security protocol is widely adopted in the industry for various interfaces, including HDMI, DisplayPort, USB Type-C, and it is evolving with the technology. Security solutions are required for the interfaces, not only to be compliant with the latest specifications but also to disarm malicious attacks. Long term, HDCP solutions need to be flexible and future-proof, able to quickly adapt and protect against new threats, and ready to align with new specification updates as much as possible without the need for silicon re-spin.

Synopsys is uniquely positioned in the IP market with complete HDCP 2.3 ESMs that are compliant with the latest standards and revisions, including the latest errata, are fully integrated with controllers, align with the latest technology demands, and enable SoC designers to quickly implement the required security with low risk and fast time to market.

In addition to DesignWare HDCP 2.3 Security Modules, Synopsys provides a broad portfolio of highly integrated security IP solutions that use a common set of standards-based building blocks and security concepts to enable efficient silicon design and high levels of security for a range of products in the mobile, automotive, digital home, IoT, and cloud computing markets.



Leave a Reply


(Note: This name will be displayed publicly)