2. Summary
• Current Trend on Set-top Box SoC Market
• Security Is Getting Complicated
• Trust Levels on Different HW/SW Architecture
• Why Bother with Security Processor?
• Consideration from Marketing to Hardware and System
Software
• Goal: The Complete System Level Security Solution
3. CurrentTrendon Set-topBoxSoCMarket
• Service providers needs isolated environments running DRM and
Conditional Access (CA) for security reasons.
• Therefore, hardware-based Trusted Execution Environment (TEE) is
necessary, especially on open platform like Android
• That means, secure OS environment on a security processor is
needed for security applications, flexibility and extensibility.
Security is Key Differentiator on STB SoC
4. SecurityIsGettingComplicated
Conditional Access (CA) Meets Open Platforms
• CA on open platform like Android is dangerous
• Smartcard-less CA is dream of service providers
• Secure API for security or service providers to hide their secrets is key
DRM Is Getting “Harder” (Hardware Support Is Necessary)
• Secure storage for keys or binary without host CPU access is a must
• Secured Video Path (SVP) without host access on encrypted and decrypted
video contents became mandatory for 4K contents
• Hardware unique key provisioning per device is extremely critical
System-Wide Security
• Firmware binary protection, secure boot and monitoring are needed
• Process and memory isolation are just basic requirements
Hard-wired Security Is Not Enough
5. Trust LevelsonDifferentHW/SWArchitecture
Virtualization TrustZone Security Processor
+ General open source
implementation
+ Multiple guest OSes
flexibility
< <
+ Security specific
execution space
+ System-level security
on CPU, memory,
interrupt, crypto, etc.
+ Proprietary API for
enhanced security
+ External memory
isolation with hardware
enforce
+ True TEE-based
security algorithms
+ Proprietary crypto and
key provisioning
+ Extensibility for vendor
specific implementation
- Complexity on VM
synchronization with
hypervisor
- Limited peripheral
access
- Performance impact on
additional guest VM
- No security specific
hardware optimization
- Lots of known attacks
- Simple secure software
required
- DRM and CA may not
be secure enough
- High overhead on
context switching - Complicated system
software design
- Time to market
6. WhyBotherwithSecureProcessor?
• Security Processor should be:
• a dedicated CPU core inside STB SoC
• running a secure RTOS and secure applications including DRM, CA, key
management, etc.
• communicating with host CPU through secure and proprietary interface
• Security Processor can provide:
• secure boot, secret storage, priority crypto access and restricted
memory access for security and SVP hardware
• true system-level Trusted Execution Environment (TEE)
• hardware-based memory isolation from rich OS such as Android, Linux
• Benefits for the system manufacturer:
• Rely on hardware root of trust for crypto keys and secure boot
• Better security than TrustZone
• Smartcard-less CA and CA on Android platform
• Hardware DRM support such as Widevine Level 1 and PlayReady 3.0
7. ConsiderationfromMarketingto Hardwareand
SystemSoftware
Marketing
- Collecting info from security vendors or partners
- Collect marketing requirements for security
- Define system architecture for security
Hardware Requirement
- Co-processor for secure OS and applications
- Priority access on crypto engine and secure host i/f
- Secure boot, secure storage and binary protection
System Software Consideration
- Easy use of secure processor interface and API
- Secure memory region for secure processor and SVP
- CA and DRM implementation and key provisioning
8. Goal:TheCompleteSystemLevelSecuritySolution
• Complete System Security:
• Security Processor provides hardware level security, also flexibility and
extensibility
• Hardware memory isolation for DRM/CA, firmware protection and SVP
• Key provisioning for unique hardware protection
• System Software Knowledge:
• Streaming integration including DASH, HLS, Smooth Streaming
• Whole-home streaming with DTCP-IP, external PVR
• Hardware DRM/CA/Crypto Support:
• Widevine Level 1, PlayReady 3.0 and Adobe PrimeTime
• NDS, Nagra, Irdeto, Verimatrix, Alticast, etc.
• RSA, TLS, OpenSSL, RNG, HDCP 2.2, forensic watermarking
System Level Security with Security Processor