The Renewal & Provisioning Working Group which operates under the CDSA has recently released a set of Implementation Guidelines which are now being shared across the industry for peer review. This group has been meeting bi-weekly for several years with the purpose of understanding how streaming devices can mitigate the risk of content being misused, or services providing that content being abused.
With contributors from across the industry, including Content creators, streaming service providers, DRM providers and IP-technology providers, this group has created security expectations and functional requirements for how devices can protect services and content.
These are reviewed with streaming device manufacturers to ensure expectations are clear and any requirements are practical. Input is also sought on how any recommendations will affect the user experience.
The topic under consideration by the working group led to the creation of a set of Implementation Guidelines which examine the issues associated with establishing the current state of the DRM Trusted Computing Base (TCB).
The TCB consists of hardware, firmware and software components that implement and support the DRM system. The challenges examined by the working group were to consider:
–How to securely update in the field any compromised DRM TCB or credentials in the field.
–How to ensure such updates cannot be rolled back to vulnerable firmware versions.
This builds upon previous work which produced platform agnostic recommendations for devices to achieve a Root of Trust (RoT). The device RoT enables establishment and measurement of the TCB to determine whether the state is adequate and if it is not, support restoring the state to a trustworthy one and then provisioning suitable DRM credentials to the secured environment.
For any additional information about the working group or to get involved please contact the Office of the Secretariat (secretariat@CDSAonline.org).
To provide any feedback on the implementation guidelines please use the feedback form.
