Enabling Effective HDCP Protection – With Or Without a TrustZone

Your premium content requires effective HDCP protection. Take a look at how you can drive secure content flow between HDCP connected devices over wired and wireless interfaces like Miracast – even in the absence of complex TrustZone mechanisms.

While consumer appetite for 4K content continues to rise, content creators face the need to protect their premium quality content from the risk of unauthorized mass duplication and distribution. This explains the growing importance of High Definition Content Protection (HDCP). HDCP protection ensures effective content gatekeeping in the last stage of the distribution process, using rigorous authentication and encryption techniques.

HDCP 2.2 that replaces HDCP v1.x is a truly versatile content protection protocol.

HDCP 2.2 enables secure distribution of high definition audio-visual content over wired (DVI, HDBASE-T and DisplayPort) and wireless (Miracast, WirelessHD and WHDI) interfaces. It drives secure content flow between two or more HDCP connected devices such as smartphones, tablets (typically content transmitters), digital displays, set-top boxes and game consoles (typically content receivers).

Secure Key Management: The Key to HDCP Protection

To be enabled for HDCP reception, a receiver has to obtain the ‘license key’ from DCP LLC. The key is used during the negotiation with the HDCP transmitter to authenticate the receiver. If the HDCP receiver is compromised, the transmission of the HDCP content is immediately revoked.

Fail proof HDCP protection hinges on the safety of the license keys during storage and runtime operations. This in turn depends on effective adherence to the following compliance and robustness rules for HDCP receivers:

Compliance Requirements for HDCP Receivers

• No copies can be created with the decrypted content.
• Audio/video decrypted content may be temporarily buffered, only until it is presented to the rendering display after any decoding/post processing operations.
• Decrypted content should not be output to any digital output unless the presentation device is a repeater.

Robustness Requirements for HDCP Receivers

• License keys should be securely stored, protected from commonly available decompiling tools and debugging tools, and not be available to hackers from the file system or in the binary images in the system.
• Values of the license key should not be available in clear or tampered with at any point of time.
• Execution of critical functions of the HDCP implementations should be in supervisor mode or in secure hardware.
• In the case of total software implementation, code obfuscation or other techniques must be implemented to hamper the understanding of the software flow and execution.
• Decrypted data should not be available for interception and copying during data flow between software modules.
• In the event these functions are tampered with, it should cause immediate authorization and decryption failure.

The proven way to drive a highly secure implementation of the HDCP receiver stack is through a protected Arm ‘TrustZone’ environment. However, the support for TrustZone across devices and platforms range from complete to limited or no support. Notwithstanding this fact, HDCP protection remains a critical aspect that cannot be ignored. Therefore, we can leverage any of the following three ways to protect premium content, depending upon our platform or device requirements:

TrustZone based implementation: With full support for TrustZone

Non-TrustZone based implementation: Without a TrustZone

Hybrid implementation: With partial support for TrustZone

How Ittiam Enables HDCP Implementation for Miracast

HDCP is a critical component of Miracast – a versatile wireless standard that has gained increased relevance in recent times. While customers have a wide range of Miracast requirements, the most common requirement for all the use cases is a reliable HDCP reception stack that integrates with all the relevant Miracast components, and enables secure content playback.

We provide HDCP receiver implementations as a standalone component or in combination with the Ittiam Miracast solution. Take a look at Figure 1. to understand how we execute the various components of an HDCP implementation with and without complex TrustZone mechanisms in the hardware, as well as through a hybrid model.