Last week, Irdeto of the Netherlands announced its new ActiveCloak for Media content protection technology for video. This is a real, bona fide breakthrough technique. It’s also revolutionary, in that it starts with a a bold statement for the DRM industry: an admission that it has a problem.
A long, long time ago, there was a myth: that DRM was hack-proof. Most knowledgeable people stopped believing this myth years ago, especially since it came to light that many DRMs were designed to be cheap to implement rather than strongly protective of content. But somehow the myth persisted and was very hard to eradicate.
The media industry responded to weak DRM in a couple of ways. First, they got a law passed that made hacking DRMs illegal. This law — the DMCA — placed liability for hacking solely on the hacker. The idea was to deter hackers through criminal penalties rather than to give incentives to technology vendors to create stronger DRMs, or to make the vendors liable for hacks.
Next, the industry created licensing frameworks for DRM technologies that bolstered them by imposing additional technical obligations on implementers. If you wanted to implement a system using a certain DRM technology, you had to agree to so-called robustness rules, which were designed to prevent the software “around” the DRM from leaving doors open to hackers. Robustness rules cover things like how to hide keys in software and how to “harden” software so that it can’t be reverse engineered.
As we know, DRMs are still routinely hacked.
Yet in some quiet corners of the industry, hacking is treated as a given. One example: the CEO of a software antipiracy technology company recently boasted about his company’s success in the gaming market. He measures success by the length of time until a game is hacked. The game publisher is pleased, he says, because his technology works well enough that games aren’t hacked until after their “new and hot” period is over. By this point, the game company has made the bulk of its money; it’s happy for the hacked game to “go viral” and generate demand for the next version of the game.
Try telling this to a Hollywood studio.
Meanwhile, DRM technologies have advanced by limiting the impact of hacks, through techniques such as key revocation (preventing the offending device from doing any more damage) and field-upgradeable encryption (changing the encryption algorithm so that a specific hack no longer works). But these techniques are analogous to making air passengers take their shoes off at security because someone tried to hide a bomb in his shoe once: they don’t prevent the damage from happening in the first place.
With last week’s announcement of ActiveCloak, Irdeto has taken the next logical step. Instead of trying to design DRMs so that they are hack-proof, or even so that they take as long as possible until they are hacked, assume they are going to be hacked and act before they are.
ActiveCloak enables network operators and service providers to change the content protection software proactively as well as reactively. Instead of upgrading the encryption or revoking keys after a hack — or as we Americans say, locking the barn door after the horse has escaped — ActiveCloak lets operators change the client configuration on a regular basis at intervals shorter than the time to expected hack. (Service providers could do this on their own, but ActiveCloak makes the process automated and much more straightforward.)
Irdeto doesn’t just do this by changing encryption keys or even random seeds used in code obfuscation algorithms. ActiveCloak represents a synergy between Irdeto’s legacy content protection technology for digital TV and the software hardening and key hiding technologies of Cloakware, which Irdeto acquired in late 2007.
Cloakware’s main offering in the digital media industry is tools and techniques for hardening DRM implementations so that they meet robustness rules. Many implementers of several different DRMs use Cloakware to harden their code; its only real competition in the digital media market is the smaller Arxan Technologies.
In fact, when the acquisition was announced three years ago, I had assumed that Irdeto’s objective was to collect a “toll” from those who implement content protection solutions from its competitors.
Now we have a product that embodies true synergies between the legacy Irdeto and Cloakware technologies. The system renews itself with respect to the key hiding and code hardening as well as the content protection itself, and it does so on a proactive basis. ActiveCloak gives new meaning to the term “race against the hackers”: hackers must do their thing before the clock runs out and the system is renewed. The integration of Cloakware’s technology makes outwitting this system that much more difficult — assuming, of course, that no one figures out a way to disable the overall scheme.
As Irdeto admits, ActiveCloak will be more expensive than comparable video content protection technologies — in terms of both upfront cost and operational complexity. The company argues that the total cost of ownership is lower than that of a system that has to be patched or replaced due to hacks.
With pay TV operators (cable or satellite), this may well be a reasonable sales proposition. Pay TV operators are somewhat unique among content service providers in that their economic incentives are aligned with those of TV networks, movie studios, and other content owners: none of these entities want their signals to be stolen. The same is emphatically not true for, say, an Internet content retailer or consumer device maker.
ActiveCloak for Media is initially targeted toward OTT (over-the-top or IP-based) content delivery to tablet, Google TV, and other devices. Ports to Apple iOS, Android, and Intel’s “Sodaville” chipset for set-top boxes exist. The technology is running on three Google TV platforms, Boxee, and tablet and PC implementations with unnamed operators.
Although ActiveCloak is a real step forward in content protection technology, it still presupposes that Hollywood is dissatisfied enough with current technologies — and the various legal backstops — to make its content licensees pay a premium for the new technology. It’s doubtful that Hollywood studios will take other content protection technologies off their “approved lists,” but it may make robustness rules more stringent with respect to renewability.
At the same time, I’ll hazard a guess that if this approach catches on — if the rest of the industry is willing to admit that it has a problem — then Irdeto’s competitors will be looking to emulate ActiveCloak. If I were Arxan, I’d have investment bankers ready and waiting to field the incoming acquisition offers. And if I were Irdeto, I’d have my patent lawyers working overtime to protect the technology.
Copyright and Technology 
Great piece! But is ActiveCloak merely a technique, or an overal content protection solution? If it is the former, it should bolster the opportunity for DRM vendors, whose implementations are already and often hardened with Cloakware; Irdeto just found a way to make more money from robustness rules. If the latter, it presents a real challenge across the board. Though success depends on industry willingness to adopt.
Yoav,
As I understand software hardening techniques, they can be adapted to virtually any DRM client code, so at a conceptual level there is no reason why the same combination of software hardening/key hiding could not be combined with, say, Marlin or Widevine or NDS or Nagravision. Any such technique needs to be done differently for each combination of DRM and platform (e.g. Android on x86, Android on ARM, Windows on x86).
It’s possible that Irdeto has ways of making the process of system renewal more easily automatable with its own technology, thus making it more like an “overall content protection solution” than “merely a technique.” It’s also possible that there are certain application hooks in the Irdeto client code that the Cloakware techniques can leverage, which are not present in other DRM software clients. I would invite the Irdeto folks to reply here and explain further.
Yet “mak[ing] more money from robustness rules” will be a tough sell in any case. Robustness rule compliance on certain platforms is not cheap, and (as I have said before) it often turns up as a “bad surprise” to implementers who often express incredulity that it’s required and isn’t somehow built into the DRM.
Thanks Bill for providing an excellent answer to Yoav’s comments, as well as to Yoav for your views. Indeed we often find a lack of understanding in the industry about the complexity around robustness rule compliance and about the more holistic approach required to sustainable business model protection in today’s app-focused world.
To Yoav’s comment, Irdeto ActiveCloak is about much more than just robustness and compliance. It is an overall dynamic security approach that is applied to the entire media solution. Irdeto’s overall service proposition includes the initial threat analysis of the customer’s solution, the implementation of ActiveCloak agent components into all relevant parts of that application (e.g. DRM, adaptive streaming, and other parts of the media path), and the ongoing monitoring and updating of the application’s security over time. Only this type of dynamic security enables companies to obtain content licenses for the newest platforms and get more premium content onto them. More importantly, it protects the business model of the operator.
Yoav’s final point is well taken. Dynamic security is a new category that Irdeto has recognized as a fundamental necessity for companies leveraging highly sought after content. But as Bill correctly points out, there are significant limitations of the current static model, and with an ever-increasing number of business models dependent on protection, the time for dynamic security has arrived. Industry leaders like Netflix, Boxee, Comcast and Sony have already recognized this, and we expect many others to follow.