Last week, Irdeto of the Netherlands announced its new ActiveCloak for Media content protection technology for video. This is a real, bona fide breakthrough technique. It’s also revolutionary, in that it starts with a a bold statement for the DRM industry: an admission that it has a problem.
A long, long time ago, there was a myth: that DRM was hack-proof. Most knowledgeable people stopped believing this myth years ago, especially since it came to light that many DRMs were designed to be cheap to implement rather than strongly protective of content. But somehow the myth persisted and was very hard to eradicate.
The media industry responded to weak DRM in a couple of ways. First, they got a law passed that made hacking DRMs illegal. This law — the DMCA — placed liability for hacking solely on the hacker. The idea was to deter hackers through criminal penalties rather than to give incentives to technology vendors to create stronger DRMs, or to make the vendors liable for hacks.
Next, the industry created licensing frameworks for DRM technologies that bolstered them by imposing additional technical obligations on implementers. If you wanted to implement a system using a certain DRM technology, you had to agree to so-called robustness rules, which were designed to prevent the software “around” the DRM from leaving doors open to hackers. Robustness rules cover things like how to hide keys in software and how to “harden” software so that it can’t be reverse engineered.
As we know, DRMs are still routinely hacked.
Yet in some quiet corners of the industry, hacking is treated as a given. One example: the CEO of a software antipiracy technology company recently boasted about his company’s success in the gaming market. He measures success by the length of time until a game is hacked. The game publisher is pleased, he says, because his technology works well enough that games aren’t hacked until after their “new and hot” period is over. By this point, the game company has made the bulk of its money; it’s happy for the hacked game to “go viral” and generate demand for the next version of the game.
Try telling this to a Hollywood studio.
Meanwhile, DRM technologies have advanced by limiting the impact of hacks, through techniques such as key revocation (preventing the offending device from doing any more damage) and field-upgradeable encryption (changing the encryption algorithm so that a specific hack no longer works). But these techniques are analogous to making air passengers take their shoes off at security because someone tried to hide a bomb in his shoe once: they don’t prevent the damage from happening in the first place.
With last week’s announcement of ActiveCloak, Irdeto has taken the next logical step. Instead of trying to design DRMs so that they are hack-proof, or even so that they take as long as possible until they are hacked, assume they are going to be hacked and act before they are.
ActiveCloak enables network operators and service providers to change the content protection software proactively as well as reactively. Instead of upgrading the encryption or revoking keys after a hack — or as we Americans say, locking the barn door after the horse has escaped — ActiveCloak lets operators change the client configuration on a regular basis at intervals shorter than the time to expected hack. (Service providers could do this on their own, but ActiveCloak makes the process automated and much more straightforward.)
Irdeto doesn’t just do this by changing encryption keys or even random seeds used in code obfuscation algorithms. ActiveCloak represents a synergy between Irdeto’s legacy content protection technology for digital TV and the software hardening and key hiding technologies of Cloakware, which Irdeto acquired in late 2007.
Cloakware’s main offering in the digital media industry is tools and techniques for hardening DRM implementations so that they meet robustness rules. Many implementers of several different DRMs use Cloakware to harden their code; its only real competition in the digital media market is the smaller Arxan Technologies.
In fact, when the acquisition was announced three years ago, I had assumed that Irdeto’s objective was to collect a “toll” from those who implement content protection solutions from its competitors.
Now we have a product that embodies true synergies between the legacy Irdeto and Cloakware technologies. The system renews itself with respect to the key hiding and code hardening as well as the content protection itself, and it does so on a proactive basis. ActiveCloak gives new meaning to the term “race against the hackers”: hackers must do their thing before the clock runs out and the system is renewed. The integration of Cloakware’s technology makes outwitting this system that much more difficult — assuming, of course, that no one figures out a way to disable the overall scheme.
As Irdeto admits, ActiveCloak will be more expensive than comparable video content protection technologies — in terms of both upfront cost and operational complexity. The company argues that the total cost of ownership is lower than that of a system that has to be patched or replaced due to hacks.
With pay TV operators (cable or satellite), this may well be a reasonable sales proposition. Pay TV operators are somewhat unique among content service providers in that their economic incentives are aligned with those of TV networks, movie studios, and other content owners: none of these entities want their signals to be stolen. The same is emphatically not true for, say, an Internet content retailer or consumer device maker.
ActiveCloak for Media is initially targeted toward OTT (over-the-top or IP-based) content delivery to tablet, Google TV, and other devices. Ports to Apple iOS, Android, and Intel’s “Sodaville” chipset for set-top boxes exist. The technology is running on three Google TV platforms, Boxee, and tablet and PC implementations with unnamed operators.
Although ActiveCloak is a real step forward in content protection technology, it still presupposes that Hollywood is dissatisfied enough with current technologies — and the various legal backstops — to make its content licensees pay a premium for the new technology. It’s doubtful that Hollywood studios will take other content protection technologies off their “approved lists,” but it may make robustness rules more stringent with respect to renewability.
At the same time, I’ll hazard a guess that if this approach catches on — if the rest of the industry is willing to admit that it has a problem — then Irdeto’s competitors will be looking to emulate ActiveCloak. If I were Arxan, I’d have investment bankers ready and waiting to field the incoming acquisition offers. And if I were Irdeto, I’d have my patent lawyers working overtime to protect the technology.