TUM Logo

A Concept of Confidential Video Delivery based on Widevine Google DRM Engine

Announcement: Bachelor’s thesis in cooperation with Fraunhofer AISEC, Garching A Concept of Confidential Video Delivery based on Widevine Google DRM Engine The task of streaming video in secure and confidential way arises in many usecases like CCTV video surveillance, videoconferencing, playback of security critical content. Depending on the device architecture and operating system used, the security and privacy goals might be jeopardized by malicious software installed on the client device. For instance, malware with root access on an Android mobile phone would be able to eavesdrop or tamper with the video stream. A possible solution, resilient to both user- and Kernel-level malware, might be built utilizing the Widevine DRM services provided by Google: The architecture of Widevine allows decryption and playback of video streams in hardware reinforced enclaves, e.g., secure world of ARM TrustZone architecture, such that the cleartext data never leaves the secure execution environment. Task Description: The goals of this project can be summarized as follows: • Security analysis of the Widevine DRM system. Research on the system architecture and security properties. • Development of an overall architecture for secure and confidential video data delivery system with strong security guarantees: The cleartext Videodata should only be processed in HW-reinforced trusted execution environments, i.e., confidential cloud infrastructure based on AMD SEV technology for video encryption and packaging and ARM TrustZone on the end-device for video de- cryption and playback. • Proof of concept implementation and evaluation of the proposed concept. Prerequisites: The candidate should fulfill the following requirements: • Good understanding of cryptography and IT security • High motivation and independent work style • Good programming skills in C/C++ • Basic knowledge of video formats is advantageous Contact Mykolai Protsenko, Dr.-Ing. Albert Stark Telefon: +49 89 322-9986-192 +49 89 32299 86 1038 E-Mail: mykolai.protsenko@aisec.fraunhofer.de albert.stark@aisec.fraunhofer.de Fraunhofer Institute for Applied and Integrated Security (AISEC) Secure Operating Systems Lichtenbergstraße 11, 85748 Garching

A Concept of Confidential Video Delivery based on Widevine Google DRM Engine

Supervisor(s): Dr. Mykolai Protsenko, Albert Stark
Status: open
Topic: Others
Type of Thesis: Bachelorthesis
Proof of Concept No
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Astract:

Announcement: Bachelor’s thesis in cooperation with Fraunhofer AISEC, Garching A Concept of Confidential Video Delivery based on Widevine Google DRM Engine The task of streaming video in secure and confidential way arises in many usecases like CCTV video surveillance, videoconferencing, playback of security critical content. Depending on the device architecture and operating system used, the security and privacy goals might be jeopardized by malicious software installed on the client device. For instance, malware with root access on an Android mobile phone would be able to eavesdrop or tamper with the video stream. A possible solution, resilient to both user- and Kernel-level malware, might be built utilizing the Widevine DRM services provided by Google: The architecture of Widevine allows decryption and playback of video streams in hardware reinforced enclaves, e.g., secure world of ARM TrustZone architecture, such that the cleartext data never leaves the secure execution environment. Task Description: The goals of this project can be summarized as follows: • Security analysis of the Widevine DRM system. Research on the system architecture and security properties. • Development of an overall architecture for secure and confidential video data delivery system with strong security guarantees: The cleartext Videodata should only be processed in HW-reinforced trusted execution environments, i.e., confidential cloud infrastructure based on AMD SEV technology for video encryption and packaging and ARM TrustZone on the end-device for video de- cryption and playback. • Proof of concept implementation and evaluation of the proposed concept. Prerequisites: The candidate should fulfill the following requirements: • Good understanding of cryptography and IT security • High motivation and independent work style • Good programming skills in C/C++ • Basic knowledge of video formats is advantageous Contact Mykolai Protsenko, Dr.-Ing. Albert Stark Telefon: +49 89 322-9986-192 +49 89 32299 86 1038 E-Mail: mykolai.protsenko@aisec.fraunhofer.de albert.stark@aisec.fraunhofer.de Fraunhofer Institute for Applied and Integrated Security (AISEC) Secure Operating Systems Lichtenbergstraße 11, 85748 Garching