草榴社区

Ensuring Content Protection over USB Type-C

By: Dana Neustadter, Security IP Product Marketing Manager & Morten Christiansen, USB & DisplayPort Technical Marketing Manager, 草榴社区

High-bandwidth Digital Content Protection (HDCP) 2.2 is a security specification for protecting delivery, recording and subsequent unauthorized copying or distribution of premium audio/video content. As we move into the era of transmitting and providing high resolution content like 4K Ultra-High Definition (UHD), High Dynamic Range (HDR) and 8K UHD, robust security becomes even more important for the protection of premium content. HDCP 2.2 is widely used today by HDMI connections, less often for DisplayPort connections, and very seldom with legacy USB connections. However, as USB Type-CTM connections are getting designed into devices from phones to televisions, keeping premium content secure as it travels through this interface is critical. This article describes the challenges system-on-chip (SoC) developers face in providing a secure solution to deliver UHD content over USB Type-C and the path to finding the right solution.

Securing Content

To deliver UHD content, content providers require higher security to be in place. Organizations like MovieLabs, founded by Hollywood studios Disney, Paramount, Twentieth Century Fox, Sony Pictures, Universal and Warner Bros provide specific guidelines on how to protect the content as it is moved from the source to the end displays. The MovieLabs Enhanced Content Protection specification requires that devices such as tablets, smartphones, UHD TVs and other media devices, which receive high value content, implement strict security measures to ensure that content cannot be copied or freely redistributed from those devices. Among other items, the MovieLabs specification requires:

  • Protection of content sent to a remote display using High-bandwidth Digital Content Protection (HDCP) 2.2 link protection (Figure 1)
  • A hardware root of trust to protect Digital Rights Management (DRM) and link protection keys
  • A secure computation environment, hardware-enforced, for authenticating code that performs critical operations at power up and during runtime
  • A protected video processing pipeline
  • A random number generator compliant with NIST SP800-90C specification
Figure 1: End-to-end premium content protection with HDCP 2.2

Figure 1: End-to-end premium content protection with HDCP 2.2

Meeting these security requirements entails significant investment in R&D and is easy to get wrong, leaving an implementation vulnerable to attacks and implementers potentially open to liability.

For example, solutions based on a Trusted Execution Environment (TEE) enabled by a single CPU with hardware separation may not be sufficient to face these attacks. Having the solutions contained in a dedicated embedded security module (ESM) with a hardware root of trust helps address new and emerging threats in the field and provide high-grade security protection to meet the strict robustness rules of the HDCP 2.2 specification. Fault detection and side channel attack resistance must also be addressed as part of the total security solution, thus adding to the growing set of security requirements.

Finding the Right USB Type-C Security Solution

USB is a widely used interconnect standard, and the introduction of the USB Type-C connector is making USB Type-C ubiquitous. The USB Type-C connector is small, is used at both host and device ends of a cable, and can be plugged in either way up. It can deliver simultaneous power (with a local power source), data, video, and audio, in, for example, docking applications. Proprietary designs for USB video and HDCP over USB exist and have been quite a challenge to implement. Fortunately, DisplayPort Alternate Mode re-purposes USB Type-C pins for native DisplayPort signaling. This makes it feasible to use existing HDCP solutions.

As an SoC developer planning to support the latest multimedia requirements, finding a pre-integrated, well tested, and certified technology for protection against vulnerabilities is imperative. When looking for USB Type-C and HDCP 2.2 IP solutions, you should ask your supplier questions such as:

  • Are all the features required by the market supported?
  • How was this solution tested for interoperability?
  • Is the solution certified by DCP (Digital Content Protection) licensing authority?
  • Can you explain in detail how robustness criteria were met?
  • What protection is provided against side channel attacks? Also against code modifications, fuzzing, glitching and fault injection? How have those been evaluated and what were the results?
  • How many designs and devices in the market use this implementation?

Robustness requirements are increasingly demanding and specifications are open-ended with respect to resisting attacks, therefore, choosing a supplier who demonstrates an understanding of this is key to market success.

Make it Future-Proof

The right solution goes beyond just current specifications and mandates. While compliance is a challenging and necessary requirement, planning for future threats is even more arduous yet imperative to consider.

SoC developers must ask their supplier to present track records of successful, interoperable and secure solutions as well as plans to address future threats. The supplier of choice should be the one that has a complete, robust and tested solution that not only meets all of the specified requirements from relevant standards, but also has the ability to respond to ongoing changes (Figure 2). Such a supplier gives SoC developers the confidence that their device will work as expected so they can focus on product differentiation and innovation.

Figure 2: Complete DesignWare USB Type-C & HDCP 2.2 Embedded Security Module

Figure 2: Complete 草榴社区 USB Type-C & HDCP 2.2 Embedded Security Module

草榴社区 provides a certified and interoperable solution that enables the highest content protection over the USB Type-C interface for UHD multimedia SoCs. The 草榴社区 HDCP 2.2 Embedded Security Module is flexible, highly secure, and it includes all necessary components required to meet the HDCP 2.2 on DisplayPort specification such as authentication, key exchange, and secure key stream generation. 草榴社区 USB-C IP solutions, including controllers, PHYs, VIP, IP Subsystems and IP Prototyping Kits, reduce designers’ integration risk and time-to-market due to their long history of proven IP in volume production. Combined, this IP provides the ideal solution for content protection over the new USB Type-C interface.