Cloud native EDA tools & pre-optimized hardware platforms
By: Dana Neustadter, Security IP Product Marketing Manager & Morten Christiansen, USB & DisplayPort Technical Marketing Manager, Synopsys
High-bandwidth Digital Content Protection (HDCP) 2.2 is a security specification for protecting delivery, recording and subsequent unauthorized copying or distribution of premium audio/video content. As we move into the era of transmitting and providing high resolution content like 4K Ultra-High Definition (UHD), High Dynamic Range (HDR) and 8K UHD, robust security becomes even more important for the protection of premium content. HDCP 2.2 is widely used today by HDMI connections, less often for DisplayPort connections, and very seldom with legacy USB connections. However, as USB Type-CTM connections are getting designed into devices from phones to televisions, keeping premium content secure as it travels through this interface is critical. This article describes the challenges system-on-chip (SoC) developers face in providing a secure solution to deliver UHD content over USB Type-C and the path to finding the right solution.
To deliver UHD content, content providers require higher security to be in place. Organizations like MovieLabs, founded by Hollywood studios Disney, Paramount, Twentieth Century Fox, Sony Pictures, Universal and Warner Bros provide specific guidelines on how to protect the content as it is moved from the source to the end displays. The MovieLabs Enhanced Content Protection specification requires that devices such as tablets, smartphones, UHD TVs and other media devices, which receive high value content, implement strict security measures to ensure that content cannot be copied or freely redistributed from those devices. Among other items, the MovieLabs specification requires:
Figure 1: End-to-end premium content protection with HDCP 2.2
Meeting these security requirements entails significant investment in R&D and is easy to get wrong, leaving an implementation vulnerable to attacks and implementers potentially open to liability.
For example, solutions based on a Trusted Execution Environment (TEE) enabled by a single CPU with hardware separation may not be sufficient to face these attacks. Having the solutions contained in a dedicated embedded security module (ESM) with a hardware root of trust helps address new and emerging threats in the field and provide high-grade security protection to meet the strict robustness rules of the HDCP 2.2 specification. Fault detection and side channel attack resistance must also be addressed as part of the total security solution, thus adding to the growing set of security requirements.
USB is a widely used interconnect standard, and the introduction of the USB Type-C connector is making USB Type-C ubiquitous. The USB Type-C connector is small, is used at both host and device ends of a cable, and can be plugged in either way up. It can deliver simultaneous power (with a local power source), data, video, and audio, in, for example, docking applications. Proprietary designs for USB video and HDCP over USB exist and have been quite a challenge to implement. Fortunately, DisplayPort Alternate Mode re-purposes USB Type-C pins for native DisplayPort signaling. This makes it feasible to use existing HDCP solutions.
As an SoC developer planning to support the latest multimedia requirements, finding a pre-integrated, well tested, and certified technology for protection against vulnerabilities is imperative. When looking for USB Type-C and HDCP 2.2 IP solutions, you should ask your supplier questions such as:
Robustness requirements are increasingly demanding and specifications are open-ended with respect to resisting attacks, therefore, choosing a supplier who demonstrates an understanding of this is key to market success.
The right solution goes beyond just current specifications and mandates. While compliance is a challenging and necessary requirement, planning for future threats is even more arduous yet imperative to consider.
SoC developers must ask their supplier to present track records of successful, interoperable and secure solutions as well as plans to address future threats. The supplier of choice should be the one that has a complete, robust and tested solution that not only meets all of the specified requirements from relevant standards, but also has the ability to respond to ongoing changes (Figure 2). Such a supplier gives SoC developers the confidence that their device will work as expected so they can focus on product differentiation and innovation.
Figure 2: Complete Synopsys USB Type-C & HDCP 2.2 Embedded Security Module
Synopsys provides a certified and interoperable solution that enables the highest content protection over the USB Type-C interface for UHD multimedia SoCs. The Synopsys HDCP 2.2 Embedded Security Module is flexible, highly secure, and it includes all necessary components required to meet the HDCP 2.2 on DisplayPort specification such as authentication, key exchange, and secure key stream generation. Synopsys USB-C IP solutions, including controllers, PHYs, VIP, IP Subsystems and IP Prototyping Kits, reduce designers¡¯ integration risk and time-to-market due to their long history of proven IP in volume production. Combined, this IP provides the ideal solution for content protection over the new USB Type-C interface.