<img height="1" width="1" src="https://www.facebook.com/tr?id=414634002484912&amp;ev=PageView &amp;noscript=1">

Is the future of content protection cloudy(y)?

October 23, 2014

Eric Diehl, who until very recently was with Technicolor, presented a paper on "Is the Future of Content Protection Cloud(y)?) Security is about trust, he said. "You cannot build something without trust," he said. He divided the cloud into data centers, private cloud, community cloud and public clouds and divided trust into hardware, OS/VM, administration and access. The highest levels of trust for these elements were for data centers and private clouds; the public cloud engenders the least amount of trust. "Rule No 1 of security," he said. "Attackers will always find a way."

He looked at the main threats to content protection. "The first is a data breach," he said. "Remediation plan seems simple: encryption at rest. Second is data loss. Remediation is physical untethered backup. Malicious insiders is another threat, and the public cloud increases this risk.  The majority of damage happens here. The remediation is, only one, log and monitoring. Nothing beats this. Shared technology vulnerability is very specific to the cloud, and it comes as a class attack such as Shell Shock or Heartbleed. The only remediation is a quick reaction team, which must be aware, listening."

More exotic threats include data integrity - someone able to alter your data. "Encryption doesn't necessarily stop tampering," he warned. "Encryption makes tampering more difficult but not impossible. The only thing is tamper detection. " Media Sanitization, with the disposal of servers and hard drives of cloud infrastructure. You must make sure that your provider is following SLA Guidelines and sanitizing hard drives before disposing of them. Weak implementation is another threat. More complexity means there's a larger surface of attack. The remediation is to development and review by real security experts -- and there aren't a lot of them. Review is complex; don't let your team do it. We must request guidelines also and then follow them. Those guidelines are not proper, I think, for the cloud. We need guidelines specifically dedicated to the cloud."

Secure delivery of content today uses a watermark embedder which means it has to be encrypted on delivery but puts a burden of proof that content has not been stolen on the content rights holder. Next generation secure delivery of content prepares the watermark and encrypts it, with a watermark embedder. "Only Alice receives the content meant for Alice," he said.

Diehl's conclusion was that the Cloud, by definition, increases the risk on content protection. "Some architectural choices and new technologies may mitigate the risks," he said. "New MPAA guidelines are urgently needed. And last, the devil is in the details in security."

Tag(s): VM , OS

Debra Kaufman

Related Posts