From The RDK Users Conference 2015: Ensuring Safe and Secure Expansion of RDK
By JT Taylor, Senior Marketing Manager, Service Provider Solutions Marketing, Cisco
It goes without saying … Securing your prized assets is paramount. There is no upside to being King of the Kingdom if someone else has the keys. As our market evolves and RDK (Reference Design Kit) evolves with it, keeping your content, and your network, secure is at the forefront.
Certainly we all recognize that there is now a large population of Internet connected devices that access the Service Provider’s network. And each day that population is growing. Globally, there will be 24.4 billion networked devices in 2019, up from 14.2 billion in 2014, according to Cisco’s recent Visual Networking Index Forecast 2014-2019. Both managed and unmanaged devices now share the same IP-based network, and often many of the same open-source components, increasing the number of attack vectors we must protect against. At the same time, the value of the content we must protect is increasing, with 4K quickly becoming a factor.
So, how do we ensure the “safe” and “secure” expansion of RDK in a world with both an increased number of threats, and higher value content to be protected? We must work together as a community. All RDK community members benefit from the exchange of experiences both good and bad, as well as our contributions. Put another way, we must build and leverage a shared knowledge base. At today’s RDK European Summit in Amsterdam, Dr. Ken Morse, CTO for Cisco’s Service Provider Video Software and Solutions, is presenting on the following security related topics and questions:
Conditional Access (CA)
Initial RDK releases only needed to support CableCARD based CA for North American deployments, but a world-wide community with multiple standards means that RDK must expand to support multiple conditional access methodologies. We as a community must work together to ensure that these additions are done in a consistent manner for the benefit of all CA vendors and Service Providers.
Creating and Evolving a Trusted Environment
Protecting content requires a trusted environment in which to operate. Is your boot process secured and protected with image signing, authentication, and a chain of trust? Are you following best practices for securing your keys for DRM, CA, HDCP, and others? What needs to be done to harden the Linux environment?
And what technologies are coming to the forefront that might help in this area? What can be done to leverage Trust Execution Environments, multi-process sandboxing, or virtual container technology?
4K, OTT Content, and DRM
We all know that 4K content brings new security requirements. What have we done as a community, and what do we still need to do to prepare the RDK for the 4K revolution? Are your devices ready for the new hardware requirements such as HDCP 2.2 and TEE? Do your bootloaders have the ability to renew and revoke signatures when needed? What watermarking technologies will be needed?
And even non-4K OTT video will require additional DRMs and application models. Will Encrypted Media Extensions be the answer to supporting multiple DRMs in RDK?
We’d love to hear from you! Tweet us @CiscoSPVideo for questions or comments.