Description
Modern smartphones feature trusted execution environments ( TEEs), which allow the
execution of security-critical applications in a hardware-protected environment isolated
from the main operating system. One such application is hardware-assisted digital
rights management (DRM ), which is designed to prevent unauthorized distribution of
protected audio and video content. For Android devices, this is implemented by the
proprietary Google Widevine technology which ensures that unencrypted content is
only processed in TEEs. The validity of DRM licenses issued by Widevine, which are
required for content playback, is limited to the devices that have requested the license.
While duplication of licenses is thus prevented, user authentication is not part of the
Widevine protocol and is the responsibility of content providers. Online streaming
services using Widevine rely on token-based authentication, which is not protected by
TEEs. In this work, the Widevine protocol is examined with a focus on a potential use
for delivery of confidential video material. A proxy-based architecture implementing
access control and a secure method for device authentication using the Widevine
protocol is developed to close the “authentication gap” and ensure the confidentiality
of videos even in case the Android operating system is fully compromised. Using
a proof-of-concept implementation, it is shown that a realization of this concept is
possible with some limitations without changes to existing Widevine components.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching