ISO IEC 23009-4:2013 download.Intormation technology — Dynamic adaptive streaming over HTTP (DASH) — Part 4: Segment encryption and authentication.
Secure I-lash Algorithm, as specified in F1PS 180-3
SN Segment Number
Transport Layer Secisity
URI Uniform Resource Identifier
Uniform Resource Locator
URN Uniform Resource Name
3.3 Notation
Media Segment with Segment Nunil,er 1 S(
Cryptoperiod stwlmg with Segment Number sand havrng dMedia Segments: CP(i.d)
Key and iniliahzahon vector m use during CPfrd): Kp 1Vp
4 Introduction
4.1 Segmenl Encryption
The content protection framework provided in this pail of ISOIIEC 23009 Is a framework for out-of-band derivation of parameters needed for successtul decryption of media segments. The tools provided are MPD interlaces that allow derivation at’ key and initiatizahon parameters, baseline encryption and key resolution methods, and. lastly, il provides extensibility points to accommodate ditterent key resolution and encryption algonlhms using The same interfaceConceptually, the content protection framework provided in thés pan of the standard can be viewed as two
entities, key system and encryption system. Key system derives keys associated with a segment given the information provided in the MPD, wIllie the encryption system decrypts media segments given the information provided In the MPD and encryption keys provided by the key system.
The baseline mandatory system applies AES-CBC encryption to a complete segment and uses HTTP(S) for key transport In this baseline system the DASH client lI be able to recognize uniquely for each segment which key and initialization vector were used for their encryption. The cent will then issue a GET request for the key, and will either Issue a GET request for the Initialization vector or derive It locally After receiving key and initialization vector, the DASH client can successfully decrypt the media segment and pass it to the media engine. In thés description. AES-CSG full segment encryption Is the encryption system, and key efrieval using H1TPS) Is the key system.
As most DRM systems enPoy license-based systems to derive keys, license-based key systems are supported In ISO IEC 23009-4 In this case, a license is retrieved, and the key URIS are opaque key Identifiers. The license-based key system will resolve these ID’s kilo keys in an unspeciried way, and pass the keys to an encryption system. The latter, having keys provided by the key system and the encryption information (e.g. algorithm specification and IV) provided by the UPO, decrypts the media segment.
Additional encryption methods can be signalled using URIs and (possibly) generic encryption•related parameters provided lii this part of ISQIEC 23009This part of LSOIEC 23009 is format-independent: it does not apply specrlically to any type of media segment, and its notion of Cryploperiods Is coetely divorced from any specific segment type. The baseline encryption system applies to a complete segment.
The nOrmative part of this framework provides (a) the MPD interlace, and (b) baseline key and encryption systems, These are shown in Figurel — Baseline Segment Encryption. Note that the implementation shown in this figure is lot illustration purposes. and many of the operations can be optirmzed e.g. by parallelization and pre-f etching.
The Segment Encryption scheme specifies standerd encryption and key mapping methods that may be used when segment protection is needed. The scheme operates by applying encryption to segments, which are thus transrtetted in a protected tashion. Detinitlons are provided to identity the segments as encrypted, and to identify the sppropriate key(s) and tV(s) from a UPD,
4.2 Segment Authentication
The Segment Authentication framework Is a framework allowing use of authenticity tags tot all DASH segment types in order to verity the ongin and content authenticity. This framework works by calculating a digest or a MAC of an unencrypted segment and storing the value externally The MPO interface provides URL templates to retrieve these, using HTTPS at HTTP. The client retrieves the digestsignature, then calculates them locally on Itie decrypted (sub)segment. and can raect the (sub)segmenl in case of a mismatch.
If used together with encryption. the mode of operation of this framework is authenticate. then encrypr. rather than the mote common “encrypt, then aultientlcate mode. The former provides an Important feature of encryption Invariance: it no encryption, or different encryption algorithm or/and parameters were used lot encryption of the same media segment for serving It to different clients, the authenticity tag will still stay the same as long as the content itself has not changed.
bnplementation of the appropriate encryption system is essential; hence a client that does riot implement the algOrllhm specified In Seqentzncryptien4.,chemeldtJri should not atlemp( to present any encrypted media segment,
A cent shall implement the AES. 128 CBC encryption scheme speched In 8.3.2 below.
6.32 AES-128 CBC Encryption System
The AES-128 CBC full-segment encryption system is idenithed by the URN urn:mpcdash:ees:
aeal2ll-cbc:2013. Support of this scheme is mandatory for dents implementing this part of ISOIIEC 23009.
hi this algonthm, AES cipher with 128-bit keys used in CBC mode, Encryption shall be applied to complete segments Segments shall be padded following the PKCS7 specification to be a multiple of 16 bytes, as descr4ed In RFC 5652. Segments siart at the beginning of a 16-byte block This means that if encrypted media segments are accessed through byte ranges, the segment boundaries shall be on 16-byte boundaries.
Cipher Blod Ctialn.ng occurs only within a segment: at the beginning of each segment. encryption re-starts using the applicabie key and initialization vector.
6.3.3 AES-128 GCU Encryption System
The AES-128 GCM lull-segment encryption system Is identified by the URN urn:mpeg : dash: sea: aesl2ll – gcm:201 3. Support for this sd’ieine is optional for clients iroplemenling this part of ISOrtEC 23009.
In this algorithm, AES cipher is used in 0CM mode with 96-bit Initialization vectors and 126-bit authentication tags. Encryption shall be applied 10 complete segments.
A single combination of key and initialization vector shall be used only once during the whole Period. As a consequence, a cryploperiod In this encryption system shall only const of a single segment. and there shall be no identical key/lV combinations within the Period.
Autheriticaflori tag is appended to the last byte of the segment (ie.. encrypted segment is llauthTegienqth bytes longer than the unencrypted one).
6.4 Cryptoperlods
64.1 General
Each Media Segment is associated with zero or one cryploperiod; segments that have no cryptopeciod associated with them shaM not be encrypted, In a cryptoperiod. segments are encrypted with the same key/tV pair. The properties of a cryploperlod are a key, an Initialization vector, fWst segment number, and last segment number.
Note: cryptopertod duration is measured in segments. not time units. Thus, thus there is no requirement for the segments to have constant duration.
642 AssignIng segments to cryptoperlods
A single Czyptop.riod element corresponds to a single cryploperiod containing llnumSegieents segments with and starting .tartOffset segments from the end of the previous cryptoperiod If this ciyp#operiod Is the first during this Period, #startof feet is relative to the start of the Pedod A CryptoP.riod element with llnumSeçsients • Dand first Segment Number Mcorresponds to a cryploperiod CP(M,D).
For cryptoperiod CP(M,D), segments S(M). S(M, 1). S(M, F), S(MeD- 1) are encrypted with the same key I IV combination. K<p,0j and IVCPvDI.
If these are not signalled expfr,itiy, the key and IV derivation rules below apply.