MULTIMEDIA STORAGE AND SERVERS
advertisement
MULTIMEDIA SERVERS, DRM and the MPEG-21 Standard MULTIMEDIA SYSTEMS IREK DEFEE • MULTIMEDIA HAS TWO BASIC REQUIREMENTS FOR STORAGE AND SERVERS: - LARGE AMOUNT OF DATA STORED (GIGABYTES FOR ONE ITEM) - DATA OUTPUT IN (HIGH BANDWIDTH) STREAMS THIS IS CALLED STREAMING MULTIMEDIA SYSTEMS IREK DEFEE • STREAMING MEANS THAT EACH USER GETS CONTINUOUS DATA STREAM, PRECISELY SYNCHRONIZED IN TIME, FROM THE STORAGE AND THE SERVER THE STREAM CAN BE HIGH BANDWIDTH – FOR EXAMPLE 1, 3, 4 Mb/s for TV, 6-10 Mb/s for HDTV MULTIMEDIA SYSTEMS IREK DEFEE • THIS PUTS HIGH DEMANDS FOR THE STORAGE AND SERVER SYSTEM: Assume there are 100 users and each wants to get a movie stream compressed to 3 Mb/s. This means total system output capacity should be 300 Mb/s. This should be streaming capacity, that is 100 streams of 3 Mb/s, each flowing with constant packet flow and no breaks MULTIMEDIA SYSTEMS IREK DEFEE • MULTIMEDIA DATA REQUIRE LARGE STORAGE. EXAMPLE: MOVIE STREAM OF 4 Mb/s FOR 2 HOURS NEEDS 3.6 GB STORAGE 100 MOVIES REQUIRE 360 GB LARGE SYSTEM COULD HAVE E.G. 10 000 USERS WITH 1000 MOVIES, A BIG SYSTEM IS NEEDED HOW TO BUILD SUCH A SYSTEM? MULTIMEDIA SYSTEMS IREK DEFEE • FOR MULTIMEDIA MASS STORAGE IS REQUIRED BUT DEVICES LIKE TAPE, CD, DVD ARE NOT SUITABLE BECAUSE THEY CAN OUTPUT ONLY ONE STREAM AT A TIME • HARD DISCS ARE MORE SUITABLE - STORAGE IS HIGH AND GROWING - OUTPUT CAPACITY IS HIGH MULTIMEDIA SYSTEMS IREK DEFEE • IN STANDARD COMPUTER SYSTEMS STORAGE IS BASED ON HARD DISCS WHICH ARE MECHANICAL DEVICES THOUGH SEMICONDUCTOR DISKS ARE AVAILABLE BUT EXPENSIVE • HARD DISC ARE ESSENTIALLY SERIAL IN NATURE SINCE THEY HAVE HEADS WRITING AND READING ON A DISC PLATTER MULTIMEDIA SYSTEMS IREK DEFEE CONSTRUCTION OF HARD DISC: MAGNETIC MATERIAL ON PLATTERS IS ARRANGED IN TRACKS. HEADS ARE READING/WRITING BY CHANGING MAGNETIC ORIENTATION MULTIMEDIA SYSTEMS IREK DEFEE • HARD DISC CAN THUS OUTPUT ESSENTIALLY ONE OR FEW STREAMS BUT WITH HIGH BANDWIDTH (OVER 100 MB/sec) • BECAUSE HARD DISC MECHANICAL PARTS MOVE VERY QUICKLY, HARD DISC CAN OUTPUT MANY STREAMS OF LOWER BANDWIDTH BUT OUTPUT CAPACITY WILL BE LIMITED MULTIMEDIA SYSTEMS IREK DEFEE • CURRENTLY SINGLE DISC DRIVES HAVE CAPACITY UP TO SEVERAL TERABYTES (1 TB=1000 GB) STREAMING CAPACITY IS IN THE RANGE OF 100-200 2-5 Mb/s STREAMS OUTPUT CAPACITY DEPENDS ALSO ON - THE OPERATING SYSTEM, - THE INTERNAL PC BUS AND - I/O – RELATED TO NETWORKING MULTIMEDIA SYSTEMS IREK DEFEE • HARD DISC PARAMETERS: -STORAGE SIZE: TODAY IT IS 3 TB, GROWING 1TB PER YEAR? (WE DO NOT KNOW WHEN IT WILL FINISH, NEVER?) • Platters rotational speed - 7200 RPM • Interface – SATA - 3 Gb/sec and 6 Gb/sec • Sustained data transfer rates – 150 MB/s • Random read/write: 75/150 operations per second • Average data seek time – 6 ms writing 12 ms reading MULTIMEDIA SYSTEMS IREK DEFEE • THUS THE DESIGN OF STORAGE SYSTEM FOR MULTIMEDIA DATA MUST TAKE INTO ACCOUNT LIMITS ON STREAMING CAPACITY OF HARD DISCS • STREAMING CAPACITY DEPENDS ON - MECHANICAL PROPERTIES - FILE SYSTEM ORGANIZATION MULTIMEDIA SYSTEMS IREK DEFEE DISC HEAD MUST BE POSITIONED TO START READING, NECESSARYT HEAD MOVEMENT WILL DEPEND ON THE LOCATION OF A TRACK. AVERAGE TIME MIGHT BE E.G´. 8MS. WHEN HEAD IS POSITIONED IT CAN START READING, THE SPEED CAN BE E.G. 100 MB/S FOR STREAMS, ONE HAS TO READ AS MANY HIGH BANDWIDTH STREAMS AS POSSIBLE. E.G. 180 STREAMS WITH 3 Mb/s EACH MULTIMEDIA SYSTEMS IREK DEFEE IN PRACTICE THERE WILL BE MANY PARAMETERS IN THE DESIGN OF MEDIA SERVER -MEMORY BUFFERS -NETWORK INTERFACES -OPERATING SYSTEM THEY NEED TO BE OPTIMIZED FOR MAXIMUM PERFORMANCE IN PRACTICE DISCS HAVE THEIR OWN RAM BUFFERS, AND THERE ARE ALSO RAM BUFFERS IN MEMORY PLUS NETWORK INTERFACE BUFFER MULTIMEDIA SYSTEMS IREK DEFEE EXAMPLE OF MEDIA SERVER DESIGN: SERVER BASED ON PC WITH SATA BUS HARD DISC WITH 150 MB/s TRANSFER SPEED NETWORK INTERFACE: GIGABIT ETHERNET 1000Mb/s HOW MANY 4 Mb/S STREAMS IT CAN SUPPORT? WE HAVE READING ACCESS LIMITED TO 75 /SEC SO IT WILL BE ABOUT 75 STREAMS IN PRINCIPLE PROCESSOR AND OPERATING SYSTEMS ARE ENOUGH FAST SO NO PROBLEM HERE MULTIMEDIA SYSTEMS IREK DEFEE THUS, THE MEDIA SERVER PERFORMANCE MIGHT BE LIMITED BY VARIOUS COMPONENTS OF PC SERVER ARCHITECTURE: - HARD DISC PROPERTIES (READING STREAMS) - BUS FROM HARD DISC TO COMPUTER (SATA) -NETWORK INTERFACE – E.G. 1000 Mb/s TO THIS ONE MAY ADD THE SPEED OF PROCESSOR AND OPERATING SYSTEM BUT THIS SHOULD NOT BE A PROBLEM THE QUESTION IS: HOW TO INCREASE THE HARD DISC STORAGE SPEED? MULTIMEDIA SYSTEMS IREK DEFEE HERE WE SEE STANDARD COMPUTER ARCHITECTURE IT COULD BE A PC WITH SATA HARD DISC DEVICE INTERFACE PLUS PROCESSOR IF WE CONNECT MORE DISCS, THIS WILL INCREASE STORAGE SIZE BUT NOT ITS SPEED WE NEED TO USE SOMETHING ELSE AND THIS IS... RAID -> MULTIMEDIA SYSTEMS IREK DEFEE STRIPING AND RAID • A METHOD FOR INCREASING STORAGE AND OUTPUT CAPACITY IS BY CONNECTING HARD DISCS IN PARALLEL AND STRIPING FILES ON THEM MULTIMEDIA SYSTEMS IREK DEFEE STRIPING AND RAID F I L E DISC SYSTEM S T R I P I N G DISC CONTROLLER DISC THREE DISCS = THREE TIMES HIGHER OUTPUT MULTIMEDIA SYSTEMS IREK DEFEE • STRIPING MEANS THAT FILES ARE READ AND WRITE IN BLOCKS WHICH ARE DISTRIBUTED OVER DISCS • EXTERNALLY THE SYSTEM WILL LOOK LIKE ONE BIG DISC WITH N DISCS WE COULD HAVE N TIMES HIGHER OUTPUT CAPACITY AND N TIMES BIGGER STORAGE MULTIMEDIA SYSTEMS IREK DEFEE STRIPING PRINCIPLE BLOCKS OF DATA ARE STRIPED AMONG DIFFERENT DISCS OPERATING IN PARALLEL IN THIS WAY SPEED OF READING AND WRITING CAN BE INCREASED MULTIMEDIA SYSTEMS IREK DEFEE • THERE IS ONE ADDITIONAL IMPORTANT ADVANTAGE: WITH THE INCREASING STORAGE RELIABILITY IS GOING DOWN • WITH STRIPING ONE CAN BUILT-IN ERROR TOLERANCE THIS CONCEPT IS CALLED RAID = REDUNDANT ARRAY OF INEXPENSIVE DISCS MULTIMEDIA SYSTEMS IREK DEFEE F I L E S T R I P I N G ERROR CORRECT. DISC PARITY DISC RAID ADDED DISCS FOR ERROR CONTROL DISC SYSTEM DISC CONTROLLER DISC MULTIMEDIA SYSTEMS IREK DEFEE • RAID DISC ARRAYS ARE CLASSIFIED IN SEVERAL LEVELS RAID 1 - DISC MIRRORING (EACH DRIVE IS DOUBLED) RAID 2 - BIT INTERLEAVING AND PARITY/ERROR CORRECTION RAID 3 - BIT INTERLEAVING WITH XOR PARITY – SINGLE DRIVE DEDICATED TO PARITY MULTIMEDIA SYSTEMS IREK DEFEE • RAID 4 – BLOCK INTERLEAVING • RAID 5 – BLOCK INTERLEAVING WITH PARITY DISTRIBUTION • RAID 6 – FAULT TOLERANT SYSTEM DISC FORM A MATRIX FOR ROW AND COLUMN PARITY – FAULTY DISC CAN BE IDENTIFIED AND REPLACED • RAID 7 – HETEROGENOUS SYSTEM SUPPORTS MULTIPLE HOSTS MULTIMEDIA SYSTEMS IREK DEFEE OVERALL ARCHITECTURE OF MACHINE WITH RAID DISC ARRAY AND NETWORK ADAPTERS RAID CAN BE IMPLEMENTED IN SOFTWARE OR IN HARDWARE HARDWARE RAID WILL PUT LESS LOAD ON THE PROCESSOR AND SYSTEM MULTIMEDIA SYSTEMS IREK DEFEE • DISC ARRAYS CAN BE BUILT WITH TENS OF TERABYTES. THUS ENOUGH STORAGE CAPACITY EXISTS FOR STORING VERY LARGE COLLECTIONS OF MULTIMEDIA DATA MULTIMEDIA SYSTEMS IREK DEFEE • HOW TO BUILT LARGE MEDIA SERVERS? IMAGINE A SYSTEM SERVING ONE CITY WITH HUNDREDS, THOUSANDS, MORE USERS FROM SUCH SERVERS THE REQUIRED OUTPUT CAPACITY WOULD BE MANY GIGABITS/SEC, E.G. 10 000x4Mb/s=40Gb/s NO STANDARD COMPUTER HAS SUCH OUTPUT MULTIMEDIA SYSTEMS IREK DEFEE • DESIGN OF MEDIA SERVER IS DIFFERENT FROM STANDARD SERVER BECAUSE STREAMS MUST HAVE GUARANTEED DELIVERY, THAT IS STREAMS CAN NOT SLOW DOWN OR STOP. • THUS, MEDIA SERVERS MUST BE DESIGNED FOR THE PROJECTED NUMBER OF USERS MULTIMEDIA SYSTEMS IREK DEFEE WE CAN USE MANY SERVERS INSTEAD OF ONE CREATING A SERVER FARM OR “CLOUD” WE CAN USE RAM MEMORY BUFFERING CACHE FOR STREAMS – FROM THE RAM CACHE WE CAN SERVER MORE STREAMS THAN FROM HARD DISC MULTIMEDIA SYSTEMS IREK DEFEE • SOMETIMES WE CAN APPLY MULTICASTING IN WHICH MANY USERS GET THE SAME STREAM – ONLY A SINGLE STREAM IS RETRIEVED FROM HARD DISC SOMETIMES APPLICABLE MULTIMEDIA SYSTEMS IREK DEFEE • WE COULD ALSO DISTINGUISH BETWEEN PEAK DEMAND AND AVERAGE DEMAND FOR STREAMS, E.G. AVERAGE DEMAND CAN BE 10% OF PEAK WE SHOULD TAKE INTO ACCOUNT THAT MANY USERS MAY RETRIEVE THE SAME CONTENT ( PERHAPS DELAYED SLIGHTLY IN TIME) MULTIMEDIA SYSTEMS IREK DEFEE MEDIA SERVER DESIGN: RAID STORAGE STORAGE BUS E.G. SATA III PCIe BUS P... ...P PROCESSOR(S) RAM BUFFERS NETWORK INTERFACE WITH BUFFER DATA FROM STORAGE ARE TRANSFERRED TO RAM BUFFERS AND THEN TO NETWORK INTERFACE THE BIGGER THE RAM BUFFER, THE MORE STREAMS COULD BE SUPPORTED BY THE SERVER BUT IT WILL TAKE MORE TIME TO FILL THE BUFFER SO THE START OF CONTENT WOULD BE DELAYED. THUS RAM BUFFERS CAN NOT BE TOO BIG IN PRINCIPLE. BUT ONE CAN TRY TO OPTIMIZE THE SYSTEM CREATING BIGGER BUFFERS WHEN SYSTEM IS NOT LOADED MUCH AND SHORTER BUFFERS WHEN THERE IS HIGH LOAD. OVERALL SERVER OPTIMIZATION MIGHT BE STILL AN OPEN PROBLEM (OR COMERCIAL SECRETS ARE HERE?) MULTIMEDIA SYSTEMS IREK DEFEE ONE IDEA IS TO DESIGN SPECIAL BIG MACHINE WITH VERY MANY BUSES, PROCESSORS, AND CONNECTED TO BROADBAND NETWORK, WE SHOULD TAKE INTO ACCOUNT THAT NETWORK BANDWIDTH FROM COMPUTERS IS LIMITED, E.G. GIGABIT ETHERNET IS FASTEST PRACTICAL INTERFACE TODAY, 1000 Mb/s THOUGH SEVERAL SUCH INTERFACES CAN BE USED AND THERE IS ALSO 10 Gb/s INTERFACE THUS, A BIG MACHINE WOULD NEED TO HAVE MULTIPLE NETWORK INTERFACES IT WOULD BE VERY EXPENSIVE MULTIMEDIA SYSTEMS IREK DEFEE • SUCH DEDICATED MACHINES WOULD REQUIRE: - MULTIPROCESSING - MULTIPLE I/O TO THE NETWORK - VERY BIG DISTRIBUTED STORAGE MACHINE WOULD BE VERY EXPENSIVE AND NON-STANDARD MULTIMEDIA SYSTEMS IREK DEFEE • THE REAL DIFFICULT PROBEM IS WHEN MANY DIFFERENT STREAMS NEED TO BE RETRIEVED AND SEND • IN THE DESIGN OF MEDIA SERVERS THERE ARE TWO CHOICES - DEDICATED MACHINES - MULTIPLE SYSTEMS WITH CENTRAL CONTROL MULTIMEDIA SYSTEMS IREK DEFEE • DEDICATED MACHINES - MULTIPROCESSING - MULTIPLE I/O - DISTRIBUTED STORAGE EXPENSIVE AND NON-STANDARD MULTIMEDIA SYSTEMS IREK DEFEE •ANOTHER IDEA: MULTIPLE STANDARD MACHINES. MEDIA FILES ARE DISTRIBUTED ALONG A NUMBER OF SERVERS WHICH HAVE COMMON CONTROL HERE THE PROBLEM IS THAT STORAGE REQUIRED MIGHT BE BIGGER (OFTEN USED MEDIA STREAMS ON MANY SERVERS MULTIMEDIA SYSTEMS IREK DEFEE • MULTIPLE SIMPLE MACHINES WOULD BE MUCH CHEAPER THAN A SINGLE BIG SERVER. SINGLE MACHINES CAN BE LOCATED NEAR USER LOCATIONS. FOR EXAMPLE, SINGLE SERVER WITH GIGABIT INTERFACE COULD SERVE ABOUT 200 USERS, ONE WOULD NEED A HUNDRED OF SUCH SERVERS FOR 20 000 USERS MULTIMEDIA SYSTEMS IREK DEFEE BASIC IDEA FOR MANY SIMPLE SERVERS HOWEVER, THEN EACH SERVER WOULD NEED TO HAVE STORAGE WITH ALL MEDIA FILES, SO OVERALL THERE WOULD BE MUCH MORE STORAGE NEEDED THAN IN A SINGLE BIG SERVER MULTIMEDIA SYSTEMS IREK DEFEE ANOTHER CONCEPT – MULTIPLE SERVERS CONNECTED VIA NETWORK. THE NETWORK CAN BE UED FOR FILE TRANSFER BETWEEN SERVERS. STORAGE CAN BE ADAPTED FOR THE DEMAND (ONLY POPULAR STREAMS WOULD BE ON MORE SERVERS, SAVING STORAGE) MULTIMEDIA SYSTEMS IREK DEFEE YET ANOTHER SYSTEM: STORAGE AND SERVERS ARE SEPARATED, THEN SERVERS WILL BUFFER AND REPLICATE STREAMS WHICH ARE IN DEMAND MULTIMEDIA SYSTEMS IREK DEFEE • SUCH SYSTEMS CAN BE ASSEMBLED QUITE EASILY BUT REQUIRE - USER MANAGEMENT - STREAM MANGEMENT - CONTENT MANAGEMENT - OVERALL PERFORMANCE OPTIMIZATION THIS HAS TO BE COORDINATED WITH NETWORKING MULTIMEDIA SYSTEMS IREK DEFEE IN FACT MEDIA SERVER IS MUCH MORE THAN JUST SENDING STREAMS: USERS WILL CONNECT/DISCONNECT, SEARCH APPLICATIONS -ALL THIS NEEDS TO BE MANAGED. THERE WILL BE MANY CONTROL FLOWS MULTIMEDIA SYSTEMS IREK DEFEE THE SYSTEMS WILL OFTEN REQUIRE PAYING, THUS EXTENSIVE DATABASE OF USERS, PAYMENTS, BILLING, AUTHORIZATION, AUTHENTICATION WILL BE NEEDED. ENCRYPTION OF DATA WILL BE NECESSARY MULTIMEDIA SYSTEMS IREK DEFEE IF USERS HAVE ACCESS TO BROADBAND NETWORK OTHER APPLICATIONS MIGHT BE ATTRACTIVE: WEB ACCESS, OWN BROADCAST, VIDEOTELEPHONE, VIDEO CONFERENCING MULTIMEDIA SYSTEMS IREK DEFEE ON THE OPERATOR SIDE, FULL ADMINISTRATION IS NEEDED: -SYSTEM OPERATION MONITORING -ADMISSION CONTROL (NEW USERS) -CONTENT UPDATES MULTIMEDIA SYSTEMS IREK DEFEE CONCLUSIONS: -MEDIA SERVERS ARE ESSENTIAL COMPONENT OF MULTIMEDIA SYSTEMS -THEY DESIGN NEEDS TO TAKE INTO ACCOUNT STREAMING GUARANTEES -STORAGE, NETWORKING, PROCESSOR REQUIREMENTS ARE QUITE SUBSTANTIAL -LARGE SOFTWARE IS NEEDED FOR -COMPLETE COMMERCIAL SYSTEMS MULTIMEDIA SYSTEMS IREK DEFEE DIGITAL RIGHTS MANAGMENT What is missing? Here we see scheme of networked multimedia system, red part is hardware, blue is content, green is software for running it. WHAT IS MISSING IN THIS PICTURE? The missing part is CONTENT PROTECTION AND DRM • DIGITAL CONTENT (AUDIO, VIDEO, GRAPHICS, IMAGES) CAN BE EASILY COPIED, TRANSMITTED AND DISTRIBUTED THIS HAS GREAT ADVANTAGES AND BUSINESS POTENTIAL • BUT DIGITAL MEDIA CAN ALSO MAKE BIG PROBLEMS FOR CONTENT OWNERS DUE TO UNAUTHORIZED USE. THEY CAN EASILY LOSE THEIR PROPERTY • CONTENT OWNERS NEED THUS STRONG PROTECTION • THUS DIGITAL CONTENT SHOULD BE PROTECTED AGAINST UNAUTHORIZED USE THIS PROBLEM IS KNOWN CURRENTLY UNDER THE NAME DRM DIGITAL RIGHTS MANAGEMENT Digital Rights Management (DRM) = technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device • can be used – to protect high-value digital assets – control their distribution and usage • Ultimate goal: – persistent content protection against unauthorized access to the digital content, limiting access to only those with the proper authorization – to manage usage rights for different kinds of digital content (e.g.music files, video streams, digital books, images) – different platforms (e.g. PCs, laptops, PDAs, mobile phones) – control access to content delivered on physical media or any other distribution method (e.g., CD-ROMs, DVDs) Digital Rights Management (DRM) • • • - Different methods for - Audio - Video - Internet stores - Documents (Enterprise DRM) Digital licenses – the consumer purchases a license with certain rights – A license is a digital data file that specifies certain usage rules (frequency of access,expiration date, restriction of transfer to other devices, copy permission etc., may combined to try-before-buy) for the digital content Several players involved in – E.g. online distribution: content provider, distributor, consumer, clearing house - DVD’s manufacturer, replicator, player… Consumer: privacy, fair use (research, education..), usability (compatibility, seamless, updates) EXAMPLE: Apple music store Buying music from the network means that the content has to be protected against copying • WHAT ARE THE REQUIREMENTS FOR DRM? - IT SHOULD PREVENT COPYING - IT SHOULD AUTHORIZE ACCESS LIMITED TO: PARTICULAR USER, SPECIFIC TIME, SPECIFIC NUMBER USAGE AND COPIES, ETC. - IT SHOULD FACILITATE PAYMENT FOR CONTENT (E.G. RENEWAL OF RIGHTS) • ALL REQUIREMENTS FOR DRM ARE VERY DIFFICULT TO SATISFY • IN PARTICULAR THEY ARE DIFFICULT IF THE DRM SYSTEM WOULD BE STANDARDIZED, THAT IS IS STRUCTURE IS KNOWN • THIS IS BECAUSE STANDARDIZED SYSTEM MIGHT BE EASIER TO BREAK THAN SECRET SYSTEM • IN PRINICPLE DIGITAL CONTENT CAN BE EASILY (?) PROTECTED BY ENCRYPTION WHAT IS ENCRYPTION? THE CONTENT BITS ARE MANIPULATED IN SECRET WAY BY SOME ALOGRITHM. • THE ORIGINAL BITS CAN BE RECOVERED BY REVERSING THE OPERATION OF THE ALGORITHM CONTENT ENCRYPTION ALGORITHM DECRYPTION ALGORITHM CONTENT • BUT SUCH SYSTEM HAS PROBLEMS 1. IF ALGORITHM IS KNOWN, EVERYBODY WILL USE IT 2. HOW TO CONTROL ACCESS? THAT IS USERS MAY BUY ACCESS FOR SOME TIME AND FOR SOME CONTENT ONLY 3. WHAT TO DO WITH USERS WHICH WILL USE PROPER ACCESS FOR ILLEGAL COPYING? • THUS THE DRM CONTENT PROTECTION MUST BE MORE CLEVER IT HAS TO BE BASED ON 1. CONDITIONAL ACCESS 2. ENCRYPTION ALGORITHMS and the newest addition is: 3. REVOCATION OF RIGHTS • WHAT IS CONDITIONAL ACCESS? IT IS ACCESS GIVEN ON LIMITED CONDITIONS, E.G. TIME, CONTENT, PAYMENT CONDITIONAL ACCESS CONTENT ENCRYPTION ALGORITHM DECRYPTION ALGORITHM CONDITIONAL ACCESS CAN BE A CARD GIVEN TO THE USER, OR CERTIFICATE SEND VIA INTERNET • EXAMPLE – THE SYSTEM USED IN DIGITAL TELEVISION FOR WATCHING PAY PROGRAMS IN THIS SYSTEM CA HAS A FORM OF SUBSCRIPTION CARDS HOWEVER, THERE ARE SEVERAL ENCRYPTION ALGORITHMS USED. FOR DECRYPTION, THERE ARE DIFFERENT HARDWARE CAM’s CONDITIONAL ACCESS MODULES RECEIVER FOR DIGITAL TELEVISION CAM MODULE SUBSCRIPTION CARD • ONE RECEIVER CAN HAVE SEVERAL CAM’s FOR RECEIVING PAY PACKAGES WITH DIFFERENT SUBSCRIPTION CARDS. SUCH SYSTEMS ARE WIDELY USED IN TELEVISION. BUT MANY SYSTEMS WERE ALSO BROKEN SINCE ONE CAN ANALYZE PROGRAM ON THE CARD AND TRACE TRAFFIC BETWEEN CARD AND CAM. • BUT WHAT TO DO IF A USER HAS VALID SUBSCRIPTION BUT USES IT FOR RECORDING AND DISTRIBUTING CONTENT ILLEGALLY? ONE SOLUTION IS TO PREVENT RECORDING AND/OR TO PREVENT GETTING THE RECORDING OUT OF THE DEVICE • IN MEDIA TERMINAL USER CAN RECORD DIGITAL TV PROGRAMS ON INTERNAL HARD DISC • BUT RECORDED CONTENT IS ENCRYPTED AND THERE IS NO WAY OF GETTING IT OUT OF THE TERMINAL REVOCATION OF RIGHTS • Revocation means that grants given once are removed from the user who breached the contract. We shall explain revocation on the new example of High Definition DVD discs a system called Blue Ray Current DRM systems for DVD Legacy Format Standard Definition CSS = Content Scramble System DVD Advanced Format High Definition AACS = Advanced Access Content System Blu-ray Disc Other formats DVD Content HD BR is a new system with much Protection is improved protection and broken REVOCATION Content Scramble System (CSS) Protection for DVD • A data encryption and authentication scheme to prevent copying video files from the disks • Several keys included in: authentication key, disc key, player key, title key, second disk key set, and/or encrypted key • a weak 40-bit stream cipher algorithm • Brute Force Attact, possible to find the keys, only 2^40 options, attacts to the hash codes • Published 1996, but only usable in licensed DVD playbacks (Windows, MAC), not in Linux 1999 DeCSS Advanced Access Content System (AACS) for HD BLUE RAY • = a standard for content distribution and digital rights management, intended to restrict access to and copying of the next generation of optical discs and DVDs. • “ a specification for managing content stored on the next generation of prerecorded and recorded optical media for consumer use with PCs and CE devices. “ • “will complement new innovations in the next-generation of optical discs, and enable consumers to enjoy next-generation content, including high-definition content.” • The specification released in April 2005 AACS – Design criteria • Meet the content owners’ requirements for robustness and system renewability – Content encryption based on a published cryptographic algorithm. – Limit access to protected content to only licensed compliant implementations. – Support revocation of individual compromised devices’ keys. • Suitable for implementation on both general-purpose computer and fixedfunction consumer electronics platforms. • Applicable to both audio and video content, including high-definition video. • Applicable to various optical media formats. • Transparent to authorized use by consumers. • Basic technical elements: - Robust encryption of protected content using the AES cipher. - Key management and revocation using advanced Media Key Block technology. AACS - Usage Scenarios AACS : Content validation and revocation Content Owner Licenced Player Content Owner Licensing Entity AACS: System overview – pre-recorded video CONTENT OWNER SERVCE PROVIDER Content Usage rules LICENCED REPLICATOR Device revocation data [MEDIA KEY BLOCK] Content revocatio list [CRL] Content sertificate PRE-RECORDED VIDEO Title keys - Encrypted content - Usage rules of content Enhanced uses enabled via online authentication LICENCED PLAYER -Content certificate -Content hash -Device revocation data [MKB] -Content revocation list [CRL] -Sequence key block Device keys (unique for the device /application) Entity public keys Sequence Key Block Secret keys (to check the content revocation data and content sertificate) LICENSING ENTITY AACS: Content encryption and decryption AACS: Revoking the keys – in practice In practice the operation of revocation in AACS is as follows: - Each content (e.g. movie disc) release gets special key -Each type of player (hardware and software) gets special key Now let’s think that somebody has broken protection of this movie disc and released illegal copies or has modified player so it can play illegally the content. Then those discs and players will be put on the revocation list. The list is updated on all new discs, so the when new disc is played on the player, playback of the broken disc will be disabled or the player is disabled! AACS: Revoking the keys – in practice • Feb 2007. 128-bit string of keys was published – Compromises the part of AACS – Common keys for software players (Cyberlink, Intervideo) • Revocation started – HD DVD’s with New Media Block’s on markets in May Customers not able to play any disks released after may 2007 until the sofware versions are released - Sofware updates = lots of work, not available yet? Summary • DMR = technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device – to protect high-value digital assets – control their distribution and usage • AACS – Cross-industry collaboration to facilitate next generation content distribution – Enables new, flexible ways to enjoy content while protecting copyrighted works – Technical specifications and licensing MPEG – 21 Standard MULTIMEDIA SYSTEMS IREK DEFEE Why MPEG-21 • Today many elements exist to build an infrastructure for delivery and consumption of multimedia content. There is no ”big picture” to describe how these elements relate to each other. The aim of MPEG-21 is to describe how these various elements fit together. • The result is an open framework with both the content creator and content consumer as focal points. • The vision of MPEG-21 is to define a framework to enable transparent and augmented use of multimedia resources across a wide range of networks and devices used by different communities. MULTIMEDIA SYSTEMS IREK DEFEE MPEG-21 – The vision • A future where every human on the earth is potentially an element of a network involving billions of – – – – – – content providers value adders packagers service providers consumers resellers • To make this future real we need an infrastructure enabling electronic commerce of digital content MULTIMEDIA SYSTEMS IREK DEFEE MPEG-21 - Method of work • • • • Define a framework supporting the vision statement Involve relevant bodies in this effort Identify the critical technologies of the framework Understand how the components of the framework are related and identify where gaps exist • For each of the non-available technologies – If they fall under the MPEG expertise then develop them – Else engage other bodies to achieve their development • Perform the actual integration of the technologies MULTIMEDIA SYSTEMS IREK DEFEE Is MPEG trying to tame the hackers? • MPEG technologies have been used to innovate substantially the way people produce, offer, access and consume digital content • But MPEG has a also long history in working with the creative industries and rights holders’ communities on the identification, management and protection of intellectual property carried on systems designed to MPEG specifications. MULTIMEDIA SYSTEMS IREK DEFEE The basic elements of the MPEG-21 framework • What – A Digital Item is a structured digital object with a standard representation, identification and metadata within the MPEG-21 framework. • Who – A User is any entity that interacts in the MPEG-21 environment or makes use of a Digital Item. User A Transaction / Use / Relationship Digital Item Authorization / Value Exchange MULTIMEDIA SYSTEMS IREK DEFEE User B Example of Digital Item “music compilation” • • • • • • • • music photos video animation graphics lyrics scores MIDI files interview with the singers • news related to the song • statement by an opinion maker • rating of an agency • position in the hit list • navigational information driven by user preferences • bargains • ... MULTIMEDIA SYSTEMS IREK DEFEE What Users can do? Create content Provide content Archive content Rate content Enhance/deliver content Aggregate content Syndicate content Retail sale of content Consume content Subscribe to content Regulate content Facilitate transactions that occur from any of the above Regulate transactions that occur from any of the above MULTIMEDIA SYSTEMS IREK DEFEE MPEG-21 Multimedia Framework • Multimedia technology provides the different players in the multimedia value and delivery chain with excess of information and services. • No complete solutions exist that allow different communities (content, financial, communications, computer and electronics and their customers), each with their own models, rules, procedures, interests and content formats to interact efficientely using this infrastructure. • The multimedia content delivery chain encompasses content creation, production, delivery and consumption. To support this, the content has to be identified, described, managed and protected. • The aim of multimedia deliver system is to be interoperable, the transactions to be as simple as possible, and if is possible to be automated. MULTIMEDIA SYSTEMS IREK DEFEE The seven key elements defined in MPEG-21 1. 2. 3. Digital Item Declaration - a uniform and flexible abstraction and interoperable scheme for declaring Digital Items; Digital Item Identification and Description - a framework for identification and description of any entity regardless of its nature, type or granularity; Content Handling and Usage - provide interfaces and protocols that enable creation, manipulation, search, access, storage, delivery, and (re)use of content across the content distribution and consumption value chain; MULTIMEDIA SYSTEMS IREK DEFEE The seven key elements defined in MPEG-21 4. 5. 6. 7. Intellectual Property Management and Protection - the means to enable content to be persistently and reliably managed and protected across a wide range of networks and devices; Terminals and Networks - the ability to provide interoperable and transparent access to content across networks and terminals; Content Representation - how the media resources are represented; Event Reporting - the metrics and interfaces that enable Users to understand precisely the performance of all reportable events within the framework; MULTIMEDIA SYSTEMS IREK DEFEE Example: ”Container” ”Item” ”Resource” Metrics & Interfaces Example: Encription Authentification Watermarking Example: Unique Identifiers Content Descriptors Transaction / Use / Relationship Digital Item Authorization / Value Exchange MULTIMEDIA SYSTEMS IREK DEFEE Event Reporting User A Event Reporting Example: Storage Management Content Personalisations Metrics & Interfaces The MultimediaFramework User B Example: Resource Abstraction Resource Mgt. (QoS) Example: Natural and Synthetic Scalability MPEG-21 Part1: Vision, Technologies and Strategy A Technical Report has been written to describe the multimedia framework and its architectural elements together with the functional requirements for their specification that was formally approved in September 2001. The title “Vision, Technologies and Strategy” has been chosen to reflect the fundamental purpose of the Technical Report. This is to: – Define a 'vision' for a multimedia framework to enable transparent and augmented use of multimedia resources across a wide range of networks and devices to meet the needs of all users – Achieve the integration of components and standards to facilitate harmonisation of 'technologies' for the creation, management, transport, manipulation, distribution, and consumption of digital items. – Define a 'strategy' for achieving a multimedia framework by the development of specifications and standards based on well-defined functional requirements through collaboration with other bodies. MULTIMEDIA SYSTEMS IREK DEFEE Part 2: Digital Item Declaration The purpose of the Digital Item Declaration (DID) specification is to describe a set of abstract terms and concepts to form a useful model for defining Digital Items. This model specifically does not define a language in and of itself. Instead, the model helps to provide a common set of abstract concepts and terms that can be used to define such a scheme, or to perform mappings between existing schemes capable of Digital Item Declaration, for comparison purposes. The DID technology is described in three normative sections: – Model: The Digital Item Declaration Model describes a set of abstract terms and concepts to form a useful model for defining Digital Items. Within this model, a Digital Item is the digital representation of “a work”, and as such, it is the thing that is acted upon (managed, described, exchanged, collected, etc.) within the model. – Representation: Normative description of the syntax and semantics of each of the Digital Item Declaration elements, as represented in XML. This section also contains some non-normative examples for illustrative purposes. – Schema: Normative XML schema comprising the entire grammar of the Digital Item Declaration representation in XML. MULTIMEDIA SYSTEMS IREK DEFEE The following sections describe the semantic “meaning” of the principle elements of the Digital Item Declaration Model: 1. Container – – A container is a structure that allows items and/or containers to be grouped. These groupings of items and/or containers can be used to form logical packages (for transport or exchange) or logical shelves (for organization). Descriptors allow for the “labelling” of containers with information that is appropriate for the purpose of the grouping (e.g. delivery instructions for a package, or category information for a shelf). It should be noted that a container itself is not an item; containers are groupings of items and/or containers. 2. Item – – An item is a grouping of sub-items and/or components that are bound to relevant descriptors. Descriptors contain information about the item, as a representation of a work. Items may contain choices, which allow them to be customized or configured. Items may be conditional (on predicates asserted by selections defined in the choices). An item that contains no sub-items can be considered an entity -- a logically indivisible work. An item that does contain sub-items can be considered a compilation -- a work composed of potentially independent sub-parts. Items may also contain annotations to their sub-parts. The relationship between items and Digital Items (as defined in ISO/IEC 21000-1:2001, MPEG-21 Vision, Technologies and Strategy) could be stated as follows: items are declarative representations of Digital Items. 3. Component – – A component is the binding of a resource to all of its relevant descriptors. These descriptors are information related to all or part of the specific resource instance. Such descriptors will typically contain control or structural information about the resource (such as bit rate, character set, start points or encryption information) but not information describing the “content” within. It should be noted that a component itself is not an item; components are building blocks of items. MULTIMEDIA SYSTEMS IREK DEFEE The following sections describe the semantic “meaning” of the principle elements of the Digital Item Declaration Model: 4. Anchor – An anchor binds descriptors to a fragment, which corresponds to a specific location or range within a resource. 5. Descriptor – A descriptor associates information with the enclosing element. This information may be a component (such as a thumbnail of an image, or a text component), or a textual statement. 6. Condition – A condition describes the enclosing element as being optional, and links it to the selection(s) that affect its inclusion. Multiple predicates within a condition are combined as a conjunction (an AND relationship). Any predicate can be negated within a condition. Multiple conditions associated with a given element are combined as a disjunction (an OR relationship) when determining whether to include the element. 7. Choice – A choice describes a set of related selections that can affect the configuration of an item. The selections within a choice are either exclusive (choose exactly one) or inclusive (choose any number, including all or none). MULTIMEDIA SYSTEMS IREK DEFEE The following sections describe the semantic “meaning” of the principle elements of the Digital Item Declaration Model: 8. Selection – A selection describes a specific decision that will affect one or more conditions somewhere within an item. If the selection is chosen, its predicate becomes true; if it is not chosen, its predicate becomes false; if it is left unresolved, its predicate is undecided. 9. Annotation – An annotation describes a set of information about another identified element of the model without altering or adding to that element. The information can take the form of assertions, descriptors, and anchors. 10. Assertion – An assertion defines a full or partially configured state of a choice by asserting true, false or undecided values for some number of predicates associated with the selections for that choice. 11. Resource – A resource is an individually identifiable asset such as a video or audio clip, an image, or a textual asset. A resource may also potentially be a physical object. All resources must be locatable via an unambiguous address. 12. Fragment – A fragment unambiguously designates a specific point or range within a resource. Fragment may be resource type specific. MULTIMEDIA SYSTEMS IREK DEFEE The following sections describe the semantic “meaning” of the principle elements of the Digital Item Declaration Model: 13. Statement – 14. A statement is a literal textual value that contains information, but not an asset. Examples of likely statements include descriptive, control, revision tracking or identifying information. Predicate – A predicate is an unambiguously identifiable Declaration that can be true, false or undecided. MULTIMEDIA SYSTEMS IREK DEFEE Example: Model of Digital Identification Declaration The figure is an example showing the most important elements within this model, how they are related, and as such, the hierarchical structure of the Digital Item Declaration Model. MULTIMEDIA SYSTEMS IREK DEFEE Part 3 Digital Item Identification and Description The scope of the Digital Item Identification and Description (DII&D) specification includes: – How to identify uniquely and describe Digital Items (and parts thereof) and other Entities. – The relationship between Digital Items (and parts thereof) and existing identification systems contains a list of relevant identification systems. This is not an exhaustive list and is subject to change over time. – The relationship between Digital Items (and parts thereof) and relevant description schemes contains a list of relevant description schemes. This is not an exhaustive list and is subject to change over time. Digital Items and their parts within the MPEG-21 Framework are identified by encapsulating Uniform Resource Identifiers into the Identification DS. A Uniform Resource Identifier (URI) is a compact string of characters for identifying an abstract or physical resource, where a resource is defined as "anything that has identity". The requirement that an MPEG-21 Digital Item Identifier be a URI is also consistent with the statement that the MPEG-21 identifier may be a Uniform Resource Locator (URL). The term URL refers to a specific subset of URI that is in use today as pointers to information on the Internet; it allows for long-term to short-term persistence depending on the business case. MULTIMEDIA SYSTEMS IREK DEFEE Relationship between Digital Item Declaration and Digital Item Identification & Description MULTIMEDIA SYSTEMS IREK DEFEE Part 4: Intellectual Property Management and Protection (IPMP) • The 4th part of MPEG-21 defines an interoperable framework for Intellectual Property Management and Protection (IPMP). • The project includes standardized ways of retrieving IPMP tools from remote locations, exchanging messages between IPMP tools and between these tools and the terminal. It also addresses authentication of IPMP tools, and has provisions for integrating Rights Expressions according to the Rights Data Dictionary and the Rights Expression Language. MULTIMEDIA SYSTEMS IREK DEFEE • • • • Part 5: Rights Expression Language (REL) Is seen as a machine-readable language that can declare rights and permissions using the terms as defined in the Rights Data Dictionary. Is intended to provide flexible, interoperable mechanisms to support transparent and augmented use of digital resources in publishing, distributing, and consuming of electronic books, broadcasting, digital movies, digital music, interactive games, computer software and other creations in digital form, in a way that protects digital content and honours the rights, conditions, and fees specified for digital contents. It is also intended to support specification of access and use controls for digital content in cases where financial exchange is not part of the terms of use, and to support exchange of sensitive or private digital content. Is intended to provide flexible interoperable mechanism to ensure personal data is processed in accordance with individual rights and to meet the requirement for Users to be able to express their rights and interests in a way that addresses issues of privacy and use of personal data. A standard REL should be able to support guaranteed end-to-end interoperability, consistency and reliability between different systems and services. To do so, it must offer richness and extensibility in declaring rights, conditions and obligations, ease and persistence in identifying and associating these with digital contents, and flexibility in supporting multiple usage/business models. MULTIMEDIA SYSTEMS IREK DEFEE Part 6: Rights Data Dictionary (RDD) 1. RDD provides a set of clear, consistent, structured and integrated definitions of terms for use in the MPEG-21 Rights Expression Language. 2. Terms in RDD are categorized as Primitive, Native, Adopted and Mapped. The definitions of Primitive and Native terms are determined by the governance process of the RDD. Definitions of Adopted and Mapped terms are determined externally. 3. RDD is a semantic network through which the definitions of terms are developed through the medium of its primary data model (the Context Model) supported by two secondary models (the Resource Model and the Ascriptive Model). 4. RDD terms are drawn from a continually-expanding and diverse range of governed descriptive, legal and commercial metadata systems and schemes, supporting the description of rights and permissions in Digital Items, physical objects and abstract entities, incorporated within MPEG standards as well as those defined and governed elsewhere. 5. Terms will be added to the RDD or modified in accordance with its declared governance process. 6. RDD supports interoperability, so that metadata necessary for the management of rights and permissions can cross in and out of domains in an automated or partially-automated way with the minimum ambiguity or loss of semantic integrity. 7. Primitive, Native and Adopted terms within RDD do not define intellectual property rights or other legal entities. RDD Primitive, Native and Adopted terminology implies no assumptions about the nature or extent of specific legal rights, the commerce (or other) models through which rights may be exploited or protected, or the legal frameworks within which they operate. 8. RDD includes the terms from all metadata schemes and systems which have been mapped to it. MULTIMEDIA SYSTEMS IREK DEFEE Part 7: Digital Item Adaptation • The goal of the Terminals and Networks key element is to achieve interoperable transparent access to (distributed) advanced multimedia content by shielding users from network and terminal installation, management and implementation issues. This will enable the provision of network and terminal resources on demand to form user communities where multimedia content can be created and shared, always with the agreed / contracted quality, reliability and flexibility, allowing the multimedia applications to connect diverse sets of Users, such that the quality of the user experience will be guaranteed. MULTIMEDIA SYSTEMS IREK DEFEE MPEG-21 Summary • Provides standardized and comprehensive framework for dealing with digital content, practically for any purpose • It is not used (yet?) because commercial interests until now promote closed proprietary solutions (example: mobile shops for content) MULTIMEDIA SYSTEMS IREK DEFEE
