Irdeto Spokesman Yuan Xiang Gu, Co-Founder & Chief Architect of Cloakware and Senior Director of Cloakware Advanced Research Center Speaks At ISI SSP Beijing 2011
3. About Irdeto Founded in 1969 by Ir. Pieter den Toonder 1000 employees, over 500 customers Dual headquarters: Amsterdam and Beijing 25 offices around the world Part of Naspers, multinational media company 10.000 employees USD $3.7B revenue in FY10 Pay TV Solutions (CA, Middleware, Billing) Enable Broadcasters to become “Broadbanders” Content Management & Distribution for Any Screen Security Lifecycle Management for Any DeviceOver 3 billion software instances protected
4. Un-Trusted Environment Reality 4 Cloud Computing Environments Un-trusted environments are everywhere and even becoming more dominated in digital world Persistent Security on un-trusted environments is becoming #1 concern Public Internet Consumer Devices & Home Networks & Internet of Things
5. New Challenges to Traditional Security 5 White-Box Security Dynamic Security Security of Un-Trusted Environment
6. Traditional Attacks Black Box Attack Grey Box Attack Man-In-The-Middle Attack (Indirect) Bob Alice Network Software Software Trusted Inside Box 6
8. Just Like Security and Protection in Museum 8 Beijing’s Forbidden City suffers break-in Beijing’s Forbidden City Robbed, May 11, 2011
9. Static Security vs Dynamic Security Dynamic Security Static Security Once static security breaks, the entire security is gone and hard to be restored Once dynamic security breaks, the security can be renewed and restored immediately in a planned way 9
10. Fundamental to Digital Asset Protection Tampering Analysis Data Flow Transforms Control Flow Transforms Dynamic Integrity Verification White Box Crypto Stage 1a. Implement Attack Resistance Protect Digital Assets through fundamental enabling software security and services through the lifecycle Dynamic Code Decryption Dynamic Code Decryption Core Technology Defenses Stage 2. Monitor & Analyze Hacker Progress Stage 3. Deploy Counter-measures Stage 4. Respond to Attacks Stage 5. Renew Security Anti-Debug Stage 1b. Implement Attack Mitigation Software Diversity Software Diversity Attack Automation Attack Distribution Software Renewability Software Renewability Lifecycle Security Digital AssetProtection Protected Digital Asset Distributed and Consumed 10
Apply our multi layer security to protect the Digital Asset better than any oneApply our Diversity to mitigateApply our renewability to updatesSLM , which is the category that ActiveTrust addresses is: A more dynamic model than traditional security modelsAssumes that the protection can be updated in the fieldAssumes that given enough investment by hackers, a protection solution will be crackedIt is gaining acceptance …Security requirements imposed by Studios mirror thisSome CW customers have partially implemented content protection schemes that reflect thisIt’s readily accepted when presented to prospects, influencers and owners/custodians of DA’sThis is similar to what we do in PAY-TV to protect the business model of our customers, in this case operators. In that case, we use:Smartcard or Cloaked CA, Flexi Flash technology for renewability,And Offer security services to protect our customersIn this case, we apply different technologies and protect different assets and business models but in the same manner.