ISO IEC 23009-4-2013 Information technology - Dynamic adaptive streaming over HTTP (DASH) - Part 4 Segment encryption and authentication《信息技术 超文本传输协议(HTTP)上的动态自.pdf

1、 Reference number ISO/IEC 23009-4:2013(E) ISO/IEC 2013INTERNATIONAL STANDARD ISO/IEC 23009-4 First edition 2013-07-01 Information technology Dynamic adaptive streaming over HTTP (DASH) Part 4: Segment encryption and authentication Technologies de linformation Diffusion en flux adaptatif dynamique su

2、r HTTP (DASH) Partie 4: Cryptage et authentification des segments ISO/IEC 23009-4:2013(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2013 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanic

3、al, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11

4、 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2013 All rights reservedISO/IEC 23009-4:2013(E) ISO/IEC 2013 All rights reserved iiiContents Page Foreword . v Introduction vi 1 Scope 1 2 Normative references 1 3 Definitions 2 3.1 Terms and definitio

5、ns . 2 3.2 Abbreviated terms . 2 3.3 Notation 3 4 Introduction 3 4.1 Segment Encryption 3 4.2 Segment Authentication . 4 4.3 MPD security 5 5 Signalling encryption and authentication . 5 5.1 Encryption declaration 5 5.1.1 ContentProtection element 5 5.1.2 SegmentEncryption element 6 5.1.3 License el

6、ement . 7 5.1.4 Common cryptoperiod properties . 7 5.1.5 CryptoPeriod element . 8 5.1.6 CryptoTimeline element 9 5.2 Authentication declaration . 10 5.2.1 General . 10 5.2.2 ContentAuthenticity element . 11 5.2.3 URL derivation . 11 6 Segment encryption 12 6.1 Segment Format 12 6.2 Key systems . 12

7、6.2.1 General . 12 6.2.2 License-based Key Systems 12 6.3 Encryption systems 12 6.3.1 General . 12 6.3.2 AES-128 CBC Encryption System . 13 6.3.3 AES-128 GCM Encryption System . 13 6.4 Cryptoperiods 13 6.4.1 General . 13 6.4.2 Assigning segments to cryptoperiods 13 6.4.3 Key derivation 14 6.4.4 IV d

8、erivation . 15 6.4.5 AAD derivation . 16 6.5 Adding new encryption and key systems . 16 7 Segment authentication 16 7.1 General . 16 7.2 Algorithms 16 7.2.1 SHA-256 16 7.2.2 HMAC-SHA1 . 16 Annex A (normative) XML Schema . 17 Annex B (informative) Implementation Guidelines 19 ISO/IEC 23009-4:2013(E)

9、iv ISO/IEC 2013 All rights reservedB.1 Key Delivery .19 B.2 Encryption 19 B.3 Content Authenticity19 Annex C (informative) MPD Examples and Usage .20 C.1 Video on Demand .20 C.2 Live Event with Key Rotation and Authentication 21 C.3 Use of Arbitrary ISO-BMFF Content Protection with Content Authentic

10、ation 22 C.4 Use of License-based Key Transport 24 ISO/IEC 23009-4:2013(E) ISO/IEC 2013 All rights reserved vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National b

11、odies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Othe

12、r international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules

13、 given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires appro

14、val by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 23009-4 was prepared by J

15、oint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 29, Coding of audio, picture, multimedia and hypermedia information. ISO/IEC 23009 consists of the following parts, under the general title Information technology Dynamic adaptive streaming over HTTP (DASH): Part 1: Medi

16、a presentation description and segment formats Part 2: Conformance and reference software 1 Part 3: Technical Report 2 Part 4: Segment encryption and authentication 1To be published. 2To be published. ISO/IEC 23009-4:2013(E) vi ISO/IEC 2013 All rights reservedIntroduction Dynamic Adaptive Streaming

17、over HTTP (DASH) enables media-streaming model for delivery of media content in which control lies exclusively with the client. Clients may request data using the HTTP protocol from standard web servers that have no DASH-specific capabilities. Consequently, ISO/IEC 23009 focuses not on client or ser

18、ver procedures but on the data formats used to provide a DASH Media Presentation. This part of ISO/IEC 23009 provides methods and interfaces for segment encryption and verification of segment integrity and authenticity INTERNATIONAL STANDARD ISO/IEC 23009-4:2013(E) ISO/IEC 2013 All rights reserved 1

19、Information technology Dynamic adaptive streaming over HTTP (DASH) Part 4: Segment encryption and authentication 1 Scope This part of ISO/IEC 23009 specifies: format-independent segment encryption and signalling mechanisms for use with any media segment format used in DASH (ISO/IEC 23009-1:2012); me

20、chanisms to ensure segment integrity and authenticity for use with any segment used in DASH (ISO/IEC 23009-1:2012). 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only t

21、he edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 23009-1:2012, Information technology Dynamic adaptive streaming over HTTP (DASH) Part 1: Media presentation description and segment formats Advanced Encryption

22、Standard, Federal Information Processing Standards Publication 197, FIPS- 197, http:/www.nist.gov/ Secure Hash Standard, Federal Information Processing Standards Publication 180, FIPS 180- 3, http:/www.nist.gov/ Recommendation of Block Cipher Modes of Operation, NIST, NIST Special Publication 800- 3

23、8A, http:/www.nist.gov/ Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, NIST, NIST Special Publication 800-38D, http:/www.nist.gov/ IETF RFC 2104, HMAC: Keyed-Hashing for Message Authentication, H. Krawczyk, M. Bellare, R. Canetti, February 1997 IETF RFC 2616,

24、 Hypertext Transfer Protocol HTTP/1.1, June 1999 IETF RFC 3986, Uniform Resource Identifier (URI): Generic Syntax, January 2005 IETF RFC 5246, The Transport Layer Security (TLS) Protocol, T. Dierks et al, August 2008 IETF RFC 5652/STD 70, Cryptographic Message Syntax (CMS), R. Housley, September 200

25、9 ISO/IEC 23009-4:2013(E) 2 ISO/IEC 2013 All rights reserved3 Terms, definitions and abbreviated terms 3.1 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1.1 additional authenticated data input data to the authenticated encryption function that

26、is authenticated but not encrypted 3.1.2 authentication tag cryptographic checksum on data that is designed to reveal both accidental errors and the intentional modification of the data 3.1.3 authenticated encryption mode of operation in which the plaintext is encrypted into the ciphertext, and an a

27、uthentication tag is generated on the AAD and the ciphertext 3.1.4 cryptoperiod number of continuous segments for which the same encryption key and the same initialization vector are used 3.1.5 encryption system system used for encryption of Media Segments using keys provided by the Key System 3.1.6

28、 key system system that provides keys necessary for decryption of Media Segments 3.1.7 segment number unique positive integer associated with a Media Segment within a Representation Note 1 to entry: The Media Segment presented (in presentation order) after Media Segment with Segment Number N has Seg

29、ment Number N+1. 3.2 Abbreviated terms For the purposes of this document, the following abbreviated terms apply. AAD Additional Authentication Data AES Advanced Encryption Standard as specified in FIPS-197 AES-CBC AES cipher in Cipher Block Chaining mode, as specified in NIST 800-38A ECB Electronic

30、Code Book, as specified in NIST 800-38A AES-GCM AES cipher in Galois/Counter Mode, as specified in NIST 800-38D HMAC Hash-based Message Authentication Code, as specified in IETF RFC 2104 IV Initialization Vector MPD Media Presentation Description, as specified in ISO/IEC 23009-1:2012 ISO/IEC 23009-4

31、:2013(E) ISO/IEC 2013 All rights reserved 3SHA Secure Hash Algorithm, as specified in FIPS 180-3 SN Segment Number TLS Transport Layer Security URI Uniform Resource Identifier URL Uniform Resource Locator URN Uniform Resource Name 3.3 Notation Media Segment with Segment Number i: S(i) Cryptoperiod s

32、tarting with Segment Number i and having d Media Segments: CP(i,d) Key and initialization vector in use during CP(i,d): K CP(i,d) , IV CP(i,d)4 Introduction 4.1 Segment Encryption The content protection framework provided in this part of ISO/IEC 23009 is a framework for out-of-band derivation of par

33、ameters needed for successful decryption of media segments. The tools provided are MPD interfaces that allow derivation of key and initialization parameters, baseline encryption and key resolution methods, and, lastly, it provides extensibility points to accommodate different key resolution and encr

34、yption algorithms using the same interface. Conceptually, the content protection framework provided in this part of the standard can be viewed as two entities, key system and encryption system. Key system derives keys associated with a segment given the information provided in the MPD, while the enc

35、ryption system decrypts media segments given the information provided in the MPD and encryption keys provided by the key system. The baseline mandatory system applies AES-CBC encryption to a complete segment and uses HTTP(S) for key transport. In this baseline system the DASH client will be able to

36、recognize uniquely for each segment which key and initialization vector were used for their encryption. The client will then issue a GET request for the key, and will either issue a GET request for the initialization vector or derive it locally. After receiving key and initialization vector, the DAS

37、H client can successfully decrypt the media segment and pass it to the media engine. In this description, AES-CBC full-segment encryption is the encryption system, and key retrieval using HTTP(S) is the key system. ISO/IEC 23009-4:2013(E) 4 ISO/IEC 2013 All rights reservedContent Protection Key Serv

38、er key = getKey(keyUrl) key DASH Client decryptSegment(S(M) keyUrl = deriveUrl(M) IV = deriveIV(M) decrypt(key,IV,S(M) segmentFigure 1 Baseline Segment Encryption As most DRM systems employ license-based systems to derive keys, license-based key systems are supported in this standard. In this case,

39、a license is retrieved, and the key URIs are opaque key identifiers. The license-based key system will resolve these IDs into keys in an unspecified way, and pass the keys to an encryption system. The latter, having keys provided by the key system and the encryption information (e.g. algorithm speci

40、fication and IV) provided by the MPD, decrypts the media segment. Additional encryption methods can be signalled using URIs and (possibly) generic encryption-related parameters provided in this part of ISO/IEC 23009This part of ISO/IEC 23009 is format-independent: it does not apply specifically to a

41、ny type of media segment, and its notion of cryptoperiods is completely divorced from any specific segment type. The baseline encryption system applies to a complete segment. The normative part of this framework provides (a) the MPD interface, and (b) baseline key and encryption systems. These are s

42、hown in Figure1 Baseline Segment Encryption. Note that the implementation shown in this figure is for illustration purposes, and many of the operations can be optimized e.g. by parallelization and pre-fetching. The Segment Encryption scheme specifies standard encryption and key mapping methods that

43、may be used when segment protection is needed. The scheme operates by applying encryption to segments, which are thus transmitted in a protected fashion. Definitions are provided to identify the segments as encrypted, and to identify the appropriate key(s) and IV(s) from a MPD. 4.2 Segment Authentic

44、ation The Segment Authentication framework is a framework allowing use of authenticity tags for all DASH segment types in order to verify the origin and content authenticity. This framework works by calculating a digest or a MAC of an unencrypted segment, and storing the value externally. The MPD in

45、terface provides URL templates to retrieve these, using HTTPS or HTTP. The client retrieves the digest/signature, then calculates them locally on the decrypted (sub)segment, and can reject the (sub)segment in case of a mismatch. If used together with encryption, the mode of operation of this framewo

46、rk is “authenticate, then encrypt“, rather than the more common “encrypt, then authenticate“ mode. The former provides an important feature of encryption invariance: if no encryption, or different encryption algorithm or/and parameters were used for encryption of the same media segment for serving i

47、t to different clients, the authenticity tag will still stay the same as long as the content itself has not changed. ISO/IEC 23009-4:2013(E) ISO/IEC 2013 All rights reserved 5Segment Authentication is independent of any content protection scheme, and may be used on unencrypted segment, as well as on

48、 encrypted segments encrypted using any DRM system. Note that this implies that use of the Content Protection framework of this part of ISO/IEC 23009 is not required in order to use the Content Authentication framework. The normative part of this framework provides (a) the MPD interface, and (b) a b

49、aseline authenticity algorithm. 4.3 MPD security The frameworks provided in this part of ISO/IEC 23009 are as secure as the MPD is. Therefore it is extremely important to protect the MPD, e.g. by transmitting it over a secure connection, by verifying its integrity and authenticity. Methods of MPD protection are out of scope of this standard. 5 Signalling encryption and authentication 5.1 Encryption declaration 5.1.1 ContentProtection element 5.1.1.1 Definition The application of the encryption format defi