Title: A Digital Rights Enabled Graphics Processing System
1A Digital Rights Enabled Graphics Processing
System
- Weidong Shi
- Hsien-Hsin Sean Lee
- Richard M. Yoo
- Alexandra Boldyreva
Motorola Labs Georgia Tech Georgia Tech Georgia
Tech
2Why Digital Rights Management (DRM) and Content
Protection?
- id software Kevin Cloud
- "this (piracy) is whats killing
- PC games"
- but you may literally have more games being
played illegitimately than being played
legitimately. - it is a very serious problem.
- There isnt any magical solution, or else wed
solve it.
3Graphics As Assets
- Protect graphics apps by protecting the graphics
assets instead of the sw. - Avatars, in-game graphics assets sale raise
steadily - 10M per month in-game assets sale in Korea alone
- 880M trading in US (2004)
4It is a non-trivial task
- If security is easy to add, it is easy to remove.
- Never underestimate the hackers (XBOX incidence)
- Graphics DRM
- Protect against SW attacks
- Protect against simple
- Radioshack HW attacks
5Software-based DRM
- Disadvantages
- Insecure
- Not tamper proof
- Advantages
- Easy to change
- Flexible
3D apps
mesh
texture
shader
OpenGL/ Direct3D
DRM
SW
Frame Buffer
6DRM Design Space
DRMed Contents
- Many design choices for unlocking DRMed contents.
- Hackers can always go to the level below to
defeat a DRM system. - Typical SW DRM unlocks at App level.
Unlock at App level
Real time 3D apps
Graphics API(OpenGL/Direct3D)
Unlock at API level
Device Driver
Unlock at Driver level
Unlock at Device level
7Our Idea DRM Enabled GPU
DRM
DRM Enabled GPU
- Protect graphics assets with encryption and
rights licenses. - Decrypt graphics assets by a DRM enabled GPU
Protected Graphics Assets (mesh, textures,
shaders)
8DRM Enabled GPU
- Advantages
- Strong security protection, contents decrypted
- right before their consumption
- Against SW tampers/attacks
- API hijack, graphics file reverse engineering,
etc. - High performance
- HW decryption vs. SW decryption
- Disadvantages
- Less flexible
9GPU with DRM Block
Graphics/Video Memory
PCI-Express
Host/Memory Interface
DRM Block
Context Information
Vertex Cache
Texture Cache
Cryptographic Unit
License Processing Unit
GPU Pipeline
10Rights License and Content Keys
- Graphics contents or assets are licensed
- Graphics contents or assets are encrypted with
content keys. Encrypted content keys included in
graphics content licenses. - Content licenses are certified and distributed
- Only targeted GPU can extract/use the content
keys from the licenses.
11Binding Context
Binding Context
Vertex Attr Decryption Key, Digest Key
Texture Decryption Key, Digest Key
Shader Digest Key
- Constraints of binding among vertex data,
textures, and shaders - Created based on graphics assets licenses
- Security context (protected when stored in
exposed storage) - Contains all information for decrypting graphics
assets by a GPU
12Graphics API Extension
- Encrypted Data Array/Texture Types
- Encrypted234f, Encrypted_R8G8B8A8,
- Encrypt collection of vertex attributes or
texture tile as a chunk. - Compute a digest or hashed MAC for each encrypted
chunk - Protected Graphics Objects
- glVertexAttribPointerPrivateARB(
- 0, Encrypted4f, GL_FALSE, 0, vertex)
- glVertexAttribPointerPrivateARB(
- 8, Encrypted2f, GL_FALSE, 0, text_coord)
13Graphics API Extension
- API Extension
- GenBindingContext(int size, int
ptr_to_handles) - ConfigBindingContext(
int handle, enum type, int
graphics_object_handle, unsigned
char license) - type Encrypted_VERTEX_ATTR0..15
- type PRIVATE_TEXTURE0..7
- type VERTEX_SHADERFRAGMENT_SHADER
- graphics_object_handle handle
to vertex,texture,or shader - license license byte array
- EnableBindingContext(int handle)
- DisableBindingContext(int handle)
- DeleteBindingContext(int handle)
14Graphics Data Protection Check
Encrypted Vertex Attr/Tex Tiles
Encrypted Vertex Attr/Tex Tiles
Digest/ HMAC
Digest/ HMAC
Encrypted Vertex Attr/Tex Tiles
Digest/ HMAC
Binding Context
Vertex/Tex Cache Vertex/Tex Fetch Unit
Decryption Unit
Vertex Attr Decryption Key, Digest Key
Texture Decryption Key, Digest Key
Shader Digest Key
?
HMAC Unit
GPU Front-End
15Counter Mode Example (Encrypted Texels)
Graphics Memory
Graphics Memory
Memory Unit
Fetch Address Cal/Translation
Encrypted Texels
Decryption Pad
AES Engine
Vertex/Tex Cache Vertex/Tex Fetch Unit
XOR
Counter value
Decryption Key
GPU Front-End
Binding Context
16Division of Labor CPU-GPU Level-of-Detail
Collision detection Coarse backface culling
CPU
Transformation Lighting Animation
GPU
- CPU processes unprotected coarse level graphics
data - GPU processes protected fine-grained graphics
data
17Optional Depth Buffer Protection
Depth Buffer
Z-tile
Z-tile
Context
Depth Decryption Unit
Depth Encryption Unit
Depth Buffer Symmetric Key
Frame Buffer Operation Unit
- Depth buffer key is applied to an application.
18Evaluation
Setting
Apps Quake 3D 4 demo maps
GPU Simulator Qsilver (UVa)
AES unit 8 (400K gates each)
Decryption Throughput/Latency 40Gb/ps x 8, 2.5ns per stage x 11 27.5ns
HMAC Unit 8 (19K gates each)
HMAC Latency 74ns
Graphics Memory GDDR3 latency
19Frame Rate Impact
- Frame rate slowdown using protected assets
against regular assets - Reasonable impact on frame rate
20Decryption Latency Sensitivity
21Sensitivity of Cache Miss Rate
22Conclusions
- Time to introduce DRM protection on real time
graphics assets. - The trend of GPU advancement enables new ways of
protecting graphics assets. - Graphics assets protection advocates joint
research from DRM, Graphics, and GPU community. - GPU-based graphics assets protection is more
effective. - We studied feasibility of GPU based graphics DRM.
- Further research is required.
23Thank You!
http//arch.ece.gatech.edu