A Digital Rights Enabled Graphics Processing System

yellvillepotatocreekΛογισμικό & κατασκευή λογ/κού

2 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

94 εμφανίσεις

A Digital Rights Enabled
Graphics Processing System

Weidong Shi

Hsien
-
Hsin “Sean” Lee

Richard M. Yoo

Alexandra Boldyreva

Motorola Labs

Georgia Tech

Georgia Tech

Georgia Tech

Why Digital Rights Management (DRM)
and Content Protection?


id software Kevin Cloud



"this (piracy) is what’s killing

PC games"


“… but you may literally have more games being
played illegitimately than being played
legitimately.



“… it is a very serious problem.




There isn’t any magical solution, or else we’d solve
it.”


Graphics As Assets


Protect graphics apps by
protecting the graphics
assets instead of the sw.


Avatars, in
-
game
graphics assets sale raise
steadily


$10M per month in
-
game
assets sale in Korea
alone


$880M trading in US
(2004)

It is a non
-
trivial task


If security is easy to add, it
is easy to remove.


Never underestimate the
hackers (XBOX incidence)


Graphics DRM


Protect against SW attacks


Protect against simple


“Radioshack” HW attacks


Software
-
based DRM


Disadvantages


Insecure


Not tamper proof


Advantages


Easy to change


Flexible

3D apps

mesh

texture

shader

OpenGL/

Direct3D

SW

DRM

Frame

Buffer

DRM Design Space


Many design choices
for unlocking DRMed
contents.


Hackers can always
go to the level
below to defeat a
DRM system.


Typical SW DRM
unlocks at App level.

Real time

3D apps

Graphics

API(OpenGL/Direct3D)

Device

Driver

DRMed Contents

Unlock at
App level

Unlock at
API level

Unlock at
Driver level

Unlock at
Device level

Our Idea


DRM Enabled GPU

DRM Enabled GPU

Protected Graphics Assets

(mesh, textures, shaders)


Protect graphics assets
with encryption and
rights licenses.


Decrypt graphics assets
by a DRM enabled GPU

DRM

DRM Enabled GPU


Advantages


Strong security protection, contents decrypted


right before their consumption


Against SW tampers/attacks


API hijack, graphics file reverse engineering, etc.


High performance


HW decryption vs. SW decryption


Disadvantages


Less flexible

GPU with DRM Block

PCI
-
Express

Host/Memory

Interface

Graphics/Video

Memory

GPU Pipeline

Vertex

Cache

Texture

Cache

Cryptographic

Unit

License

Processing Unit

Context

Information

DRM

Block

Rights License and Content Keys

Public(GPU)

Private
-
pair(GPU)

license

license

Content keys


Graphics contents or assets are licensed


Graphics contents or assets are encrypted with content keys.
Encrypted content keys included in graphics content licenses.


Content licenses are certified and distributed


Only targeted GPU can extract/use the content keys from the
licenses.


Binding Context


Constraints of binding among vertex data, textures,
and shaders


Created based on graphics assets licenses


Security context (protected when stored in
exposed storage)


Contains all information for decrypting graphics
assets by a GPU

Binding Context

Vertex Attr

Decryption Key, Digest Key

Texture

Decryption Key, Digest Key

Shader

Digest Key

Graphics API Extension


Encrypted Data Array/Texture Types


Encrypted{234}f, Encrypted_R8G8B8A8, …


Encrypt collection of vertex attributes or texture
tile as a chunk.


Compute a digest or hashed MAC for each
encrypted chunk


Protected Graphics Objects

glVertexAttribPointerPrivateARB(





0, Encrypted4f, GL_FALSE, 0, &vertex);


glVertexAttribPointerPrivateARB(





8, Encrypted2f, GL_FALSE, 0, &text_coord);

Graphics API Extension


API Extension


GenBindingContext(int size, int* ptr_to_handles)



ConfigBindingContext(

int handle, enum type, int graphics_object_handle,



unsigned char* license)

type = Encrypted_VERTEX_ATTR0..15



type = PRIVATE_TEXTURE0..7



type = VERTEX_SHADER|FRAGMENT_SHADER|…


graphics_object_handle = handle to vertex,texture,or shader



license = license byte array


EnableBindingContext(int handle)


DisableBindingContext(int handle)


DeleteBindingContext(int handle)

Graphics Data Protection Check



Vertex/Tex

Cache

&

Vertex/Tex

Fetch Unit

Encrypted Vertex

Attr/Tex Tiles

Encrypted Vertex

Attr/Tex Tiles



Encrypted Vertex

Attr/Tex Tiles

Digest/

HMAC

Digest/

HMAC

Digest/

HMAC

Decryption

Unit

Vertex
Attr

Decryption Key,

Digest Key

Texture

Decryption Key,

Digest Key

Shader

Digest Key

Binding Context

HMAC

Unit

?

GPU Front
-
End

Counter Mode Example (Encrypted Texels)



Vertex/Tex

Cache

&

Vertex/Tex

Fetch Unit

Encrypted

Texels

Decryption Key

Binding Context

GPU Front
-
End

Memory Unit

Graphics

Memory

Graphics

Memory



Decryption

Pad

AES Engine

Texel Tile

Coord

Offset

Padding

Counter value


Fetch Address

Cal/Translation

XOR

Division of Labor

CPU
-
GPU Level
-
of
-
Detail

CPU

GPU

Collision detection

Coarse backface culling

Transformation

Lighting

Animation

Unprotected Graphics Data

Protected Graphics Data



CPU processes unprotected coarse level graphics data



GPU processes protected fine
-
grained graphics data

Optional Depth Buffer

Protection



Frame Buffer

Operation Unit

Depth Buffer

Depth

Decryption Unit

Depth

Buffer

Symmetric Key

Context

Depth

Encryption Unit

Z
-
tile

Z
-
tile


Depth buffer key is applied to an application.

Evaluation

Setting

Apps

Quake 3D


4 demo maps

GPU Simulator

Qsilver (UVa)

AES unit #

8 (400K gates each)

Decryption
Throughput/Latency

40Gb/ps x 8,

2.5ns per stage x 11 = 27.5ns

HMAC Unit #

8 (19K gates each)

HMAC Latency

74ns

Graphics Memory

GDDR3 latency

Frame Rate Impact


Frame rate slowdown using protected assets
against regular assets


Reasonable impact on frame rate

Normalized Frame Rate (%)
50
60
70
80
90
100
q3dm1
q3dm7
q3dm17
q3tourney
average
Decryption Latency Sensitivity

Normalized Frame Rate (%)
50
55
60
65
70
75
80
85
90
95
100
q3dm1
q3dm7
q3dm17
q3tourney
average
27.5ns Decryption Lat
40ns Decryption Lat
Sensitivity of Cache Miss Rate

Normalized Frame Rate (%)
50
55
60
65
70
75
80
85
90
95
100
q3dm1
q3dm7
q3dm17
q3tourney
average
Low Miss (5%)
Med Miss (10%)
High Miss (20%)
Conclusions


Time to introduce DRM protection on real time
graphics assets.


The trend of GPU advancement enables new ways
of protecting graphics assets.


Graphics assets protection advocates joint
research from DRM, Graphics, and GPU community.


GPU
-
based graphics assets protection is more
effective.


We studied feasibility of GPU based graphics DRM.


Further research is required.



Thank You!

http://arch.ece.gatech.edu