• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer

mkpeReport

top analysis covering digital cinema, 3-D, HFR, and laser illumination

  • Reports
  • About
  • mkpe.com
  • cinepedia.com

TI, DCI, and the SMPTE ASM

May 2009 by Michael Karagosian

With the eventual introduction of the TI Series 2 projector comes a security issue that must be dealt with. TI diligently followed the DCI specification in its Series 2 design, choosing a security topology that involves two security devices, or SPBs (Secure Processing Blocks), within the body of the projector. Technically, this leaves two certificates to track and include in the security key’s trusted device list. (In acronym-land, the TDL in the KDM.) The SMPTE standard for retrieving the certificate in the projector, called ASM (for Auditorium Security Message), can only pull one certificate. Herein lies a very significant problem.

If the SMPTE standard is changed to pull two certificates from the projector, then 10,000 servers now in the field will be unable to drive the forthcoming Series 2 projector. The existing servers can’t be changed without undergoing considerable expense, as, for most designs, the entire FIPS-certified media block must be changed out with a new media block that implements the revised command. In addition, the company that manufactures the new media block has to undergo a new FIPS certification for the revised design. All of this takes time and money.
If the time and money aren’t spent, a likely scenario, then the industry will end up with two classes of 2K servers in the field: those that can drive the Series 2 projector, and those that can’t. Such differentiation can dramatically devalue the server that can’t.

The question has been raised by several people as to whether or not security is really compromised by not having the ability to disable one of the security managers in the Series 2 projector.

Secure Processing Blocks and Link Decryption

The argument goes like this:

In the drawing above, the secure media block is inside a server, and the projector in question has two secure processing blocks: one for link decryption, and another for the core projector. Industry requirements dictate that the link decrypter SPB must be installed by a qualified and trusted technician such that the link decrypter becomes “married” to the projector SPB.

The crux of security in this case is for the media block to know, by means of the trusted device list (TDL) in the security key (KDM), that it is connected to a valid projector. The link decrypter is already trusted, since it is tamper responsive, and installed by a trusted technician who married it to the projector. The purpose of the TDL is to manage isolated problems. I.e., if a projector is known to be out-of-service or to have been modified in an unacceptable manner, then the content owner may refuse to allow the KDM to play its content on this projector.

The link decrypter is FIPS certified, which means it has undergone a rigorous examination for managing secure transactions and cannot be tampered with. Since the link decrypter receives its encrypted data from the media block, and transmits encrypted data to the projector SPB, a hack of the link decrypter would not be an isolated problem. If the link decryptor was hackable, then an entire series of product would be at risk. From a security view, the link decrypter cannot be effectively managed by a trusted device list, as a problem in such devices will not be isolated. The projector, however, is not FIPS certified, and can be hacked in an isolated manner. A security problem with a particular projector can be effectively managed by a TDL.

This simple analysis indicates that there is no advantage to blacklisting a particular link decrypter, and that single certificate management should be sufficient. However, content owners have yet to be convinced.

The issue goes well beyond the ASM standard. It points to the fragility of SMPTE standards and the DCI specification. One simple change can obsolete an entire generation of product. At some point, the changes must stop.

Filed Under: Projectors, Servers and IMBs, Trade Organizations and Shows Tagged With: ASM, DCI, KDM, SMPTE, TDL

Primary Sidebar

Search

Topics

  • 3-D
  • Accessibility
  • Alt Content & Advertising
  • Anti-Piracy
  • Color
  • Communications
  • Deployment Entities
  • Distributors
  • Exhibitors
  • Fulfillment
  • High Dynamic Range
  • Higher Frame Rates
  • Installations
  • Patents
  • Projectors
  • Servers and IMBs
  • Sound
  • Technical Bodies
  • Theatre Management Systems
  • Trade Organizations and Shows

Full Archives

a publication of
MKPE Consulting LLC

Footer

Important Stuff

  • About
  • Privacy Policy

Archives

  • Category & Monthly Archives
Archives date back to 2008.

MKPE

mkpeReport is a publication of MKPE, a world-class consultancy building business at the crossroads of cinema and technology.
Learn more about MKPE.

copyright © 2008 - 2023 mkpe consulting llc

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo