Beyond Mobile: A Broader Set of Use Cases Where Zimperium Can Help Secure Your Organization
Securing DRM Solutions for Media Streaming
The goal of DRM (digital rights management) solutions is to ensure paid-for content is played back securely on every supported platform. The process leverages encryption and a series of steps to ensure that content is only being viewed by an authorized user via an approved platform. Content providers, distribution networks, and streaming apps use DRM solutions to protect premium content on different platforms.
Users today login to streaming apps and select a piece of content to start streaming. Clicking “Play” creates a request with the content ID and device ID, which is then sent to the Content Delivery Network (CDN). The CDN stores the content segmented into smaller pieces for various resolutions (HD, 4K) and network speeds (3G, LTE, WiFI, 5G). Once the encrypted content is received from the CDN, the DRM component within the browser or apps (video player) connects with the DRM license server and verifies the user is authorized to view the content on that specific device. A license key that contains the content decryption keys is then sent back and the content playback begins as soon as the browser or app starts decrypting the requested content.
But standard encryption algorithms are vulnerable to attacks, especially when the app, device, or network is controlled by a malicious actor, so DRM solution providers need a security solution to ensure their decryption keys cannot be stolen. With Zimperium’s zKeyBox solution, DRM solution providers can secure the delivery of license and content decryption keys with white-box cryptography. Additionally, zKeyBox can secure the content decryption process on the end users’ device without any reliance on the device’s secure hardware.
Security for Set-Top Boxes (STB) & Broadcasting
The traditional model used by broadcasters for revenue protection has been Conditional Access (CA) where the broadcaster scrambles all the pay channels. It was designed to manage access to subscription services delivered via cable or satellite. Since the CA process uses multiple cryptographic keys, the set-top box (STB) is provided with the decryption keys and the algorithm to unscramble the channels that the viewer is eligible for.
Digital television has changed what piracy means. A clone of an HDTV broadcast is very good quality. It can be easily copied and distributed across the world, leading to substantial loss of market for subscription services and retail products such as Blu-ray and DVD. With the introduction of HDTV, a solution to the problem of copying was developed in the introduction of high-bandwidth digital content protection (HDCP). The STB forms a protected domain for the content. The STB stores the decryption keys and decrypts the content for playback.
Cable and Satellite providers procure STB hardware from several manufacturers, resulting in multiple secure hardware configurations that don’t always support the same encryption schemes. Therefore, providers cannot rely on hardware-based security to protect content-related keys. But failure to secure content-related keys, can result in premium content being streamed for free.
With Zimperium’s zKeyBox, cable and satellite companies can secure content decryption keys and the decryption process on the set-top box without any reliance on the STB hardware. This prevents providers from incurring hardware refresh costs that get triggered due to security non-compliance.
Protecting Data Used by Vehicles’ Connected Services & Apps
With connected services and infotainment apps, automakers bundle capabilities and integrate the necessary hardware and software directly into the vehicles. Some infotainment apps connect through a smartphone and others are directly installed on the car’s console.
Every car company offers some level of connectivity, which can range from free Apple CarPlay and Android Auto integration to subscription-based live concierge assistance. For example, the General Motors OnStar, NissanConnect, and Toyota Connected Services systems. Data used by connected services and infotainment apps needs to be securely stored and transmitted.
Developers can use zScan to build secure infotainment apps (OEM and/or Third-Party) that enable safe and pleasant driving experiences. Additionally, car companies can use zKeyBox to ensure the secure transmission of data to and from their vehicles for critical connected services, such as in-vehicle safety and security systems that offer roadside assistance, automatic crash response, and stolen vehicle assistance.
Applying OWASP’s Mobile App Security Guidance With Confidence
Download our whitepaper for practical advice on how to apply OWASP’s mobile app security guidance with confidence.
Video: Top Source Code Obfuscation Techniques
In this video, we show the top obfuscation security techniques used by mobile app developers around the world.