AVPlayerできちんとコンテンツ保護

Transcript

1. AVPlayerͰ͖ͪΜͱίϯςϯπอޢ ߦ໦ ઍय़ʢͳΊ͖ ͪ͸ΔʣTwitter, GitHub @Ridwy Streaming Client Team, גࣜձࣾ

   AbemaTV iOSDC JAPAN 2021, day2 (9/19)

2. ܦྺ גࣜձࣾϐΫηϥ 2005 ~ 2015 
 TVνϡʔφʔ, Χϝϥ, ը૾ॲཧ Mac,

   iPhoneͰ஍σδΛݟΔͨΊͷΞϓϦͳͲΛ୲౰ גࣜձࣾαΠόʔΤʔδΣϯτ 2015 ~ Amebaϒϩά iOSΤϯδχΞ AbemaTV Streaming Client Team

3. • ৽͍͠ະདྷͷςϨϏʮABEMAʯ • ΠϯλʔωοτςϨϏہʢ2015೥։ہʣ • 20Ҏ্ͷνϟϯωϧ, VOD, ଞ 
 ͞·͟·ͳࢹௌܗଶ

   • ੜதܧ΍൪૊੍࡞΋ख͕͚Δ גࣜձࣾAbemaTV

4. Streaming Client Teamʹ͍ͭͯ • ABEMA͸ଟ͘ͷϓϥοτϑΥʔϜΛαϙʔτ 
 iPhone, Apple TV, Android,

   Android TV, Web, IPTV, … 
 • ֤ϓϥοτϑΥʔϜͷ࠶ੜΫϥΠΞϯτʹ஫ྗ͠ɺࢹௌମݧΛ୲อɾ޲্͢ Δઐ໳νʔϜ • ϓϨΠϠʔͷ࣮૷, ࢹௌ඼࣭ͷ؂ࢹ, ৽ٕज़ͷPoC

5. ΞδΣϯμ AVPlayerͰ͖ͪΜͱίϯςϯπอޢ • AVPlayerʹ͍ͭͯ • HTTP Live Streamingͷ࢓૊Έ • ίϯςϯπอޢ͸ԿͷͨΊʁ

   • AES-128ʹΑΔ҉߸Խ഑৴ • FairPlay Streaming • ϚϧνϓϥοτϑΥʔϜͰಈըετϦʔϜΛอޢ͢Δʹ͸

6. AVPlayer AppleͷϓϥοτϑΥʔϜͰө૾ɾԻ੠Λ࠶ੜ͢ΔϓϨΠϠʔ ϩʔΧϧͷϑΝΠϧ͚ͩͰͳ͘ɺϦϞʔτͷϑΝΠϧ΍ετϦʔϛϯά΋࠶ੜՄೳ • ϝσΟΞΛѻ͏AVFoundation.frameworkʹ࣮૷͞Ε͍ͯΔ • AVFoundation͸·ͣiOSͰ։ൃ͞Εɺ2011೥ʹMacʹҠ২ • ಈըͳͲͷٕज़ͷਐาͱͱ΋ʹݱࡏ΋׆ൃʹ։ൃ͞Ε͍ͯΔ AVFoundation

7. HTTP Live Streaming (HLS) AVPlayerͰ࠶ੜͰ͖ΔετϦʔϛϯάܗࣜ • Live, VODͷͲͪΒʹ΋ରԠ • HTTPΛར༻͢ΔͨΊεέʔϥϏϦςΟʹ༏ΕΔ

   • Adaptive Bit Rate (ABR) 
 ճઢঢ়گʹΑΓ࠷దͳϏοτϨʔτͷετϦʔϜʹεΠονՄೳ • ࢓૊Έ্ɺ2, 3ඵҎԼͷ௿஗Ԇ഑৴͸࣮ݱग़དྷͳ͔͕ͬͨɺ 
 Low Latency HLSͷొ৔ʹΑΓෆՄೳͰ͸ͳ͘ͳͬͨ AppleʹΑͬͯ։ൃ͞ΕɺRFC8216ͱͯ͠ެ։ Android΍ϒϥ΢βͰ΋࠶ੜՄೳ ಛ௃

8. HTTP Live Streaming M3U8 ϓϨΠϦετ ϝσΟΞηάϝϯτ 
 TS or fMP4

   ϓϨΠϠʔ͸ϓϨΠϦετͷதʹهࡌ͞Ε͍ͯΔηάϝϯτΛ্͔Β࿈ଓͯ͠࠶ੜ ରԠCODEC: 
 HEVC or H.264, 
 AAC or AC-3

9. M3U8ϓϨΠϦετͷྫ #EXTM3U #EXT-X-TARGETDURATION:10 #EXTINF:9.009, http://media.example.com/first.ts #EXTINF:9.009, http://media.example.com/second.ts #EXTINF:3.003, http://media.example.com/third.ts

10. Adaptive Bit Rate (ABR) ϚελʔϓϨΠϦετ = ଳҬ͝ͱͷϝσΟΞϓϨΠϦετΛෳ਺ؚΉϓϨΠϦετ #EXTM3U #EXT-X-STREAM-INF:PROGRAM-ID=1, BANDWIDTH=200000

    gear1/prog_index.m3u8 #EXT-X-STREAM-INF:PROGRAM-ID=1, BANDWIDTH=311111 gear2/prog_index.m3u8 #EXT-X-STREAM-INF:PROGRAM-ID=1, BANDWIDTH=484444 gear3/prog_index.m3u8 ετϦʔϜͷ࠷େϏοτϨʔτ (bps)

11. Adaptive Bit Rate (ABR) ϓϨΠϠʔ͸ճઢঢ়گʹԠͯ͡࠷దͳετϦʔϜʹεΠον͠ͳ͕Β 
 ׈Β͔ͳ࠶ੜΛଓ͚Δ ి೾͕ѱ͘ͳͬͯདྷͨͧʁ 
 ௿ը࣭ʹ੾Γସ͑ͯ͠ͷ͝͏

    ͓ɺվળͯ͠དྷͨ ߴը࣭ʹ໭ͬͨʂ😃 Low High

12. ίϯςϯπอޢ͸ԿͷͨΊʁ

13. ίϯςϯπอޢͷඞཁੑ Ξφϩάഔମͷίϯςϯπ͸ίϐʔ͢Δͱ඼࣭͕ྼԽ͢Δ • ίϐʔͷՁ஋͕௿͍ͷͰஶ࡞ݖ؅ཧͷඞཁੑ͸ߴ͘ͳ͔ͬͨ σδλϧίϯςϯπ͸׬શͳίϐʔ͕Մೳ • ւ଑൛ͷൢച, ࡞඼ͷվม, … •

    ੍࡞ऀɾݖརऀ͕๬·ͳ͍ܗͰফඅ͞ΕΔͷΛ๷͙࢓૊Έ͕ඞཁ

14. ΋͠ɺಈը഑৴ͰԿ΋͠ͳ͔ͬͨΒʁ URLΛ஌͍ͬͯΕ͹ಈըΛݟΒΕΔͷͰ 
 ʮ࡞඼Λߪೖͯ͠΋Β͏ʯͱ͍͏ϏδωεϞσϧ͕੒ཱ͠ͳ͍ ͓ۚͷ໰୊͚ͩͰ͸ͳ͘… • ഑৴ଆʮձһݶఆίϯςϯπΛ഑৴͠Α͏ʂʯˠ ୭Ͱ΋ݟΒΕΔΑʁ • ग़ԋऀʮxxͷ൪૊ʹग़ԋ͠·ͨ͠ʂʯˠ

    ࣮࣭ɺશੈքͰϑϦʔૉࡐԽ ͋·Γָ͘͠ͳ͍ੈք

15. ༷ʑͳίϯςϯπอޢͷख๏ ΞΫηεํ๏Λ੍ݶ IP੍ݶ, υϝΠϯ੍ݶ, ॺ໊෇͖URL, ... ίϯςϯπΛ҉߸Խ ɹ҉߸Խ഑৴, DRM഑৴, ...

16. DRM σδλϧίϯςϯπͷஶ࡞ݖ؅ཧٕज़ Digital Rights Management ίϯςϯπΛ҉߸Խͯ͠कΔ อޢ͞Εͨܦ࿏ͰͷΈө૾΍Ի੠Λ࠶ੜ ࡞඼͕Ͳ͏࢖ΘΕΔ΂͖͔Λنఆ͠؅ཧ͢Δ

17. DRMͷ໰୊఺ ಛఆͷαʔϏε΍؀ڥʹґଘ • DRMίϯςϯπΛར༻Ͱ͖Δͷ͸ɺͦͷίϯςϯπΛߪೖͨ͠αʔϏεͷΈ Ͱ͋Δ͜ͱ͕ଟ͍ • ߪೖͨ͠ίϯςϯπΛӬԕʹར༻Ͱ͖Δอূ͸ͳ͍ 
 ిࢠॻ੶ͷετΞ͕Ϋϩʔζͨ͠Βʁ େྔͷίϯςϯπΛߪೖͨ͠ΞΧ΢ϯτ͸૬ଓͰ͖Δʁ

    
 ར༻ํ๏Λنఆ͢Δ΋ͷͳͷͰɺ࢖͍ʹ͘͞ʹܨ͕Γ΍͍͢ • Ωπ͗͢Ε͹੍ݶʹͳΓɺͻͲ͍৔߹͸ফඅऀͷݖརͷ৵֐ʹͳΔɻ 
 ࡞඼Λ࠷େݶʹָ͠ΊΔઃܭͰ͋Δ͜ͱ͕େ੾

18. ࡞඼Λ࠷େݶʹָ͠ΊΔઃܭ͕େ੾

19. ҉߸Խͷجૅ஌ࣝ ڞ௨伴҉߸ ಉ͡伴Ͱ҉߸Խɾ෮߸Խ Data 🔐

20. ϒϩοΫ҉߸ େ͖ͳσʔλΛ҉߸Խ͢ΔࡍɺϒϩοΫʹ෼͚ͯ҉߸Խ Block 🔒 ҉߸Խͷجૅ஌ࣝ Block 🔒 Block 🔒 Block

    🔒 Block 🔒 🔑

21. ҉߸Խͷجૅ஌ࣝ AES (Advanced Encryption Standard) • ୅දతͳڞ௨伴ϒϩοΫ҉߸ • ϒϩοΫ௕ 128bit

    • ԿϏοτͷ伴Λ༻͍Δ͔ʹΑͬͯ AES-128, AES-192, AES-256ͱදه͞ΕΔ

22. Block Block 🔑 🔒 ҉߸Խͷجૅ஌ࣝ ϒϩοΫ҉߸ͷ҉߸ར༻Ϟʔυ CBC (Cipher Block Chaining)

    Ϟʔυ ෮߸Խʹ͸ॳظϕΫτϧ(IV)ͱ伴͕ඞཁ IV Block Block 🔑 🔒 Block Block 🔑 🔒 ॳظϕΫτϧ XOR XOR XOR

23. ҉߸Խͷجૅ஌ࣝ ϒϩοΫ҉߸ͷ҉߸ར༻Ϟʔυ CTR (Counter) Ϟʔυ CTR Block Block 🔑 🔒

    XOR CTR 🔒 CTR+1 Block Block 🔑 🔒 XOR CTR+1 🔒 CTR+2 Block Block 🔑 🔒 XOR CTR+2 🔒 ҉߸Խɾ෮߸Խͱ΋ʹฒྻԽ͕Մೳ

24. ҉߸Խͷجૅ஌ࣝ ެ։伴҉߸ • ڞ௨伴҉߸͸伴Λ͍͔ʹ҆શʹ૬खʹ౉͔͕͢՝୊ 
 → ͦΕͳΒ҉߸Խͱ෮߸Խͷ伴Λผʹ͢Ε͹͍͍͡Όͳ͍ 
 ҉߸ԽͰ͖Δ͚ͩͷ伴͕όϨͯ΋໰୊ͳ͍͠ɺͳΜͳΒެ։ͯ͠΋🙆 


    • ڞ௨伴҉߸ͱൺ΂ͯॲཧ͕ॏ͍ͷͰେ༰ྔσʔλʹ͸޲͔ͳ͍ 
 → େ༰ྔσʔλΛڞ௨伴҉߸Ͱ҉߸Խͯ͠ɺ伴Λެ։伴҉߸Ͱ౉͢

25. ҉߸Խͨ͠ετϦʔϜΛHLSͰ഑৴͢Δ

26. AES-128ʹΑΔ҉߸Խ഑৴ ηάϝϯτશମΛAES-128 CBCϞʔυͰ҉߸Խ Segment 🔒 Segment 🔒 Segment 🔒 Segment

    🔒 #EXT-X-KEY:METHOD=AES-128,URI="伴Λऔಘ͢ΔͨΊͷ URI",IV=0x012345678901234567890123456789012

27. • URIʹ伴ͷ৔ॴͦͷ΋ͷΛॻ͘ͱɺๅശʹʮ伴͸ςʔϒϧͷ্ʯͱுΓࢴΛͯ͠ ͍ΔΑ͏ͳ΋ͷ 
 
 伴ͷ౉͠ํʹ޻෉͕ඞཁ • 伴ͷαʔόʹೝূػೳΛ͚ͭΔ • ΧελϜεΩʔϚΛར༻ͯ͠ΞϓϦଆͰಠࣗॲཧΛߦ͏

    • etc. • εΫϦʔϯγϣοτ΍ը໘࿥ըɺϛϥʔϦϯά͸Մೳ 
 ʢඞཁͳΒΞϓϦͷίʔυͰରࡦʣ AES-128ʹΑΔ҉߸Խ഑৴

28. AVContentKeySession ΞϓϦଆͰ伴Λऔಘ • ίϯςϯπͷ伴Λऔಘ͢ΔͨΊʹઃܭ͞ΕͨAPI • ࠶ੜը໘ʹདྷͨΒɺ͋Β͔͡ΊΩʔΛऔಘ͓ͯ͘͜͠ͱ΋Մೳ 
 → Join Timeͷվળʹ໾ཱͭ

    • METHOD=AES-128Ͱ΋ɺγϛϡϨʔλͰ͸ಈ͔ͳ͍ʁ 
 ͜ͷΫϥεొ৔લ͔Β͋ΔAVAssetResourceLoader͸ಈ͘ 
 URLProtocolͰ΋ϑοΫՄೳ WWDC18 Session 507 AVContentKeySession Best Practices ࢀߟ:

29. session = AVContentKeySession(keySystem: .clearKey) session.setDelegate(self, queue: .global()) let asset =

    AVURLAsset(url: playlistURL) session.addContentKeyRecipient(asset) player = AVPlayer(playerItem: AVPlayerItem(asset: asset)) extension Foo: AVContentKeySessionDelegate { func contentKeySession(_ session: AVContentKeySession, didProvide keyRequest: AVContentKeyRequest) { getKey(from: keyRequest.identifier) { key in if let key = key { let response = AVContentKeyResponse(clearKeyData: key, initializationVector: nil) keyRequest.processContentKeyResponse(response) } else { keyRequest.processContentKeyResponseError(KeyError.unknown) } } } } AVContentKeySessionͰMETHOD=AES-128ͷ伴Λऔಘ͢Δྫ

30. FairPlay StreamingʹΑΔDRM഑৴ 伴ͷ഑৴ํ๏ΛఆΊͯɺ΋ͬͱݎ࿚ʹ͠Α͏

31. FairPlay Streaming (FPS) • AppleʹΑͬͯ։ൃ͞ΕͨಈըετϦʔϜΛอޢ͢ΔͨΊͷDRMٕज़ • AppleͷσόΠεʢ+ AirPlayରԠεϚʔτTVʣͰར༻Մೳ • ωΠςΟϒΞϓϦ

    & Safari • ηΩϡΞͳ伴ͷ഑৴ • HDCPͳͲʹରԠ͠ɺอޢ͞Εͨܦ࿏ͰͷΈө૾ɾԻ੠Λ࠶ੜ 
 εΫγϣΛࡱΔͱө૾ྖҬ͕ਅͬࠇʹͳΔ • ΦϑϥΠϯ࠶ੜ΍ϨϯλϧͷͨΊͷ࢓૊Έ͕͋Δ 
 ϏδωεϩδοΫࣗମ͸نఆ͠ͳ͍ • ແྉ

32. FairPlayͱུ͕ͪ͠Ͱ͕͢ผ෺Ͱ͢…💦 FairPlay = iTunes StoreͷΞΠςϜʹ࢖ΘΕ͍ͯΔDRMٕज़

33. FPSͰͷίϯςϯπͷ҉߸Խํࣜ • ίϯςφ಺ͷϏσΦΛϑϨʔϜຖɺΦʔσΟΦ͸αϯϓϧຖʹ 
 AES-128 CBCϞʔυͰ҉߸Խ • ϏσΦ͸શମͷ10%Λ҉߸Խ (encrypt:skip pattern

    of 1:9) 
 ϏσΦΛσίʔυͰ͖ͳ͘͢Δʹ͸ɺ෦෼తʹ҉߸Խ͢Ε͹े෼ #EXT-X-KEY:METHOD=SAMPLE-AES,URI="skd://key65", KEYFORMAT="com.apple.streamingkeydelivery",KEYFORMATVERSIONS="1"

34. ίϯςϯπͷ伴Λऔಘ͢ΔྲྀΕ Apple device OS App Key server Key Security Module

    Load Key Get SPC [CKC 🔑 ] [SPC] [SPC] [CKC 🔑 ] ࣮૷Օॴ ͪ͜ΒͰ४උ Apple Provided Key Security Module (KSM) ͸ 
 ҉߸Խ͞ΕͨServer Playback ContextΛड͚औͬͯ 
 ίϯςϯπͷ伴ΛؚΉContent Key ContextΛ 
 ੜ੒ɾ҉߸Խͯ͠ฦ͢

35. ίϯςϯπͷ伴Λऔಘ͢ΔྲྀΕ Apple device OS App Key server Key Security Module

    Load Key Get SPC [CKC 🔑 ] [SPC] [SPC] [CKC 🔑 ] ࣮૷Օॴ ͪ͜ΒͰ४උ Apple Provided • 伴Λ஌͍ͬͯΔͷ͸Key Serverͱ OSͷΈʢΞϓϦ΋஌Βͳ͍ʂʣ • ίϯςϯπ͸OSͷΧʔωϧͰ෮߸

36. FairPlay Streaming ૊ΈࠐΈखॱ 1. Key Security ModuleΛ࣮૷ 
 ެࣜϖʔδ͔Βμ΢ϯϩʔυͰ͖ΔSDKΛར༻͠ɺ·ͣ͸։ൃ༻ͷূ໌ॻͰ࣮૷ جຊతʹެࣜͷϖʔδΛݟͯ࡞ۀΛਐΊΔ

    https://developer.apple.com/streaming/fps/ FairPlay Streaming Server SDK • Programming Guide • KSMͷϦϑΝϨϯε࣮૷ • ςετϕΫλʔʢ࣮૷͕ਖ਼͍͔֬͠ೝ͢ΔͨΊͷςετ༻σʔλʣ • ΞϓϦɾSafariͷαϯϓϧίʔυ

37. 2. https://developer.apple.com/contact/fps/͔Β 
 FairPlay Streaming Deployment package 
 ΛϦΫΤετ FairPlay

    Streaming ૊ΈࠐΈखॱ ਖ਼͍͠໨తͰར༻͠Α͏ͱ͍ͯ͠Δ͔νΣοΫ͞ΕΔ Appleͷ୲౰ऀͱগ͠΍ΓͱΓ͢Δ͜ͱ΋

38. 3. ແࣄঝೝ͞ΕͨΒDeployment packageͷ಺༰ʹैͬͯҎԼΛੜ੒ • FairPlay Streaming ূ໌ॻʢΞϓϦέʔγϣϯূ໌ॻʣ 
 developerͷࣝผʹར༻ •

    ূ໌ॻʹඥͮ͘private key • Application Secret key (ASk) 4. Key Security Moduleͷ࣮૷Λੜ੒ͨ͠ূ໌ॻͳͲͰΞοϓσʔτ 5. อޢίϯςϯπ४උ 6. ΞϓϦ࣮૷ 
 SDKʹؚ·ΕΔαϯϓϧίʔυHLSCatalog͕ඇৗʹࢀߟʹͳΔ FairPlay Streaming ૊ΈࠐΈखॱ

39. SafariͰ΋ಉ༷ͷྲྀΕͰ伴ΛऔಘՄೳ Apple device EME JS Key server Key Security Module

    1. Load Key 2. Get SPC 6. [CKC 🔑 ] 3. [SPC] 4. [SPC] 5. [CKC 🔑 ] ࣮૷Օॴ ͪ͜ΒͰ४උ Apple Provided 1. 'webkitneedkey' event 2. Create keySession 3. 'webkitkeymessage' evnt with [SPC] 6. Update keySession with [CKC]

40. FairPlay Streaming over AirPlay อޢ͞ΕͨίϯςϯπΛApple TV΍εϚʔτTVͰʂ Apple device OS App

    Key server Key Security Module Apple TVͳͲ OS Player Streamer CDN ίϯςϯπ ΞϓϦ͸ [SPC], [CKC] ΛϦϨʔ ௥Ճͷ࣮૷͸ෆཁ

41. ϚϧνϓϥοτϑΥʔϜͰ 
 ಈըετϦʔϜΛอޢ͢Δʹ͸

42. ͞·͟·ͳDRMγεςϜ DRMγεςϜ ఏڙ ରԠϓϥοτϑΥʔϜ PlayReady Microsoft Windows, Android, iOS Widevine

    Google Android FairPlay Streaming Apple AppleσόΠε

43. Common Encryption (CENC) ͱDRM ίϯςϯπͷڞ௨҉߸ԽϑΥʔϚοτ DRMγεςϜ CTR CBC PlayReady ✔︎

    ✔︎ Widevine ✔︎ ✔︎ FairPlay Streaming ❌ ✔︎ 4.0Ҏ߱

44. ετϦʔϛϯάܗࣜͱ҉߸ར༻Ϟʔυ ετϦʔϛϯάܗࣜ CTR CBC HLS ❌ ✔︎ MPEG-DASH ✔︎ ❌

    MPEG-DASH (CMAF) ✔︎ ✔︎ CENCΛར༻ͯ͠ڞ௨ͷ҉߸ԽίϯςϯπΛར༻Ͱ͖Δͱخ͍͠ 
 ετϦʔϜͷCMAFରԠɺfMP4ԽͳͲ͕ඞཁ

45. AVPlayerͰ͖ͪΜͱίϯςϯπอޢ • AVPlayerʹ͍ͭͯ • HTTP Live Streamingͷ࢓૊Έ • ίϯςϯπอޢ͸ԿͷͨΊʁ •

    AES-128ʹΑΔ҉߸Խ഑৴ • FairPlay Streaming • ϚϧνϓϥοτϑΥʔϜͰಈըετϦʔϜΛอޢ͢Δʹ͸ Recap

46. ࢀߟࢿྉ WWDC Sessions WWDC18 Session 507 AVContentKeySession Best Practices WWDC15

    Session 502 Content Protection for HTTP Live Streaming Apple։ൃऀ޲͚ϖʔδ HTTP Live Streaming 
 https://developer.apple.com/streaming/ FairPlay Streaming 
 https://developer.apple.com/streaming/fps/

47. ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ 🙇