Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Digital Rights Enabled Graphics Processing System Weidong Shi Hsien-Hsin “Sean” Lee Richard M. Yoo Alexandra Boldyreva Motorola Labs Georgia Tech.

Similar presentations


Presentation on theme: "A Digital Rights Enabled Graphics Processing System Weidong Shi Hsien-Hsin “Sean” Lee Richard M. Yoo Alexandra Boldyreva Motorola Labs Georgia Tech."— Presentation transcript:

1 A Digital Rights Enabled Graphics Processing System Weidong Shi Hsien-Hsin “Sean” Lee Richard M. Yoo Alexandra Boldyreva Motorola Labs Georgia Tech

2 Why Digital Rights Management (DRM) and Content Protection? id software Kevin Cloud "this (piracy) is what’s killing PC games" “… but you may literally have more games being played illegitimately than being played legitimately. ” “… it is a very serious problem. There isn’t any magical solution, or else we’d solve it.”

3 Graphics As Assets Protect graphics apps by protecting the graphics assets instead of the sw. Avatars, in-game graphics assets sale raise steadily $10M per month in-game assets sale in Korea alone $880M trading in US (2004)

4 It is a non-trivial task If security is easy to add, it is easy to remove. Never underestimate the hackers (XBOX incidence) Graphics DRM Protect against SW attacks Protect against simple “Radioshack” HW attacks

5 Software-based DRM Disadvantages Insecure Not tamper proof Advantages Easy to change Flexible 3D apps mesh texture shader OpenGL/ Direct3D OpenGL/ Direct3D SW DRM Frame Buffer

6 DRM Design Space Many design choices for unlocking DRMed contents. Hackers can always go to the level below to defeat a DRM system. Typical SW DRM unlocks at App level. Real time 3D apps Real time 3D apps Graphics API(OpenGL/Direct3D) Graphics API(OpenGL/Direct3D) Device Driver Device Driver DRMed Contents Unlock at App level Unlock at API level Unlock at Driver level Unlock at Device level

7 Our Idea – DRM Enabled GPU DRM Enabled GPU Protected Graphics Assets (mesh, textures, shaders) Protect graphics assets with encryption and rights licenses. Decrypt graphics assets by a DRM enabled GPU DRM

8 DRM Enabled GPU Advantages Strong security protection, contents decrypted right before their consumption Against SW tampers/attacks API hijack, graphics file reverse engineering, etc. High performance HW decryption vs. SW decryption Disadvantages Less flexible

9 GPU with DRM Block PCI-Express Host/Memory Interface Host/Memory Interface Graphics/Video Memory Graphics/Video Memory GPU Pipeline Vertex Cache Vertex Cache Texture Cache Texture Cache Cryptographic Unit Cryptographic Unit License Processing Unit License Processing Unit Context Information Context Information DRM Block

10 Rights License and Content Keys Public(GPU) Private-pair(GPU) license Content keys Graphics contents or assets are licensed Graphics contents or assets are encrypted with content keys. Encrypted content keys included in graphics content licenses. Content licenses are certified and distributed Only targeted GPU can extract/use the content keys from the licenses.

11 Binding Context Constraints of binding among vertex data, textures, and shaders Created based on graphics assets licenses Security context (protected when stored in exposed storage) Contains all information for decrypting graphics assets by a GPU Binding Context Vertex AttrDecryption Key, Digest Key TextureDecryption Key, Digest Key ShaderDigest Key

12 Graphics API Extension Encrypted Data Array/Texture Types Encrypted{234}f, Encrypted_R8G8B8A8, … Encrypt collection of vertex attributes or texture tile as a chunk. Compute a digest or hashed MAC for each encrypted chunk Protected Graphics Objects glVertexAttribPointerPrivateARB( 0, Encrypted4f, GL_FALSE, 0, &vertex); glVertexAttribPointerPrivateARB( 8, Encrypted2f, GL_FALSE, 0, &text_coord);

13 Graphics API Extension API Extension GenBindingContext(int size, int* ptr_to_handles) ConfigBindingContext( int handle, enum type, int graphics_object_handle, unsigned char* license) type = Encrypted_VERTEX_ATTR0..15 type = PRIVATE_TEXTURE0..7 type = VERTEX_SHADER|FRAGMENT_SHADER|… graphics_object_handle = handle to vertex,texture,or shader license = license byte array EnableBindingContext(int handle) DisableBindingContext(int handle) DeleteBindingContext(int handle)

14 Graphics Data Protection Check Vertex/Tex Cache & Vertex/Tex Fetch Unit Vertex/Tex Cache & Vertex/Tex Fetch Unit Encrypted Vertex Attr/Tex Tiles Encrypted Vertex Attr/Tex Tiles Encrypted Vertex Attr/Tex Tiles Encrypted Vertex Attr/Tex Tiles … Encrypted Vertex Attr/Tex Tiles Encrypted Vertex Attr/Tex Tiles Digest/ HMAC Digest/ HMAC Digest/ HMAC Digest/ HMAC Digest/ HMAC Digest/ HMAC Decryption Unit Decryption Unit Vertex Attr Decryption Key, Digest Key Texture Decryption Key, Digest Key ShaderDigest Key Binding Context HMAC Unit HMAC Unit ? GPU Front-End

15 Counter Mode Example (Encrypted Texels) Vertex/Tex Cache & Vertex/Tex Fetch Unit Vertex/Tex Cache & Vertex/Tex Fetch Unit Encrypted Texels Encrypted Texels Decryption Key Binding Context GPU Front-End Memory Unit Graphics Memory Graphics Memory Graphics Memory Graphics Memory … Decryption Pad Decryption Pad AES Engine Texel Tile Coord Texel Tile Coord Offset Padding Counter value Fetch Address Cal/Translation Fetch Address Cal/Translation XOR

16 Division of Labor CPU-GPU Level-of-Detail CPU GPU Collision detection Coarse backface culling Transformation Lighting Animation Unprotected Graphics Data Protected Graphics Data CPU processes unprotected coarse level graphics data GPU processes protected fine-grained graphics data

17 Optional Depth Buffer Protection Frame Buffer Operation Unit Frame Buffer Operation Unit Depth Buffer Depth Decryption Unit Depth Decryption Unit Depth Buffer Symmetric Key Context Depth Encryption Unit Depth Encryption Unit Z-tile Depth buffer key is applied to an application.

18 Evaluation Setting AppsQuake 3D — 4 demo maps GPU SimulatorQsilver (UVa) AES unit #8 (400K gates each) Decryption Throughput/Latency 40Gb/ps x 8, 2.5ns per stage x 11 = 27.5ns HMAC Unit #8 (19K gates each) HMAC Latency74ns Graphics MemoryGDDR3 latency

19 Frame Rate Impact Frame rate slowdown using protected assets against regular assets Reasonable impact on frame rate

20 Decryption Latency Sensitivity

21 Sensitivity of Cache Miss Rate

22 Conclusions Time to introduce DRM protection on real time graphics assets. The trend of GPU advancement enables new ways of protecting graphics assets. Graphics assets protection advocates joint research from DRM, Graphics, and GPU community. GPU-based graphics assets protection is more effective. We studied feasibility of GPU based graphics DRM. Further research is required.

23 Thank You! http://arch.ece.gatech.edu


Download ppt "A Digital Rights Enabled Graphics Processing System Weidong Shi Hsien-Hsin “Sean” Lee Richard M. Yoo Alexandra Boldyreva Motorola Labs Georgia Tech."

Similar presentations


Ads by Google