1 / 23

Presentation to HPA Tech Retreat 2014 Accessing Encrypted Assets in Mac OS

Presentation to HPA Tech Retreat 2014 Accessing Encrypted Assets in Mac OS. Mathew Gilliat-Smith, CEO Fortium Technologies. Content Security. Cost of piracy $$. Severity of leaks and comment Studios don’t like to publicise breaches - privately its a continual battle

kasper-molina
Download Presentation

Presentation to HPA Tech Retreat 2014 Accessing Encrypted Assets in Mac OS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presentation to HPA Tech Retreat 2014Accessing Encrypted Assets in Mac OS Mathew Gilliat-Smith, CEO Fortium Technologies

  2. Content Security Cost of piracy $$ • Severity of leaks and comment • Studios don’t like to publicise breaches - privately its a continual battle • the Tarantino script • well known series premier leaked one month early from a special effects house • Comments on social networking and physical leaks are a Post Supervisor’s worst nightmare – ‘it happened on my watch’ • Concern in being connected to the internet • Concern in Cloud workflows • MPAA audits try and ensure facilities are secure & have teams to track leaked content but….. • Proxy files in editing & authoring systems present a security vulnerability • Files reside ‘in the clear’ for anyone on the network to access • No encryption ‘at rest’ • NBC Universal identified specific risk in professional editing systems and designed the MediaSeal encrypted video system Remarks on Social Networks Reduced Viewing

  3. The Dilemma • Mac OS does not support modified files types e.g. encrypted files – security solutions need to be cross platform • Why don’t professional editing and authoring systems build in file security? • Complexity • Proprietary systems are not portable - what works for one system does work for another • Other security solutions (encrypted drives & delivery systems) • Encryption is removed for access & playback • In the clear once copied • How to create a reliable end to end encryption system

  4. The Challenge • To create a compatible encryption system that ticks all the boxes • Centrally Managed • File and application agnostic - transparent to the system it is running in • No altering of file • Handles everything from low end files to high end DPX sequences • Suitable for closed network AND for cloud workflows • Must not cause any delays or complications in the workflow • Complementary to existing systems

  5. Solution to create a File System Filter Driver for MediaSeal video encryption • Technical description: “An optional driver that adds value to or modifies the behaviour of a file system” • Log, observe, modify, or prevent • Typical applications for filter drivers include antivirus utilities, encryption programs and hierarchical storage management systems. • A kernel-mode component that runs as part of the OS • Filters I/O operations for one or more file systems. • Modify data that is returned to applications (editing programs) as the file is read • Method gives full control how the file is processed on the OS • Ideal for MediaSeal video encryption – not just video files, audio, docs, images • Facilitated in Windows OS but it didn’t exist in Mac OS Collaboration

  6. Where MediaSeal FSFD resides (File System Filter Driver) Kernel Level • Layer between user applications and hardware • Removes complexities as it provides common interface for file operations - i.e. open, close, read, seek • Example of User level is WinZip – once opened its in the clear Kernel Extensions • Provides much more functionality & control • Increase hardware support • Expands capabilities of kernel User Level Kernel Level Extension USB Blue Tooth FSFD Storage

  7. Playback & Editing in ProTools

  8. How FSFD enables MediaSeal • During access FSFD recognises if file is encrypted • User is prompted for authentication - by password, iLok key/soft key and by remote authentication • Contents of file only decrypted into the memory buffer associated with the file read • File remains encrypted at rest on disk – ability to revoke later Behaviour Media Seal Not Present Incorrect Credentials Trusted Recipient User Application Kernel + FSFD Extension Storage

  9. How MediaSeal Works • AES encryption - Security tested by NGS Secure • Change DRM rules after transfer - set viewing criteria – who & when, sunset sunrise viewing • For use behind the firewall with no exposure to the internet • Recommended for protecting content in the cloud 3. Decryptor license + iLok key Database Key Server 2. Encryption software

  10. Step1: Log in to Encryptor & Set Up Job

  11. Step 2: Import Files to Encrypt

  12. Step 3: Key Server Select Trusted Users, Set DRM, Add Password

  13. Step 4: Encrypt Files in Seconds

  14. Access with Password & Key – File remains encrypted

  15. Playback & Edit in ProTools

  16. No Unauthorised Playback – Blank Screen

  17. Reporting Analytics User ID Sort by Who, What , When Title, Version, User ID, Code Export to CSV Date & Time Granted/Denied

  18. Case Study • NBCU Post Production • Fast & Furious 6 • Box Office Opening Weekend • $97m US 24 May 2013 • No Leaks prior to release • Sound mixing, internal & external depts • Endless Love

  19. Cloud Workflows • Cloud collaboration tools will give greater efficiency – faster, quicker, lower cost • Typical production environments mean many more people need to work on the same assets, often externally to the production studios – means more exposure • Integration into automated asset control • Files do need to be downloaded to attach local content – this is the vulnerability – no end point security – files can be copied • MediaSeal FSFD means files remain encrypted in the cloud workflow with cross platform cloud security The “Anywhere” Solutions

  20. Cloud Based Collaboration Share your encrypted media safely using any common file sharing method Drop Box, iCloud, Google Drive, etc. Wrap your media with MediaSeal Encryptor Software Your collaboration team can access the encrypted media only when they have MediaSeal Decryptor software, have a registered iLok installed, and have permissions for the media. Apply encryption locally or in the cloud after transcoding

  21. API Methodology for 3rd Party Solutions • Encryption systems • FTP delivery • Editing Systems • Authoring Systems • Scriptable through command line

  22. Further Information info@fortiumtech.com www.mediaseal.com Support of MediaSeal in LA By Audio Intervisual Design email: sales@aidinc.com 1155 N. La Brea Avenue, West Hollywood, CA  9003 Tel: 323 845-1155

More Related