Formal Security Analysis of Widevine through the W3C EME Standard

Authors: 

Stéphanie Delaune and Joseph Lallemand, Univ Rennes, CNRS, IRISA, France; Gwendal Patat, Fraunhofer SIT | ATHENE, Germany; Florian Roudot and Mohamed Sabt, Univ Rennes, CNRS, IRISA, France

Abstract: 

Streaming services such as Netflix, Amazon Prime Video, or Disney+ rely on the widespread EME standard to deliver their content to end users on all major web browsers. While providing an abstraction layer to the underlying DRM protocols of each device, the security of this API has never been formally studied. In this paper, we provide the first formal analysis of Widevine, the most deployed DRM instantiating EME.

We define security goals for EME, focusing on media protection and usage control. Then, relying on the TAMARIN prover, we conduct a detailed security analysis of these goals on some Widevine EME implementations, reverse-engineered by us for this study. Our investigation highlights a vulnerability that could allow for unlimited media consumption. Additionally, we present a patched protocol that is suitable for both mobile and desktop platforms, and that we formally proved secure using TAMARIN.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299820,
author = {St{\'e}phanie Delaune and Joseph Lallemand and Gwendal Patat and Florian Roudot and Mohamed Sabt},
title = {Formal Security Analysis of Widevine through the {W3C} {EME} Standard},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {6399--6415},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/delaune},
publisher = {USENIX Association},
month = aug
}