Is this the end of ‘cenc’? An overview of DRM/Codec support in 2021

Short answer: No, it’s ‘cbcs’ time. If you would like to understand this better, keep on reading.

The Common Encryption standard ISO/IEC 23001-7 is the enabler for multi-DRM-protected DASH/HLS streams. It is not quite “common encryption” as the name suggest, but rather defines different protection schemes. There are four protection schemes in total:

  1. ‘cenc’ AES-CTR scheme
  2. ‘cbc1’ AES-CBC scheme
  3. ‘cens’ AES-CTR subsample pattern encryption scheme
  4. ‘cbcs’ AES-CBC subsample pattern encryption scheme

Only two of these protection schemes are relevant and being used: ‘cenc’ and ‘cbcs’. In a streaming workflow, the protection scheme is needed when a DASH/HLS packager encrypts the content’s samples. On the other end, DRM clients or so-called Content Decryption Modules (CDM) will decrypt the samples using AES to prepare for playback.

In the past, of the three major DRMs, only Apple’s Fairplay supported ‘cbcs’. The other two DRMs (Google Widevine, Microsoft Playready) supported ‘cenc’. With the introduction of CMAF, a common file format for both DASH and HLS, the need for a true common encryption increased. As a result, Widevine and Playready provided DRM client updates to support ‘cbcs’. However, DRM integration, especially on embedded devices takes some time …

The following table is inspired by Phil Harrison’s post on LinkedIn. Three years have passed and it was time for an updated overview. The table shows

  • Video Codecs: Not relevant for this blog post, but FYI
  • AES scheme: As explained above
  • DRM/Max Security Level: Basically, CDMs can be implemented purely in software or with hardware support (more secure). Widevine’s highest security level is called L1, while Playready calls it SL3000
A live version of this table is available here. Feel free to add your comments directly and I will keep the table updated.

Note that the results in the table are based on capability checks or device manufacturer specifications – actual content tests might look different. For devices/browsers supporting EME, Akamai’s capabilities check was used.

Key takeaways:

  • ‘cbcs’ is ubiquitously available across devices today
  • 2020 SmartTVs models and later support ‘cbcs’
  • Widevine+FairPlay could theoretically cover all devices
  • CMAF + ‘cbcs’ + HLS/DASH manifests is the way

Want to read more about DRM? Check out our other DRM-related blog posts:

Leave a Reply

Your email address will not be published.