Afn
January 10th, 2005, 08:37 AM
The register had a great article on next gen blu ray dvd ... hd-dvd encryption.
The Content Scrambling System of the DVD has come in for a lot of criticism over the years, as piracy has become relatively rampant. It was designed more or less as a speed bump to put off anyone other than the professional pirate. But then along came the internet, and it has become possible for anyone to download CSS circumvention or to read up, on various websites, how to go about it. The speed bump has been somewhat flattened and it needs reinforcement in the next technology.
So it falls to these same companies to build something for the studios that will be rather harder and more persuasive, to act as a hurdle against piracy for these new DVDs. In fact an organization called Advanced Access Content System (AACS), formed back in July by such notables as IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney and Warner Brothers has come together in order to create a decent speed bump against piracy that should last at least for the next decade, a decade during which broadband lines improve to the point where it will be child's play to download even a high definition movie.
The definition of what is required has been very clear from the studios. They want a system that has the ability for the security logic to be renewed and which should also have some form of forensic marking in order to help track pirates.
At the heart of this protection system will be the safety of the revenue of all the major studios, which now get way in excess of 50 per cent of any given film's revenues from DVD sales.
Faultline talked over such a system with its authors this week, who are optimistic about its bid to become the new, but more sophisticated CSS for the next generation DVD disk.
Cryptographic Research's senior security architect, who also mockingly refers to himself as "chief anti-pirate" is Carter Laren, and Cryptography Research is both realistic about just what it takes to stop pirates and how difficult that is, as well as optimistic that the two competing associations are set to choose its own submission as the basis for this protection system.
Cryptography Research (CR) is just a 15 man intellectual property company, but it was single handedly responsible for discovering how professional pirates use Differential Power Analysis to read encryption keys and break complex coding systems thought to be uncrackable, and has also come up with circumvention strategies. Virtually all the intellectual property around DPA is held by CR and is licensed all over the world. CR also wrote the SSL3 secure sockets layer security version for the IETF.
Put simply DPA is a system of "listening" to power distribution on semiconductors as they read encryption keys. Circumvention comes from balancing out all power use when an encryption key is being applied so that it cannot be read just by observing which circuits are active.
If it appears to you that DPA is really about making it harder for the "professional" pirate who makes a fortune from illicit manufacture of pirated goods, rather than about stopping college kids from using P2P networks to swap files, then you'd be right.
"We would rather chase professional pirates than College students," says Laren, and this shows in his strategy to build a protection system.
What CR has built, he calls Self Protecting Digital Content or SPDC. In effect this is a form of content that is no longer passive and includes code that can execute in a specially constructed SPDC virtual machine that resides in each player.
The logic behind this approach is that so far Digital Rights Management systems have tried to both support a trust chain, a way of moving decryption keys around between devices, as well as allowing the expression of rules to decide what usage is allowed with that content.
What CR does instead is much simpler and more direct. It tries to cut off any player that has been used for mass piracy.
"When a pirate makes a copy of a film encoded as SPDC, the output file is cryptographically bound to a set of player decryption keys. So it is easy when looking at a pirated work on a peer to peer network, or any copies found on copied DVDs, to identify which player made those copies," said Laren "When the content owner sends out any further content it can contain on it a revocation of just the player that was used to make a pirated copy."
"We picture a message popping up on a screen saying something like 'Disney movies won't play on your player any more please call this number for further information.' Or perhaps 'To fix this please call Disney with your credit card,' something like that anyway.
"We know that pirates can make copies by tapping the MPEG stream with modified players, or by making a bit for bit copy of the disk, or by using an analog attack (catching the film stream on the way to the TV over aerial cabling and re-digitizing it). But using this cryptographical binding we have forensic marking visible on the copy."
The neat thing about this process is that if someone makes copies for their own use, that can be enabled. Private individuals could be allowed to make copies for other players, even for their friends, and that's no problem.
It's only when a pirated copy is discovered coming back to a content owner (presumably watching P2P sites) that a player will get revoked, and that is only effective on content made after that point, with the revocation message in it.
When asked Laren said, "No, this is not the same as fingerprinting or watermarking. When you generate a fingerprint you are making each copy that is sold, slightly different and that has some cost implications when stamping disks. Our forensic information is being created by the player's virtual machine at the time it is played (copied) so all the disks can be identical."
The virtual machine players create movie outputs that are artistically identical but each one is altered if some minor way. This alteration is just the changing of a few bits of data every few seconds, so every 50 frames or so. And the CR system works such that if ten separate players are used in collusion in a copying process, taking samples of frames from each, it will not only identify one of the players, but all of them and they can be revoked from all future content.
"The big problem for studios is piracy based on film copies that have no digital identifiers. Because they can be sent around the internet with no chance of catching the original copier and then you have to go after the P2P user."
Here is the interesting part:
The virtual machine is based on a stripped down DLX processor. CR has taken out the floating point arithmetic and we've made a few changes for the sake of extra security. The DLX is a 32-bit pipelined embedded RISC CPU architecture that has come out of academia and was originally designed for teaching, but is not too unlike the ARM or any other RISC device.
It can be built in hardware, expressed in a hardware language like the Verilog Hardware Description Language and CR has a reference implementation in the C programming language.
Ok, so if you have a fast PC, you can build and emulator of the VM and break or insert any type of protection. Simple.
The weakness of DVD was non-unique copies. DVD-HD will still have non-unique copies, but they are going to force the player to modify the output. Because the instructions are going to be in volitile memory, it is just a matter of time before the solution is made open source and free from fascist monopolists.
The Content Scrambling System of the DVD has come in for a lot of criticism over the years, as piracy has become relatively rampant. It was designed more or less as a speed bump to put off anyone other than the professional pirate. But then along came the internet, and it has become possible for anyone to download CSS circumvention or to read up, on various websites, how to go about it. The speed bump has been somewhat flattened and it needs reinforcement in the next technology.
So it falls to these same companies to build something for the studios that will be rather harder and more persuasive, to act as a hurdle against piracy for these new DVDs. In fact an organization called Advanced Access Content System (AACS), formed back in July by such notables as IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney and Warner Brothers has come together in order to create a decent speed bump against piracy that should last at least for the next decade, a decade during which broadband lines improve to the point where it will be child's play to download even a high definition movie.
The definition of what is required has been very clear from the studios. They want a system that has the ability for the security logic to be renewed and which should also have some form of forensic marking in order to help track pirates.
At the heart of this protection system will be the safety of the revenue of all the major studios, which now get way in excess of 50 per cent of any given film's revenues from DVD sales.
Faultline talked over such a system with its authors this week, who are optimistic about its bid to become the new, but more sophisticated CSS for the next generation DVD disk.
Cryptographic Research's senior security architect, who also mockingly refers to himself as "chief anti-pirate" is Carter Laren, and Cryptography Research is both realistic about just what it takes to stop pirates and how difficult that is, as well as optimistic that the two competing associations are set to choose its own submission as the basis for this protection system.
Cryptography Research (CR) is just a 15 man intellectual property company, but it was single handedly responsible for discovering how professional pirates use Differential Power Analysis to read encryption keys and break complex coding systems thought to be uncrackable, and has also come up with circumvention strategies. Virtually all the intellectual property around DPA is held by CR and is licensed all over the world. CR also wrote the SSL3 secure sockets layer security version for the IETF.
Put simply DPA is a system of "listening" to power distribution on semiconductors as they read encryption keys. Circumvention comes from balancing out all power use when an encryption key is being applied so that it cannot be read just by observing which circuits are active.
If it appears to you that DPA is really about making it harder for the "professional" pirate who makes a fortune from illicit manufacture of pirated goods, rather than about stopping college kids from using P2P networks to swap files, then you'd be right.
"We would rather chase professional pirates than College students," says Laren, and this shows in his strategy to build a protection system.
What CR has built, he calls Self Protecting Digital Content or SPDC. In effect this is a form of content that is no longer passive and includes code that can execute in a specially constructed SPDC virtual machine that resides in each player.
The logic behind this approach is that so far Digital Rights Management systems have tried to both support a trust chain, a way of moving decryption keys around between devices, as well as allowing the expression of rules to decide what usage is allowed with that content.
What CR does instead is much simpler and more direct. It tries to cut off any player that has been used for mass piracy.
"When a pirate makes a copy of a film encoded as SPDC, the output file is cryptographically bound to a set of player decryption keys. So it is easy when looking at a pirated work on a peer to peer network, or any copies found on copied DVDs, to identify which player made those copies," said Laren "When the content owner sends out any further content it can contain on it a revocation of just the player that was used to make a pirated copy."
"We picture a message popping up on a screen saying something like 'Disney movies won't play on your player any more please call this number for further information.' Or perhaps 'To fix this please call Disney with your credit card,' something like that anyway.
"We know that pirates can make copies by tapping the MPEG stream with modified players, or by making a bit for bit copy of the disk, or by using an analog attack (catching the film stream on the way to the TV over aerial cabling and re-digitizing it). But using this cryptographical binding we have forensic marking visible on the copy."
The neat thing about this process is that if someone makes copies for their own use, that can be enabled. Private individuals could be allowed to make copies for other players, even for their friends, and that's no problem.
It's only when a pirated copy is discovered coming back to a content owner (presumably watching P2P sites) that a player will get revoked, and that is only effective on content made after that point, with the revocation message in it.
When asked Laren said, "No, this is not the same as fingerprinting or watermarking. When you generate a fingerprint you are making each copy that is sold, slightly different and that has some cost implications when stamping disks. Our forensic information is being created by the player's virtual machine at the time it is played (copied) so all the disks can be identical."
The virtual machine players create movie outputs that are artistically identical but each one is altered if some minor way. This alteration is just the changing of a few bits of data every few seconds, so every 50 frames or so. And the CR system works such that if ten separate players are used in collusion in a copying process, taking samples of frames from each, it will not only identify one of the players, but all of them and they can be revoked from all future content.
"The big problem for studios is piracy based on film copies that have no digital identifiers. Because they can be sent around the internet with no chance of catching the original copier and then you have to go after the P2P user."
Here is the interesting part:
The virtual machine is based on a stripped down DLX processor. CR has taken out the floating point arithmetic and we've made a few changes for the sake of extra security. The DLX is a 32-bit pipelined embedded RISC CPU architecture that has come out of academia and was originally designed for teaching, but is not too unlike the ARM or any other RISC device.
It can be built in hardware, expressed in a hardware language like the Verilog Hardware Description Language and CR has a reference implementation in the C programming language.
Ok, so if you have a fast PC, you can build and emulator of the VM and break or insert any type of protection. Simple.
The weakness of DVD was non-unique copies. DVD-HD will still have non-unique copies, but they are going to force the player to modify the output. Because the instructions are going to be in volitile memory, it is just a matter of time before the solution is made open source and free from fascist monopolists.