Slashdot Mirror

← Back to Stories (view on slashdot.org)

CPRM Lecture

Posted by michael on from the getting-schooled dept.

QuantumG writes: "I've written a summary of the lecture at Stanford by Jeffery B. Lotspiech / IBM. John Gilmore (EFF) was there and other than hounding Lotspiech with ethical questions, gave me a free T-shirt." We can't argue with that. Stanford has the video online, in a format so proprietary and restricted that the current version of the player has no concept of "saving" a video download to your computer. There's some sort of lesson there, I think. But the video is good, well worth watching.

5 of 102 comments (clear)

  1. Finding the purloined key by WNight · · Score: 3

    Finding the key a device is using will be easy. The content creators will have a list of all of the keys they used (true even if there were thousands or millions of possible keys, in a search space of 2^128) and can simply feed the device a media stream encoded with various keys until it decodes it.

    Whereas hackers can't do this because we'd have to try all possible keys, not just a short list of potentially valid ones.

    Hackers also aren't likely to build a device in such a way as to make reverse engineering the hardware difficult. (My company makes custom hardware and it's quite expensive to make something that a skilled engineer can't figure out.)

    FPGAs are out, because you send the 'program' to them on startup. You can do clever bootstrapping where there are multiple layers of encryption, but that just takes more time - proportionally more of yours than of the attackers. ASICs are more expensive (being custom) and are usually a fairly standard chip, like an FPGA, except that it's preconfigured (and static). This means that if you do open it up and examine it, it's not that hard to decipher. So you're looking at a special-made chip, designed not for efficiency, but to be hard to understand.

    That's massively expensive, you need HUGE volume to make the cost bearable.

    A hacker would just use an FPGA and some flash-ram, to allow reconfiguring with new keys when they were needed. Who cares about killing WMP by invalidating all its keys...

    As for why it's hard to get all the keys from a device...

    It would decrypt one key at a time and use it. Only if that key didn't work would it use another, probably encrypted much differently. You'd have to wait till media without the first key was released to be able to 'easily' snoop on the device with logic probes and capture the key.

    Finally, software... The idea is to not give WMP a decryption key. WMP would have an access key, to perform the basic 'release the encrypted data stream.' It'd then pass this off to the USB speakers which would perform the actual decryption, in a chip right on the back of the actual speaker, to reduce the length of the wire with the unencrypted signal in it.

    The industry won't do another DVD CSS, where it plays on 'open' hardware. They know the weak link is software. They'll put CPRM in all the devices, without using it, and when the market is saturated with it, they'll release media that requires a CPRM HD, a CPRM monitor, and CPRM speakers.

    Of course, now that the DeCSS has woken us up, and more people know/care about the issue, it'll be worth a few talented engineers ripping the actual hardware apart and decoding this. And when it does come tumbling down, it'll *kill* the industry behind it. They'll have basically given the encryption chips away for free to manufacturers (to encourage their use) intending to make it up on licensing fees from the media people. When the scheme gets broken and companies get POed that their DVD player is being excluded from new media, they'll drop the scheme. And when the media people realize that their user base is drying up they won't try anything basic on hardware again.

    It does raise the bar on hackers, but it REALLY raises the bar on designers and implementers. And it only takes one skilled hacker to bring it tumbling down.

  2. The real problem.... by bencc99 · · Score: 4

    ..with CPRM is that they've been pushing for it to be integrated into the ATA specification, which contrary to what they claim *IS* very relevant to hard drives. They claim it's specifically for removable devices, but almost all removable hardware uses the ATAPI commandset -of which CPRM won't be a part, so it will be largely ineffective from that point of view.
    AFAIK, the only mainstream removable device that uses ATA is onstream's series of ADR tape drives.

  3. Why didn't more slashdotters attend...? by brassman · · Score: 3
    I didn't, for one, because I'm in New York. (Duh.) As Steven Wright once said, "It's a small world, but I'd hate to have to paint it."

    That's one of the nice things about the 'net -- we *don't* all have to be there. (And John doesn't have to lug as many t-shirts.)

    Thanks for the article.

    --
    "Ain't no right way to do a wrong thing."
  4. Re:So you can't save it.. [OT] by digitaltraveller · · Score: 3

    Recently I discovered asf recorder. Very useful for getting around short-comings of certain streaming video applications. Search for it Actually on the wake of Slashdot's interview with Doug Miller we should interview the author of Virtual Dub and ask him what he thinks about Microsoft's quest for interoperability. Virtual Dub was a free program for among other things conversting asf files into other formats. M$ legal department utilized standard Corporate America bully tactics to get him to remove that functionality from his program which he achieved by good old fashioned reverse engineering.
    Oh well in the future we can just release utilities like that anonymously, until the software enforcement bureau comes and raids our homes because we were suspected of sending a controversial file over the internet.

  5. Interesting Lecture. by JWhitlock · · Score: 4
    I'm watching the lecture now, and I'm impressed by the quality of the video. Some text is illegible, but I'm sure the PowerPoint presentation would be availible elsewhere. There are multiple cameras, cuts to the audience, etc. Stanford has a pretty professional system.

    The speaker is fairly vague about the whole thing, or perhaps I'm not familiar with the tech. The idea seems to be that each device gets 16 (out of 2^64?) keys, that will allow the device to decode a file in their propriatary and patented C2 algorithm. Devices may, by chance, share one or more keys, but not all 16. In addition, keys appear to be serially numbered, so that decryption uses Key 7892's data, as well as the fact that it is key #7892.

    If key X is compromised, and the powers-that-be discover it on Day 0, then on Day 1 all new media would return garbage when key X was used. The distributer of the key wouldn't be affected - he has 15 keys left. Other users shouldn't be affected - most still have 16, some have 15 left. Users of the illegal key would be unable to see new media, but Day -1 media and earlier would still be accessible.

    In any case, new media has a serial number, and some standard fields (some in write-only space) that encode the permissions on the media - if copies are permitted, if instead copies are "check out", deleting the original. Complying devices, the only ones with keys, obey these fields because they agreed to when they liscensed the technology. The speaker claims that there is no restriction on copying data, but you either have to know the decryption algortihm (very hard) or have a keyed device to decode the file.

    Under the scheme, you could have a peice of media with serial #4, with encrypted data and instructions that the data can only be played if it resides on media with serial #4. Since you need industrial equipment to write a serial number, you can make a perfect copy of the Matrix DVD (onto media with a different factory-endoded serial number), and a compliant player would refuse to play it. If my Matrix DVD was re-writable, I could image the DVD to my hard disk, for back-up purposes, tape South Park on the DVD, then when I wanted to watch the Matrix again, copy it back to the original DVD, and only then it would play. If the original was physically destroyed, I'm out of luck. Backups, in the traditional sense, would not be allowed. He aluded that all complying media would have some writable areas, to allow the accounting needed to make backups, etc.

    So it's a combo of technology, licsensing, and patents. Great.

    The submitter's webpage argues that software players would break the system. It might be hard to retreive a key from hardware, but not as hard from software. He argues that Window's Media Player would have 16 keys for all copies, all these could be found, and soon WMP would no longer work. Microsoft would have to issue a new WMP, and the cycle would continue.

    I disagree. Either the protection would be a the disk drive level, WMP would have different keys for every copy, or hard-drive based software would be outside of the realm of CPRM. If the protection is at the disk drive level, WMP would rely on the hard drive to provide keys and decoding, and by distributing keys you would only be limiting your own ability to play new media. If each copy of WMP has its own keys, then again, you aren't damaging Microsoft, but you may be linking yourself to the crime. If you compromise two keys, then Microsoft may me able to link you to breaking the keys.

    However, I doubt that this tech will be used on hard drives. They would have to standardize the encryption, which they don't want to do. More likely is that CD-ROM and DVD-ROM drives will be unable to play CPRM CDs at all. We'll complain, the content providers will say tough shit, buy a new CD player. Since all previous technology would become obselete, I doubt this will catch on like wildfire.