Building the AACS Next-Gen Copy Protection Scheme

Anonymous Slashdotter writes "The IEEE Spectrum has a piece that discusses the proposed encryption scheme for the upcoming HD-DVD standard. 'The key to the spirit of compromise is an agreement that the AACS specification will allow consumers to move the data on an optical disc to the various devices they own, including video servers and portable video players, either directly or via a home network.' AACS will use a so-called strong key, the 128-bit Advanced Encryption Standard approved by the U.S. National Institute of Standards and Technology."

May I ask a simple question?

[onemorechip]

Why is encryption necessary on a product that the user must be able to read in the first place?

What's next, encrypted books, newspapers, and magazines?

Re:May I ask a simple question?

[tepples]

What's next, encrypted books, newspapers, and magazines?

Stallman seemed to think so, eight years ago.

How is this gonna stop large scale piracy?

[slakdrgn]

I'm cerious on how (mabey I don't understand how they are made from the get-go) this is going to stop large scale counterfitting, those with access to machines that make perfect dupilcate copies, bit by bit, groove by groove, notch by notch. I can see how this will effect personal piracy, even mom-pop dvd rental places and possiable internet, but I thought counterfit was still a rather huge loss.

Mabey I'm wrong?

Copy protection my butt

[Roland+Piquepaille]

The only thing they can hope to achieve is to make it harder to copy originals.

What I mean is, the problem isn't preventing people from copying a Blockbuster DVD, it's more a problem of preventing one guy, dedicated enough, from making a unencrypted copy and posting it on P2P. Once that's done, the cat's out of the bag and the copy-protection scheme will just annoy legit users. All the others will download the free copy.

So, what will happen is, when Joe Pirate wants to make a copy, instead of just sticking the disk in the drive and wait, he'll make himself some setup to capture the video from the DVD player and he'll re-encode the video. Added cost: a capture card and a cable. Period. And once the captured video is on the net, the game's over. And I'm ready to wager there's an awful lot of people out there who hate the *AAs enough to take the (small) trouble of doing exactly that, just to shaft them.

Re:Copy protection my butt

[greed]

It's actually pretty easy to remove macrovision. You can buy black boxes to do it pretty easily.

Heck, my cheesy Dazzle Analog->FireWire->Analog converter yanks out Macrovision. So you get a decent DV stream from a Macrovisioned source. Or, if you leave it in "analog through" mode, it removes Macrovision from the analog signal. Good enough for converting VHS and LaserDisc to DVD with Kino.

Dedicated "signal stabilizers" are cheaper, and probably suck less than anything Dazzle has ever made.

A question for the crypto-experts

[P-Nuts]

So the proposal seems to be, content on DVD is encrypted with AES, using some random key. The key is stored on the DVD, but encrypted against another key, which is part of the player. How do you distribute this key inside players, without people being able to dig it out? Is it by putting it in a hardware-only form, like the chip on a smart-card? How easy is it to hide such a key in compiled software?

Re:Bah

[Geoff-with-a-G]

And unless you're willing to pay them what they're asking for the product that they're selling, YOU can go to hell (as far as they're concerned).

If it comes down to MPAA vs. [the set of people who are unwilling to use closed, propreitary DRM systems], MPAA is gonna win.

They can live without the 3% of their market that's made up of hardcore nerds, but the nerds probably won't live without the 25% or more of their entertainment that comes from mainstream media distributors.

I want the same thing you want, but if you think you can just write them off, you're sadly mistaken.

Re:Such effort to prevent such an easy workaround.

[micromoog]

Indeed. This will just accomplish nothing to solve their problem, and will just create more problems similar to mine:

I can't play discs 3 and 4 (the appendices) of the Two Towers Extended Release on my standards-compliant Zenith DVD player, because of a botched copy-protection attempt by the manufacturer.

If this problem keeps getting worse, the number of movies I buy will continue its asymtotic approach of zero.

Re:So compromised keys make for faulty hardware?

[Wesley+Felter]

But that doesn't make sense. How can the content key be encrypted with (e.g.) 100 million different player keys?

There will be a lot of time to crack this

[Omegalomaniac]

Current plans seem to have HD-DVDs embedded with a traditional DVD layer to work on older players. We could still rip that DVD layer.

It's not like bandwidth is fast enough that there is huge demand for slinging around high definition 4 GB movies. Most discs are ripped and compressed to around 700 MB. It's going to be years before there's any demand to rip the new format.

Re:So compromised keys make for faulty hardware?

[jokell82]

A more likely scenario:

1. Consumers buy scads of DVD equipment without knowing a compromized key will disable their player.
   
2. Keys start to be cracked.
   
3. Industry tells upset consumers that the reason they have to buy new equipment is evil cracker (not poor design/planning).
   
4. Consumers don't understand what the industry says, just know that their latest Toshitsu DVD player wont play Buddy Cop Movie #83
   
5. Consumers attempt to bring back their properly working DVD players only to be told they can't return them
   
6. Consumers attempt to bring back their properly working copy of Buddy Cop Movie #83 only to be told they can't return it
   
7. Consumers get pissed and either (a) stop buying movies or (b) buy another player (I'm betting b)
   
8. Consumers go about their lives not caring about what laws are passed, just as long as Buddy Cop Move #83 plays on their TV.
   
9. MPAA and others get new super-DMCA laws passed just because they can and have the money to do so.
   

Man, really makes you look forward to HD-DVDs, don't it?

Re:Such effort to prevent such an easy workaround.

[LihTox]

Honestly - I work in the industry, and I'm still amazed at the lengths content providers will go to to try to prevent a single D-to-A, A-to-D conversion.
Apparently they just don't get that people - who seem willing to buy cheap videos recorded on consumer cameras in movie theaters - are going to be completely unable to see the difference in a re-recorded playback of what they see on T.V.

If the movie/record companies are truly more worried about digital copying than about analog copying, they should make degraded versions of their movies/albums available for free or for a small fee. Dries up some of the bootleg market, but there's still an incentive for some to go out and buy the CDs/DVDs.

Re:So compromised keys make for faulty hardware?

[Tenebrious1]

Consumers get pissed and either (a) stop buying movies or (b) buy another player (I'm betting b)

(c) Consumers hear from friends that Buddy Cop Movie #83 can be downloaded from the intarweb, and join the P2P masses. Vow never to pay for another physical DVD again.

The powers that be are wasting their time.

[mmell]

How many ms do you suppose it'll take to read the content of the ROM chips in next-gen DVD players and extract the key(s)? Even if I don't have the hardware resources to read the ROM chips, I'll bet some cracker somewhere does -- I'll just wait for him to publish to the internet. Even if the key is rendered invalid, I'll still get access to all of the media made before that point (and just have to wait for the next crack to get more content).
Perhaps it's time for us to rethink the intent, meaning and form of intellectual property protection?

Re:Especially considering

[drinkypoo]

What do laws of thermodynamics have to do with this? What the sibling comment to this one does not tell you is that full HD resolution is substantially higher than DVD resolution. DVDs are 720x480, while HDTV resolution is either 1920x1080i or 1920x720p... about twice the resolution, thus four times as many pixels. If you make an MPEG4 video from it you can indeed get dramatically better quality than a DVD. Of course, many (most?) people just make DVDs out of their captured HD content, because that makes it easiest to play it back. A DVD from a HD stream can look as good as a high-quality factory-pressed DVD.

Re:So compromised keys make for faulty hardware?

[snorklewacker]

PKD's estate gets a dumptruck of cash backed up to it, courtesy of the residuals he gets from optioning his stories. If the movies didn't have the megastars, it's quite possible they might not have had the success enough to get him the cash.

Megastars exist for somewhat similar reasons as pop stars: the audience's familiarity with performance, and better, their desire to see more of it, is more or less a consistent factor. Some people like Tom Cruise (I thought he was great in Collateral, though I rather dislike him otherwise), so they're more inclined to see his movies. This makes them a safer bet, and safe bets are what you want when you're spending eight figures on a movie. Maybe we need more movies with a few less zeros in their budget, but some genres are just expensive in general (Lord of the Rings would have sucked on a shoestring budget)

Yeah, I think they should open up the auditions to lesser-known actors, since there's always a chance that one could just dazzle the director, but it's not quite as cynical a process as you think. Nor is acting just standing up there and saying your lines with face and voice written on the script. If you think it's that easy, try it yourself. I can't easily explain the success of Jennifer Lopez in movies (i.e. how she managed to get into more than 2), but there's a damn good reason the likes of Anthony Hopkins and Denzel Washington are in such demand.

Re:So compromised keys make for faulty hardware?

[Sebastopol]

...have had the success enough to get him the cash.

PKD died before his first movie was optioned. My point still stands.

You cannot possibly argue that Brad Pitt's salary is justified compared to say, a teacher or a garbage man. (Pull your kids out of school or don't empty your garbage for a week and see what I mean).

Are Hopkins and Washington your idea of good actors? That point means two different things depending.

I'm a cinema snob, I admit it. And I laugh at how people on this board (not you) claim to be all counterculture with their OSX and Linux flavors, but then bow to the Microsoft version of cinema that lives in the hollywood blockbuster.

Re:So compromised keys make for faulty hardware?

[tacokill]

"limitless number of performers out there (typical econ fallacy)"

There are, in market terms, a limitless number of actors/actresses. Just judging by the number of people who "wanna make it", it's pretty easy to see that supply outweighs demands. This isn't just true for movies and plays, it seems to be true for ALL the fine arts. In fact, that's one of the reasons why we have starving artists. There's just so damn many artists out there.

Repeat after me: if you have a commodity skill set, you are NOT special. Just calling yourself an artist, actor, or whatever does not automatically mean you can command any price you want. I do not mean to lump all artisans into commodity status because there are many many fine standouts who DO have specialized skills. Commodity status refers to how the buyers perceive the market, not how sellers perceive themselves.

Regarding your comment that I know a lot about Econ, I don't. I know Econ 101. What scares me is that Econ 101 passes for "knowing a lot" in your book. Like I said, get yourself into an Econ 101 class and learn this stuff. It's important because it's HOW the world works. You can argue whether it SHOULD be that way but you are wasting your time because IT IS that way. Period. Now go learn about it...

The keys appear to be symmetric

[thpr]

They've done a decent level of design on this one.

The key appears to be symmetric; it's just blazingly complicated to calculate the actual device key ... and allows for multiple derivative keys from a master key stored in the hardware of the device. Masks included in the decode area on the disk provide the path to get the unique key to decode the disk... which (from a 30 minute review of the technical document) could theoretically(?) be used to provide different derivative keys per disc, so even if you capture one of those, it may only help with that print run of that disc. The key is getting back to a master key and its seed; the problem (to the crackers, at least) is that once that is done, the licensing association can disable that key without killing any consumer devices.

The amount of computation back to the original keys makes any attack against the system imprudent at best, and the use of derivative keys and multiple master keys per device means that even if one were cracked, the others in the device would continue to allow consumer devices to function... which avoids consumer backlash.

From my (semi-educated) analysis, it looks "good" (for the *AA) so far.