Slashdot Mirror
Building the AACS Next-Gen Copy Protection Scheme
Anonymous Slashdotter writes "The IEEE Spectrum has a piece that discusses the proposed encryption scheme for the upcoming HD-DVD standard. 'The key to the spirit of compromise is an agreement that the AACS specification will allow consumers to move the data on an optical disc to the various devices they own, including video servers and portable video players, either directly or via a home network.' AACS will use a so-called strong key, the 128-bit Advanced Encryption Standard approved by the U.S. National Institute of Standards and Technology."
According to the article, a compromised key will be dropped so that device will no longer be able to decode new content. So the vendor has to explain to his customer why his product doesn't work anymore, likely through no fault of his own? Yeah, that'll fly...
I can see the ads in the theaters already. "I'm John Weiner and I design ciphers for the movie industry. Downloading movies hurts me."
Trolling is a art,
START YOUR CLUSTERS!
*makes sure his copies of john are all up to date*
It's only an insult if it's not true.
Why is encryption necessary on a product that the user must be able to read in the first place?
What's next, encrypted books, newspapers, and magazines?
But, I wanted socialized health insurance!
The main flaw I can see in this is that as soon as it has been 'cracked' (which could be as simple as re-digitising the stream being sent to the video device), it can be reformatted into an MPEG2 / H264 stream and put onto BitTorrent. The simple fact is that it only needs to be broken *once*, and *everyone* can get it.
The movie business is going to hit the same wall as the audio business did, and the solution the audio business came up with (well, more accurately, were forced into) was to make the downloading of songs relatively cheap (under $1). As soon as it's not worth it to go through the hassle of copying the data, it is once again a viable product. At the moment, the movies are not viable products...
Simon.
Physicists get Hadrons!
Mabey I'm wrong?
So all it takes is a DirectShow filter, frame capture to re-encoding program... what, it'll protect content for all of a week. Maybe?
Unless I can extract the content to a non-encrypted format that I can play using non-proprietary software on stock hardware, it can go to hell.
Isn't not being able to copy "Who's Your Daddy?" multiple times a feature and not a bug?
The only thing they can hope to achieve is to make it harder to copy originals.
What I mean is, the problem isn't preventing people from copying a Blockbuster DVD, it's more a problem of preventing one guy, dedicated enough, from making a unencrypted copy and posting it on P2P. Once that's done, the cat's out of the bag and the copy-protection scheme will just annoy legit users. All the others will download the free copy.
So, what will happen is, when Joe Pirate wants to make a copy, instead of just sticking the disk in the drive and wait, he'll make himself some setup to capture the video from the DVD player and he'll re-encode the video. Added cost: a capture card and a cable. Period. And once the captured video is on the net, the game's over. And I'm ready to wager there's an awful lot of people out there who hate the *AAs enough to take the (small) trouble of doing exactly that, just to shaft them.
I don't care how secure the encryption is, as everyone has already said, all it takes is a "legal" DVD player outputting a high quality signal into a capture card, and you have a decrypted copy.
I doubt that the industry is foolish enough to force consumers to upgrade their televisions to support some form of signal encryption, therefore this must fail.
It's only an insult if it's not true.
This has the same flaws as all of them.
The authorized user and the attacker are one and the same. You can't protect against that, not with cryptography.
I don't think you have any idea what you're talking about...
Honestly - I work in the industry, and I'm still amazed at the lengths content providers will go to to try to prevent a single D-to-A, A-to-D conversion.
Apparently they just don't get that people - who seem willing to buy cheap videos recorded on consumer cameras in movie theaters - are going to be completely unable to see the difference in a re-recorded playback of what they see on T.V.
Folks - if you're too stupid to realize the network effect will swamp the casual copyright infringement, do something simple: don't release it. That's your only option.
Will this work on linux or will we have to rely on a HD-DVD Jon?
Mod parent up!
that re-digitized HDTV stream will have better quality than direct rip from a DVD.
Copy right violations and the like are a social problem, and are going to be solved with a social solution.
We can throw all the technology and litigation we want at the problem, but it won't be solved until we come up with a social solution.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
It's not necessary, but the movie industry has the illusion that if they make it harder to copy then somehow they will sell more. Remember, in their fantasy world each illegal copy is retail price lost.
So the proposal seems to be, content on DVD is encrypted with AES, using some random key. The key is stored on the DVD, but encrypted against another key, which is part of the player. How do you distribute this key inside players, without people being able to dig it out? Is it by putting it in a hardware-only form, like the chip on a smart-card? How easy is it to hide such a key in compiled software?
Correct. It is technically impossible to steal a thing using a recorder, unless you do something really odd like club a victim witha VCR during a mugging, or heave a reel-to-reel unit through a jewelry store window in order to break in and burglarize it.
Don't blame Durga. I voted for Centauri.
Is this device compatible with DRM?
Don't blame Durga. I voted for Centauri.
In any case, I am less worried about the crypto, which doesn't affect video quality. Fingerprinting of video and audio with watermarks can affect quality; in copy protection circles, you'll see iffy technologies proposed simply because they "can't hurt" to throw them in---but then some of them are detectable by golden eyes/ears. IMHO even that much quality loss is not worth whatever security a watermark offers.
Caj
I can't play discs 3 and 4 (the appendices) of the Two Towers Extended Release on my standards-compliant Zenith DVD player, because of a botched copy-protection attempt by the manufacturer.
If this problem keeps getting worse, the number of movies I buy will continue its asymtotic approach of zero.
Now, understand that the encrypted content will be encrypted with a different key for each piece of content. This is just obvious and similar to how CSS works. The reason is so if you break one DVD, you don't break 'em all.
But this means that the key to decrypting the content must also be on the DVD itself. So that must be transferred to the portable device as well, in order for it to be playable.
So there's two ways this can work:
Method 1: Transfer the key along with the encrypted content in a plain form. In which case the attacker figures out where the key is, decrypts the content, creates an unencrypted version. Tada!
Method 2: The player key system whereby every company/player has a key and they are each used to encrypt a copy of the content key, which is placed on the disc. Thus this keyring must be transferred to the portable device and the portable device must itself have a player key to decrypt the content. I'm betting this is the method they're going for.
In which case the crack is simple: Compromise the player key. The player key must be embedded in the device somehow. In fact it'll have to be embedded in *every* device. All it takes is one hardware hacker to yank out a player key and voila, every disc up to that point can be decrypted.
So they invalidate the player key for future releases, breaking all existing hardware using that key. They could have done this with CSS, BTW, but they didn't for fairly obvious reasons.
In any case, this helps them not in the slightest. Because now you have a means by which to crack the rest of the player keys. Look, you get one player key. You have a disc with encrypted content for all player keys. You know the plaintext for what these are encrypting (the content key). Furthermore, every disc made that you can decrypt (probably a lot) gives you a new data set. How long do you think it'll take some bright boy to come up with a known plaintext attack on AES to retrieve these keys? It might be computationally intensive, but certainly it'll be less than a brute force attack.
And then what do they do when all keys are broken? They're straight fucked then.
The very idea itself is stupid. It's bound to fail in the same way CSS did. It'll just take a little more time, that's all.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Current plans seem to have HD-DVDs embedded with a traditional DVD layer to work on older players. We could still rip that DVD layer.
It's not like bandwidth is fast enough that there is huge demand for slinging around high definition 4 GB movies. Most discs are ripped and compressed to around 700 MB. It's going to be years before there's any demand to rip the new format.
....DVD Jon has come up with a crack already, just from the text of the article! :)
an attractive nuisance? Based on all the suggestions in the posts above, everyone is sick of the adversarial relationship with the motion picture industry and a lot of people have adopted a "bring it on!" mentality.
You don't go after the hardware and software, you go after the criminals. The *AAs are treating the population the way the government treats us via the war on drugs: irresponsible and guilty.
The hard costs of a DVD and all its sexy packaging? A dollar. The value of the IP (how badly people want to see/own it) on the disk? Varies wildly. What are the options the studios have? 1) price according to IP value, 2) sell disks only to video rental places, who rent them out until the cost is recovered and then sell them used, 3) keep trying the crap with copy protection, 4) go after the IP thieves. I wonder how often they'll have to choose before they try something other than 3?
"Wow. Now THAT'S a lot of angry Indians." - Lt. Col. George Armstrong Custer
It was only when DVDs came out that the industry's policy shifted to issuing new releases priced for sale. That's because there was a guy in the industry somewhere that convinced everybody that a durable media format (vs. shoddy VHS tapes) that contained a high-quality version of the movie was something a large number of people would be willing to own, rather than just rent. And he was right! People are buying DVDs in droves. DVD players were adopted by the mainstream public faster than any other electronic gadget in history, from what I've heard.
What I'm saying is, this theory that people download AVIs because DVDs cost too much just doesn't ring true. DVD sales have been phenomenal. If you think there's a DVD piracy problem in this country, think again -- check out the situation in Asia if you want to see a DVD piracy problem. I think people download AVIs because they're there. They can get the AVI before the actual movie comes out, and they can get the AVI for free for a movie that they probably wouldn't have bothered to buy, or even walk down to the video store to rent.
I mean, come on -- you can still rent DVDs. Are you honestly telling me that a price point of $3 for three nights (or whatever Blockbuster is doing right now) is more than most Americans are willing to pay to see some random shitty Hollywood movie? Of course it's not. But downloading AVIs, for many people, is just too easy.
Breakfast served all day!
"It is not a matter of if--it is a matter of when. As long as I have the technology in my living room to watch it for myself, I can modify the system to extract the video. They can make it hard, but they can't make it impossible."
How true. In other words, a lock only keeps an honest man honest, a thief will find a way to pick the lock and steal what you have.
Seemingly ever since there have been personal computers, there have been one form or another of copy protection. Usage such as backup copies (critical in the floppy days, nearly as much so with CDs and DVDs) have always been looked down upon by the content providers, and at the end of the day, all of the barricades that they have thrown at the user have eventually been thwarted and bypassed. Now comes HD-DVD and the same principle. I suppose some never learn from the past.
Working against the encryption is the simple fact that on the average, computers get more and more powerful (for a given price point), and that their encryption must remain a relative constant due to compatibility. That said, it is only a matter of time before the encryption is overwhelmed and utterly defeated. This will happen again, always has, and always will. One only has to look at the DirecTV versus the signal pirates to see that. Coupled with human nature, that is, to show and share a "dirty little secret" -- disaster for the encryption advocate. After all, are theyu going to disable dozens of models of players, and disable their own market in the process, not to mention alienating the hell out of their customers? No, no and no.
The key to copy protection is to make the content affordable enough to make the inconvenience of counter-enryption not worth doing. They (the collective they) never seem to get that, and they always seem dumbfounded that their elaborate measures are made to look foolish. Perhaps with realistic pricing, enhanced value they would find that most people find it easier to be honest, and not bother with cloning over-priced half-rate films and music. After all, that's their only realistic choice, but the one that they dread making the most.
Apparently they just don't get that people - who seem willing to buy cheap videos recorded on consumer cameras in movie theaters - are going to be completely unable to see the difference in a re-recorded playback of what they see on T.V.
If the movie/record companies are truly more worried about digital copying than about analog copying, they should make degraded versions of their movies/albums available for free or for a small fee. Dries up some of the bootleg market, but there's still an incentive for some to go out and buy the CDs/DVDs.
How many ms do you suppose it'll take to read the content of the ROM chips in next-gen DVD players and extract the key(s)? Even if I don't have the hardware resources to read the ROM chips, I'll bet some cracker somewhere does -- I'll just wait for him to publish to the internet. Even if the key is rendered invalid, I'll still get access to all of the media made before that point (and just have to wait for the next crack to get more content).
Perhaps it's time for us to rethink the intent, meaning and form of intellectual property protection?
this scheme, as with decss, has nothing to do with copy protection. that is merely its disguise. it has everything to do with mandatory royalties to the consortium from all dvd player manufacturers and dvd mass producers. its all related to control over who makes and sells media players and what they are capable of doing or not doing out of the box.
The HD-DVD and the Blu-Ray players both support the mpeg4 formats. While the disks you buy from the store might be all messed up, either play or not play, there isn't really anything stopping anyone from taking some mpeg4 content and placing that on a Blu-Ray or HD-DVD blank; those will probably play every time, more or less. It would not be surprising to see iTunes-like services springing up around the mpeg4 format.
What's going to happen is simple: the HD-DVD thing isn't going to take off; not if you have to keep upgrading keys all the time. Joe and Jane Average are probably going to stick with the regular DVD from Netflix, Blockbuster, or whomever, knowing that it will work every time.
If the new formats can be gotten to "work every time", perhaps by having the keys downloaded from the internet or something like that, then they might do better. Anytime you make something too complicated, though, it's bound to fail. Look at 3D movies with those uncomfortable cardboard 3D glasses. Where have they gone? Look at DVD-Audio or the SACD? Going nowhere fast. Lossless compression formats from iTunes or other services? We're not really there yet - if people are willing to settle for mp3 or aac quality sound, why would they want to spend extra money on a DVD-audio quality sound?
The movie industry risks entering a situation not unlike the music industry finds itself in today. Many of the same symptoms are there; the same attempt to control is there; the same low-quality, high-budget, intellectually lacking content is being pumped out. A new format that is harder and more expensive to use just isn't going to cut it. It would not be surprising to see mpeg4 take the place of mp3 files, with people cramming movie after mpeg4 movie onto a DVD5 or perhaps a DVD9 that they either downloaded from a legitimate service, or if no such legitimate services happen to spring up in the near future, a p2p network.
The popularity of iTunes and other legitimate music download services goes to show that consumers don't care so much about the absolute highest sound quality, but that they care more about convenience, selection, ease of use, accessibility, and things like that. These new formats are probably more or less doomed to not do as well as they could.
These new disks, though, the Blu-Ray especially, these are going to be GREAT for backing up systems, documents, and also for businesses to do backups and things like that. The technology is awesome; what Hollywood is trying to do with it is the part that isn't going to work very well.
There's something we've forgot.
You don't sit in front of your computer monitor along with your wife and kids to watch a divx movie on your media player. Generally divx users are 20-30 yo's, or even kids who downloaded the latest anime episode.
So who gets the benefit of a downloaded movie? ONE person per family. If the movie wasn't good, the guy wouldn't watch it along with his g/f, wife, kids/friends/etc.
So what does this mean: "Try before you buy". Simple. Here I'd be questioned: "Oh come on, what person watches a movie TWICE"? Ask the starwars fans who watched "Star wars: A new hope" the day it came out in theaters. They watched it once. Twice. Even 20 times.
So, if a movie is REALLY WORTH it, I'm sure people would actually purchase the DVD or go to the theaters, even if they already watched the downloaded thing. Why? Because the movie DESERVES IT.
The real enemy here is not piracy... but freaking poor quality overhyped movies with pre-paid (as opposed to impartial) reviews.
The movie producers are committing FRAUD by telling us the movies ARE WORTH seeing, when they're not. Same with videogames. I remember playing FFX-2... and I could compare my feelings with a girl who didn't achieve climax on her most expected date. "What? This is it? WTF?" Same with Robotech: Invasion (79 bucks thrown to the trash, man!) and Spider Man for the PS2.
So, MPAA and associates: Want more profit? Make better products, and stop complaining.
Addendum: Maybe the MPAA is actually whining because they CAN'T FOOL the public with hype (Pearl Harbor, anyone?), and people won't purchase bad movies DVD's or go to the theaters if the "evil pirates" already review the movie and say it SUCKS. And _HERE_ is the profit loss. In any case, this reinforces my opinion:
Make better products. Period.
The big question for the Linux/FOSS community isn't how hard is it to crack: it's can we be included without being forced to crack it.
I'm sure I'm not alone in not wanting to make pirate copies of DVDs, but just wanting to be able to watch my discs on the equipment of choice, including open source players.
This boild down to: i) will the algorithm be well known (ie rely on secrecy of keys not the algorithm) and ii) how do you get allocated a key
CSS sucked because it used weak keys and tried to keep the algorithm secret. The first rule of cryptography is to assume the algorithm is known, and thanks to DVD Jon we got it reverse engineered. And it sucked for the FOSS crowd because you couldn't make a player without paying a huge sum of money and signing all sorts of agreements.
If the new system removes these barriers to entry, then it at least it won't be as evil as the original CSS. It'll still be useless, but not actually evil.
Of course, it's totally irrelevant how tricksey the DVD player itself is w.r.t. crypto, so long as the unit has to send a decoded signal that any cheap Wal-mart-purchased TV can view. For practical purposes, this Achille's Heel just can't be solved w/o getting everyone (consumers) to throw all their {A/V gear, players, televisions, PC's} out and start over.
Use a non-standard optical encoding method.
Don't allow PC's to play disks.
Players refuse to play unencrypted content.
Use a smartcard to do all authorization.
Require an internet connection or phone line
to authorize playback each time a disk is loaded.
Don't store any keys on the disk.
Build the display into the player.
Pot the inside of the player with a potting compound which when compromized, causes the player to burst into flames.
The key appears to be symmetric; it's just blazingly complicated to calculate the actual device key ... and allows for multiple derivative keys from a master key stored in the hardware of the device. Masks included in the decode area on the disk provide the path to get the unique key to decode the disk... which (from a 30 minute review of the technical document) could theoretically(?) be used to provide different derivative keys per disc, so even if you capture one of those, it may only help with that print run of that disc. The key is getting back to a master key and its seed; the problem (to the crackers, at least) is that once that is done, the licensing association can disable that key without killing any consumer devices.
The amount of computation back to the original keys makes any attack against the system imprudent at best, and the use of derivative keys and multiple master keys per device means that even if one were cracked, the others in the device would continue to allow consumer devices to function... which avoids consumer backlash.
From my (semi-educated) analysis, it looks "good" (for the *AA) so far.
So, what would you recommend for good dialogue? I really enjoyed the rhythm and style that everyone in Firefly spoke with. The dialogue wasn't just there to advance the plot.
Or Scrubs, and the little rants that Dr. Cox goes on. (A doctor I know assures me that the portrayal of hospital life in Scrubs is far, far more accurate than that in ER. Go figure.)
Are there any other shows I should fetch for their scintillating dialogue? Please don't tell me "CSI". I've been refusing to watch "CSI" ever since the only episode I ever saw centered on "look, perverts! perverts murder people!". As a pervert, I felt insulted.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
This was never about copy protection.
No form of encryption will not make it harder to copy the original disk. Constructing a bit for bit copy of a digital stream in no way requires you to be able to understand the data being copied.
Rather, this is a playback protection system.
It's to stop you from watching the media when the distributors don't want you to be able to. Such as, for example, should you try to play a movie released in the US which is only just being shown in movie theatres in Western Europe. Or Asia. Or anywhere other than Region 1.
Encryption of the media is only there to force DVD player manufacturers to obtain a key -- which will only be provided if they also sign a contract to adhere to certain terms and conditions that, in essence, states that they're not allowed to undermine the distributors' business model.