Slashdot Mirror

← Back to Stories (view on slashdot.org)

Building the AACS Next-Gen Copy Protection Scheme

Posted by michael on from the ties-that-bind dept.

Anonymous Slashdotter writes "The IEEE Spectrum has a piece that discusses the proposed encryption scheme for the upcoming HD-DVD standard. 'The key to the spirit of compromise is an agreement that the AACS specification will allow consumers to move the data on an optical disc to the various devices they own, including video servers and portable video players, either directly or via a home network.' AACS will use a so-called strong key, the 128-bit Advanced Encryption Standard approved by the U.S. National Institute of Standards and Technology."

20 of 491 comments (clear)

  1. So compromised keys make for faulty hardware? by pegr · · Score: 5, Insightful

    According to the article, a compromised key will be dropped so that device will no longer be able to decode new content. So the vendor has to explain to his customer why his product doesn't work anymore, likely through no fault of his own? Yeah, that'll fly...

    1. Re:So compromised keys make for faulty hardware? by silicon-pyro · · Score: 5, Insightful

      Agreed. From TFA:
      The basic idea in recovering from cracking is to make a compromised player key obsolete. Compromised players could continue to play old discs, but not new releases. And crackers would have to start all over again.

      Consumers are really going to be interested in continuously buying new players or upgrading their current firmware to play new realeases because someone broke through their brand of player. Save for the fact that once someone breaks it once, it will just get easier to do it the second time.

      I can see how this would solve the cracking problem entirely. Consumers have the money, thus, consumers have the power. The simple fact is, people won't buy a disc that won't play in their player -- At least I'm not about to new player to play their new disc every time this happens.

      In case they think up some scheme that means I won't have to pay anything for the upgraded player: my time is as valuable to me as money, so I had also better not have to spend any of that on getting my machine to work again either.

    2. Re:So compromised keys make for faulty hardware? by tomstdenis · · Score: 4, Insightful

      sounds like?

      First indication was the word [well acronym] "DRM". Just because it uses AES doesn't mean it's secure. It's very easy to use AES insecurely [hint: constant key in ECB mode...]

      Likely another 17 yr old from some europe'like nation will break this and "deacss" tools will appear on the net.

      Why don't the media producers focus on more talent and less "blockbuster stars".

      Instead of paying one star 20 million for a picture why not pay 200 actors 100,000 for several movies? Duh cuz that would make sense...[well not for the self-centered power-tripping millionaire fake people].

      Tom

      --
      Someday, I'll have a real sig.
    3. Re:So compromised keys make for faulty hardware? by k12linux · · Score: 4, Funny
      Consumers are really going to be interested in continuously buying new players or upgrading their current firmware to play new realeases because someone broke through their brand of player.
      This all seems like a set-up to me.
      1. Consumers buy scads of DVD equipment without knowing a compromized key will disable their player.
      2. Keys start to be cracked.
      3. Industry tells upset consumers that the reason they have to buy new equipment is evil cracker (not poor design/planning.)
      4. Consumers buy new equipment and demand that something be done to prevent this from happening again.
      5. MPAA and others get new super-DMCA laws passed.
      6. Attempting to watch a DVD on Linux is now punishable by death. (At least in Texas.)

      Yeah, I can see how the consumer wins in that scenario.

    4. Re:So compromised keys make for faulty hardware? by Sebastopol · · Score: 4, Informative

      Instead of paying one star 20 million for a picture why not pay 200 actors 100,000 for several movies? Duh cuz that would make sense...[well not for the self-centered power-tripping millionaire fake people].

      Bingo! I like your style. In a perfect world, the market decides the $$$ worth of a job, and I think we all can agree than John Travolta, Collin Farell, Hillary Duff, Sandra Bullock, Jeniffer Aniston and all those other frauds deserve a big fat realty bitch-slap.

      Philip Dick lived in poverty and ate fvcking dogfood when writing so that idiots like Tom Cruise and Ah-nuld could make millions off of PKD's plots.

      --
      https://www.accountkiller.com/removal-requested
    5. Re:So compromised keys make for faulty hardware? by dgatwood · · Score: 4, Insightful
      Even if such a thing were mathematically possible, constructing an alternate A such that one particular B fails without breaking any other arbitrary B would likely be computationally almost impossible.

      My guess is that the "key" is little more than a hardware serial number, that the decoder is a program on the disc that uses a fixed decryption key, also on the disc, and that the program includes a list of "keys" (serial numbers) on which it should refuse to play.

      Even with such a scheme, though, it could be broken by:

      • A. reversing the algorithm used to detect whether a s/n is valid (which isn't usually that hard once you figure out how the code that verifies it works), thus allowing Linux to randomly pick a different key for each playback if desired within the entire potential key space
      • B. altering the program in-flight to remove the stolen key from the rejection list (also probably easy unless the list is encrypted, and even then, the key has to be on the disc somewhere unless it's based on a common hardware key, in which case you're back to the original DVD situation which still wasn't hard to break)
      • C. simply reading the decryption key and using a standard AES algorithm to decrypt the contents instead of the program.
      Any mechanism in which you refuse to play if your hardware matches a particular key must either involve the hardware being trusted to verify its unique key against a list or must require the hardware to "phone home" to the MPAA and get the real decryption key based on its serial number. I don't see the public accepting either of these. "What do you mean I have to wait two whole minutes to start playing the DVD and I can't be on the phone?"

      Long story short, the MPAA is being sold a lot of snake oil. It's too bad that they're too technologically clueless to realize it.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    6. Re:So compromised keys make for faulty hardware? by Jherek+Carnelian · · Score: 5, Insightful

      Long story short, the MPAA is being sold a lot of snake oil. It's too bad that they're too technologically clueless to realize it.

      Slight correction:

      Long story short, the MPAA is being sold a lot of snake oil. We are very fortunate that they're too technologically clueless to realize it.

  2. Heh... by grub · · Score: 5, Funny


    I can see the ads in the theaters already. "I'm John Weiner and I design ciphers for the movie industry. Downloading movies hurts me."

    --
    Trolling is a art,
  3. Distribution control by Space+cowboy · · Score: 5, Insightful

    The main flaw I can see in this is that as soon as it has been 'cracked' (which could be as simple as re-digitising the stream being sent to the video device), it can be reformatted into an MPEG2 / H264 stream and put onto BitTorrent. The simple fact is that it only needs to be broken *once*, and *everyone* can get it.

    The movie business is going to hit the same wall as the audio business did, and the solution the audio business came up with (well, more accurately, were forced into) was to make the downloading of songs relatively cheap (under $1). As soon as it's not worth it to go through the hassle of copying the data, it is once again a viable product. At the moment, the movies are not viable products...

    Simon.

    --
    Physicists get Hadrons!
  4. Feature? by jacobcaz · · Score: 4, Funny

    Isn't not being able to copy "Who's Your Daddy?" multiple times a feature and not a bug?

  5. Copy protection my butt by Roland+Piquepaille · · Score: 5, Interesting

    The only thing they can hope to achieve is to make it harder to copy originals.

    What I mean is, the problem isn't preventing people from copying a Blockbuster DVD, it's more a problem of preventing one guy, dedicated enough, from making a unencrypted copy and posting it on P2P. Once that's done, the cat's out of the bag and the copy-protection scheme will just annoy legit users. All the others will download the free copy.

    So, what will happen is, when Joe Pirate wants to make a copy, instead of just sticking the disk in the drive and wait, he'll make himself some setup to capture the video from the DVD player and he'll re-encode the video. Added cost: a capture card and a cable. Period. And once the captured video is on the net, the game's over. And I'm ready to wager there's an awful lot of people out there who hate the *AAs enough to take the (small) trouble of doing exactly that, just to shaft them.

  6. Realistically, this can't work. by rincebrain · · Score: 4, Insightful

    I don't care how secure the encryption is, as everyone has already said, all it takes is a "legal" DVD player outputting a high quality signal into a capture card, and you have a decrypted copy.

    I doubt that the industry is foolish enough to force consumers to upgrade their televisions to support some form of signal encryption, therefore this must fail.

    --
    It's only an insult if it's not true.
  7. Same old, same old. by sqlrob · · Score: 4, Insightful

    This has the same flaws as all of them.

    The authorized user and the attacker are one and the same. You can't protect against that, not with cryptography.

  8. Re:How is this gonna stop large scale piracy? by Ironsides · · Score: 4, Insightful

    I'm cerious on how (mabey I don't understand how they are made from the get-go) this is going to stop large scale counterfitting, those with access to machines that make perfect dupilcate copies, bit by bit, groove by groove, notch by notch.

    It won't. There is nothing you can do to stop a copy like that unless they figure out how to put data on the disk in an area that can't be burned to (say like the disks serial number or information type on a CDR/RW or DVDR/RW). Even then, the proffesional piraters will probably still figure out a way since they use the EXACT SAME EQUIPMENT that hollywood uses to make their own disks.

    --
    Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
  9. Such effort to prevent such an easy workaround... by StevenMaurer · · Score: 4, Insightful

    Honestly - I work in the industry, and I'm still amazed at the lengths content providers will go to to try to prevent a single D-to-A, A-to-D conversion.

    Apparently they just don't get that people - who seem willing to buy cheap videos recorded on consumer cameras in movie theaters - are going to be completely unable to see the difference in a re-recorded playback of what they see on T.V.

    Folks - if you're too stupid to realize the network effect will swamp the casual copyright infringement, do something simple: don't release it. That's your only option.

  10. Simple by paranode · · Score: 4, Insightful

    It's not necessary, but the movie industry has the illusion that if they make it harder to copy then somehow they will sell more. Remember, in their fantasy world each illegal copy is retail price lost.

  11. A question for the crypto-experts by P-Nuts · · Score: 4, Interesting

    So the proposal seems to be, content on DVD is encrypted with AES, using some random key. The key is stored on the DVD, but encrypted against another key, which is part of the player. How do you distribute this key inside players, without people being able to dig it out? Is it by putting it in a hardware-only form, like the chip on a smart-card? How easy is it to hide such a key in compiled software?

  12. Stealing using recorders ??? by AtariAmarok · · Score: 4, Funny
    "The Entertainment Industry assumes that all uses of recorders is for stealing copyrighted material. But that simply is not the case"

    Correct. It is technically impossible to steal a thing using a recorder, unless you do something really odd like club a victim witha VCR during a mugging, or heave a reel-to-reel unit through a jewelry store window in order to break in and burglarize it.

    --
    Don't blame Durga. I voted for Centauri.
  13. Economics isn't the problem for the movie industry by PCM2 · · Score: 4, Insightful
    The movie business is going to hit the same wall as the audio business did, and the solution the audio business came up with (well, more accurately, were forced into) was to make the downloading of songs relatively cheap (under $1). As soon as it's not worth it to go through the hassle of copying the data, it is once again a viable product. At the moment, the movies are not viable products...
    Back in the 1980s, the movie industry propped up the video market by charging a fortune for movies. Most were priced in the $90-150 range, well out of the market for the common consumer. Then video stores came along and started charging anywhere from $5 down to $2 a night to rent movies. The movie industry wasn't too happy at first, but then they realized they suddenly had a decent market who could afford their products, in the form of video stores. Eighteen zillion mom-n-pop video stores were popping up in every town in America. So instead of dropping the prices of all the tapes to encourage people to buy them, rather than rent them, the movie industry hung onto the high price point and that became "priced for rental." You weren't meant to buy it, unless you were rich -- video stores were. Only certain sure sellers were "priced for sale," which meant around $15-20.

    It was only when DVDs came out that the industry's policy shifted to issuing new releases priced for sale. That's because there was a guy in the industry somewhere that convinced everybody that a durable media format (vs. shoddy VHS tapes) that contained a high-quality version of the movie was something a large number of people would be willing to own, rather than just rent. And he was right! People are buying DVDs in droves. DVD players were adopted by the mainstream public faster than any other electronic gadget in history, from what I've heard.

    What I'm saying is, this theory that people download AVIs because DVDs cost too much just doesn't ring true. DVD sales have been phenomenal. If you think there's a DVD piracy problem in this country, think again -- check out the situation in Asia if you want to see a DVD piracy problem. I think people download AVIs because they're there. They can get the AVI before the actual movie comes out, and they can get the AVI for free for a movie that they probably wouldn't have bothered to buy, or even walk down to the video store to rent.

    I mean, come on -- you can still rent DVDs. Are you honestly telling me that a price point of $3 for three nights (or whatever Blockbuster is doing right now) is more than most Americans are willing to pay to see some random shitty Hollywood movie? Of course it's not. But downloading AVIs, for many people, is just too easy.

    --
    Breakfast served all day!
  14. hoodwinked - everything to do with royalties by Splork · · Score: 4, Insightful

    this scheme, as with decss, has nothing to do with copy protection. that is merely its disguise. it has everything to do with mandatory royalties to the consortium from all dvd player manufacturers and dvd mass producers. its all related to control over who makes and sells media players and what they are capable of doing or not doing out of the box.