Slashdot Mirror
AACS Specifications Released
An anonymous reader writes "AACS, the proposed key management scheme for HD DVD, has finally released preliminary (ver 0.9) specifications. The specs look like CSS on steroids: they use AES instead of proprietary crypto, but other than that they're basically the same. The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."
The main difference appears to be that AACS can revoke an entire player model if a hack appears against it
In that case, why would any manufacturer in their right mind produce anything under such terms? That would just be insane
The revolution will not be televised. It won't be on a friggin blog either
Click here to get the specification without agreeing to the terms of access.
"The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."
Player model? What if a hack comes out for PC that allows you to circumvent the copy protection: Does it revoke PCs altogether, only certain disk drives, or what?
Creative Demolition
This scheme will not be broken for at least 20 years.
There's no way they'll make the same mistake twice. DirecTV upgraded all their smart cards 2 or 3 years ago and it has yet to be broken. Bell Canada's expressvu is adopting the same technology because _everybody_ and their mom is pirating the signals.
Now, how does this scale, suppose players AAA through ZZZ have been revoked. Do we need larger DVD cases just so we can fit a list of all the players that won't work on it?
Well, what happens to the customers that have a player-model that gets, by no fault of themselves, revoked. Are they reembursed (getting (part of) their money back), or are they just left with a piece of worthless, but costly junk ?
Even worse : you have no way of knowing if the player you are going to buy is on the list of players shortly-to-be-revoked, or worse yet : allready revoked.
How's the "you should be able to use a bought commodity for a reasonable time"-law come in play here ?
It may be the strongest encoding out there, but who cares? What stops me from plugging the video output of a dvd player into my video capture card and recording off of it? Sure, the quality won't be as good, but it will still work.
I wish they simply wouldn't scramble content in the first place. 99.9% of the people who buy the dvd and would need to break the encoding have a LEGITIMATE reason to break said encoding (backup, copying to laptop so it's not necessary to carry discs on trips, etc).
Here's analysis of AACS that was blogged last December. One interesting point mentioned is that there is no requirement to wait for keys to get compromized before revocation begins. They can revoke keys whenever they want, publicly claim it was due to hackers, and stimulate new equipment sales any time they want.
Remember Apple IIe games that wrote bad sectors or extra sectors and other such nasties to try and stop people copying 5-1/4 inch floppies?
Remember SecureROM and others making CD copy protection by intentionally leaving broken sectors on CDs - making them unburnable in nearly all of the burners at that time?
Remember that DVD's were once uncopyable?
Remember when Pay TV signals were encrypted by obfuscating their signal with some analogue hardware?
Remember when they started using proprietary digital encryption for Pay TV (Irdeto)?
Every time someone offers up content in some protected form, someone is going to break it. Period. Even if they can't break it, someone will use a legitimate DVD player and screen/sound grab their favorite movies using a capture card.
The only difference I see now is that the companies implementing these measures are monopolies whereas they used to smaller players in their respective markets. This might mean that they can push some legislation through to discourage copying but nothing will ever stop it IMHO.
I must admit that I thought an encryption standard based on the Cascading Style Sheet specs was a clever idea. Should be almost impossible to decipher.
Nobody said anything about exhausting the keypace.
We're talking about attacking the subset of deployed keys. We don't need these keys at all to get them revoked.
The device itself will decrypt the stream. All you need is access to the output to reencode and share. Copyright cops detect the share, lift whatever watermark may be in the stream, finger the device and revoke the key.
There you go. You just DoS'd a production run of playstations from decrypting movies. All without having any knowlege of any keys.
When I say DoS the keyspace I don't mean exhausting the theoretical keyspace of a 128 bit cryptosystem. You're right, that'd be hard. You don't have to discover keys to DoS the subset of deployed keys via third party revocation. You need only make it seem as if the key was compromised to the revocation authority, thus prompting revocation.
So long as the stream will exist in a decrypted form so the user can watch it, then no knowlege of keys is needed to perform this attack.
Also. If the revocation authority becomes wary of such attacks it acts as a bunny rabbit attack. When keys are legitimately compromised they may do nothing thinking it's just another dupe.
The keyspace isn't the weakness here. It's people.
This is a very insightful concept. The above post should be modded up.
I think this will be the major reason that you _won't_ see key revocation, ever. It sounds like a very costly ordeal for all involved. The costs of tech support at the DVD player manufacturer and customer service at the disc producer will be enormous.
This would also be unwise for the branding concept as a whole. Branding, say, with the DVD-Video logo, is supposed to assure consumers that the product they get is system-interoperable with the other products bearing said brand. Imagine if there was a "hard incompatibility" issue between two products.
I think the first key revocation will be a seriously expensive endeavour, and the lawsuits will fly fast and furious. Customers will initiate class-action suits against the player manufacturers and disc producers, and the trademark owner who's assurance of interoperability has been proven a false representation. Player manufacturers will in turn sue the licensing authority for the harm their trademarks will suffer, as well as costs of tech support and lawsuits.
Disc producers may be SOL as far as suing anyone: They chose to release the discs without the complete keyset. Retailers will demand that returned product must be refunded; despite the fact that it is currently not industry practice. (Laws will force retailers to accept returned product that is defective.)
This is really a train wreck in the making. Bad medicine.
They don't care about piracy. This isn't, and never has been, about piracy.
What they care about is control.
They care about linux distributions adding support to play HD-DVD movies, but not paying license fees to the DVD forum.
They care about HD-DVD players cropping up that allow you to fast-forward past the trailers at the beginning of the movie, the ones where a licensed player, when you say "fast forward", says "no".
They care about people making players behind their back which openly flaunt the "region locking" mechanisms that make regional price discrimination possible.
They care about products like DVDXCopy which allow consumers to exercise their fair use rights and do God knows what with the products they purchase.
These are the things they're trying to stop or hinder. Their choice of technology simply reflects that. AACS will do little in the short run and nothing in the long run to prevent piracy. But the legal barriers the media companies paid to erect will allow AACS to keep all four of the above things off of the general commercial market.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Page 24: Each compliant device is given a set of secret Device keys when manufactured. ...The set of device keys may either be unique per device, or used commonly by multiple devices. ...The [Media Key Block] system is based on a large master tree of keys, with each set of Device Keys being associated with a leaf node of the tree... Further, corresponding to every sub-tree in the master tree is another set of system keys... Thus, the subset-difference tree has to store one encryption per Device Key set revoked, and occasionally additional encryptions to pick up non-revoked sets not covered by the smaller sub-trees. On average, there are 1.28 enrcryptions per revocation.
The document goes on to mention around pages 27 and 28 that devices obtain key conversion data by mechanisms called out in the AACS liscense, and recording devices must verify the signature and determine by its version number field whether a Media Key Block is more recent than the one currently on the media. "Each time the AACS LA changes the revocation, it increments the version number and inserts the new value in subsequent Media Key Blocks."
This says to me that the DVDs you buy will in fact be the transport mechanism for updated revocation keys, and presumably your player will be able to store a lot of them. So movie production companies and distributors must conspire to continually subvert the functionality of a consumer's device, and this does not require the player to be online nor will a firewall help. Once you get yourself locked into the prison of this coded delivery system, your own buying habits will keep adding additional chains to your cage. It is quite insidious, not only are they using military-level technology to control movies, the system is founded on the complicity of the entertainment industry, the electronics industry, and consumers themselves (and the consumer's PC if used) with constant policing and injection of targeted death-messages into the distribution channel. It also looks like the drive can potentially disable media (page 41) and even report hacked hosts/drives by recording onto the media (it seems kind of vague but it is writing a concatenation of the "Binding_Nonce", "Drive_Nonce" and "Host_Nonce" to the protected data area, whatever these things are), which if this is indeed true would I suppose be reported through other PCs/drives of people to whom you lend the media, or maybe through even a shared Internet connection, if you want to try extrapolating this.
Sorry I got ahead of myself. Page 55 talks a lot about online connections, online enabled content and streamed content. It talks about Title Keys and says "the word 'title' is often overloaded. For example a title can refer to a full-feature movie, a TV program, a music album, etc. ... however [we] .. define Title to be a distinct path.. That is, a Title is a logical grouping of content material to be presented in a specific order in time." It also mentions an "Enhanced Device" that is online and can then provide full access to Enhanced Titles that require online connections or extended player functionality. Page 56 mentions a Cacheable Permission that expires after a certain amount of time or include a "do not play until" date, and the XML based Title Usage File is based on global, not local time, which if used must be based on a "secure clock" whatever that is. Oh yeah, on page 59 it mentions the default connection protocol can operate (by https) over Ethernet, firewire, WLAN, etc. so you know this is not just about an HD DVD format but looks like it is trying to take over every device in the vicinity as well. How much you want to bet this will police titles not actually loaded in the player?
I think the cutest part is page 61, where it shows how you can go online with a PIN number and a remote Clearing House server can offer a title
I'm a cryptographer, posting belatedly. I don't know if anyone will see this or read it but I had to comment.
_ no_fig.pdf. I will describe an over-simplified version.
Almost all of the assumptions in this thread are wrong. The system does not work cryptographically in the way people imagine. The technology makes it possible to efficiently revoke INDIVIDUAL DEVICES, not entire model lines. Every device can have a unique key, even if there are millions of them. There is no necessity or desire to make people's non-hacked players stop working. As others have pointed out, this would be INSANE. That's not how it works!
Cryptographically, this system allows the data to be encrypted to any of millions or even billions of devices, using a very short encrypted key block. What happens is that if some of those (individual!) devices get revoked, the size of the key block increases. Amazingly, the size is dependent on how many devices get revoked, not on how many devices there are. If extracting keys from a device is complicated and expensive, and not too many need to get revoked over the lifetime of the system, it will be a success.
The cryptographic technique is described in a paper from Crypto 2001 called Revocation and Tracing Schemes for Stateless Receivers by Naor et al and is available from http://www.wisdom.weizmann.ac.il/~naor/PAPERS/2nl
Imagine creating a binary tree with enough leaf nodes to hold all of the devices (again, this is individual devices, not model lines). Each device is associated with a particular leaf node of the tree. Now we assign a random AES key to every node of the tree, leaf nodes and internal nodes.
At manufacture time, each device is given all of the keys corresponding to its branch of the tree; that is, the key for its leaf node, and the keys for the parent, grandparent, etc. of that node, all the way back to the root node of the tree. As long as the disk is encrypted to one of these keys, the device can play the disk. Note that even if there are a billion device nodes in the tree this is only about 30 keys that a device has to hold, which is trivial.
Now, to create a disk, initially it is encrypted to the root node of the tree. All devices have the key for that node so all devices can play it. The key block is very short. But now suppose that someone manages to extract the secret device keys in their device, they get published on the internet (as happened initially with DeCSS), and everyone is able to use them to decrypt HD-DVDs. (BTW this system is also being used for Blue-ray! Don't think that's going to be any different!) Now what do we do?
What happens is that new disks are no longer encrypted to the root key. Instead, we partition the tree into subtrees that include every leaf node except the one which got its keys published. Now we encrypt the disk data to the root nodes of those subtrees, rather than to the root node of the whole tree. This will allow every other device still to decrypt the data, but that one hacked device can no longer decrypt new disks. The size of the key block grows based on the number of hacked players.
This is an oversimplified version because the size of the key block is bigger than desired. The paper above shows a more complex system, which is actually being used, which makes the size of the key block linear in the number of hacked systems. Assuming that hacking them remains relatively difficult, this should be an effective and efficient content protection system.
Basically this is the same method being used in current satellite TV systems, and for the past few years it has been successful enough that satellite piracy in the U.S. at least is largely a thing of the past.