Also - anyone thinking the 40 'conspiring' devices makes it impractical to break HDCP/HDMI - think again. It just means 40 (or less) like minded hackers have to get together - not particularly hard to imagine these days.
-- There are shills on slashdot. Apparently, I'm one of them.
A little tougher than that...
by
weetjerm
·
· Score: 5, Interesting
His attack methodology is correct, but it will take more than 40 devices to break the system. The chances are very low that all 40 devices being linearly independent, and therefore each one offering non-duplicate information about the system. If you read the comments, he actually inadvertantly ran into this problem with his small example of 4 keys.
However, in writing this, I realize that I do not know how many keys you would need to present a good probability of solving the system of equations. Anyone want to run a simulation?
Re:Why Reveal this Now?
by
Anonymous Coward
·
· Score: 5, Interesting
The bad news is that some day they will start hiring people who know what they're doing with cryptosystems and then we're all screwed.
Rather unlikely. The whole concept of DRM is bankrupt as a cryptographic concept because you are handing over the ciphertext, the plaintext and last but not least the key over to your adversary (usually called "consumer" or "hacker"). Sure you can try to make it hard for him to actually get them but you already handed them over and it just remains a question of time until they are recovered. Meanwhile, a single break is a class break for at least all the content released up to the point of the break (even with "revokable" keys). Also, once a broke the system once, the content is freed forever and can be distributed at leisure (darknet hypothesis), which means even some small quality loss may be acceptable to the attacker since that loss would only occure once.
In short, DRM is a DReaM indeed.
One attack in many
by
bhima
·
· Score: 4, Interesting
Wow so many folks sort of missed the point here...
Felton's description of the weaknesses of DHCP handshakes is of only one potential attack. Combined with other attacks and it's entirely possible that a group effort could crank out new secret vectors faster than the M.A.F.I.A.A. could revoke known compromised ones.
For example: If more was known (than I know) about the encryption algorithm used (AKA "the hdcpRngCipher") work could be started on creating dense & smart Time-Memory Trade-Off tables. This is a non-trivial task involving tens of thousands of CPU hours... a perfect thing for a validating distributed computing application (oh. this. has. so. been. done. before).
Also a HDMI repeater or splitter isn't very far from being a sniffer... I think all it lacks is a little I2C to USB help. This, the tables above, & a HDCP device will net you all the vectors you need to employ Felton's attack. Once one set has been compromised and the methodology worked out it's just a matter of turning the crank to get more and potentially very, very quickly.
The utility of these attacks goes well beyond being able to view 1080p on a non DHCP device... one could render revocation useless be attacking high-end components sold by M.A.F.I.A.A. members (i.e. Sony). This eventually must lead hardware devices running out of un-revoked vectors and becoming inoperable... an untenable situation for the M.A.F.I.A.A.
Now, if such a concerted attack is organized on the hi-def media... I feel that we will be right where we are now... a reasonably astute person can watch any DVD wherever they want and they can retain a backup of that media in a format of their choosing.
-- Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
Also - anyone thinking the 40 'conspiring' devices makes it impractical to break HDCP/HDMI - think again. It just means 40 (or less) like minded hackers have to get together - not particularly hard to imagine these days.
There are shills on slashdot. Apparently, I'm one of them.
His attack methodology is correct, but it will take more than 40 devices to break the system. The chances are very low that all 40 devices being linearly independent, and therefore each one offering non-duplicate information about the system. If you read the comments, he actually inadvertantly ran into this problem with his small example of 4 keys.
However, in writing this, I realize that I do not know how many keys you would need to present a good probability of solving the system of equations. Anyone want to run a simulation?
Rather unlikely. The whole concept of DRM is bankrupt as a cryptographic concept because you are handing over the ciphertext, the plaintext and last but not least the key over to your adversary (usually called "consumer" or "hacker"). Sure you can try to make it hard for him to actually get them but you already handed them over and it just remains a question of time until they are recovered.
Meanwhile, a single break is a class break for at least all the content released up to the point of the break (even with "revokable" keys). Also, once a broke the system once, the content is freed forever and can be distributed at leisure (darknet hypothesis), which means even some small quality loss may be acceptable to the attacker since that loss would only occure once.
In short, DRM is a DReaM indeed.
Wow so many folks sort of missed the point here...
Felton's description of the weaknesses of DHCP handshakes is of only one potential attack. Combined with other attacks and it's entirely possible that a group effort could crank out new secret vectors faster than the M.A.F.I.A.A. could revoke known compromised ones.
For example: If more was known (than I know) about the encryption algorithm used (AKA "the hdcpRngCipher") work could be started on creating dense & smart Time-Memory Trade-Off tables. This is a non-trivial task involving tens of thousands of CPU hours... a perfect thing for a validating distributed computing application (oh. this. has. so. been. done. before).
Also a HDMI repeater or splitter isn't very far from being a sniffer... I think all it lacks is a little I2C to USB help. This, the tables above, & a HDCP device will net you all the vectors you need to employ Felton's attack. Once one set has been compromised and the methodology worked out it's just a matter of turning the crank to get more and potentially very, very quickly.
The utility of these attacks goes well beyond being able to view 1080p on a non DHCP device... one could render revocation useless be attacking high-end components sold by M.A.F.I.A.A. members (i.e. Sony). This eventually must lead hardware devices running out of un-revoked vectors and becoming inoperable... an untenable situation for the M.A.F.I.A.A.
Now, if such a concerted attack is organized on the hi-def media... I feel that we will be right where we are now... a reasonably astute person can watch any DVD wherever they want and they can retain a backup of that media in a format of their choosing.
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.