Slashdot Mirror

← Back to Stories (view on slashdot.org)

The DRM Scorecard

Posted by samzenpus on from the guess-who's-ahead dept.

An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"

2 of 543 comments (clear)

  1. Re:HDMI by sssssss27 · · Score: 5, Informative

    From Wikipedia:
    "Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System". This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.[1]

    The authors conclude:

    "HDCP's linear key exchange is a fundamental weakness. We can:

    * Eavesdrop on any data
    * Clone any device with only their public key
    * Avoid any blacklist on devices
    * Create new device keyvectors.
    * In aggregate, we can usurp the authority completely."

    It must be noticed, however, that for this attack you first have to break Blom's scheme (the linear algebra based key exchange system). In the case of HDCP you need a minimum of 39 device keys in order to reconstruct the secret symmetrical master matrix that has been used to compute all device keys.

    Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act [1].

    The most well-known attack on HDCP is the conspiracy attack, where a number of devices are compromised and the information gathered is used to reproduce the private key of the central authority.

  2. This is called "the Smart Cow problem" by Spy+der+Mann · · Score: 5, Informative
    From Wikipedia:

    The Smart Cow Problem describes the method by which a group of individuals, faced with a technically difficult task, only requires one of their number to solve the problem. Having been solved once, an easily repeatable method may be developed, allowing non-technically proficient entities to accomplish the task. The term Smart Cow Problem is thought to be derived from the expression: "It only takes one smart cow to open the latch of the gate, and then all the other cows follow." [1]

    This has recently been applied to Digital Rights Management (DRM), where, due to the rapid spread of information on the internet, it only takes one individual to defeat a DRM scheme to render the method obsolete. [2]

          1. ^ http://www.wired.com/news/business/1,60901-0.html Buck a Song, or Buccaneer? , retrieved 2007-02-13
          2. ^ http://www.wired.com/news/digiwood/0,1412,67556,00 .html Give Your DVD Player the Finger, retrieved 2007-02-13