subject: Cryptography Research wants piracy speed bump on HD DVDs
posted: Wed, 15 Dec 2004 23:47:06 -0000


http://www.theregister.co.uk/2004/12/15/cryptography_research/

Cryptography Research wants piracy speed bump on HD DVDs
By Faultline
Published Wednesday 15th December 2004 11:49 GMT

Analysis Just about a year from today, if not sooner, if we believe
the outpourings of both the DVD Forum and the Blu-Ray Disc
Association, we will be able to go out to the shops and buy blue
laser, high definition, high density DVDs in two completely different
designs. We will also be able to buy the players and recorders by
then, as well as studio content from virtually every major studio in
the world, on one or the other system.

If you believe the hype, DVD manufacturers will likely have to buy in
two types of DVD manufacturing equipment. Households will have to buy
two DVD players. Consumers will have to buy one PC with one type of
high density DVD player and buy another separate player to read the
other format of disk.

We neither believe the hype, nor understand the argument between the
two formats. Surely a single format is better for everyone, but it
appears not. Every round of format wars that have gone on since the
original VHS Betamax wars, has been split, and the result a draw, and
it looks like this one will be too.

In the end the devices are likely to be virtually identical. The Sony-
Panasonic-Philips camp that inspired the Blu-ray version may have
slightly more capacity on their discs, that's the official view right
now, but it might change. They also have devices out right now and
have had them for over a year, but they are very expensive, up at
around $2,000 and are not the volume versions that will be able to
play pre-recorded material. Eventually these devices will be about 10
per cent more than DVD players are now.

The DVD Forum backed Toshiba and NEC technology may be slightly
cheaper for studios to manufacture, but then again we only have the
word of Toshiba on that, and most DVD producers seem set on
supporting both.

The disks need to play on PCs, as well as DVDs and games consoles,
and it is unlikely that anyone is going to shoot themselves in the
foot by making a disc that is incompatible with any of these devices.

So Microsoft's VC 9 codec has to be supported, as does the prevalent
MPEG2 and H.264 codecs, and nobody is planning to argue the toss
about the quality of sound from Dolby. So there is a chance that all
of the software on top of these disks is going to be identical.

In the end all of the Blu-ray manufacturers are still in the DVD
Forum, and given that the Blu-ray leaders make about 90 per cent of
the worlds DVD players and that half of the studios have backed the
DVD Forum standard, their players may well end up playing both
formats. The early consumers may well be asking "What's the
difference" a year from now having little clue as to how different
the two technologies are, under the "hood."

But what if they each choose a different way to protect the content
on their disks? How much danger would that put the two groups in?

The Content Scrambling System of the DVD has come in for a lot of
criticism over the years, as piracy has become relatively rampant. It
was designed more or less as a speed bump to put off anyone other
than the professional pirate. But then along came the internet, and
it has become possible for anyone to download CSS circumvention or to
read up, on various websites, how to go about it. The speed bump has
been somewhat flattened and it needs reinforcement in the next
technology.

So it falls to these same companies to build something for the
studios that will be rather harder and more persuasive, to act as a
hurdle against piracy for these new DVDs. In fact an organization
called Advanced Access Content System (AACS), formed back in July by
such notables as IBM, Intel, Microsoft, Panasonic, Sony, Toshiba,
Disney and Warner Brothers has come together in order to create a
decent speed bump against piracy that should last at least for the
next decade, a decade during which broadband lines improve to the
point where it will be child's play to download even a high
definition movie.

The definition of what is required has been very clear from the
studios. They want a system that has the ability for the security
logic to be renewed and which should also have some form of forensic
marking in order to help track pirates.

At the heart of this protection system will be the safety of the
revenue of all the major studios, which now get way in excess of 50
per cent of any given film's revenues from DVD sales.

Faultline talked over such a system with its authors this week, who
are optimistic about its bid to become the new, but more
sophisticated CSS for the next generation DVD disk.

Cryptographic Research's senior security architect, who also
mockingly refers to himself as "chief anti-pirate" is Carter Laren,
and Cryptography Research is both realistic about just what it takes
to stop pirates and how difficult that is, as well as optimistic that
the two competing associations are set to choose its own submission
as the basis for this protection system.

Cryptography Research (CR) is just a 15 man intellectual property
company, but it was single handedly responsible for discovering how
professional pirates use Differential Power Analysis to read
encryption keys and break complex coding systems thought to be
uncrackable, and has also come up with circumvention strategies.
Virtually all the intellectual property around DPA is held by CR and
is licensed all over the world. CR also wrote the SSL3 secure sockets
layer security version for the IETF.

Put simply DPA is a system of "listening" to power distribution on
semiconductors as they read encryption keys. Circumvention comes from
balancing out all power use when an encryption key is being applied
so that it cannot be read just by observing which circuits are
active.

If it appears to you that DPA is really about making it harder for
the "professional" pirate who makes a fortune from illicit
manufacture of pirated goods, rather than about stopping college kids
from using P2P networks to swap files, then you'd be right.

"We would rather chase professional pirates than College students,"
says Laren, and this shows in his strategy to build a protection
system.

What CR has built, he calls Self Protecting Digital Content or SPDC.
In effect this is a form of content that is no longer passive and
includes code that can execute in a specially constructed SPDC
virtual machine that resides in each player.

The logic behind this approach is that so far Digital Rights
Management systems have tried to both support a trust chain, a way of
moving decryption keys around between devices, as well as allowing
the expression of rules to decide what usage is allowed with that
content.

What CR does instead is much simpler and more direct. It tries to cut
off any player that has been used for mass piracy.

"When a pirate makes a copy of a film encoded as SPDC, the output
file is cryptographically bound to a set of player decryption keys.
So it is easy when looking at a pirated work on a peer to peer
network, or any copies found on copied DVDs, to identify which player
made those copies," said Laren "When the content owner sends out any
further content it can contain on it a revocation of just the player
that was used to make a pirated copy."

"We picture a message popping up on a screen saying something like
'Disney movies won't play on your player any more please call this
number for further information.' Or perhaps 'To fix this please call
Disney with your credit card,' something like that anyway.

"We know that pirates can make copies by tapping the MPEG stream with
modified players, or by making a bit for bit copy of the disk, or by
using an analog attack (catching the film stream on the way to the TV
over aerial cabling and re-digitizing it). But using this
cryptographical binding we have forensic marking visible on the
copy."

The neat thing about this process is that if someone makes copies for
their own use, that can be enabled. Private individuals could be
allowed to make copies for other players, even for their friends, and
that's no problem.

It's only when a pirated copy is discovered coming back to a content
owner (presumably watching P2P sites) that a player will get revoked,
and that is only effective on content made after that point, with the
revocation message in it.

When asked Laren said, "No, this is not the same as fingerprinting or
watermarking. When you generate a fingerprint you are making each
copy that is sold, slightly different and that has some cost
implications when stamping disks. Our forensic information is being
created by the player's virtual machine at the time it is played
(copied) so all the disks can be identical."

The virtual machine players create movie outputs that are
artistically identical but each one is altered if some minor way.
This alteration is just the changing of a few bits of data every few
seconds, so every 50 frames or so. And the CR system works such that
if ten separate players are used in collusion in a copying process,
taking samples of frames from each, it will not only identify one of
the players, but all of them and they can be revoked from all future
content.

"The big problem for studios is piracy based on film copies that have
no digital identifiers. Because they can be sent around the internet
with no chance of catching the original copier and then you have to
go after the P2P user."

"The problem now is that everything in this market has accelerated.
There are time constraints in that all the studios want to move to
better protection as soon as the new disk formats come out and that
is set for the end of next year. This means that AACS has to get its
skates on if the players for this market are not to be launched ahead
of its choice of security system.

By that time, if the CR system, or any other system, is to be used,
the virtual machine players need to be integrated onto the two format
in time for testing and studio acceptance to take place prior to the
end of 2005.

CR has in fact dropped any attempt to have its actual encryption
technologies used in this process. The disk formats will accept RSA
or AES 128 bit encryption or both, but CR says this doesn't matter.

"The cryptographic portion of this is pretty easy to solve and any
cryptographer that knows what he is doing can do a good job of that.
So we have withdrawn from that part of the spec and we're just
putting forward the binding process to our virtual machine," said
Laren.

The virtual machine is based on a stripped down DLX processor. CR has
taken out the floating point arithmetic and we've made a few changes
for the sake of extra security. The DLX is a 32-bit pipelined
embedded RISC CPU architecture that has come out of academia and was
originally designed for teaching, but is not too unlike the ARM or
any other RISC device.

It can be built in hardware, expressed in a hardware language like
the Verilog Hardware Description Language and CR has a reference
implementation in the C programming language.

As for the business model of CR, it plans to charge no royalty to the
consumer electronics manufacturers, and adheres to the principle of
charging the businesses whose security problems it solves, in this
case the studios. So it plans to charge, perhaps as little as a
couple of cents, for each HD disk that is pressed using the
technology.

What if only one of the two disk formats agrees to install the player
in their HD DVD players? "Well if one format gets its security
broken, then that is a basis for suppliers to switch to the other
format isn't it," says Laren in a clearly rehearsed sales pitch.

But in the end, Self Protecting Digital Content remain only a speed
bump. For real pirates, buying a new player every time they get a set
of keys revoked is just an inconvenience, but for someone that is
casually taking content and placing it on the internet, the loss of
function on their personal devices will certainly reduce the activity
to only the seriously committed.

"We realize that all we are doing is enabling the game that goes on
between the pirate and the content owners. We see revocation of keys
through this system as taking last mover advantage away from the
pirates, and giving it back to the content owners," concludes Laren.

Copyright © 2004, Faultline

Faultline is published by Rethink Research, a London-based publishing
and consulting firm.

---
* Origin: [adminz] tech, security, support (192:168/0.2)

generated by msg2page 0.06 on Jul 21, 2006 at 19:04:00

 search: