Revision as of 13:49, 1 May 2007 editTregoweth (talk | contribs)48,975 edits rm dubious/uncited stuff← Previous edit | Revision as of 23:00, 1 May 2007 edit undoTregoweth (talk | contribs)48,975 editsm Protected Advanced Access Content System: prevent posting of HD DVD encryption key Next edit → |
(No difference) |
Revision as of 23:00, 1 May 2007
This article documents a current event. Information may change rapidly as the event progresses, and initial news reports may be unreliable. The latest updates to this article may not reflect the most current information. Feel free to improve this article or discuss changes on the talk page, but please note that updates without valid and reliable references will be removed. (April 2007) (Learn how and when to remove this message) |
This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Advanced Access Content System" – news · newspapers · books · scholar · JSTOR (May 2007) (Learn how and when to remove this message) |
The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, intended to restrict access to and copying of the next generation of optical discs and DVDs. The specification was publicly released in April 2005 and the standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc (BD). The group developing it includes Disney, Intel, Microsoft, Matsushita (Panasonic), Warner Brothers, IBM, Toshiba, and Sony.
Since appearing in devices in 2006, several successful attacks have been made on the format. The first known attack relied on the trusted client problem, and the decryption keys for a volume were extracted from a weakly protected player (WinDVD).
System overview
AACS uses cryptography to control the use of digital media. It encrypts content under one or more title keys using the Advanced Encryption Standard (AES). Title keys are derived from a combination of a media key and several elements, including the volume ID of the media (e.g., a physical serial number embedded on a DVD), and a cryptographic hash of the title usage rules.
The principal difference between AACS and earlier content scramble systems such as CSS is in the means by which title-specific decryption keys are distributed. Under CSS, all players of a given model are provisioned with the same, shared decryption key. Content is encrypted under the title-specific key, which is itself encrypted under each model's key.
In CSS, each volume contains a collection of several hundred encrypted keys, one for each licensed player model. In principle, this approach allows licensors to "revoke" a given player model (prevent it from playing back future content) by omitting the encryption key corresponding to that model. In practice, however, revoking all players of a particular model is costly, as it causes many users to lose playback capability. Furthermore, the inclusion of a shared key across many players makes key compromise significantly more likely, as was demonstrated by a number of compromises in the mid-1990s.
The approach of AACS provisions each individual player with a unique set of decryption keys which are used in a broadcast encryption scheme. This approach allows licensors to "revoke" individual players, or more specifically, the decryption keys associated with the player. Thus, if a given player's keys are compromised and published, the AACS licensing authority can simply revoke those keys in future content, making the keys/player useless for decrypting new titles. However, if the attacker doesn't publish the compromised player key, the AACS licensing authority doesn't know which key is compromised, and it cannot revoke the key. An attacker can use his/her player key to get title keys of several movies, and publish the title keys or the decrypted movies without risk of revocation of his/her player key.
Security of AACS
You must add a |reason=
parameter to this Cleanup template – replace it with {{Cleanup|section|reason=<Fill reason here>}}
, or remove the Cleanup template.
Concerns of experts
The proposal was voted one of the technologies most likely to fail by IEEE Spectrum magazine's readers in the January 2005 issue . Concerns about the approach include its similarity to past systems that failed, such as CSS, and the inability to preserve security against attacks that compromise large numbers of players. Jon Lech Johansen ("DVD Jon"), who defeated the original DVD CSS, expected AACS to be cracked by winter 2006/2007.
In late 2006, security expert Peter Gutmann released "A Cost Analysis of Windows Vista Content Protection", a technical paper criticizing the implementation of AACS on Windows Vista.
Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server).
Initial steps
In July 2006, the first steps towards enabling full AACS-encrypted films to be copied were taken. While great care has been taken with AACS to ensure that contents are encrypted right up to the display device, it was discovered that a perfect copy of any still frame from a film could be captured from certain Blu-ray and HD DVD software players made simply by utilizing the Print Screen function of the Windows operating system. It was hypothesized that this approach could be automated to allow a perfect copy of an entire film to be made, in much the same way that DVD films were copied before the advent of DeCSS, but to date no such copy has been discovered, and this exploit has been closed in subsequent software versions.
Such approaches do not constitute compromises of the AACS encryption itself, relying instead on an officially licensed software player to perform the decryption. As such, the output data will not be in the form of the compressed video from the disc, but rather decompressed video.
Muslix64's exploit and BackupHDDVD / BackupBluRay
On December 26 2006 a person using the alias "muslix64" posted a utility named BackupHDDVD and its source code for a working AACS decryptor on the doom9.org forums. The program is not an exploit or hack per se. Rather it is a tool that can be used to decrypt AACS-encrypted content once one knows the encryption key. As such, it is no surprise or indication of vulnerability that such a program is possible and it can be seen as merely an implementation of the publicly available standard AACS Guide. However, Muslix64 claims to have found title keys in main memory while playing HD-DVD disks using a software player, and that finding them is not difficult. Details of how to do this were later revealed.
Cyberlink, developers of PowerDVD maintain that their software was not used as part of the exploit.
The claimed attack (extraction of the encryption keys from a software player) highlights the inherent weakness of software movie players for the PC platform. The use of encryption does not offer any true protection in this scenario since the software player must have the encryption key available somewhere in memory and there is no way to protect against a determined PC owner extracting the encryption key. (If everything else fails the user could run the program in a virtual machine making it possible to freeze the program and inspect all memory addresses without the program knowing). Avoiding such attacks would require changes to the PC platform (see Trusted Computing) or that the content distributors do not permit their content to be played on PCs at all (by not providing the companies making software players with the needed encryption keys). Alternatively, they could use the AACS system's revocation mechanism to revoke a specific software player after it is known to have been compromised. In that case, the compromised keys could still be used to decrypt old titles, but not newer releases as they would be released without the encryption keys for the compromised software players. The latter alternative would result in legitimate users of compromised players being forced to upgrade or replace their player software in order to view new titles.
Publishing of volume keys
In addition, on January 15 2007 a website launched at HDKeys.com containing a complete database of all known HD DVD volume keys, and a modified copy of the BackupHDDVD software allowing for online key retrieval (the latter was later removed after a DMCA complaint).
On January 26, 2007 the BBC reported "The AACS group has admitted that a hacker had managed to decrypt some discs and other people were now able to make copies of certain titles." In a recent interview muslix64 said the reason he hacked the AACS was he got angry when a HD-DVD he bought wouldn't play on his monitor because it didn't have the compliant connector. He says "Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad." Muslix64 also said "I'm just an upset customer. My efforts can be called 'fair use enforcement'."
References
- http://www.spectrum.ieee.org/jan05/2703
- http://nanocrew.net/2006/01/08/deaacscom/
- Peter Gutmann (2006-12-26). "A Cost Analysis of Windows Vista Content Protection". Retrieved 2007-01-28.
{{cite journal}}
: Cite journal requires|journal=
(help) - http://hardware.slashdot.org/article.pl?sid=06/07/07/1255224
- http://www.heise-security.co.uk/news/75103
- http://www.aacsla.com/specifications/AACS_Spec_HD_DVD_Recordable_0.921_20060725.pdf
- "HD-DVD Content Protection already hacked?". TechAmok. 2006-12-28. Retrieved 2007-01-02.
{{cite web}}
: Check date values in:|date=
(help) - http://msmvps.com/blogs/chrisl/archive/2007/01/02/463980.aspx
- http://news.bbc.co.uk/2/hi/technology/6301301.stm