Misplaced Pages

Advanced Access Content System

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by JPElectron (talk | contribs) at 18:48, 16 February 2007 (Hardware products). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 18:48, 16 February 2007 by JPElectron (talk | contribs) (Hardware products)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)
Graphic of a globe with a red analog clockThis article documents a current event. Information may change rapidly as the event progresses, and initial news reports may be unreliable. The latest updates to this article may not reflect the most current information. Feel free to improve this article or discuss changes on the talk page, but please note that updates without valid and reliable references will be removed. (Learn how and when to remove this message)

The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, intended to allow restricting access to and copying of the next generation of optical discs and DVDs. The specification was publicly released in April 2005 and the standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc (BD). The group developing it includes Disney, Intel, Microsoft, Matsushita (Panasonic), Warner Brothers, IBM, Toshiba, and Sony.

Since appearing in devices in 2006, several successful attacks have been made on the format. The first known attack relied on the trusted client problem, and the decryption keys for a volume were able to be extracted from a weakly protected player (WinDVD). A more recent attack, and so-far unconfirmed, claims to have spotted one of the required keys on the disks themselves.

System overview

AACS uses cryptography to control the use of digital media. AACS-protected content is encrypted under one or more title keys using the Advanced Encryption Standard (AES). Title keys are derived from a combination of a media key and several elements, including the volume ID of the media (e.g., a physical serial number embedded on a DVD), and a cryptographic hash of the title usage rules.

The principal difference between AACS and earlier content management systems such as CSS is in the means by which title-specific decryption keys are distributed. Under CSS, all players of a given model are provisioned with the same, shared decryption key. Content is encrypted under the title-specific key, which is itself encrypted under each model's key.

In CSS, each volume contains a collection of several hundred encrypted keys, one for each licensed player model. In principle, this approach allows licensors to "revoke" a given player model (prevent it from playing back future content) by omitting the encryption key corresponding to that model. In practice, however, revoking all players of a particular model is costly, as it causes many users to lose playback capability. Furthermore, the inclusion of a shared key across many players makes key compromise significantly more likely, as was demonstrated by a number of compromises in the mid-1990s.

The approach of AACS provisions each individual player with a unique set of decryption keys which are used in a broadcast encryption scheme. This approach allows licensors to "revoke" individual players, or more specifically, the decryption keys associated with the player. Thus, if a given player's keys are compromised and published by an attacker, the AACS licensing authority can simply revoke those keys in future content, making the keys/player useless for decrypting new titles. However, if the attacker doesn't publish the compromised player key, the AACS licensing authority doesn't know which key is compromised, and it can not revoke it. An attacker can use his/her player key to get title keys of several movies, and publish the title keys or the decrypted movies, without risk of revocation of his/her player key.

Security of AACS

You must add a |reason= parameter to this Cleanup template – replace it with {{Cleanup|section|reason=<Fill reason here>}}, or remove the Cleanup template.

Concerns of experts

The proposal was voted one of the technologies most likely to fail by IEEE Spectrum magazine's readers in the January 2005 issue . Concerns about the approach include its similarity to past systems that failed, such as Content Scrambling System (CSS), and the inability to preserve security against attacks that compromise large numbers of players. Jon Lech Johansen ("DVD Jon"), who defeated the original DVD CSS, expected AACS to be cracked by winter 2006/2007 .

In late 2006, security expert Peter Gutmann released A Cost Analysis of Windows Vista Content Protection, a technical paper criticizing the implementation of AACS on Windows Vista.

Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server).

Some have noted a remarkable similarity between two people quoted in Gutmann's paper; the person using the alias "muslix64" (who wrote the BackupHDDVD utility mentioned below), and a user in Canada.

"Roger Strong reports from Canada that "I've just had my first experience with HD content being blocked. I purchased an HP Media Center PC with a built-in HD DVD player, together with a 24" 'high definition' 1920 x 1200 HP flat panel display (HP LP2465). They even included an HD movie, 'The Bourne Supremacy'. Sure enough, the movie won't play because while the video card supports HDCP content protection, the monitor doesn't. (It plays if I connect an old 14" VGA CRT using a DVI-to-VGA connector)"

(The reference to Canada has since been removed; it's available on mirrors of the page.) A search on the web shows that this upset customer is also a programmer and was also locked out of his paid-for content shortly before Gutmann's paper was published. BackupHDDVD was posted about a week after the paper was published.

Initial steps

In July 2006, the first steps towards enabling full AACS-encrypted films to be copied were taken. While great care has been taken with AACS to ensure that contents are encrypted right up to the display device, it was discovered that a perfect copy of any still frame from a film could be captured from certain Blu-ray and HD DVD software players made simply by utilizing the Print Screen function of the Windows operating system. It was hypothesized that this approach could be automated to allow a perfect copy of an entire film to be made, in much the same way that DVD films were copied before the advent of DeCSS, but to date no such copy has been discovered, and this exploit has been closed in subsequent software versions.

Such approaches do not constitute compromises of the AACS encryption itself, relying instead on an officially licensed software player to perform the decryption. As such, the output data will not be in the form of the compressed video from the disc, but rather decompressed video.

Muslix64's exploit and BackupHDDVD / BackupBluRay

On December 26 2006 a person using the alias "muslix64" posted a utility named BackupHDDVD and its source code for a working AACS decryptor on the doom9.org forums. The program is not an exploit or hack per se. Rather it is a tool that can be used to decrypt AACS protected content once one knows the encryption key. As such, it is no surprise or indication of vulnerability that such a program is possible and it can be seen as merely an implementation of the publicly available standard AACS Guide. However, Muslix64 claims to have found title keys in main memory while playing HD-DVD disks using a software player, and that finding them is not difficult. Details of how to do this were later revealed.

On January 2 2007 "muslix64" published a new version of his/her program, with volume key support.

Cyberlink, developers of PowerDVD maintain that their software was not used as part of the exploit.

The claimed attack (extraction of the encryption keys from a software player) highlights the inherent weakness of software movie players for the PC platform. The use of encryption doesn't offer any true protection in this scenario since the software player must have the encryption key available somewhere in memory and there's no way to protect against a determined hacker extracting the encryption key (if everything else fails the user could run the program in a virtual machine making it possible to freeze the program and inspect all memory addresses without the program knowing). Avoiding such attacks would require changes to the PC platform (see Trusted Computing) or that the content distributors do not permit their content to be played on PCs at all (by not providing the companies making software players with the needed encryption keys). Alternatively, they could use the AACS system's revocation mechanism to revoke a specific software player after it is known to have been compromised. In that case, the compromised players could still be used to break old titles but not newer releases as they would be released without encryption keys for the compromised software players requiring hackers to break other players. The latter alternative is not a desirable option, because it would result in legitimate users of compromised players being forced to upgrade or replace their player software in order to view new titles.

On January 13 2007 "LordSloth" on Doom9 discovered how to grab the volume license keys from WinDVD's memory. With that discovery, it became possible to take backup of HD DVDs. Later that day, the first pirated HD DVD, Serenity, was uploaded on a private torrent tracker. That marked the start of HD DVD piracy.

On January 20 2007 "muslix64" published the alpha version of BackupBluRay.

Publishing of Volume Keys

In addition, on January 15 2007 a website launched at AACSKEYS.com containing a complete database of all known HD DVD volume keys, and a modified version of the BackupHDDVD software allowing for online key retrieval.

On January 20 "muslix64" released a alpha of a utility similar to BackupHDDVD called BackupBluRay, which makes it possible to backup Blu-ray discs.

On January 26, 2007 the BBC reported "The AACS group has admitted that a hacker had managed to decrypt some discs and other people were now able to make copies of certain titles." In a recent interview muslix64 said the reason he hacked the AACS was he got angry when a HD-DVD he bought wouldn't play on his monitor because it didn't have the compliant connector. He says "Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad." Muslix64 also said "I'm just an upset customer. My efforts can be called 'fair use enforcement'."

AnyDVD HD

SlySoft are currently public beta testing AnyDVD HD which allows users to watch HD-DVD movies on non-HDCP compliant PC hardware. The movies can be decrypted on the fly direct from the HD-DVD or can be copied to harddisk. AnyDVD HD also automatically removes any unwanted logos and trailers. They have stated that AnyDVD HD uses several different mechanisms to disable the encryption, and is not dependent on the use of compromised encryption keys. They have also stated that AACS has even more flaws in its implementation than CSS, rendering it highly vulnerable, but they will release no details for obvious reasons.

Processing key retrieval and Arnezami contribution

A person known as Arnezami on the doom9 forums posted a processing key for AACS on 11 February 2007. This key is suitable to decrypt any HD-DVD or BluRay disc published up to date. With the help of this key it is possible to generate a VUK (Volume Unique Key) for any disc. However, this requires knowledge of the Volume ID for each particular release.

The Volume ID structure has four fields, one byte which designates the MediaType (always equal to 0x40), one byte which is reserved (always zero so far), an array of 12 bytes (so-called "unique number" assigned by publisher), and two bytes which are reserved (again always zero so far).

At the moment known IDs could be easily guessed or brute-forced. Arnezami found out that the "unique" part of the ID on currently available releases is not randomly generated as it was originally anticipated. Actual values for the "unique" part of a Volume ID (the "unique number" in this structure is 12 bytes long) can be the date/time of release, part of the movie title in plain text (e.g. "SERENITY "), and so on.

Worth noting is that Arnezami used a different technique to the one employed by muslix64. Instead of analyzing memory dumps, he analyzed logs made by a USB sniffer, effectively discovering another major fault in the current AACS implementation (sending the Volume ID unencrypted from an HD-DVD reading device over an unprotected channel to a software player).

Although Arnezami made a great advance, a fully automated solution for decrypting HD-DVD/BluRay is yet to be implemented with this approach. Publishers might introduce randomly generated Volume IDs in future releases (brute-forcing 12 bytes key is practically impossible on current systems). However, due to the specific structure of the volume id it is feasible to do an automated search of such a structure in a software player's memory (even if there are many - possibly thousands - of candidates, it is easy to find the VUK with a brute-force implementation).

Remarkably, Arnezami didn't dissassemble or even debug software player code. Volume IDs were intercepted by a USB sniffer only and the processing key was found in a memory dump taken at the appropriate moment (after VUK generation, the software player was found to erase the processing key from RAM). This hack was carried out using WinDVD and an XBox 360 HD-DVD drive, connected to a Mac using its existing USB connection.

Legal agreements

The AACS web site notes that text for Final agreements regarding AACS licensing will be replacing the Interim agreements on January 31 2007. This applies to the Adopter Agreement, Content Participant Agreement, Content Provider Agreement, Reseller agreement.

"Please note that, in anticipation of the Final AACS Content Participant Agreement being available, this Interim AACS Content Participant Agreement will no longer be available for download or execution after January 31, 2007, and the AACS LA will not accept submissions of this document after that date. Thank you for your understanding as AACS LA progresses toward offering the final license agreements.

Hardware products

AACS is implemented within Plextor's PX-B900A drive. Accompanying the drive is also this notice. It is unclear whether Plextor and/or WinDVD/Ulead software (included with the drive) is initiating and perhaps profiting from this charge, or if this is required by licensing AACS into product capabilities. Some argue it is grossly inappropriate that after you purchase a $900+ piece of hardware, and legally purchase a BlueRay DVD, that sometime in the future you would need to purchase a key to continue using the device and/or playing back additional BlueRay DVDs. This usage restriction is not indicated on the outside of the container, you must open it in order to discover it.

References

  1. "HD-DVD Content Protection already hacked?". TechAmok. 2006-12-28. Retrieved 2007-01-02. {{cite web}}: Check date values in: |date= (help)
  2. "How to extract HD-DVD title keys from WinDVD's memory". 2007-01-13. Retrieved 2007-01-19. {{cite web}}: Check date values in: |date= (help)

External links

Categories: