Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×

AACS Specifications Released 486

An anonymous reader writes "AACS, the proposed key management scheme for HD DVD, has finally released preliminary (ver 0.9) specifications. The specs look like CSS on steroids: they use AES instead of proprietary crypto, but other than that they're basically the same. The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."
This discussion has been archived. No new comments can be posted.

AACS Specifications Released

Comments Filter:
  • Manufacturers (Score:5, Insightful)

    by Joff_NZ ( 309034 ) on Friday April 15, 2005 @12:49AM (#12241816) Homepage Journal
    The main difference appears to be that AACS can revoke an entire player model if a hack appears against it

    In that case, why would any manufacturer in their right mind produce anything under such terms? That would just be insane
    • Re:Manufacturers (Score:3, Interesting)

      by Morlark ( 814687 )
      Yeah it is insane, but it's just the latest in a long line of insanity. Notice how a lot of the technologies that are being touted recently are all about restricting what people can do with content. It's a growing trend, and I don't think it's right.
      • Re:Manufacturers (Score:3, Insightful)

        Yeah it is insane, but it's just the latest in a long line of insanity. Notice how a lot of the technologies that are being touted recently are all about restricting what people can do with content. It's a growing trend, and I don't think it's right.
        Just out of curiosity... Are ther any consumer rights organizations in the US? Any half-decent consumer org should be up in arms about this.
    • Re:Manufacturers (Score:5, Interesting)

      by Tx ( 96709 ) on Friday April 15, 2005 @01:02AM (#12241874) Journal
      From the spec:

      If a set of Device Keys is compromised in a way that threatens the integrity of the system, an updated MKB can be released that causes a device with the compromised set of Device Keys to be unable to calculate the correct Km. In this way, the compromised Device Keys are "revoked" by the new MKB.

      If I read this right (which is not guaranteed this early in the morning), only hacked devices would be revoked. So it wouldn't be insane for manufacturers to use this scheme, and in fact would make them discourage hacks rather than making them easy as they do with many DVD players. Bad for fair use, but no problem for manufacturers.
      • Re:Manufacturers (Score:5, Insightful)

        by GizmoToy ( 450886 ) on Friday April 15, 2005 @01:16AM (#12241930) Homepage
        Well, thousands of customers calling their support lines to figure out why their players no longer work is going to be a pretty big problem for them, I'd say.

        I'm not sure that creating a product that another entity can simply break is a great way to go. Can you imagine how irate all the innocent users would be? Man, I'd hate to be tech support at any of the companies that make these.
        • Innocent users don't hack their devices. Not necessarily saying you're wrong otherwise.
          • Re:Manufacturers (Score:3, Insightful)

            by BJH ( 11355 )
            So hacking a piece of hardware (not software, mind - *hardware*) that you bought and own is now a crime?

            Let me guess what country you live in...
          • Re:Manufacturers (Score:3, Insightful)

            by RedWizzard ( 192002 )

            Innocent users don't hack their devices. Not necessarily saying you're wrong otherwise.

            The point is that if you happen to own the same device that the hacker broke the keys for, you could be SOL. I.e. if someone cracks the keys for Sony's Model 99 HDDVD player, the DVDCCA can revoke those keys and everyone who owns a Model 99 now has a useless paperweight (well I guess they'd still play old discs, just not new ones). Now, whether they'd use that ability or not, who knows? It's the sort of thing that wo

            • Like I said, I read it to be that just hacked devices would be affected - causes a device with the compromised set of Device Keys to be unable to calculate the correct Km - not all devices of the same model. But I could be wrong.
              • Re:Manufacturers (Score:4, Interesting)

                by logicnazi ( 169418 ) <gerdesNO@SPAMinvariant.org> on Friday April 15, 2005 @02:20AM (#12242132) Homepage
                Yes the key word here is 'comprimised set of device keys'

                The way this worked in CSS and probably works similarly here is that at the begining to the disk they encrypt a disk key with many different device keys. Then each device decrypts the disk key using their own device key.

                However if you work out the math it simply isn't plausible to include a seperate key for every HD DVD player that might ever be sold (imagine 128 bits for an AES key). Instead each manufacturer, or perhaps even DVD player model in this new system, gets one key. They can then 'revoke' these keys by just refusing to encrypt future DVD keys with these device keys but since each DVD player doesn't have its own key they can't disable movies player by player.

                On another point I would find it to be really unlikely that any major DVD player would truly get this penalty imposed against it. It would be a huge loss to be the first movie that doesn't work on sony blah players so no movie company is going to be the one who takes that first step.

                Instead this is really a measure to deter manufacturers from 'accidently' making their DVD players ignore copy protection or otherwise violate their rules. Thus it is likely to be used when a player first hits the market or not at all.
            • Re:Manufacturers (Score:3, Interesting)

              by pe1chl ( 90186 )
              Of course you can return your Model 99 HDDVD player to Sony for upgrade or refund, because they broke their part of the agreement by not protecting the device keys good enough to prevent pirates from extracting them.

              This is the manufacturer's fault. He provided you with faulty equipment and should repair it at his expense or refund your money.
              (under most consumer laws)
              • Re:Manufacturers (Score:5, Insightful)

                by micolous ( 757089 ) on Friday April 15, 2005 @04:48AM (#12242569)
                Yeah, and then the kind soul who cracked the code gets a new player or firmware to go and crack the code using a different key. New version of the player then gets blacklisted again, and repeat the process. All this does is annoy the users of the product with infinite amounts of replacements needed, and the process becomes very costly for the manufacturer having to replace the equipment.

                In the end, revoking player keys is stupid. It comes back to the whole point that DRM is not only a stupid idea but fundamentally flawed. It also creates an interesting situation for the key licensing organisation. Don't like a competitor or just want them to pay higher licensing fees? Threaten to cancel all their keys.

                If the consumer association in your country has any sense whatsoever, they won't play along with this at all.
      • Re:Manufacturers (Score:5, Informative)

        by Craig Ringer ( 302899 ) on Friday April 15, 2005 @01:41AM (#12242011) Homepage Journal
        I'm afraid I think you read it wrong.

        "... with the compromised set of keys ..." is the key phrase. A given model, if this is the same as CSS, has a CSS key - not a given unit of that model. Revoking the key would revoke it for all units of that model since they all have the same key.

        Nasty. DVD is offensive enough already ("You may not skip this!"), this will just make it worse. Argh.
      • ... it wouldn't be insane for manufacturers to use this scheme ...

        So, what do you suggest? That they pass on HD DVD? Unless bluray has better terms that's not going to happen.

      • Re:Manufacturers (Score:5, Informative)

        by nothings ( 597917 ) on Friday April 15, 2005 @01:49AM (#12242047) Homepage
        You're not reading it right. If somebody pries out a key from a device and uses that in a DeCSS-like software, they want to make that key no longer work--they want to revoke that key entirely. That's the only way this makes any sense.

        With that in mind, it's clear that you can read what you quoted in the above sense, and indeed it's the plausible way to read it: it's not "causes a compromised device to be unable...", it's "causes a device with the compromised set of Device Keys to be unable...". Any device using this set of keys--whether it's superDeCSS or any particular machine of the sort that was compromised, or any other machine that shares the same set of keys--will no longer be able to view content--presumably only new content created after the revocation.

        Related, from the spec:

        The set of Device Keys may either be unique per device, or used commonly by multiple devices. The license agreement describes details and requirements associated with these two alternatives. A device shall treat its Device Keys as highly confidential, as defined in the license agreement.
        • by TobascoKid ( 82629 ) on Friday April 15, 2005 @04:08AM (#12242421) Homepage
          With that in mind, it's clear that you can read what you quoted in the above sense, and indeed it's the plausible way to read it: it's not "causes a compromised device to be unable...", it's "causes a device with the compromised set of Device Keys to be unable...". Any device using this set of keys--whether it's superDeCSS or any particular machine of the sort that was compromised, or any other machine that shares the same set of keys--will no longer be able to view content--presumably only new content created after the revocation.

          To me, this seems to be a golden opprotunity for organized crime, assuming they hire hackers good enough to reverse engineer a particular DVD player.

          For example, say Sony make a really popular player, so organized crime get the AACS code hacked and then turn around and extort Sony - give us a lot of money or we'll release the key. If they release the key and this device blocking kicks in, Sony are going to have a lot of angry custumers demanding their money back.
      • by JonTurner ( 178845 ) on Friday April 15, 2005 @07:54AM (#12243350) Journal
        Think about it. For most people, their first DVD player is their *last* DVD player. Which is only replaced if something wears out or breaks. Now, with this nifty key-expiring system, the DVDCCA can "break" DVD player's by edict.

        What better way to keep people purchasing hardware than to force obsolescence?
    • You mean they have a choice? If their product can't play the movies the industry is publishing, its about as sellable as a betamax VCR.
  • by Anonymous Coward on Friday April 15, 2005 @12:50AM (#12241819)
    Click here [aacsla.org] to get the specification without agreeing to the terms of access.
  • Player Model? (Score:5, Insightful)

    by NEOtaku17 ( 679902 ) on Friday April 15, 2005 @12:51AM (#12241824) Homepage

    "The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."

    Player model? What if a hack comes out for PC that allows you to circumvent the copy protection: Does it revoke PCs altogether, only certain disk drives, or what?

    • Re:Player Model? (Score:3, Insightful)

      by Omkar ( 618823 )
      Considering that one "hack" would be just capturing the signal sent to the TV, I think it's fair to say they're not going to be banning anything anytime soon.
    • Re:Player Model? (Score:4, Informative)

      by nothings ( 597917 ) on Friday April 15, 2005 @01:59AM (#12242078) Homepage
      "Circumvent the copy protection"? The data is encrypted. You can copy it all you want; but you can't play it without decrypting it.

      So they revoke a player model as follows (omitting lots of details that aren't important to the big picture, and oversimplifying):

      Each player model gets its own key ("set of Device Keys" in the specification). Data on the disc is encoded with a disc-specific data key. Given N player models, there are also N encrypted master keys, one for each (non-revoked) player model.

      If a player model is compromised and the key from it used in a DeCSS-like program, they will "revoke" that key and, on all future releases, not include a copy of the disc-data key encrypted for that player.

      • Re:Player Model? (Score:3, Interesting)

        by DrXym ( 126579 )
        Which is great but my undertanding of DeCSS when it was released was that they said once they cracked one of the keys they could have gone on to crack them all. If this thing is CSS on steroids then what's to stop someone doing a concerted attack to grab one key, cracking a whole bunch of them from major manufacturers. Are they really going to risk the wrath of millions of consumers who discover their players don't work any more?

        At the end of the day, the disc data is encrypted once and the disc must have

        • Re:Player Model? (Score:3, Informative)

          Which is great but my undertanding of DeCSS when it was released was that they said once they cracked one of the keys they could have gone on to crack them all. If this thing is CSS on steroids then what's to stop someone doing a concerted attack to grab one key, cracking a whole bunch of them from major manufacturers. Are they really going to risk the wrath of millions of consumers who discover their players don't work any more?

          I know absolutely nothing about CSS, but do know a few things about encryptio

      • Re:Player Model? (Score:3, Insightful)

        by benb ( 100570 )
        > Given N player models, there are also N encrypted > master keys, one for each (non-revoked) player
        > model.

        All shipping with the disc, I presume. So, let's say there are 1500 different player models on the market. Each disc then ships with 1500 different asymetric encryptions of the symetric key used to encrypt the actual content. Let's say each takes 1 KB, that's 1,5 MB for all.

        Now what about future player models? The keys of the players released 2015 must be on discs released 2005, otherwise t
  • I accept? (Score:4, Funny)

    by Anonymous Luddite ( 808273 ) on Friday April 15, 2005 @12:51AM (#12241825)
    >> These documents are preliminary drafts and are subject to change without notice. To download the v0.90 specifications, please accept the above terms and conditions.

    No Thanks. I'll just wait for it to get posted to /.
  • by Adult film producer ( 866485 ) <van@i2pmail.org> on Friday April 15, 2005 @12:52AM (#12241833)
    This scheme will not be broken for at least 20 years.

    There's no way they'll make the same mistake twice. DirecTV upgraded all their smart cards 2 or 3 years ago and it has yet to be broken. Bell Canada's expressvu is adopting the same technology because _everybody_ and their mom is pirating the signals.
  • by kwoo ( 641864 ) <`moc.liamg' `ta' `edocwjk'> on Friday April 15, 2005 @12:54AM (#12241841) Homepage Journal

    You have your work cut out for you!

    Just kidding. :)

  • by The New Andy ( 873493 ) on Friday April 15, 2005 @01:05AM (#12241887) Homepage Journal
    Suppose player X has been revoked. Now, I'm assuming that any disks released after this won't work on it right? So, does the packaging for the disk say: "Plays on any player except blah"?

    Now, how does this scale, suppose players AAA through ZZZ have been revoked. Do we need larger DVD cases just so we can fit a list of all the players that won't work on it?


    • Playable on all Licensed Players
      see Figure 1-1 page 2 (12) of the Advanced Access Content System: Pre-recorded Video Book.
      It's your job as user to figure out if your player is still licenced.
      Now that's not to deny enterprising souls the right to devise methods to play it on unlicensed players, but there may be some fine print about such methods violating your EULA with the content provider...
  • by Anonymous Coward on Friday April 15, 2005 @01:07AM (#12241900)
    Well, what happens to the customers that have a player-model that gets, by no fault of themselves, revoked. Are they reembursed (getting (part of) their money back), or are they just left with a piece of worthless, but costly junk ?

    Even worse : you have no way of knowing if the player you are going to buy is on the list of players shortly-to-be-revoked, or worse yet : allready revoked.

    How's the "you should be able to use a bought commodity for a reasonable time"-law come in play here ?
    • Well. You would probably have to buy a new one, so its even more licencing money for the rich.
      Great plan for bringing in a lot of money today, but it will also guarantee the fall of the industry tomorrow.
    • by l0b0 ( 803611 ) on Friday April 15, 2005 @01:43AM (#12242018) Homepage
      Well, what happens to the customers that have a player-model that gets, by no fault of themselves, revoked. Are they reembursed (getting (part of) their money back), or are they just left with a piece of worthless, but costly junk ?
      This can't possibly work on the global scale, so it'll just be the final kick in the balls before all consumers learn how to pirate movies. That is, if the movie industry doesn't realize that it's their worst move of all times.
    • by Anonymous Coward on Friday April 15, 2005 @02:14AM (#12242116)
      They start the healing process by investing the money they would have spent on new players in some of the fine products made by Barrett Firearms Manufacturing, Inc., and the information provided by fine financial periodicals such as the Wall Street Journal.
    • I can't see this working in the EU.

      Imagine being sold a DVD player that stops playing any new releases a year, a month or even a day after you bought it. Under EU law you'd almost certainly be entitled to a refund from the vendor, and I can't imagine European vendors willingly leaving themselves that wide open to millions in claims.

      Expect sanity to prevail when the reality of how dumb this would be in practice is finally hammered home to those who hope use this system.
  • by mattkinabrewmindspri ( 538862 ) on Friday April 15, 2005 @01:08AM (#12241905)
    Go Blu-Ray!
  • by jleq ( 766550 ) * <jleq96@nOsPAm.gmail.com> on Friday April 15, 2005 @01:09AM (#12241906)
    It may be the strongest encoding out there, but who cares? What stops me from plugging the video output of a dvd player into my video capture card and recording off of it? Sure, the quality won't be as good, but it will still work.

    I wish they simply wouldn't scramble content in the first place. 99.9% of the people who buy the dvd and would need to break the encoding have a LEGITIMATE reason to break said encoding (backup, copying to laptop so it's not necessary to carry discs on trips, etc).
    • The only thing I would point out is that you mentioned that 99% of the people who BUY the DVD and would need to break the encoding have legit uses in mind.

      There's a ton of people out there who never buy the content to begin with, because they download it themselves.

      There's a huge difference. I know that the Betamax defense is the obvious counterargument, but that was way before one could make indefinite copies without massive quality loss. The idea that one would make really good copies available t

  • Is this legal? (Score:2, Informative)

    by Foktip ( 736679 )
    In many countries (such as will probably be with Canada soon), there will be laws stating that bypassing DPM's (digital protection measures) is allowed, and legal, if it is of legal intent. SUch as fair use, backing it up, etc.

    So, if you use it fairly in a country where its legal to do so, and they "block you", is that legal too? Is their EULA more powerfull than non-American laws?
    • Re:Is this legal? (Score:5, Informative)

      by ta bu shi da yu ( 687699 ) on Friday April 15, 2005 @01:27AM (#12241964) Homepage
      In Australia it now is, we are not allowed to create any copy protection circumvention mechanisms. To all you Americans: thanks for nothing.
      • Don't blame me, I voted against Bush!
      • by FreeUser ( 11483 ) on Friday April 15, 2005 @09:24AM (#12244001)
        In Australia it now is, we are not allowed to create any copy protection circumvention mechanisms. To all you Americans: thanks for nothing.

        Last I checked US troops aren't marching house to house in Australia, or occupying the Australian parliament.

        Blame your own gutless politicians for your own mess. I don't blame Aussies for Bush being in office, despite the fact that one right-wing Aussie happens to own FOX and had no small part in running the propoganda machine that conviced approximately 50% of the US voters to vote the moron back into office.

        You're responsible for your own mess, and the sooner you take your own leaders to task for it, rather than blaming a foreign power, the sooner you'll get it fixed. The same goes for us, by the way. The sooner we start blaming our own leaders for the current mess, rather than boogeymen in caves and Al Q'aide, the sooner our mess here in the states will get sorted out.

        I don't expect either country's population to do this anytime soon, however.
    • In many countries the law is that you're allowed to do that, but there's nothing stopping them trying to stop you. So you can hack their DVDs and they can do whatever they want to encrypt them or whatever. If they're going to sell you non-working dvds that's probably illegal under consumer protection laws though.
  • by zymano ( 581466 ) on Friday April 15, 2005 @01:16AM (#12241931)
    Content Scrambling System = CSS.

    AACS= Advanced Access Content System.

    Maybe I am an idiot but i had to actually read the article to know what the posted article was talking about.

  • So I roll the dice (Score:2, Interesting)

    by JohnnyGTO ( 102952 )
    drop big bucks on equipment hoping someone does happen on a hack? Yea right and they wonder why only the sheeple fall for this shit.

  • key revocation (Score:4, Insightful)

    by Anonymous Coward on Friday April 15, 2005 @01:17AM (#12241936)
    If they can revoke keys, then we can DoS the keyspace. There's no need to crack any crypto. All we gotta do is trick them into deprecating keys.

    How many people are still running windows 98? How many people know how to set the clock on their vcr?

    You DoS the keyspace eventually people won't be able to play commercials. Then the productions don't get their money. Then the system does either of 2 things. 1: every screen goes black and there is no tv or 2: they give up and take off the crypto so the ads work again.

    Key revocation is a bigger security risk than keys in software dvd players because you can do more than opening up a file to everybody. You can lock everybody out of it as well.

    This idea (starting with hdcp I guess) just opens up more vectors for attack. Now we have a social engineering vector and a keyspace vector in additon to a locally stored key vector (css).
    • Re:key revocation (Score:3, Insightful)

      by rjh ( 40933 )
      No, you can't DoS the keyspace.

      They're using AES. That means it has (potentially) a 256-bit keyspace. You have neither the time, nor the energy, nor the computing power, to exhaust that keyspace. You can't even make a dent in that keyspace. A really monstrously huge distributed.net effort that runs for a decade might be able to create 2^80 bad keys. Okay, fine, great, that's a lot.

      Now take 2^256 and subtract 2^80. What do you get?

      Why, roughly 2^256. 2^80 is so insignificant in comparison to 2^256
      • Re:key revocation (Score:5, Insightful)

        by Anonymous Coward on Friday April 15, 2005 @02:11AM (#12242109)
        Nobody said anything about exhausting the keypace.

        We're talking about attacking the subset of deployed keys. We don't need these keys at all to get them revoked.

        The device itself will decrypt the stream. All you need is access to the output to reencode and share. Copyright cops detect the share, lift whatever watermark may be in the stream, finger the device and revoke the key.

        There you go. You just DoS'd a production run of playstations from decrypting movies. All without having any knowlege of any keys.

        When I say DoS the keyspace I don't mean exhausting the theoretical keyspace of a 128 bit cryptosystem. You're right, that'd be hard. You don't have to discover keys to DoS the subset of deployed keys via third party revocation. You need only make it seem as if the key was compromised to the revocation authority, thus prompting revocation.

        So long as the stream will exist in a decrypted form so the user can watch it, then no knowlege of keys is needed to perform this attack.

        Also. If the revocation authority becomes wary of such attacks it acts as a bunny rabbit attack. When keys are legitimately compromised they may do nothing thinking it's just another dupe.

        The keyspace isn't the weakness here. It's people.
      • Re:key revocation (Score:5, Insightful)

        by Siener ( 139990 ) on Friday April 15, 2005 @02:50AM (#12242212) Homepage
        No, you can't DoS the keyspace.

        You don't need to DoS the whole keyspace, or even any significant fraction of it. You only need to DoS the keys that are actually in use.

        Imagine there are 100 different models of DVD player on the market. You just get those 100 keys revoked and suddenly no-one can watch any DVDs
  • by DaedalusLogic ( 449896 ) on Friday April 15, 2005 @01:21AM (#12241945)
    In that case isn't the cat already out of the bag? Not like they can on the fly say that all your HD-DVDs won't work in the morning... The only thing that they can do is prevent future media from playing on that model of HD-DVD player.

    We have seen that play before, cripple the next hot DVD to hit the market and what do you get? A ton of product returns and pissed off customers. The encryption may be more advanced, but when you want to give everyone consumer devices with the universal key to the castle... It's only a matter of time before someone figures out a way to copy it.
    • by Anonymous Coward on Friday April 15, 2005 @02:55AM (#12242232)
      This is a very insightful concept. The above post should be modded up.

      I think this will be the major reason that you _won't_ see key revocation, ever. It sounds like a very costly ordeal for all involved. The costs of tech support at the DVD player manufacturer and customer service at the disc producer will be enormous.

      This would also be unwise for the branding concept as a whole. Branding, say, with the DVD-Video logo, is supposed to assure consumers that the product they get is system-interoperable with the other products bearing said brand. Imagine if there was a "hard incompatibility" issue between two products.

      I think the first key revocation will be a seriously expensive endeavour, and the lawsuits will fly fast and furious. Customers will initiate class-action suits against the player manufacturers and disc producers, and the trademark owner who's assurance of interoperability has been proven a false representation. Player manufacturers will in turn sue the licensing authority for the harm their trademarks will suffer, as well as costs of tech support and lawsuits.

      Disc producers may be SOL as far as suing anyone: They chose to release the discs without the complete keyset. Retailers will demand that returned product must be refunded; despite the fact that it is currently not industry practice. (Laws will force retailers to accept returned product that is defective.)

      This is really a train wreck in the making. Bad medicine.
  • by harmless_mammal ( 543804 ) <jrzagar@@@yahoo...com> on Friday April 15, 2005 @01:33AM (#12241980)
    Here's analysis of AACS [blogspot.com] that was blogged last December. One interesting point mentioned is that there is no requirement to wait for keys to get compromized before revocation begins. They can revoke keys whenever they want, publicly claim it was due to hackers, and stimulate new equipment sales any time they want.
  • by TheOriginalRevdoc ( 765542 ) on Friday April 15, 2005 @01:44AM (#12242026) Journal
    Seems to me that a manufacturer could sabotage another manufacturer's products by hacking them (under cover, of course) while they're still available new. That would make the players almost impossible to sell.

    Aaah, now I see their dastardly plot... in order to avoid this, manufacturers will be forced to make their products hack-proof. Tricky, eh?
  • by rips123 ( 654488 ) on Friday April 15, 2005 @01:47AM (#12242039)
    Remember when macrovision changed the hsync/vsync patterns of the video signals to stop VCR's copying tapes?

    Remember Apple IIe games that wrote bad sectors or extra sectors and other such nasties to try and stop people copying 5-1/4 inch floppies?

    Remember SecureROM and others making CD copy protection by intentionally leaving broken sectors on CDs - making them unburnable in nearly all of the burners at that time?

    Remember that DVD's were once uncopyable?

    Remember when Pay TV signals were encrypted by obfuscating their signal with some analogue hardware?

    Remember when they started using proprietary digital encryption for Pay TV (Irdeto)?

    Every time someone offers up content in some protected form, someone is going to break it. Period. Even if they can't break it, someone will use a legitimate DVD player and screen/sound grab their favorite movies using a capture card.

    The only difference I see now is that the companies implementing these measures are monopolies whereas they used to smaller players in their respective markets. This might mean that they can push some legislation through to discourage copying but nothing will ever stop it IMHO.

  • by DMouse ( 7320 ) on Friday April 15, 2005 @01:57AM (#12242070) Homepage
    Keeping on doing the same thing, and expecting a different result.
  • by davesag ( 140186 ) on Friday April 15, 2005 @02:39AM (#12242178) Homepage
    well i guess it's back to the old school - telecini a projection of the dvd onto an HD recorder. if it can be seen and heard, it can be copied. and one open copy is enough.
  • by Anonymous Coward on Friday April 15, 2005 @03:05AM (#12242256)
    So I have a popular player. Someone hacks it. They revoke the key. I buy a new DVD. It doesn't play. I return it to the shop as faulty - it is clearly a faulty disc as my player plays all other discs fine. This bounces back on the producers as retailers don't want the hassle - I can't see them wanting to deal with the flood of customer returns.
    Trading standards [insert the name of your country's equivalent consumer protection agency] could take the view that the retailer is knowingly selling faulty goods. The retailer would just refuse to stock any revoked discs in future.

    I think the risks of revoking keys are just too great for them to actually do.
    If they were dumb enough to do it, I can see huge global hacking effort to compromise as many players as possible, which would make the scheme unworkable.

    If a major player maker's keys are revoked, they could easily appease customers by slipping them a firmware upgrade with alternate keys - maybe in the guise of a firmware disc intended for a new model that 'just happens' to also work on the older units.

  • by cheros ( 223479 ) on Friday April 15, 2005 @03:14AM (#12242289)
    Just think about it: to which extend can you abuse consumers? To the point where they discover they don't like the product.

    At that point the bottom will fall out of the market.

    Proof: see what DVD players sell best: those with zone restrictions or those without. The irony is that that does not happen because of piracy (pirated DVD appear to be generally set to zone 0 so zone selection is irrelevant) but because of legitimate purchases made elsewhere in the world.

    So, in summary, let them progress down this route. Eventually the market will die as alternatives pick up the revenue.

    As an example: how many of you buy protected contents or media in non-Open formats?

    I have looked at pirated DVDs and they are indeed not worth the money - if you're in a country with sane media prices. If they really, really, really wanted to address piracy all they need to do is become more sensible with the prices, that has already proved to work (hello MS, are you listening?). The increase in revenue more than offsets the expenditure they have to put in on lobbying, researching formats that don't work or get broken in a rainy weekend by a couple of bored teenagers.

    Hell, it'll probably even keep them in cocaine and limos.
  • Actual quotes (Score:5, Insightful)

    by mattr ( 78516 ) <<mattr> <at> <telebody.com>> on Friday April 15, 2005 @03:31AM (#12242331) Homepage Journal
    From AACS_Spec-Common_0.90.pdf [aacsla.org]

    Page 24: Each compliant device is given a set of secret Device keys when manufactured. ...The set of device keys may either be unique per device, or used commonly by multiple devices. ...The [Media Key Block] system is based on a large master tree of keys, with each set of Device Keys being associated with a leaf node of the tree... Further, corresponding to every sub-tree in the master tree is another set of system keys... Thus, the subset-difference tree has to store one encryption per Device Key set revoked, and occasionally additional encryptions to pick up non-revoked sets not covered by the smaller sub-trees. On average, there are 1.28 enrcryptions per revocation.

    The document goes on to mention around pages 27 and 28 that devices obtain key conversion data by mechanisms called out in the AACS liscense, and recording devices must verify the signature and determine by its version number field whether a Media Key Block is more recent than the one currently on the media. "Each time the AACS LA changes the revocation, it increments the version number and inserts the new value in subsequent Media Key Blocks."

    This says to me that the DVDs you buy will in fact be the transport mechanism for updated revocation keys, and presumably your player will be able to store a lot of them. So movie production companies and distributors must conspire to continually subvert the functionality of a consumer's device, and this does not require the player to be online nor will a firewall help. Once you get yourself locked into the prison of this coded delivery system, your own buying habits will keep adding additional chains to your cage. It is quite insidious, not only are they using military-level technology to control movies, the system is founded on the complicity of the entertainment industry, the electronics industry, and consumers themselves (and the consumer's PC if used) with constant policing and injection of targeted death-messages into the distribution channel. It also looks like the drive can potentially disable media (page 41) and even report hacked hosts/drives by recording onto the media (it seems kind of vague but it is writing a concatenation of the "Binding_Nonce", "Drive_Nonce" and "Host_Nonce" to the protected data area, whatever these things are), which if this is indeed true would I suppose be reported through other PCs/drives of people to whom you lend the media, or maybe through even a shared Internet connection, if you want to try extrapolating this.

    Sorry I got ahead of myself. Page 55 talks a lot about online connections, online enabled content and streamed content. It talks about Title Keys and says "the word 'title' is often overloaded. For example a title can refer to a full-feature movie, a TV program, a music album, etc. ... however [we] .. define Title to be a distinct path.. That is, a Title is a logical grouping of content material to be presented in a specific order in time." It also mentions an "Enhanced Device" that is online and can then provide full access to Enhanced Titles that require online connections or extended player functionality. Page 56 mentions a Cacheable Permission that expires after a certain amount of time or include a "do not play until" date, and the XML based Title Usage File is based on global, not local time, which if used must be based on a "secure clock" whatever that is. Oh yeah, on page 59 it mentions the default connection protocol can operate (by https) over Ethernet, firewire, WLAN, etc. so you know this is not just about an HD DVD format but looks like it is trying to take over every device in the vicinity as well. How much you want to bet this will police titles not actually loaded in the player?

    I think the cutest part is page 61, where it shows how you can go online with a PIN number and a remote Clearing House server can offer a title

  • by pesc ( 147035 ) on Friday April 15, 2005 @04:20AM (#12242472)
    Here [syslog.com] is why using a stronger crypto or longer keys is not always the answer. The design of the system around it matters too.
  • by Maljin Jolt ( 746064 ) on Friday April 15, 2005 @04:45AM (#12242557) Journal
    I can't imagine hardware vendors would accept that kind of technology abuse. In almost all European countries there is legally enforcable 2 years warranty for hardware products. Even if non-Europe manufacturer provides less time for warranty, retailer shop must comply with full time period.

    So, that would be a legal massacre of retailers/vendors/manufacturers by consumers/consumers organisations.

  • by akc ( 207721 ) on Friday April 15, 2005 @06:44AM (#12242924) Homepage
    The monopoly given to content owners to determine what others can do with content is subject to some "fair-use" caveats.

    Isn't it about time that we, the people who are paying for this content get our fair use rights looked after. Anyone putting DRM controls in place should have a legal obligation to ensure that if if a customer has paid for the right to have access to the content that they also get their fair use rights as well.

    It seems to me that the sorts of controlling technologies that are being envisaged here do not safeguard those rights. Isn't it about time we pressurised our democratic representives to ensure that we don't lose them?
  • I think hacking the revocation keys could be more interesting.

    A: Dude, I got this great new movie, wanna see it?
    B: Yeah!
    [A puts in an HD-DVD-R with all major revoke keys on it]
    A: Oh shit, its not working man.
    [A enjoys the little prank he played on B who will never be able to watch a movie again on his player...]
  • NOT HOW IT WORKS!!! (Score:5, Informative)

    by xphaedrus ( 876378 ) on Friday April 15, 2005 @01:04PM (#12246625)
    I'm a cryptographer, posting belatedly. I don't know if anyone will see this or read it but I had to comment.

    Almost all of the assumptions in this thread are wrong. The system does not work cryptographically in the way people imagine. The technology makes it possible to efficiently revoke INDIVIDUAL DEVICES, not entire model lines. Every device can have a unique key, even if there are millions of them. There is no necessity or desire to make people's non-hacked players stop working. As others have pointed out, this would be INSANE. That's not how it works!

    Cryptographically, this system allows the data to be encrypted to any of millions or even billions of devices, using a very short encrypted key block. What happens is that if some of those (individual!) devices get revoked, the size of the key block increases. Amazingly, the size is dependent on how many devices get revoked, not on how many devices there are. If extracting keys from a device is complicated and expensive, and not too many need to get revoked over the lifetime of the system, it will be a success.

    The cryptographic technique is described in a paper from Crypto 2001 called Revocation and Tracing Schemes for Stateless Receivers by Naor et al and is available from http://www.wisdom.weizmann.ac.il/~naor/PAPERS/2nl_ no_fig.pdf [weizmann.ac.il]. I will describe an over-simplified version.

    Imagine creating a binary tree with enough leaf nodes to hold all of the devices (again, this is individual devices, not model lines). Each device is associated with a particular leaf node of the tree. Now we assign a random AES key to every node of the tree, leaf nodes and internal nodes.

    At manufacture time, each device is given all of the keys corresponding to its branch of the tree; that is, the key for its leaf node, and the keys for the parent, grandparent, etc. of that node, all the way back to the root node of the tree. As long as the disk is encrypted to one of these keys, the device can play the disk. Note that even if there are a billion device nodes in the tree this is only about 30 keys that a device has to hold, which is trivial.

    Now, to create a disk, initially it is encrypted to the root node of the tree. All devices have the key for that node so all devices can play it. The key block is very short. But now suppose that someone manages to extract the secret device keys in their device, they get published on the internet (as happened initially with DeCSS), and everyone is able to use them to decrypt HD-DVDs. (BTW this system is also being used for Blue-ray! Don't think that's going to be any different!) Now what do we do?

    What happens is that new disks are no longer encrypted to the root key. Instead, we partition the tree into subtrees that include every leaf node except the one which got its keys published. Now we encrypt the disk data to the root nodes of those subtrees, rather than to the root node of the whole tree. This will allow every other device still to decrypt the data, but that one hacked device can no longer decrypt new disks. The size of the key block grows based on the number of hacked players.

    This is an oversimplified version because the size of the key block is bigger than desired. The paper above shows a more complex system, which is actually being used, which makes the size of the key block linear in the number of hacked systems. Assuming that hacking them remains relatively difficult, this should be an effective and efficient content protection system.

    Basically this is the same method being used in current satellite TV systems, and for the past few years it has been successful enough that satellite piracy in the U.S. at least is largely a thing of the past.

news: gotcha

Working...