Presentation is loading. Please wait.

Presentation is loading. Please wait.

AACS ● Digital Restrictions system for HD-DVD & BluRay ● Incredibly elaborate: – content encryption – 4 revocation mechanisms – 3 watermarking schemes.

Published byRolf Phillips Modified over 7 years ago

Similar presentations

Presentation on theme: "AACS ● Digital Restrictions system for HD-DVD & BluRay ● Incredibly elaborate: – content encryption – 4 revocation mechanisms – 3 watermarking schemes."— Presentation transcript:

1

2 AACS ● Digital Restrictions system for HD-DVD & BluRay ● Incredibly elaborate: – content encryption – 4 revocation mechanisms – 3 watermarking schemes – multiple separated security models ● Well over a dozen kinds of keys! ● BluRay can also use BD+ (!!!)

3 Digg an AACS processing key

4 Talk Objectives ● Explain the system, so the community knows what to expect: – Subsystems – Keys ● Implications for free software? ● Reduce DOS against researchers ● Fight zombies

5 This talk (cont) ● Reporting on an ongoing effort to clearly explain all of the AACS architecture ● Mostly based on public sources ● The system is complex; we probably have a mistake or two somewhere! ● So, what is this beast?

6 Zombie DRM It keeps comin' back

7 Interesting AACS subsystems ● Media encryption & receiver revocation ● Drive/host mutual authentication & revocation ● Video watermarking & traitor tracing ● “Theatrical” and “consumer” audio watermarking

8 More AACS subsystems ● Content revocation ● Managed copy ● Downloaded “extras” ● I'm sure I missed some...

9 Divide-and-conquer the users ● Two robustness models: – hardware tamper resistance – proactive renewal (mostly for software) ● Two classes of keying: – KCD (“key conversion data”) ~for hw players – Non-KCD ~for sw players ● Why, you ask?

10 Zombies split the party ● A class-break against hardware will not yield device keys that work with ordinary PC drives ● PC readers do not (or cannot physically?) read KCD ● KCD implementation details are secret

11 Some AACS keys (!)

12 Media encryption & revocation ● AES encrypts the video stream ● Who can calculate the key? ● Any player who has not been revoked for this (or later) discs ● This is achieved using a subset-difference key tree

13 Subset-difference key tree ● Proposed by Naor, Naor & Lotspiech (2001) ● A large, virtual data structure ● Any subset of devices can be revoked ● Revocation by a new “Media Key Block” (MKB) header on new discs ● Each MKB uses a different bits of the subset- difference key tree

14 The subsets ● Devices are grouped into some subsets ● Every possible subset has a processing key ● A subset/processing key is made usable by encrypting a media key with it in the MKB ● If you are not in any of these subsets, you have been revoked

15 Subsets are of the form (subtree a – subsubtree b ) a b

16 Each possible a induces its own tree of processing keys; the one induced by a at b is the key for the subset All the other leaves like c can calculate that key... how? a b c

17 c can calculate any key here except its own, starting with the yellow device keys c a b

18 How to encrypt for all but r users?

19 Subset-difference tree efficiency ● N total users, r of them revoked ● Up to 2 r – 1 entries in header, 1.25 r on average ● Requires ½ log 2 2 N + ½ log 2 N + 1 keys / device ● But we don't know if AACS-LA is actually doing it this way... ● How big is N ? – Lotspiech says 2 31 – maybe 2 22 for now?

20 Keys so far?

21 3 Watermarks ● Two not-yet-implemented SDMI-style audio watermarks.... ● These will be coupled to refuse-to-play logic in devices: – “theatrical” watermarks that always abort playback – “consumer” watermarks that cause an abort after a certain amount of time ● SDMI-style watermarks seem to break ● And one much more serious watermark...

22 Video watermarking ● Based upon variant “marks” in the film ● Immune to transcoding & other noise ● May subtly visible: – a twinkle in an character's eye – a very slightly different camera angle ● Up to 30 binary marks (6144 variants) of a movie per disc ● What do the marks do?

23 “Traitor tracing” ● Uses an sophisticated scheme from Boneh and Shaw (1998) or somewhere in the subsequent literature ● Could theoretically trace hackers if their device purchases are identifiable ● Likely to be resistant against coalitions of some size c

24 “Traitor tracing” details ● Algorithm is secret ● Tradeoff between c and the number of marks required for tracing – Large c ( >> 10?) may be prohibitively costly – But check the recent literature! ● 1024 is not many variants ● Attackers can see when they have the set ● Large coalitions might frame innocent users

25 Watermark playback ● Another whole set of keys and data structures ● Another complicated table

26 So, who fights zombies?

27 Pirates of the Caribbean ● Slysoft – based in Antigua – proprietary Windows binary blob – regularly updated ● new host public keys ● new device/processing keys – they're breaking MKBs faster than AACS-LA can update them

28 Prospects for sane AACS playback on free/open source platforms ● Not so good... ● Host authentication is a problem! – Someone obtains a Host Public Key every few months – Hacked or modchipped drives ● Also need a supply of device keys – (less time sensitive) ● GNU/Linux users will be driven to piracy

29 Some things that break AACS forever? ● Large databases of title keys or extracted KCD ● Any non-KCD hardware players + modchips could lead to a steady supply of non-KCD device keys ● Cryptanalysis or leaks of AACS-LA secrets (unlikely)

30 Legal Issues ● AACS implementations controlled by hook IP ● EFF has published some legal information – Google: 09 f9: a Legal Primer – US / DMCA specific – Other WIPO Copyright Treaty implementations vary ● Research is risky – But this depends on national law

31 Conclusions? ● AACS is not going to stop large scale piracy ● AACS is a powerful platform control tool ● This will be a major pain for free software developers and users ● A major waste of some very intelligent people's time

32 About EFF ● Public interest tech policy organisation ● Mostly in San Francisco – We have a small office in Brussels, too ● Member funded – Please join, we'll send you a t-shirt :) ● www.eff.org

Download ppt "AACS ● Digital Restrictions system for HD-DVD & BluRay ● Incredibly elaborate: – content encryption – 4 revocation mechanisms – 3 watermarking schemes."

Similar presentations

Rob Farraher Ken Pickering Lim Vu

Rob Farraher Ken Pickering Lim Vu
Confidential 1 Corporate Research © THOMSON multimedia, 1999 Mixing cryptography and watermarking for copy protection in consumer electronic devices FURON.

Confidential 1 Corporate Research © THOMSON multimedia, 1999 Mixing cryptography and watermarking for copy protection in consumer electronic devices FURON.
T O P I C ST O P I C S Uses of Technical Measures Case Studies and Types of Technical Measures The Problem of Hacking and Circumvention Online Music Distribution.

T O P I C ST O P I C S Uses of Technical Measures Case Studies and Types of Technical Measures The Problem of Hacking and Circumvention Online Music Distribution.
The digital age of information is not yet a done deal and copyright is not the only potential “block” DRM.

The digital age of information is not yet a done deal and copyright is not the only potential “block” DRM.
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 8. Cracking. Cracking Magnitude of piracy  All kinds of digital content (music, software, movies)  Huge economic repercussions.
Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.

Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.
1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.

1 Florian Pestoni IBM Research IBM xCP Cluster Protocol IBM Presentation to Copy Protection Technical Working Group July 18 th, 2002.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.
Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London

Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London
1 DVD Copyright Management Schemes Tanveer Alam CVN.

1 DVD Copyright Management Schemes Tanveer Alam CVN.
DRM & Key Revocation By David Coleman. DRM & Key Revocation ► Digital Rights Management – A system for controlling the use of content ► Key Revocation.

DRM & Key Revocation By David Coleman. DRM & Key Revocation ► Digital Rights Management – A system for controlling the use of content ► Key Revocation.
CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT

CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT
Digital Video Disk (DVD) Protection “Watermarks allow embedded signals to be extracted from audio and video content for a variety of purposes. One application.

Digital Video Disk (DVD) Protection “Watermarks allow embedded signals to be extracted from audio and video content for a variety of purposes. One application.
4K CONTENT PLAN Sony Pictures Technologies. Consumer Offering Broadcast (Over the air, cable, satellite, IPTV) Premium Content (Movies, episodic TV) Premium.

4K CONTENT PLAN Sony Pictures Technologies. Consumer Offering Broadcast (Over the air, cable, satellite, IPTV) Premium Content (Movies, episodic TV) Premium.
DVD Decryption What happened and is it ethical?. DVD CSS n The purpose of encrypting data on DVD. n The CSS Security Model. n How that security model.

DVD Decryption What happened and is it ethical?. DVD CSS n The purpose of encrypting data on DVD. n The CSS Security Model. n How that security model.
Advanced Access Content System (AACS) Industry Briefing July 14, 2004.

Advanced Access Content System (AACS) Industry Briefing July 14, 2004.
Matthew Rothmeyer. Digital Rights Management (DRM) “ A class of technologies that are used by hardware manufacturers, publishers, copyright holders, and.

Matthew Rothmeyer. Digital Rights Management (DRM) “ A class of technologies that are used by hardware manufacturers, publishers, copyright holders, and.
Donald M. Whiteside Vice President, Corporate Technology Group Director, Technical Policy and Standards ITU and EBU Presentation A perspective on trends.

Donald M. Whiteside Vice President, Corporate Technology Group Director, Technical Policy and Standards ITU and EBU Presentation A perspective on trends.
Managing Digital Rights DRM and beyond Lamoureux, MM 450 April 15, 2008.

Managing Digital Rights DRM and beyond Lamoureux, MM 450 April 15, 2008.

Similar presentations

Ads by Google