AACS Specifications Released 486
An anonymous reader writes "AACS, the proposed key management scheme for HD DVD, has finally released preliminary (ver 0.9) specifications. The specs look like CSS on steroids: they use AES instead of proprietary crypto, but other than that they're basically the same. The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."
Manufacturers (Score:5, Insightful)
In that case, why would any manufacturer in their right mind produce anything under such terms? That would just be insane
Player Model? (Score:5, Insightful)
"The main difference appears to be that AACS can revoke an entire player model if a hack appears against it, which I guess sucks if you own that kind of player."
Player model? What if a hack comes out for PC that allows you to circumvent the copy protection: Does it revoke PCs altogether, only certain disk drives, or what?
Re:Mark my words. (Score:5, Insightful)
Here's the big difference...
Gaining access to DirecTV's signal requires hacking proprietary hardware. If PC-based players are ever allowed, reverse engineering will be along the same lines as last time around. It's just so easy to monitor everything your computer is doing in real-time, especially with the help of emulators like QEMU, Bochs, VMware, or Virtual PC.
Re:Mark my words. (Score:2, Insightful)
I, for one... (Score:1, Insightful)
*sigh* (Score:0, Insightful)
It's not magic...
Re:Mark my words. (Score:4, Insightful)
"Adult film producer"
Owning a model player that get's revoked .... (Score:5, Insightful)
Even worse : you have no way of knowing if the player you are going to buy is on the list of players shortly-to-be-revoked, or worse yet : allready revoked.
How's the "you should be able to use a bought commodity for a reasonable time"-law come in play here ?
Content scrambling is stupid... (Score:5, Insightful)
I wish they simply wouldn't scramble content in the first place. 99.9% of the people who buy the dvd and would need to break the encoding have a LEGITIMATE reason to break said encoding (backup, copying to laptop so it's not necessary to carry discs on trips, etc).
Re:Player Model? (Score:3, Insightful)
Re:Manufacturers (Score:5, Insightful)
I'm not sure that creating a product that another entity can simply break is a great way to go. Can you imagine how irate all the innocent users would be? Man, I'd hate to be tech support at any of the companies that make these.
key revocation (Score:4, Insightful)
How many people are still running windows 98? How many people know how to set the clock on their vcr?
You DoS the keyspace eventually people won't be able to play commercials. Then the productions don't get their money. Then the system does either of 2 things. 1: every screen goes black and there is no tv or 2: they give up and take off the crypto so the ads work again.
Key revocation is a bigger security risk than keys in software dvd players because you can do more than opening up a file to everybody. You can lock everybody out of it as well.
This idea (starting with hdcp I guess) just opens up more vectors for attack. Now we have a social engineering vector and a keyspace vector in additon to a locally stored key vector (css).
Hey... If there are hacks against it? (Score:5, Insightful)
We have seen that play before, cripple the next hot DVD to hit the market and what do you get? A ton of product returns and pissed off customers. The encryption may be more advanced, but when you want to give everyone consumer devices with the universal key to the castle... It's only a matter of time before someone figures out a way to copy it.
Re:Manufacturers (Score:3, Insightful)
Let me guess what country you live in...
Re:Manufacturers (Score:3, Insightful)
Re:key revocation (Score:3, Insightful)
They're using AES. That means it has (potentially) a 256-bit keyspace. You have neither the time, nor the energy, nor the computing power, to exhaust that keyspace. You can't even make a dent in that keyspace. A really monstrously huge distributed.net effort that runs for a decade might be able to create 2^80 bad keys. Okay, fine, great, that's a lot.
Now take 2^256 and subtract 2^80. What do you get?
Why, roughly 2^256. 2^80 is so insignificant in comparison to 2^256 that you're basically subtracting zero from the total keyspace.
People who do not understand just how large a keyspace is should not talk about how easy it is to exhaust a keyspace.
Re:Protecting everyone's interests. (Score:5, Insightful)
Re:It's all about firmware? (Score:4, Insightful)
Most people won't even know what you are talking about.
Now having new DVDs automatically update the firmware is easy, stealthy, evil, and effective. I think some DRM systems use such an idea.
The user merely watches a movie, and their player gets reflashed in the process. That could work.
Expecting the average movie watcher to even know what to do with a USB cable and how to boot something off an external drive won't.
Re:Owning a model player that get's revoked .... (Score:4, Insightful)
Industrial sabotage possibilities? (Score:3, Insightful)
Aaah, now I see their dastardly plot... in order to avoid this, manufacturers will be forced to make their products hack-proof. Tricky, eh?
Re:Content scrambling is stupid... (Score:2, Insightful)
I know how, but won't say.
That is illegal knowledge to disseminate.
When will they learn? (Score:5, Insightful)
Remember Apple IIe games that wrote bad sectors or extra sectors and other such nasties to try and stop people copying 5-1/4 inch floppies?
Remember SecureROM and others making CD copy protection by intentionally leaving broken sectors on CDs - making them unburnable in nearly all of the burners at that time?
Remember that DVD's were once uncopyable?
Remember when Pay TV signals were encrypted by obfuscating their signal with some analogue hardware?
Remember when they started using proprietary digital encryption for Pay TV (Irdeto)?
Every time someone offers up content in some protected form, someone is going to break it. Period. Even if they can't break it, someone will use a legitimate DVD player and screen/sound grab their favorite movies using a capture card.
The only difference I see now is that the companies implementing these measures are monopolies whereas they used to smaller players in their respective markets. This might mean that they can push some legislation through to discourage copying but nothing will ever stop it IMHO.
Definition of insanity? (Score:4, Insightful)
Re:This isn't new news... (Score:2, Insightful)
This garbage is doomed to die. Either they will have to conspicuously advertise the players as unreliable and the movies as not watchable on all players, or they get their asses sued into the ground.
Re:I, for one... (Score:1, Insightful)
Re:key revocation (Score:5, Insightful)
We're talking about attacking the subset of deployed keys. We don't need these keys at all to get them revoked.
The device itself will decrypt the stream. All you need is access to the output to reencode and share. Copyright cops detect the share, lift whatever watermark may be in the stream, finger the device and revoke the key.
There you go. You just DoS'd a production run of playstations from decrypting movies. All without having any knowlege of any keys.
When I say DoS the keyspace I don't mean exhausting the theoretical keyspace of a 128 bit cryptosystem. You're right, that'd be hard. You don't have to discover keys to DoS the subset of deployed keys via third party revocation. You need only make it seem as if the key was compromised to the revocation authority, thus prompting revocation.
So long as the stream will exist in a decrypted form so the user can watch it, then no knowlege of keys is needed to perform this attack.
Also. If the revocation authority becomes wary of such attacks it acts as a bunny rabbit attack. When keys are legitimately compromised they may do nothing thinking it's just another dupe.
The keyspace isn't the weakness here. It's people.
people will just go old school then (Score:4, Insightful)
Re:Manufacturers (Score:3, Insightful)
Customers (Score:1, Insightful)
It's the customers that are insane for buying that crap.
Take a break from all the MPAA and RIAA content, and you'll fine that you have a happier life, with countless hours of time that you never realized you were wasting on those expensive habits.
Re:Manufacturers (Score:3, Insightful)
And we all know retailers (like, say, Wal Mart) have no power over their suppliers.
Re:key revocation (Score:5, Insightful)
You don't need to DoS the whole keyspace, or even any significant fraction of it. You only need to DoS the keys that are actually in use.
Imagine there are 100 different models of DVD player on the market. You just get those 100 keys revoked and suddenly no-one can watch any DVDs
Re:Hey... If there are hacks against it? (Score:5, Insightful)
I think this will be the major reason that you _won't_ see key revocation, ever. It sounds like a very costly ordeal for all involved. The costs of tech support at the DVD player manufacturer and customer service at the disc producer will be enormous.
This would also be unwise for the branding concept as a whole. Branding, say, with the DVD-Video logo, is supposed to assure consumers that the product they get is system-interoperable with the other products bearing said brand. Imagine if there was a "hard incompatibility" issue between two products.
I think the first key revocation will be a seriously expensive endeavour, and the lawsuits will fly fast and furious. Customers will initiate class-action suits against the player manufacturers and disc producers, and the trademark owner who's assurance of interoperability has been proven a false representation. Player manufacturers will in turn sue the licensing authority for the harm their trademarks will suffer, as well as costs of tech support and lawsuits.
Disc producers may be SOL as far as suing anyone: They chose to release the discs without the complete keyset. Retailers will demand that returned product must be refunded; despite the fact that it is currently not industry practice. (Laws will force retailers to accept returned product that is defective.)
This is really a train wreck in the making. Bad medicine.
Re:Owning a model player that get's revoked .... (Score:2, Insightful)
I think it will backfire in the end, and the first batch of dvdhd players to get revoked will have civil watchdog groups pouncing by the thousands.. pretty much every local and national tv station will pounce on this, and it will really backfire on the media industry.
Contary to consmer laws... (Score:3, Insightful)
Trading standards [insert the name of your country's equivalent consumer protection agency] could take the view that the retailer is knowingly selling faulty goods. The retailer would just refuse to stock any revoked discs in future.
I think the risks of revoking keys are just too great for them to actually do.
If they were dumb enough to do it, I can see huge global hacking effort to compromise as many players as possible, which would make the scheme unworkable.
If a major player maker's keys are revoked, they could easily appease customers by slipping them a firmware upgrade with alternate keys - maybe in the guise of a firmware disc intended for a new model that 'just happens' to also work on the older units.
Re:Okay, DVD Jon... (Score:3, Insightful)
Re:Owning a model player that get's revoked .... (Score:3, Insightful)
That is what they have done for years now. It is the fault of the pirates, the fault of the Internet, the fault of anyone but themselves that revenues are dropping.
The fact that they are over-spending and over-paying of course is not the reason, in their vision.
They aren't trying to stop piracy. (Score:5, Insightful)
What they care about is control.
They care about linux distributions adding support to play HD-DVD movies, but not paying license fees to the DVD forum.
They care about HD-DVD players cropping up that allow you to fast-forward past the trailers at the beginning of the movie, the ones where a licensed player, when you say "fast forward", says "no".
They care about people making players behind their back which openly flaunt the "region locking" mechanisms that make regional price discrimination possible.
They care about products like DVDXCopy which allow consumers to exercise their fair use rights and do God knows what with the products they purchase.
These are the things they're trying to stop or hinder. Their choice of technology simply reflects that. AACS will do little in the short run and nothing in the long run to prevent piracy. But the legal barriers the media companies paid to erect will allow AACS to keep all four of the above things off of the general commercial market.
Re:Let me be the first to hack it.. (Score:5, Insightful)
Re:Owning a model player that get's revoked .... (Score:3, Insightful)
Imagine being sold a DVD player that stops playing any new releases a year, a month or even a day after you bought it. Under EU law you'd almost certainly be entitled to a refund from the vendor, and I can't imagine European vendors willingly leaving themselves that wide open to millions in claims.
Expect sanity to prevail when the reality of how dumb this would be in practice is finally hammered home to those who hope use this system.
Actual quotes (Score:5, Insightful)
Page 24: Each compliant device is given a set of secret Device keys when manufactured. ...The set of device keys may either be unique per device, or used commonly by multiple devices. ...The [Media Key Block] system is based on a large master tree of keys, with each set of Device Keys being associated with a leaf node of the tree... Further, corresponding to every sub-tree in the master tree is another set of system keys... Thus, the subset-difference tree has to store one encryption per Device Key set revoked, and occasionally additional encryptions to pick up non-revoked sets not covered by the smaller sub-trees. On average, there are 1.28 enrcryptions per revocation.
The document goes on to mention around pages 27 and 28 that devices obtain key conversion data by mechanisms called out in the AACS liscense, and recording devices must verify the signature and determine by its version number field whether a Media Key Block is more recent than the one currently on the media. "Each time the AACS LA changes the revocation, it increments the version number and inserts the new value in subsequent Media Key Blocks."
This says to me that the DVDs you buy will in fact be the transport mechanism for updated revocation keys, and presumably your player will be able to store a lot of them. So movie production companies and distributors must conspire to continually subvert the functionality of a consumer's device, and this does not require the player to be online nor will a firewall help. Once you get yourself locked into the prison of this coded delivery system, your own buying habits will keep adding additional chains to your cage. It is quite insidious, not only are they using military-level technology to control movies, the system is founded on the complicity of the entertainment industry, the electronics industry, and consumers themselves (and the consumer's PC if used) with constant policing and injection of targeted death-messages into the distribution channel. It also looks like the drive can potentially disable media (page 41) and even report hacked hosts/drives by recording onto the media (it seems kind of vague but it is writing a concatenation of the "Binding_Nonce", "Drive_Nonce" and "Host_Nonce" to the protected data area, whatever these things are), which if this is indeed true would I suppose be reported through other PCs/drives of people to whom you lend the media, or maybe through even a shared Internet connection, if you want to try extrapolating this.
Sorry I got ahead of myself. Page 55 talks a lot about online connections, online enabled content and streamed content. It talks about Title Keys and says "the word 'title' is often overloaded. For example a title can refer to a full-feature movie, a TV program, a music album, etc. ... however [we] .. define Title to be a distinct path.. That is, a Title is a logical grouping of content material to be presented in a specific order in time." It also mentions an "Enhanced Device" that is online and can then provide full access to Enhanced Titles that require online connections or extended player functionality. Page 56 mentions a Cacheable Permission that expires after a certain amount of time or include a "do not play until" date, and the XML based Title Usage File is based on global, not local time, which if used must be based on a "secure clock" whatever that is. Oh yeah, on page 59 it mentions the default connection protocol can operate (by https) over Ethernet, firewire, WLAN, etc. so you know this is not just about an HD DVD format but looks like it is trying to take over every device in the vicinity as well. How much you want to bet this will police titles not actually loaded in the player?
I think the cutest part is page 61, where it shows how you can go online with a PIN number and a remote Clearing House server can offer a title
Re:What will the packaging say? (Score:1, Insightful)
framebuffer (Score:2, Insightful)
Re:What will the packaging say? (Score:2, Insightful)
I have to say if this what they're thinking, then they're insane. As it is, I buy a ton of DVD movies, but if they do this, then I'm pirating everything for sure.
Re:Manufacturers (Score:5, Insightful)
In the end, revoking player keys is stupid. It comes back to the whole point that DRM is not only a stupid idea but fundamentally flawed. It also creates an interesting situation for the key licensing organisation. Don't like a competitor or just want them to pay higher licensing fees? Threaten to cancel all their keys.
If the consumer association in your country has any sense whatsoever, they won't play along with this at all.
Re:Protecting everyone's interests. (Score:3, Insightful)
Re:They aren't trying to stop piracy. (Score:3, Insightful)
And they care about their contracts with the big manufacturers, which in return allows the biggies to lock out newcomers. How are you, as a startup DVD player manufacturer ever going to get a key for your device? Of couse any manufacturer can get a key, free of charge. You just have to pay the gazillion dollar "administration" fee. Just like MP3 - it costs only $2.50 per user license to sell an MP3 encoding device. But there's a minimum of 15000 per year, which makes it impossible for shareware authors to include MP3 encoding at reasonable cost.
And without the protection mechanism, there would have been much less fees to pay, to begin with.
Re:Manufacturers (Score:3, Insightful)
And I actually have a suspicion this is as much about 'region-less players' and whatnot as it is about copy protection.
Isn't it about time we lobbied for a fair use law? (Score:5, Insightful)
Isn't it about time that we, the people who are paying for this content get our fair use rights looked after. Anyone putting DRM controls in place should have a legal obligation to ensure that if if a customer has paid for the right to have access to the content that they also get their fair use rights as well.
It seems to me that the sorts of controlling technologies that are being envisaged here do not safeguard those rights. Isn't it about time we pressurised our democratic representives to ensure that we don't lose them?
Comment removed (Score:3, Insightful)
Re:Manufacturers (Score:1, Insightful)
Hack released anonymously, rival's keys revoked, repeat till rival is ground into the dust. Unless the rival gets its retaliation in first, and you can see where that leads.
force obsolescence == forced "upgrades"!! (Score:4, Insightful)
What better way to keep people purchasing hardware than to force obsolescence?
Re:Player Model? (Score:3, Insightful)
> model.
All shipping with the disc, I presume. So, let's say there are 1500 different player models on the market. Each disc then ships with 1500 different asymetric encryptions of the symetric key used to encrypt the actual content. Let's say each takes 1 KB, that's 1,5 MB for all.
Now what about future player models? The keys of the players released 2015 must be on discs released 2005, otherwise the future players won't be able to play the older discs.
(Or are they going to skip over this as well and just only make the new prints of old releases include the new keys? Meaning that new models can't play used discs? How about "consumer protection" here?)
Let's say there are 1000 models released per year, and that over 20 years, means 20000 keys. That's 20MB, still sounds reasonable for discs with 18GB capacity.
Of course, that still doesn't sovled the discussed problem that each model will be sold thousands of times, and several thousand of customers who did nothing at all get punished for the one that was a "bad boy" and cracked the key of the device.
Look to your own house (Score:5, Insightful)
Last I checked US troops aren't marching house to house in Australia, or occupying the Australian parliament.
Blame your own gutless politicians for your own mess. I don't blame Aussies for Bush being in office, despite the fact that one right-wing Aussie happens to own FOX and had no small part in running the propoganda machine that conviced approximately 50% of the US voters to vote the moron back into office.
You're responsible for your own mess, and the sooner you take your own leaders to task for it, rather than blaming a foreign power, the sooner you'll get it fixed. The same goes for us, by the way. The sooner we start blaming our own leaders for the current mess, rather than boogeymen in caves and Al Q'aide, the sooner our mess here in the states will get sorted out.
I don't expect either country's population to do this anytime soon, however.
Re:Extortion Opprotunity (Score:2, Insightful)
I know there's been talk about Blu-Ray disks using AACS, but there hasn't been any confirmation about that yet as far as I know.
Just an FYI for those that might have been confused by the parent poster.
Re:Higher unit cost for Blu-Ray (Score:1, Insightful)
CD -- one format -- wildly popular
DVD -- one format -- wildly popular
Cassette tape -- one format -- wildly popular
DCC and Sony MiniDisc -- two formats -- DOA
DVD-A and SACD -- two formats -- Limping along
DVD-RW and DVD+RW -- two formats -- didn't take off until until universal players came along
I expect HD-DVD/Blu-Ray will not go anywhere until 1 format dies or until universal players (if they can be built cheaply) take off because 1) DVD is already good enough for most folks and 2) People will wait until 1 dies so they don't waste their $$$$.
It's like the same thing keeps happening over and over again and no one learns.