Print 28 comment(s) - last by RW.. on Jun 3 at 5:48 PM

AACS loses the keys to its house, quickly changes locks

Efforts that began in December 2006 and continued through February 2007 lead to the discovery of the Processing Key used to encrypt high-definition media with the Advanced Access Content System. The work of a small hacking community created essentially a silver bullet that was able to defeat the copy protection of all HD DVD and Blu-ray Disc media on the market at that time.

The Advanced Access Content System Licensing Administration (AACS LA) acknowledged the effectiveness of the hack and began to enact measures to restore the integrity of its technology. Beginning May 22, which is most notably the release date of the Matrix trilogy on HD DVD, all high-definition titles shipped with Media Key Block (MKB) v3 – a new encryption key version that would render the previously discovered Processing Key obsolete.

Interestingly enough, the AACS’ updated protection measures appeared to be defeated by SlySoft, makers of AnyDVD HD software, before the new MKB versions officially hit streets. The AACS has yet to officially issue a statement and is current investigating the latest attack on the system, according to comments made by Richard E. Doherty, director of technology strategy at Microsoft, who is also actively involved with the AACS.

The initial method used by hackers to snoop the sensitive encryption keys from HD DVD and Blu-ray were accomplished using PC software. More specifically, hackers took advantage of holes in WinDVD to read data straight from the PC’s memory. While such a hack may not have been possible without the existence of software players, the AACS appears unshaken about high-def media on computers.

“Just to clarify, the original attack was on certain software players that proved to be vulnerable, and did not and does not represent a widespread break in the AACS ecosystem ... In the past PC's have typically been a big target for hacking activities, as they are designed to run arbitrary software programs. But the line between PCs and traditional CE devices is clearly blurring – and many of the best PVR systems (in my opinion) are highly customizable and capable of running user-designed software,” explained Doherty, also pointing to how a Windows Media Center box could be strong addition to home theatres.

“Keep in mind, however, that AACS is aware of the history and attack vectors of PC playback systems, and there are several technical measures (such as KCD and the entire proactive renewal system) that are designed specifically to address the particular issues of PC-based protection,” Doherty added.

The uncovering of the Processing Key to HD DVD and Blu-ray happened in February, leaving some to wonder why it wasn’t until months later until the appearance for a new MKB. Doherty provides the answer, “AACS of course has the technical means to revoke overnight. But the current license agreement generally provides for 90 days. This is to allow time for the manufacturer to repair the product and presumably fix the vulnerability, and time to rollout the patches to the affected users.”

The apparent grace period is done in the interest of consumers, as if the key were revoked immediately, legitimate consumers could find themselves with an unplayable disc until a software update. Despite the quick ‘rehack’ of the AACS, the system is designed to avoid another complete defeat like CSS – the technology used to protect DVD.

“You have seen a revocation cycle occur which has required upgrades to certain software players to make them more robust to known styles of attack. The AACS system was designed to deal with these sorts of attacks, and remains intact as a technology. This is in contrast to CSS, which is vulnerable to direct, brute-force attacks,” said Doherty, who then explains it in even simpler terms. “The analogy we sometimes give is: if you lock your house, but leave the keys lying on the street, then there's really nothing wrong with the locks or with the concept of locks in general. If you don't find the keys, you can change the locks if you like.”

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By supaflydaddyc on 6/1/2007 10:18:06 AM , Rating: 4
I don't know about all of you but I think the analogy used at the end of the article is a pretty good one. Especially considering its from a Director of Technology Strategy at Microsoft and not some PR spin person.

RE: Analogy
By Verran on 6/1/2007 10:30:46 AM , Rating: 3
I don't really think the analogy is that accurate. It's a very shallow look at the situation. To continue the analogy and make it more fitting I would say:

"Yes, but the lock only works if the keys are safe. As long as you have a lock on your door, you have to carry your keys to work. Why crack the lock when you can just nick the keys from a pocket?"

The analogy is lame to begin with and mine makes it even more so, but that's the best I can do. Anyways, their analogy would be applicable if the "silver bullet" key leaked straight from AACS. But it didn't. People got it by observing its use. I don't see how you can stop people from getting the key when it's included and necessary for use of the content.

RE: Analogy
By Fallen Kell on 6/1/2007 5:12:04 PM , Rating: 5
Too bad their security is more analogous to the following:

The key to the door is contained in the safe next to the door which has its safe key in the lock (and just needs to be twisted).

This is also why the new process key which is the replace the process key mentioned in this article used for "The Matrix" et. al., is also already hacked. The keys are in plain sight on the disk. You are giving out a disk that has the lock and the key to the lock on the same device. This is why DRM is FUNDAMENTALLY FLAWED. You can either allow people full access to the content, OR you can prevent ALL access to the content. You can NOT give PARTIAL access to the content (i.e. view only under certain circumstances).

The key that unlocks the door will always be visible and able to be found because details of where the key is located are given to the device manufactures and/or software creators.

The key with either be in the hardware itself, or on the disk/medium containing the audio/video content itself. Which limits the scope of the places that need to be searched if someone is looking for the key. It is not like the real world in the sense of a lock, a door and a key, because the key in the real world can be located anywhere in the world/universe or even have been destroyed. In the DRM world, we know the key exists, and we can trace the interactions of the device and the content to know where to limit our search for the key. It is more like having a key with a homing beacon on it which everyone knows how to listen to the beacon...

RE: Analogy
By alifbaa on 6/2/2007 8:19:22 AM , Rating: 2
I like your analogy a lot, but I think there is an addition to it that is important to note...

Once that original key gets stolen, all the invited guests need to make a copy of the new key and istall the lock themselves. The vast majority of the invited guests have no idea of the need to do so until their door "breaks." Even then, most won't know there is a simple way to "fix" the door. If they know there is a way to fix the door, many won't feel confident in their abilities to implement the fix. Finally, the few who are able to fix the door on their own will quickly grow tired of the process 90 days from now, when they have to fix the door again.

This will be the death of DRM as we know it. Either they will do away with it completely or they will start rolling out systems that stifle technology even more.

RE: Analogy
By xphile on 6/2/2007 2:39:30 AM , Rating: 2
If I lose the key to my house I'm a bit stuck. In the actual human world there are hundreds of professions and only a very small percentage of them are experts with locks. So I'd call a locksmith. And the missing aspect of the entire analogy is that he doesnt even need a key to open any lock when he knows how all the mechanisms works.

In the computing world as a society a massively larger percentage of the community is interested in learning about, and becoming expert in, the braking of this locking mechanism.

You can come up with a new lock, but so many people are concentrating on cracking it that once one is cracked it wont take long for each addition design, and there are only so many strategies that remain plausible.

So in the end once this knowledge is gained this analogy is actually in reality one that should say:

"If you get locked out of your house, it really doesnt matter a damn where your keys are, dont even bother looking for them; if you yourself don't know how to get into your house then two out of every three people in the street will."

If they want a really useful analogy they should just give up this stupidity:

"Security is only effective as a deterent. If there is enough determination to break in, no home is safe. When the best security is cracked once it is breached. With that knowledge shared it is crippled. When everyone knows how to get into your house anyway whether you lock the door or not, no lock is doing anything but fuel the determination of those wanting to get in. The majority that will do the right thing by you anyway still will."

RE: Analogy
By therealnickdanger on 6/1/2007 10:34:13 AM , Rating: 2
The only problem with the analogy is that the new "locks" are all made from the same weak, breakable "material". Change the locks all you like, it won't change anything...

RE: Analogy
By BMFPitt on 6/1/2007 10:47:03 AM , Rating: 5
After realizing that writing their password on a yellow sticky note on their monitor wasn't good for security, they decided to go with a blue sticky note instead.

RE: Analogy
By Kefner on 6/1/2007 10:57:32 AM , Rating: 3
Exactly, when are they going to realize this is all just a huge waste of time and resources. Whatever they come up with, there is always someone with the skills to crack it. It's just an endless cycle.

RE: Analogy
By Christopher1 on 6/1/2007 7:55:42 PM , Rating: 2
An endless cycle and a huge waste of money. I think that the entertainment companies are being frightened into using DRM by people who have an ulterior motive: namely that they get paid by the DRM companies under the table.

RE: Analogy
By nilepez on 6/3/2007 12:52:55 PM , Rating: 2
I doubt that. Copy protection has been a part of video for more than 20 years. And in the case of HD disks, they're supposed enable some sort of system that allows you to copy it to a media server and make a physical back up.

At some point, this is no longer about consumer rights and it's just about free movies, and we're getting closer to that point.

I believe in consumer rights, but it's also painfully obvious that most making noise on this issue do so because they want to get free stuff. I've alreayd seen this with the DRM free iTunes downloads. People are complaining now because there's a tag in it with their user id in it

That said, it's also clear that the media companies cannot when this game (though I suppose they might be able to win if they did whatever DirectTV does. AFAIK, their system has been secure for at least a couple of years

RE: Analogy
By Screwballl on 6/1/2007 10:52:51 AM , Rating: 4
A bit better analogy to that should have been:

If you hide your house key under a rock and someone watches you move the rock, use the key then put it back... is it the lock manufacturers problem?
The problem actually lies with the people watching... so it doesn't matter if you put your key under a different rock or in the crevice above the back door, if someone is watching they will get the key regardless of its location or lock type. Some keys are just harder to come by.

RE: Analogy
By Screwballl on 6/1/2007 11:03:02 AM , Rating: 3
and another bit of info...

Locks keep honest people honest
dishonest people will always find a way to the other side to get what they want whether its through the lock or through a window

RE: Analogy
By BMFPitt on 6/1/2007 11:18:27 AM , Rating: 2
In all reality, I think the encryption is the least important part of what prevents common users from pirating. Inconvenience is much more critical. All that is needed to keep 95% of would-be copiers from doing it is a do-not-copy bit enforced by the authoring software and OS. Tools would be as easy to get for going around that as they are for encrypted discs, but this way it gives a nice challenge and bragging rights to those who write it.

RE: Analogy
By Christopher1 on 6/1/2007 8:07:33 PM , Rating: 3
Problem is that the Supreme Court has said that people are ALLOWED to make 1:1 copies of CD's and DVD's as a form of investment protection.

RE: Analogy
By nilepez on 6/3/2007 12:56:47 PM , Rating: 2
Has DMCA made it to the SCOTUS? For some reason, I'd swear that they actually upheld the applicable portions. As a result, you have a right to copy it, so long as you don't hack your way past copy protection.

So yeah, we have the right to copy it, but if it's copy protected, you'll have to commit a felony to exercise that right....the DMCA is a totally f*cked up law.

RE: Analogy
By MonkeyPaw on 6/1/2007 3:05:48 PM , Rating: 3
Locks keep honest people honest
dishonest people will always find a way to the other side to get what they want whether its through the lock or through a window

By this logic, I suppose you can throw me into your "honest" category, as I've never broken into someone's personal property (home, car, or otherwise). The problem is, I don't go around checking to see if people are locking their doors, or even wondering if their doors are locked for that matter. There are people out there that don't think about stealing, at least in the case of breaking and entering. That's why there are entire towns where people don't ever lock their doors.

I think the comparison of AACS to home locks is a little flawed anyway. Finding a key to a home isn't really a prize. You don't steal a home (what they key protects), you steal what's in it. Besides, just getting into a house doesn't mean you're in the clear. Someone could be home, there could be a dog, they could have a security system, someone could see you. There are still other barriers.

A better comparison might be like finding a set of car keys. The key protects the car from unauthorized use. Once you have the key to the car, you can get in it, start it up, and drive it away like it's yours. It's not yours, but you have full access to its features until you get caught. To go a step further in this analogy, consider that there are auto makers that allow you to replace your lost keys based off a simple code, but it's specific to your vehicle only. AACS would be like General Motors having a key code hidden in every GM VIN that will tell you how to make a key that starts any GM car ever made. Once you figure out that code, you can produce the key and steal any GM car you like.

RE: Analogy
By feelingshorter on 6/2/2007 12:54:45 AM , Rating: 2
I don't think your analogy is as good as the one posted by Fallen Kell. Its not people "watching" where you put your key. If you allow access to your content, they can crack/hack it.

Either you:
1. allow no access, such as sealing a door shut (in which its no longer called a door, just a wall).


2. Let people access it. (regardless of the method)

The movie studios are just tending their symptoms, and not fixing the root of their disease.

Partial access will always be crackable. Even if you let people watch it in theaters, someone will find a way to sneak a video camcorder in there to record it, and again, it will end up on torrent websites. Pirates get it for free, so the quality isn't good but they cannot complain about free.

All the movie studios should just come together, and partner up with ISPs. Eg:

1. All movie studios team up to create one dl service.
2. They partner up with ISPs, to offer it for an added $25/month.
3. Movie studios can then offer downloads, while ISPs can offer speed increases, to supplement the bittorrent distribution. That way, no one feels like they are using the bandwidth they paid for to download stuff they they also paid for.

I'm just dreaming here guys.

RE: Analogy
By BikeDude on 6/3/2007 5:14:28 AM , Rating: 1
But the DVDs won't change and DVDs are bound to survive for at least another decade. If pirates don't complain about movie theater quality, they will surely be satisfied with DVD quality.

The question at hand however, is what to do with HD quality? HD is pretty much all the quality we will need for quite a while (famous last words?), so once a consumer buys a HD-DVD or BRay disc, that consumer will not need a "new and improved" format for a long time, assuming the disc doesn't break... (which leads to the next question: how can the consumer make backups of his collection, in case the disc DO break?)

Personally, I prefer HD content, but I want the freedom to play the content on my computer (where I play all my DVDs today, I have a 30" Apple LCD). I'd also like the freedom to purchase discs the next time I visit the US or Thailand for that matter. And when I get kids, I'd like to take backups of certain discs... In addition, I do not enjoyed all the studio logos, promotional clips and anti-piracy ads that sometimes appear on various DVDs. I want to be able to skip directly to the movie itself.

The studios aren't only trying to stop piracy, they are also trying to decide where we buy discs and force us to watch various promotions before they let us access the main feature. IMO the consumer gets a *better* product by resorting to piracy. I could let myself be convinced that copy protection is a necessary evil, but then the industry has to play absolutely fair. Currently they cheat and steal our time.

Sadly, the game industry is also affected. I bought Flight Simulator X and don't need to keep the disc in the drive. The game immediately shows me the main menu, and I'm flying within a short time. Life was good, and I was a very happy camper. Then I bought "Rainbow Six: Vegas" and until I found an unofficial patch, I was forced to watch the silly studio logos for over a minute before I could get to the action. Not to mention that the copy protection only supports one of my DVD drives. :( The box did not say anything about forced menus and I would've returned it to the store, except I bought it while travelling and threw away the receipt somewhere.

May the studio execs burn in hell. I'll be happy to supply the gasoline.

RE: Analogy
By RW on 6/3/2007 5:48:47 PM , Rating: 2
I don't even know a movie that's worth to be hacked/ripped not even buyed.

"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki