backtop


Print 28 comment(s) - last by RW.. on Jun 3 at 5:48 PM

AACS loses the keys to its house, quickly changes locks

Efforts that began in December 2006 and continued through February 2007 lead to the discovery of the Processing Key used to encrypt high-definition media with the Advanced Access Content System. The work of a small hacking community created essentially a silver bullet that was able to defeat the copy protection of all HD DVD and Blu-ray Disc media on the market at that time.

The Advanced Access Content System Licensing Administration (AACS LA) acknowledged the effectiveness of the hack and began to enact measures to restore the integrity of its technology. Beginning May 22, which is most notably the release date of the Matrix trilogy on HD DVD, all high-definition titles shipped with Media Key Block (MKB) v3 – a new encryption key version that would render the previously discovered Processing Key obsolete.

Interestingly enough, the AACS’ updated protection measures appeared to be defeated by SlySoft, makers of AnyDVD HD software, before the new MKB versions officially hit streets. The AACS has yet to officially issue a statement and is current investigating the latest attack on the system, according to comments made by Richard E. Doherty, director of technology strategy at Microsoft, who is also actively involved with the AACS.

The initial method used by hackers to snoop the sensitive encryption keys from HD DVD and Blu-ray were accomplished using PC software. More specifically, hackers took advantage of holes in WinDVD to read data straight from the PC’s memory. While such a hack may not have been possible without the existence of software players, the AACS appears unshaken about high-def media on computers.

“Just to clarify, the original attack was on certain software players that proved to be vulnerable, and did not and does not represent a widespread break in the AACS ecosystem ... In the past PC's have typically been a big target for hacking activities, as they are designed to run arbitrary software programs. But the line between PCs and traditional CE devices is clearly blurring – and many of the best PVR systems (in my opinion) are highly customizable and capable of running user-designed software,” explained Doherty, also pointing to how a Windows Media Center box could be strong addition to home theatres.

“Keep in mind, however, that AACS is aware of the history and attack vectors of PC playback systems, and there are several technical measures (such as KCD and the entire proactive renewal system) that are designed specifically to address the particular issues of PC-based protection,” Doherty added.

The uncovering of the Processing Key to HD DVD and Blu-ray happened in February, leaving some to wonder why it wasn’t until months later until the appearance for a new MKB. Doherty provides the answer, “AACS of course has the technical means to revoke overnight. But the current license agreement generally provides for 90 days. This is to allow time for the manufacturer to repair the product and presumably fix the vulnerability, and time to rollout the patches to the affected users.”

The apparent grace period is done in the interest of consumers, as if the key were revoked immediately, legitimate consumers could find themselves with an unplayable disc until a software update. Despite the quick ‘rehack’ of the AACS, the system is designed to avoid another complete defeat like CSS – the technology used to protect DVD.

“You have seen a revocation cycle occur which has required upgrades to certain software players to make them more robust to known styles of attack. The AACS system was designed to deal with these sorts of attacks, and remains intact as a technology. This is in contrast to CSS, which is vulnerable to direct, brute-force attacks,” said Doherty, who then explains it in even simpler terms. “The analogy we sometimes give is: if you lock your house, but leave the keys lying on the street, then there's really nothing wrong with the locks or with the concept of locks in general. If you don't find the keys, you can change the locks if you like.”



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Protection Sucks
By Alexstarfire on 6/1/2007 1:57:57 PM , Rating: 2
Why do they bother making new protection at all anymore? As long as you need something other than the basic copy disc programs then it's more than secure already. They keep saying, and I can't stress this enough, that most of the consumers are not hackers and don't bother trying to copy protected movies. This brings into question why they spend millions of $$$ making protection that, in the end, ALWAYS gets defeated by said small group of hackers and still leaves the vast majority of the people unable to copy it?

There is no good answer. People only copy movie for two reasons: for personal use, or for commercial resale. People who commercial resale it are ALWAYS going to have a copy no matter what, so no point in trying to stop them. And they claim that the other group is quite small. The only reason these groups exist is because so many feel movies are overpriced, and they are severely. If they could drop the cost of movies by $5 or more the number of people copying it would drop significantly.

These people are too stupid to actually try it though. Every company know to man will always "play it safe" when they use that first crazy idea to get launched up there. If a crazy idea got you there to begin with, why would you play it safe?




"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki