Print 28 comment(s) - last by RW.. on Jun 3 at 5:48 PM

AACS loses the keys to its house, quickly changes locks

Efforts that began in December 2006 and continued through February 2007 lead to the discovery of the Processing Key used to encrypt high-definition media with the Advanced Access Content System. The work of a small hacking community created essentially a silver bullet that was able to defeat the copy protection of all HD DVD and Blu-ray Disc media on the market at that time.

The Advanced Access Content System Licensing Administration (AACS LA) acknowledged the effectiveness of the hack and began to enact measures to restore the integrity of its technology. Beginning May 22, which is most notably the release date of the Matrix trilogy on HD DVD, all high-definition titles shipped with Media Key Block (MKB) v3 – a new encryption key version that would render the previously discovered Processing Key obsolete.

Interestingly enough, the AACS’ updated protection measures appeared to be defeated by SlySoft, makers of AnyDVD HD software, before the new MKB versions officially hit streets. The AACS has yet to officially issue a statement and is current investigating the latest attack on the system, according to comments made by Richard E. Doherty, director of technology strategy at Microsoft, who is also actively involved with the AACS.

The initial method used by hackers to snoop the sensitive encryption keys from HD DVD and Blu-ray were accomplished using PC software. More specifically, hackers took advantage of holes in WinDVD to read data straight from the PC’s memory. While such a hack may not have been possible without the existence of software players, the AACS appears unshaken about high-def media on computers.

“Just to clarify, the original attack was on certain software players that proved to be vulnerable, and did not and does not represent a widespread break in the AACS ecosystem ... In the past PC's have typically been a big target for hacking activities, as they are designed to run arbitrary software programs. But the line between PCs and traditional CE devices is clearly blurring – and many of the best PVR systems (in my opinion) are highly customizable and capable of running user-designed software,” explained Doherty, also pointing to how a Windows Media Center box could be strong addition to home theatres.

“Keep in mind, however, that AACS is aware of the history and attack vectors of PC playback systems, and there are several technical measures (such as KCD and the entire proactive renewal system) that are designed specifically to address the particular issues of PC-based protection,” Doherty added.

The uncovering of the Processing Key to HD DVD and Blu-ray happened in February, leaving some to wonder why it wasn’t until months later until the appearance for a new MKB. Doherty provides the answer, “AACS of course has the technical means to revoke overnight. But the current license agreement generally provides for 90 days. This is to allow time for the manufacturer to repair the product and presumably fix the vulnerability, and time to rollout the patches to the affected users.”

The apparent grace period is done in the interest of consumers, as if the key were revoked immediately, legitimate consumers could find themselves with an unplayable disc until a software update. Despite the quick ‘rehack’ of the AACS, the system is designed to avoid another complete defeat like CSS – the technology used to protect DVD.

“You have seen a revocation cycle occur which has required upgrades to certain software players to make them more robust to known styles of attack. The AACS system was designed to deal with these sorts of attacks, and remains intact as a technology. This is in contrast to CSS, which is vulnerable to direct, brute-force attacks,” said Doherty, who then explains it in even simpler terms. “The analogy we sometimes give is: if you lock your house, but leave the keys lying on the street, then there's really nothing wrong with the locks or with the concept of locks in general. If you don't find the keys, you can change the locks if you like.”

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Analogy
By Fallen Kell on 6/1/2007 5:12:04 PM , Rating: 5
Too bad their security is more analogous to the following:

The key to the door is contained in the safe next to the door which has its safe key in the lock (and just needs to be twisted).

This is also why the new process key which is the replace the process key mentioned in this article used for "The Matrix" et. al., is also already hacked. The keys are in plain sight on the disk. You are giving out a disk that has the lock and the key to the lock on the same device. This is why DRM is FUNDAMENTALLY FLAWED. You can either allow people full access to the content, OR you can prevent ALL access to the content. You can NOT give PARTIAL access to the content (i.e. view only under certain circumstances).

The key that unlocks the door will always be visible and able to be found because details of where the key is located are given to the device manufactures and/or software creators.

The key with either be in the hardware itself, or on the disk/medium containing the audio/video content itself. Which limits the scope of the places that need to be searched if someone is looking for the key. It is not like the real world in the sense of a lock, a door and a key, because the key in the real world can be located anywhere in the world/universe or even have been destroyed. In the DRM world, we know the key exists, and we can trace the interactions of the device and the content to know where to limit our search for the key. It is more like having a key with a homing beacon on it which everyone knows how to listen to the beacon...

RE: Analogy
By alifbaa on 6/2/2007 8:19:22 AM , Rating: 2
I like your analogy a lot, but I think there is an addition to it that is important to note...

Once that original key gets stolen, all the invited guests need to make a copy of the new key and istall the lock themselves. The vast majority of the invited guests have no idea of the need to do so until their door "breaks." Even then, most won't know there is a simple way to "fix" the door. If they know there is a way to fix the door, many won't feel confident in their abilities to implement the fix. Finally, the few who are able to fix the door on their own will quickly grow tired of the process 90 days from now, when they have to fix the door again.

This will be the death of DRM as we know it. Either they will do away with it completely or they will start rolling out systems that stifle technology even more.

"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki