Tuesday, September 14, 2010

Possibly a VERY Big Develoopment: Has a crucial DRM scheme been broken open?

High-bandwidth Digital Content Protection (HDCP), the copy protection system used to prevent the making of perfect digital copies of audio and video data sent over DisplayPort, HDMI, and DVI interfaces, may have been blown out of the water if a post made to pastebin.com yesterday is what it claims to be. The post purports to contain the HDCP "master key," a 40×40 matrix of 56-bit numbers, which is used by the HDCP licensing company, Digital Content Protection (DCP), to generate the private keys used in all HDCP devices.

HDCP was invented by Intel to be a cheap-to-implement, high-performance cryptographic system suitable for use in audio and video applications. Its purpose was to create a secure digital path that could not be eavesdropped, so that pirates would not be able to make high-quality digital copies of high-definition video. HDCP also provides a mechanism for key revocation: if a device's key has been leaked, it can be added to a list of revoked keys, effectively blacklisting it and preventing it from being used for playback of encrypted content.

Each HDCP device, whether it is a "source" (that transmits encrypted data) or a "sink" (that receives it) has its own private HDCP key. The keys are generated in such a way that each source/sink pair can decrypt the data sent from source to sink, without either source or sink having to disclose its key to the other. To enable this, the source and sink keys have to be created in a particular way: they are all generated from the same master key.

If the master key has indeed been leaked, this entire system becomes broken. With the master key, anyone can generate their own sink keys, meaning that, given suitable hardware, they could always make perfect copies of HDCP-protected content—and they could do so without risk of revocation. This is unlikely to be of much interest to the typical consumer—most people don't have digital capture devices anyway—but it does mean that someone suitably motivated could build an HDCP sink device that could decrypt incoming HDCP data and produce full fidelity digital streams, and that this device could never be blocked. Such a system would be of interest both to pirates and those with legitimate data archival needs.

The origin of the alleged key is mysterious. A 2001 research paper stated that the master key could be reverse engineered by anyone with enough access to private keys due to weaknesses in the design of the protocol. Though private keys are supposed to be hard to retrieve, for example by being obfuscated in software players, or embedded into chips in hardware devices, this protection is imperfect, and so the master key could have been obtained in this way. Alternatively, it could have been leaked by someone who acquired access to it from DCP through some legitimate or illegitimate means.

In principle, DCP could produce a new master key and a whole new set of device source and sink keys, making the system secret once more. However, such a response is likely to be of little practical value, since it would be incompatible with all existing HDCP devices. Though some devices can have firmware or software upgrades to enable the use of a new master key, this would not be the case universally; such a move would present enormous practical difficulties. More likely, content producers will continue to use HDCP, even if it's thoroughly broken, just as they do with the Content Scramble System (CSS) encryption on DVDs.

At some point (maybe soon, if this pans out) our government will have to realize that instead of trying to prop up the IP and Media industries with increasingly Procrustean laws and regulations it should be helping them reinvent themselves in wholly new terms. The current technological environment simply does not support the false imposition of scarcity on intellectual and creative goods which have constituted the business model of so many companies to date.

No comments: