Jump to content

Security of Advanced Access Content System

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Noclip (talk | contribs) at 19:49, 28 May 2007 (split from main article). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

You must add a |reason= parameter to this Cleanup template – replace it with {{Cleanup|February 2007|reason=<Fill reason here>}}, or remove the Cleanup template.

Main article: History of attacks on AACS

Concerns of experts

The proposal was voted one of the technologies most likely to fail by IEEE Spectrum magazine's readers in the January 2005 issue.[1] Concerns about the approach include its similarity to past systems that failed, such as CSS, and the inability to preserve security against attacks that compromise large numbers of players. Jon Lech Johansen, who was part of the team that circumvented CSS, expected AACS to be cracked by winter 2006/2007.[2]

In late 2006, security expert Peter Gutmann released "A Cost Analysis of Windows Vista Content Protection", a technical paper criticizing the implementation of AACS on Windows Vista.[3]

Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server).

While great care has been taken with AACS to ensure that contents are encrypted right up to the display device, it was discovered in July 2006 that a perfect copy of any still frame from a film could be captured from certain Blu-ray and HD DVD software players made simply by utilizing the Print Screen function of the Windows operating system.[4] [5] It was hypothesized that this approach could be automated to allow a perfect copy of an entire film to be made, in much the same way that DVD films were copied before the advent of DeCSS, but to date no such copy has been discovered. This exploit has been closed in subsequent software versions.

Such approaches do not constitute compromises of the AACS encryption itself, relying instead on an officially licensed software player to perform the decryption. As such, the output data will not be in the form of the compressed video from the disc, but rather decompressed video.

Memory-space snooping attacks

Both title keys and one of the keys used to decrypt them (known as Processing Keys in the AACS specifications) have been found by using debuggers to inspect the memory space of running HD-DVD and Blu-ray player programs.[6] [7] [8] [9] Hackers also claim to have found Device Keys [10] (used to calculate the Processing Key) and a Host Private Key [11] (a key signed by the AACS LA used for hand-shaking between host and HD drive; required for reading the Volume ID). The first pirated HD movies were available soon afterwards.[12] The processing key was widely published on the Internet after it was found and the AACS LA sent multiple DMCA takedown notices in the aim of censoring it.[13] Some sites that rely on user-submitted content, like Digg and Wikipedia, tried to remove any mentions of the key.[14] [15] The Digg administrators eventually gave up trying to censor submissions that contained the key.[16]

Further information: AACS encryption key controversy

Cyberlink, developers of PowerDVD stated that their software was not used as part of these exploits.[17]

On April 16, 2007, the AACS consortium announced that it had expired certain encryption keys used by PC-based applications. Patches were available for WinDVD and PowerDVD which used new and uncompromised encryption keys.[18] [19] The compromised keys can still be used to decrypt old titles, but not newer releases as they will be encrypted with other, uncompromised keys. Legitimate users of the affected players are forced to upgrade or replace their player software in order to view new titles.

Updates to software players were released in April 2007, with new titles incorporating the updated keys etc. due on 22nd May 2007. However, by 16th May, software said to be capable of copying the updated disks was circulating the Internet, and reports started appearing that it was successfully copying titles encrypted with new keys that had been released early.

The use of encryption does not offer any true protection against memory snooping, since the software player must have the encryption key available somewhere in memory and there is no way to protect against a determined PC owner extracting the encryption key (if everything else fails the user could run the program in a virtual machine making it possible to freeze the program and inspect all memory addresses without the program knowing).

The only way to wholly prevent attacks like this would require changes to the PC platform (see Trusted Computing) or that the content distributors do not permit their content to be played on PCs at all (by not providing the companies making software players with the needed encryption keys).

Publishing of volume keys

On January 15 2007 a website launched at HDKeys.com containing a database of HD DVD title keys. It also featured a modified copy of the BackupHDDVD software allowing for online key retrieval (the latter was later removed after a DMCA complaint).

AnyDVD HD

SlySoft has released AnyDVD HD which allows users to watch HD DVD and Blu-ray movies on non-HDCP-compliant PC hardware. The movies can be decrypted on the fly directly from the disc, or can be copied to another medium. AnyDVD HD is also capable of automatically removing any unwanted logos and trailers. Slysoft has stated that AnyDVD HD uses several different mechanisms to disable the encryption, and is not dependent on the use of compromised encryption keys. They have also stated that AACS has even more flaws in its implementation than CSS; this renders it highly vulnerable,[20] but they will release no details on their implementation. Users at Doom9 claim that the program makes use of the host certificate of PowerDVD version 6.5,[21] but SlySoft has claimed that the program would be unaffected by the AACS revocation system.[22]

  1. ^ Tekla S. Perry (2007). "Loser: DVD Copy Protection, Take 2". Spectrum Online. Retrieved 2007-05-04. {{cite web}}: Unknown parameter |month= ignored (help)
  2. ^ Johansen, Jon Lech (2006-01-08). "DeAACS.com". So sue me. Retrieved 2007-05-04.
  3. ^ Peter Gutmann (2006-12-26). "A Cost Analysis of Windows Vista Content Protection". Retrieved 2007-01-28. {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ "Work Around for New DVD Format Protections". Slashdot. 2006-06-07. Retrieved 2007-05-02.
  5. ^ "ehe" (2006-07-07). "Copy protection hole in Blu-ray and HD DVD movies". heise Security. Retrieved 2007-05-02.
  6. ^ "HD-DVD Content Protection already hacked?". TechAmok. 2006-12-28. Retrieved 2007-01-02.
  7. ^ "Hi-def DVD security is bypassed". BBC news. 2007-01-26. Retrieved 2007-05-02.
  8. ^ Block, Ryan (2007-01-20). "Blu-ray cracked too?". Engadget. Retrieved 2007-01-22.
  9. ^ Leyden, John (2007-01-23). "Blu-ray DRM defeated". The Register. Retrieved 2007-01-22.
  10. ^ "ATARI Vampire" (2007-02-24). "WinDVD 8 Device Key Found!". Doom9.net forums. Retrieved 2007-05-04.
  11. ^ "jx6bpm" (2007-03-03). "PowerDVD private key". Doom9.net forums. Retrieved 2007-05-04.{{cite web}}: CS1 maint: numeric names: authors list (link)
  12. ^ Yam, Marcus (2007-01-17). "First Pirated HD DVDs Released". DailyTech. Retrieved 2007-05-03.
  13. ^ "AACS licensor complains of posted key". Retrieved 2007-05-02.
  14. ^ Boutin, Paul (2007-05-01). "Wikipedia Locks Out "The Number"". Retrieved 2007-05-02.
  15. ^ Greenberg, Andy (2007-05-02). "Digg's DRM Revolt". Forbes. {{cite web}}: Unknown parameter |accesdate= ignored (|access-date= suggested) (help)
  16. ^ "DVD DRM row sparks user rebellion". BBC news. 2007-05-02. Retrieved 2007-05-02.
  17. ^ Lanier, Chris (2007-01-02). "Cyberlink Responds to Alleged AACS Crack". Retrieved 2007-05-02.
  18. ^ "Press Messages: AACS - Advanced Access Content System". Retrieved 2007-05-02.
  19. ^ Yam, Marcus (2007-01-26). "AACS Responds to Cracked HD DVD and Blu-ray Disc Protections". DailyTech. Retrieved 2007-05-03.
  20. ^ "peer" (2007-02-13). "Device key revokation". Slysoft forums. Retrieved 2007-04-09.
  21. ^ "evdberg" (2007-02-15). "AnyDVD method of operation". Doom9.net Forums. Retrieved 2007-04-09.
  22. ^ "James" (2007-03-02). "And after the proces. key is revoked?". Slysoft forums. Retrieved 2007-04-09.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Security_of_Advanced_Access_Content_System&oldid=134145774"