Researchers: Hack will help kill HD-DVD copy protection
Another encryption standard cut off at the knees
IDG News Service - The recent release of software that can be used to decode encrypted HD-DVD and Blu-ray movies is the first step toward making the encryption standard used by these next-generation video players obsolete, Princeton University researchers said Monday.
Late last month, a hacker going by the name Muslix64 released software that could be used to decrypt movies that were encoded using the AACS (Advanced Access Content System) digital rights management specification. AACS is supported by Hollywood and video player manufacturers.
Introduced in April 2005, AACS is the copy protection system for HD-DVD and Blu-ray movies. It is supported by companies such as Microsoft Corp., Matsushita Electric Industrial Co. Ltd. (Panasonic), Sony Corp., Toshiba Corp., The Walt Disney Co. and Warner Bros.
Muslix64's BackupHDDVD software did not crack AACS, but it will make it easier for some technically adept users to decrypt movies, said Alex Halderman, a Princeton computer science student who, along with noted researcher Ed Felten, is calling the software "the first step in the meltdown of AACS."
AACS devices use cryptographic techniques to read numeric codes, called "keys," from video discs. These keys are then used to unlock the digital content, making it readable on the player. Muslix64's software does not give users a way to discover these keys, but it does provide a way to descramble content once the key is uncovered.
"This is the framework through which the arms race is going to be fought," Halderman said. "They don't have the ammunition yet, but this is the gun."
AACS is supposed to work better than the CSS (content scrambling system) encryption system used to protect DVDs from unauthorized copying. CSS was cracked just a few years after its release by three hackers, including a 16-year-old Norwegian named Jon Johansen.
Unlike CSS, however, the AACS system gives movie companies a way of "revoking keys" -- changing new movies so that these keys cannot be read on video players that have been cracked.
This system gives Hollywood a way of protecting new releases, but it only works if hackers publicize their work and disclose which player has been cracked. And even with key revocation, nothing can be done to prevent disks whose keys have already been published from being unlocked, Halderman said.
"What the future looks like to us is that some individuals will have cracks that they don't publish and which Hollywood is unable to revoke," he said. "Other people will have cracks that they do publish, and which will work for all old disks."
This scenario may not be so bad for the movie studios, so long as they are able to prevent widespread illegal distribution of their products and keep movies from being widely available while they are still being shown in theatres, said Mike McGuire, an analyst at Gartner Inc. "If they can preserve the existing [theatrical] release windows, then they're probably going to feel reasonably comfortable," he said.
Still, Halderman believes it's only a matter of time before the keys that can be used with BackupHDDVD become public and Hollywood will be faced with unauthorized copying of AACS-protected material. "There's just no doubt that title keys are going to become available at some point in the near future," he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts