December 22, 2024

AACS: Modeling the Battle

[Posts in this series: 1, 2, 3, 4, 5, 6, 7.]

By this point in our series on AACS (the encryption scheme used in HD-DVD and Blu-ray) it should be clear that AACS creates a nontrivial strategic game between the AACS central authority (representing the movie studios) and the attackers who want to defeat AACS. Today I want to sketch a model of this game and talk about who is likely to win.

First, let’s talk about what each party is trying to achieve. The central authority wants to maximize movie studio revenue. More precisely, they’re concerned with the portion of revenue that is due to AACS protection. We’ll call this the Marginal Value of Protection (MVP): the revenue they would get if AACS were impossible to defeat, minus the revenue they would get if AACS had no effect at all. The authority’s goal is to maximize the fraction of MVP that the studios can capture.

In practice, MVP might be negative. AACS makes a disc less useful to honest consumers, thereby reducing consumer demand for discs, which hurts studio revenue. (For example: Alex and I can’t play our own HD-DVD discs on our computers, because the AACS rules don’t like our computers’ video cards. The only way for us to watch these discs on our equipment would be to defeat AACS. (Being researchers, we want to analyze the discs rather than watch them, but normal people would insist on watching.)) If this revenue reduction outweighs any revenue increase due to frustrating infringement, MVP will be negative. But of course if MVP is negative then a rational studio will release its discs without AACS encryption; so we will assume for analytic purposes that MVP is positive.

We’ll assume there is a single attacker, or equivalently that multiple attackers coordinate their actions. The attacker’s motive is tricky to model but we’ll assume for now that the attacker is directly opposed to the authority, so the attacker wants to minimize the fraction of MVP that the studios can capture.

We’ll assume the studios release discs at a constant rate, and that the MVP from a disc is highest when the disc is first released and then declines exponentially, with time constant L. (That is, MVP for a disc is proportional to exp(-(t-t0)/L), where t0 is the disc’s release date.) Most of the MVP from a disc will be generated in the first L days after its release.

We’ll assume that the attacker can compromise a new player device every C days on average. We’ll model this as a Poisson process, so that the likelihood of compromising a new device is the same every day, or equivalently the time between compromises is exponentially distributed with mean C.

Whenever the attacker has a compromised device, he has the option of using that device to nullify the MVP from any set of existing discs. (He does this by ripping and redistributing the discs’ content or the keys needed to decrypt that content.) But once the attacker uses a compromised device this way, the authority gets the ability to blacklist that compromised device so that the attacker cannot use it to nullify MVP from any future discs.

Okay, we’ve written down the rules of the game. The next step – I’ll spare you the gory details – is to translate the rules into equations and solve the equations to find the optimal strategy for each side and the outcome of the game, that is, the fraction of MVP the studios will get, assuming both sides play optimally. The result will depend on two parameters: L, the commercial lifetime of a disc, and C, the time between player compromises.

It turns out that the attacker’s best strategy is to withhold any newly discovered compromise until a “release window” of size R has passed since the last time the authority blacklisted a player. (R depends in a complicated way on L and C.) Once the release window has passed, the attacker will use the compromise aggressively and the authority will then blacklist the compromised player, which essentially starts the game over. The studio collects revenue during the release window, and sometimes beyond the release window when the attacker gets unlucky and takes a long time to find another compromise.

The fraction of MVP collected by the studio turns out to be approximately C/(C+L). When C is much smaller than L, the studio loses most of the MVP, because the attacker compromises players frequently so the attacker will nullify a disc’s MVP early in the disc’s commercial lifetime. But when C is much bigger than L, a disc will be able to collect most of its MVP before the attacker can find a compromise.

To predict the game’s outcome, then, we need to know the ratio of C (the time needed to compromise a player) to L (the commercial lifetime of a disc). Unfortunately we don’t have good data to estimate C and L. My guess, though, is that C will be considerably less than L in the long run. I’d expect C to be measured in weeks and L in months. If that’s right, it’s bad news for AACS.

Comments

  1. Anonymous says

    To reply to Ben.

    The key that is subject to contoversy is a processing key. This was a common factor to the encryption of all disks manufactured up to April 23rd 2007, and using it, any of those disks can be decrypted. Once decrypted, the disks can be copied and played without control and the aacsla cannot do anything about that.

    New disks made after that date will have different processing keys. That is not so much a revocation, as using a different key set on later titles. All players will continue to be able to play those disks.

    The aacsla have said that the key is now expired, and that they cannot do anything about the insecurity of the disks that used it. I reckon the current controversy is more about trying to stifle the forums that are behind the hacking, rather than bothering about that key itself.

    However, the attention they are giving to the forums suggests that they perceive them to be a very serious threat, and that does not say much for the quality of aacs itself.

  2. Ben, Student at University of Puget Sound says

    Could somebody give me some information on how AACS plans to deal with the product key leak, as well as explaining what a product key is in relation to the other various keys used.

  3. Anonymous says

    I think the economic assumption here is wrong. The central authority does not want to maximize movie studio revenue. They want to maximize their own revenue. To do so they must do the minimum amount of key revocations needed to keep the studios happy. However they do not want to do too many because it drives up their labor costs and indirectly it costs them by angering device manufacturers. So the real economic motivation here is to minimize labor costs and maximize PR value. The marginal value of protection really doesn’t enter into it, and as you point out, the MVP is likely negative.

  4. Richard Lee says

    I think that you overestimate the AACSLA’s ability to detect which device or media player has been compromised. You mention that they could release snippets of movie which when decoded provide a unique method to detect the point of failure, so that they could rescind its key.

    But have you considered that it would be possible for a decryption algorithm to alter the output so that the result is still a visibly and similar video and audio sample but which has been changed to the point where it defeats the AACSLA’s ability to recognise which key was used to decrypt it.

    In this way a compromised key could be kept hidden for a very long time.

    In an effort to destroy MVP there would be no need to distribute the keys if the full decrypted files where being actively shared on P2P, usenet or some form of darknet.

  5. Michael Kleber says

    The economic analysis has ignored a general equilibrium issue (to quote Steven Landsburg, http://www.slate.com/?id=2067407 ). If the regular release of broken keys is widely known (which is the only case this applies to), then surely at least some consumers will change their behavior to wait for the keys. Therefore the attacker’s choice of C may well change L!

  6. In the previous post, (7.54, Feb 14th) when I said “Which means that there is little point in revoking the device key.”, I should have said – “Which means that there is little point in revoking the device key just for the one particular instance of the device”.

    Given that the current hacking activity is probably having no negative commercial effect of the sale of hd movies, I wonder if the aacsla will just sit back and see how far the hackers get with it, and then decide what to do.

  7. The object of revoking the device key for an individual player is that if the key is published, subsequent new disks can be keyed in order not to be able to be devrypted using the compromised key. The weakness in that is that if someone can uncover the device key in one instance of the device, they can uncover it in all instances. Which means that there is little point in revoking the device key.

    The general principle of the key system is to try, as far as possible, to create a situation where compromised device keys are revoked, so that unauthorised use of them is stopped. The problem is that those keys will still sork with media that was manufactured pre-revocation.

    Ultimatley, you get to a situation where the necessary key revocation affects innocent third parties with genuine disks and players. And once you get there, the expression “opening Pandora’s box” comes to mind. In the light of recent events, it looks like we could be close to where the aacsla have to decide either to open that box, or admit that aacs is the hd equivalent of css.

  8. Bobdevis: As far as I know revocation does not work on the individual player level, but roughly on “model” level.

    Anyhow, we might get to see soon, as there is now a new type of key in circulation, the Processing Key (09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0) which will decode any current HDDVD release for which you know the Volume ID.

    http://forum.doom9.org/showthread.php?t=121866&page=6

  9. I’m not going to buy a HD player anyhow until they are £30 from the local Aldi or Lidl and titles are in the bargain bucket a few months after release. By then it won’t matter much either way and if I do want to make a copy I’ll just download it on fast internet connection anyhow. Speeds are continually increasing and hard drive sizes too (1TB drives are already available to buy). In fact sometimes it’s just better to leave movies and music on hard drive instead of backing up to discs.

    Also another thing. The encoding methods used on both HDDVD and BluRay are very inneficient. They use old technology. MPEG2 on many BluRay titles and Microsoft’s VC1 codec on newer HDVD titles. I believe VC1 will be used on BluRay too on newer titles if not already. In comparison to a codec like x264 which is continually being improved upon and an open source codec VC1 is pretty inneficient. You could easily compress the same movie with the same PQ onto a DVD9 or for some animation that compresses even better DVD5 at 1080P. Some of the reencodes in x264 from HDDVD’s are virtually indistinguishable from the original at 1/3rd the size.

    I suspect we will soon see HD x264 capable players coming out of Asia that have dedicated chips to do the relatively intensive decoding of such codecs.

    I think Snazio has a HD streamer coming with such facility. The tech is moving far faster than the movie studios can keep up. Witness the same effect on the music industry. The words ‘pants’ ‘caught’ and ‘down’ come to mind. Now they are sueing left right and center and trying hard to lobby government to try and put the genie back in the bottle. I’m sorry. Too late. The bus left already. All you are doing is sueing people and pissing them off. Those people (Especially children and teenagers) will be the next generation of lawyers, politicians, judges and wotnot and I am sure they will remember these times with great relish.

    Lets face it people. It’s all just 1’s and 0’s in the end.

  10. Nunya,
    If you publish the player keys of a player that INDIVIDUAL player will be revoked, not a whole batch of them. Reoked as in; It won’t be able to reed new disks as they will not be compattible with that INDIVIDUAL player.

  11. Nunya Bidness says

    I never see anyone mention another (to me anyway) obvious problem with the key revocation paradigm:

    Any cutthroat player vendor could undercut its competition by hacking their players and publishing the keys themselves! So (for example) some unscrupulous company could undercut Sony by publishing as many keys as they could extract from Sony’s players.

    If the keys were revoked, this would create a PR nightmare for Sony (even assuming there were a way to update the firmware with new keys, instead of turning the player into a doorstop). This would impact Sony’s sales and help their competitors.

    If the keys weren’t revoked, every title could potentially be compromised.

    Interestingly, either way the unscrupulous company wins. Revoked keys mean Sony’s market share shifts to other vendors, making their sales go up. Unrevoked keys mean more interest in these formats, meaning more overall sales of players in general (I didn’t buy a DVD player until CSS was broken, and although I occasionally copy a DVD, I have bought many more that I wouldn’t have bought otherwise), so their sales go up. It’s a win-win.

  12. This analysis seems to assume that if someone has published keys for a title then commercial lifetime for this disk is over. It is actually true for a small fraction of market only: some Internet hackers (incldin all of us who read this thread here). Even if it releases more convinient black market for bootleg-movies (e.g. in China) then this market is so poor that it has quite low commercial value for the labels anyway.

    We have a saying in Estonian: locks are for animals only. So this encryption has for me mainly informational meaning “do not copy this, we don’t like this”, so the honest people should keep their hands off. Technical tricks are to make the info stronger than just print on the CD jewel box. And people generally get this point. Maybe I am to optimist, but I think that over 90% of people are honest (in developed countries at least), they do not generally care to crack anything even if it is crackable. They still buy windows software and Audio CD even if they could get easily cracks and mp3s from the Internet.

    Of course some countries are different. In Rabat, Morocco I was amazed how central market was full of home-burned divx salesmen, selling movies for about $1 piece. Every possible title was there, and very probably the same market will have section of “HD-DivX” (or whatever how it will be called) too. But this market is not really important for legal DVD and HD stuff anyway, and I can’t imagine this kind of large-scale black market in US or in western Europe.

  13. Terry Cloth says

    I have trouble accepting the basic premise of the analysis. Grant that players are rational, but I don’t see why the attackers should be trying to minimize MVP. What do they care? Some want to see their movies, regardless of the effect it has on MVP, others enjoy the game, others want to share with friends.

    Do these relate to minimizing MVP in any way amenable to mathematical analysis? Are they sufficiently different to invalidate the analysis?

  14. Yes – but this all depends on correctly identifying the source of the leak. Suppose someone hacks the protected media path. They would then be able to copy the streaming data in a decrypted form. If the sequence keys are in use, the copy can be scrutinised and the player identified.

    But revoking the player keys makes no difference. The person can just update the player, or use a different player. The hack has nothing to do with the player.

  15. Hmmmm… Sony blacklisting their own product line… that will be the day 😉
    Anyway, one more thing;

    Cracking copy protection is not illegal everwhere. It is not even illegal in the USA if it is for helping the handycapped and stuff like that.
    Consequently, it would not be illegal for someone who lives in a real free country to setup a little distributed computing project to go dig for some player keys.

    Distributed computing projects were/are used to search for extraterrestial life (Seti), help medicine (folding@home) or to crack encyption(ECCP-109). It basically enables people to donate their PC’s idle time to help solve a very complex problem, by functioning as a part of a supercomputer. Always volentary, save, and for a good cause.

    AACS is high profile, so you will find many volenteers to help. Even if players prove uncrackable somehow, I am quite sure we will be able to brute force our way to a constant stream of player keys 😉

  16. Bob hit the nail on the head. There are only a small handful of HD-DVD hardware players on the market at the moment. The compromise of the device keys of such a player would become an economic nightmare.

    Scenario: Sony produces a hardware HD-DVD player for use with an HD-capable TV. Sony Motion Pictures, a division of Sony, publishes an HD-DVD movie with significant investment, and Sony Music, another division of Sony, publishes an HD-DVD of a live concert from a popular band.

    What happens if the device keys are published for the hardware player? Do SMP and Sony Music blacklist the Sony player?

  17. What about this senario?
    An attacker extracts player keys from a popular player model that is still selling and posts exact instructions on how to do so.
    Consequently, all players of that model (and probably some other similar models too) would have to be considered compromised as interested attackers will run to the store to get one of those players. Now, the central authority will have the choice of:
    1. Blacklisting the whole model and similar models (very costly PR nightmare)
    2. Accepting the fact there are a boatload of pleople posting a boatload of title keys to web databases (the defeat of AACS).

  18. This is indirectly relevant to the ongoing discussion. I can’t seem to find it again or else I would provide the source. Perhaps someone there can.
    Either in print or on the net I read an article about new laser tech. which was in development. Though working prototypes exist, development had not progressed to a marketable stage. These new laser burners were fast, used current DVD media, and best of all were capable of 100+G capacity. The thing that made them special was the lens. It used some kind of field to create sharper focusing ability. The result is better utilization of power to produce smaller dots closer together. If we can get more information on current development, it might give us a different prospective on the future of HD and Blue-ray. Hopefully someone out there can give us some links.

  19. There is one big hole in your model:
    You’re missing the people who will try to crack the AACS to be able to watch the movie on an older TV set or on a computer without wanting to buy a commercial player software for ~100€ (or $, for that matter).

    And when it comes to me personally, MVP is definitely negative. I decided a long time ago to skip the whole HD crap until ‘they’ stop treating their customers like criminals. Which will be someday around march 23rd 2136.

  20. Mitch Golden says

    Another point not covered in this analysis is that the “Central Authority” has to represent parties. That is, there are lots of movie studios and their interests don’t align.

    The simplest case is to imagine two studios A and B. Imagine that at some point in time, the Central Authority knows that a particular player has been cracked. At that moment, A owns a movie for which the title key has not (for whatever reason) yet been released – maybe it’s a small indy film. B is about to release a blockbuster. As discussed in a prior post, A is in the situation of *not* wanting the cracked player revoked, because at that moment the key gets released into the wild and the copy protection on A’s movie goes away. B on the other hand knows that its movie is certainly going to be a target, so it definitely doesn’t want to release the movie unprotected and have it immediately pirated.

    So how does the decision get made? And suppose that there are lots of studios in the A situation, do they get to outvote the B? Or is it done by prospective value of the films?

    It’s very, very difficult for the Central Authority.

  21. @billswift

    Furthermore, someone who is willing to invest in the hardware for refilming is most likely someone with a serious revenue-generating business, for whom the cost of buying a new player is probably not an enormous obstacle (especially if the player used for the compromise can be returned or resold through clandestine channels.)

    Meanwhile, I think the people who argue that we’re not seeing rational players here are at least a little onto something. The players may be rational, but this may not be the game they’re playing. Consider retail price wars, for example: ultimately unprofitable for any given episode, but very profitable for all concerned if they can convince competitors (current or potential) not to compete on price.

  22. @marco
    So what? That sort of watermarking could be used to prove that a scene came from a protected film, but it would not have enough complexity to identify which particular disk it was from. Further, it would not identify the “pirate” even if it could identify the disk, unless they start requiring ID for purchasing DVDs.

  23. mjb: The point of my example being that manufacturers took minimal steps to get their models approved for import, but engineered ways to enable full use of their product.

    People in the know (mostly adolescent geeks with inclination and time on their hands to figure it out) were doing their due diligence before committing to a purchase, and word got around in the circles. I presume models that could easily be “enabled” sold better.

    Hard to say what would have happened had regulators or lobbyists leaned harder on manufacturers and effectively prevented “enabling” backdoors. Many a product would probably have gone unsold as word got around you can’t use it for your purposes.

  24. mjb: I don’t know the answer, but in any industry/business most players are interdependent on each other, and nobody can unilaterally take a hard-ass position without jeopardizing cooperation, projecting an unfavorable image, or pissing off key people.

    I’m reminded of the situation we had in Germany with dial-up modems — manufacturers were mandated to “blacklist” phone numbers, or disabling dialing, for I believe 30 sec after any dialing attempt in German models, with the rationale of preventing unscrupulous users from overloading phone exchanges. Nonetheless every model that I knew of had “undocumented” override sequences readily available on the Internet, presumably from arms-length sources, not the manufacturers directly.

    Similarly with scanners — copyright motivated mandates to cripple scanners by limiting scanning speed were implemented in the device drivers, not the device, and savvy users were able to work around them by replacing German device drivers with foreign-language versions.

  25. Bill: Good point. The obvious counterattack, as the “authority” or down-chain vendors invariably learn of widely available software exploiting software player weaknesses, blacklist the respective player “models” and force an update, if they are in a position to do the latter of course (i.e. customers have Internet access for automatic update and don’t balk).

  26. Has anyone considered the possibility that the studios might adopt a scorched-earth strategy? Rather than try to track down individual device keys in an endless game of whack-a-mole, they could simply declare an entire model or brand of player “too easy to hack” and blacklist them all.

    The studios might welcome the resulting public backlash as a way to generate pressure on device manufacturers to make their devices harder to crack, and to generate pressure on Congress to pass Draconian laws to deter cracking or require ISPs to install some sort of content filtering.

    The studios could adopt the posture that if a player is “too easy to hack” then the player is defective, consumers should look to the player manufacturer to get the defect corrected, and studios have no obligation to make disks that work on defective players.

  27. The analysis of this formula is quite interesting, but also largely irrelevant in application for the short term.

    There seems to be an assumption in this formula that title keys would only be acquired on the internet through a party other than the person attempting to decrypt the content.

    I think that software will emerge that handles title key discovery on the local machine. Such software will likely work in tandem with some player software, which means that the device keys being used for circumvention may be numerous and will never be exposed on the internet.

    It could be argued that content providers are more concerned about widespread internet distribution of keys and/or ripped content. However, I’m sure they would also be very concerned if every person (who owns a PC based HD-DVD drive and rents original HD-DVD discs) could make copies for their collection and/or friends with extreme ease and without the bother of downloading massive rips or keys from the net.

  28. Further to the above post, there are statements being reported on the Internet where the original attacker(s) of hd dvd have now stated that they have made similar achievements with Blu-Ray. They also say they have not made these achievements by hacking into players.

    If that turns out to be true, then there are all sorts of implications – including the possibility that sensitive information has fallen into unauthorised hands. It would also suggest that the original attack on hd dvd goes far deeper than a flawed player.

    That raises an interesting point. Is there any information which, were it to leak out, would render aacs no more effective than css? If there is, then maybe it has already leaked.

  29. There is a possibility that the original attacker in this case is a lone hacker. who has released information which has allowed others to hack with gusto. It is the hackers that revealed the compromised player, in what became a runaway effect.

    But what if the original attacker has gleaned the key in a different way to how the hackers are pulling all the other keys. You now have a “knock on” effect. The original attacker has no control as to what information others may or may not release – or indeed what flaws they may or may not find.

    Each revelation might lead to a run-away situation where all the titles to date can be cracked, with full details immediately available as to how the hackers are doing it.

    And I imagine that what curently worries the authority is that they revoke the keys for the flawed player, but that keys continue to appear after that for post-alteration titles. They might decide that because the financial damage is probably trivial, due to the lack of any easy way of distributing the data, that the embarassment of a second breach staright away, might outweigh any benefit of immediate revoking.

    That might be awkward to model.

  30. As David mentions, it still seems to me like the deepest attack on AACS is the acquisition – by mathematics or by espionage – of device keys. I’m curious if some of the techniques that the authority would use to attack an oracle would actually help an attacker narrow down their search for an attack on the set of keys used to encrypt the title keys.

    While the game theory of device key cops and robbers is great, I think history has shown that unbreakable encryption schemes often aren’t, and I want to see how well the broadcast encryption used in AACS holds up over time.

    Has anyone seen a, (cough) somewhat pedestrian analysis of the title key encryption algorithm? Ed hasn’t talked about that critical piece too much, other than to say “The title key is encrypted in a special way that specifies exactly which devices’ decryption keys are able to extract the title key, and the result is then written into a header field on the disc.”

    There was a good reference posted in the comments of post 1 about broadcast encryption: http://eprint.iacr.org/2005/018 however, unfortunately, that PDF isn’t exactly an easy read. It also doesn’t address the adaptive attackers problem, and I’m especially curious about that. In cases where attackers are able to learn from the specific traitor discovery techniques that the authority might employ, or knowledge gained by discovering a title key encrypted before and after a known or partially-known blacklist had been applied, it seems possible that the adaptive attacker would be able to eventually break the algorithm, and thus AACS altogether.

  31. Re the statement “…minus the revenue they would get if AACS had no effect at all.”

    One of the biggest con jobs pulled by the recording industry and its copyright enforcers is to claim a lost sale for every identified pirate copy confiscated. Some deep study should be carried out to refute this assumption utterly and permanently.

    By this token, let’s examine MVP: the revenue they would get if AACS were impossible to defeat. We must not, and must never, let the greedy corporations ever claim that they would maximize revenue for every uncrackable movie title. The sheer boycott power of savvy consumers must be brought to bear on their convenient revenue calculations. Let’s make them realize that MVP, even if it is non-negative, will be a very miniscule value compared to the potential revenue that consumers will grant to the corporations if copy protection mechanisms were voluntarily withdrawn.

    Conversely, “the revenue they would get if AACS had no effect at all” may be either very much higher than MVP (assuming savvy consumers increase consumption to encourage corporations to maintain the status quo of allowing deliberately or inadvertently ineffective protection) or, may not be as high as potentially possible (assuming savvy consumers will still not bite even if the corporations allow protection to remain ineffective. The consumers may only want to stop their boycott if the corporations officially declare that they would give up the idea of incorporating protection.)

  32. Now that I think about it, it seems to me that you could extend your model to include my objections by adding a single parameter. You could say that MVP = MVPw + MVPs, where MVPw is the marginal value of weak protection like DVD CSS, and MVPs is the additional marginal value of unbreakable protection. We know that studios believe MVPw to be nonzero, since they haven’t abandoned CSS, and we know that studios believe MVPs to be nonzero, since they took the trouble to develop a new (presumably stronger) scheme instead of continuing to use CSS. We do not know which of those quantities studios think is more important.

    Your analysis says that in the limit as c/L approaches 0, the fraction of MVP that the studios collect approaches 0. With my proposed addition we instead have the fraction of MVP collected approaching MVPw. I don’t know if this changes either player’s optimal strategy.

  33. Okay, I should have read the older post on Sequence Keys first. This does seem to require some good coordination on how SK’s are assigned, and which discs are cracked. The big question in my mind is still, break the Device Key generation algorithm once so that you can keygen your own DK’s as often as you wish, and doesn’t all of AACS go out the window at that point?

  34. I find one element in your analysis to disagree with. That is that The Authority will be able to successfully blacklist the Device Keys that the Attacker is using to compromise AACS. Releasing a decrypted movie, or the Title Keys, doesn’t automatically tell The Authority which DK’s were used to compromise the AACS. Only an Oracle (see previous blog entries) that can be queried multiple times can narrow the field of possible DK’s to the actual compromised DK. Seems to me that as long as you keep the compromised DK’s confidential, you can continue to crack and release new movies and/or Title Keys for a very long time.

  35. @billswift,

    The “movie variation” scheme is designed to cope with re-filming. A traitor-mark can survive for example as a small and unnoticeable geometric (warp) transformation in a fast moving scene.

  36. There might be some providers on the AACS side who don’t want AACS to succeed. Companies that only provide players and not discs don’t suffer when a title key is cracked – indeed they may even do better if a format is easily copied. The only incentive they have to cooperate with the AACS system is pressure from the content providers and the threat that – if HD-DVD or Blu-Ray don’t provide DRM – these providers might decamp to the other format.

    If you’re a big company with a serious stake in a format like Philips, the pressure from content providers can be considerable. But for a smaller company at the cheaper end of the market where is the motivation to cooperate? All that money spent obfuscating keys and installing hack-proof chips just isn’t worth it, so they’re not likely to put too much effort in. What you end up with is a continuous supply of easily hackable players because the manufacturer just doesn’t care. This is a problem that gets worse if the format becomes popular because more discs sold means more players sold, and more small companies entering the market, especially at the cheap end.

    On top of this, as the number of companies involved proliferates and spread away from the orriginal heavily-invested few, the ability to keep secrets also discipates. Industrial espionage could reveal keys that haven’t been used yet, or such keys could even be released by companies that know they’ll have an easier time of it if they get the hackers of their backs for a few weeks.

    Countering this there is the pressure from the content providers and the consortiums that control the formats. But how much pressure can they realistically exert? How many times can they force a manufacturer working on tight margins to change their design? Sooner or later they could start pushing providers out of the market place – even with software players.

    Monopolies are only tollerated so long as they play nice – both the EC and the US have bodies with extraordinary powers solely to keep them in line. How long can the AACS system keep going before this line is crossed? Currently I would say, in Europe at least, not long at all.

  37. I think the analysis is mostly worthless. In the event of someone who wishes to hurt the authority (the postulate of the analysis) or someone who wishes to sell pirated disks, the fastest and simplest technique is to buy the best display and best videocamera he can afford and record the playback. That could be done within a day of acquiring a new disk.
    It would show no signature of the device, so that couldn’t be blacklisted.
    As several posters have suggested, the movie industry is not a rational actor. There is no realistic benefit to DRM; all DRM does is irritate their customers.

  38. Brad,

    It’s true that we don’t consider attackers who just duplicate discs bit-for-bit and sell them on street corners. AACS offers little if any defense against such attacks.

    Regarding whether it makes sense for attackers to stockpile compromised players, our model considers this and it says that the optimal strategy rarely stockpiles compromises in the way you describe. There are rare exceptions, when the attacker happens by chance to discover several compromises in an unusually short time, but that won’t happen very often.

  39. dmc,

    What you describe is exactly what the model’s equations say. The attacker’s best strategy is to wait until a certain number of discs have been released (that is the purpose of the release window) and then to start nullifying those discs.

  40. I think that significant factor is how convenient it is to do and how useful the copies are.

    At the moment, anyone copying those movies is having to contend with huge files, and recordable media options are not really available.

    I suppose the next step is if somone devises a way of splitting up decrypted HD movies and spreading them over several DVD’s. There’s something for the authors of Linux DVD player software to think about.

  41. I don’t think this model is complete enough to be useful. The model says that if C=0 then MVP=0. This is clearly false. For DVD CSS we already have C=0, but the studios clearly don’t think that the MVP of CSS is 0.

    What’s missing is another parameter: the hassle (whether legal, technological, or something else) of viewing a compromised disk in some way that the studios don’t approve of. If the hassle is great enough then most people won’t bother, despite the attackers’ crypto victories. If you assume that the studios’ main concern is control, as opposed to prevention of digital copying, then that’s enough.

    And it’s not that hard to add hassle: make sure there aren’t any simple easy-to-use players that let you view a disk using a downloaded key, attack sites that list keys, and so on. Some people will be willing to put together home-brewed solutions to view disks, but most people won’t.

    A model that doesn’t include non-piracy benefits of AACS, and that doesn’t include the joint technological and legal strategy, isn’t really enough to explain how either player is going to play the game.

  42. trsm.mckay says

    @Ray Cromwell says: And guess what, I doubt many people would be able to visually detect the difference between 1080p downscaled to 480p and then upscaled by their TV, and true 1080p, so few consumers would complain.

    I agree — so now please explain to me the value of ICT?

    This type of logical fallacy in copy protection has been around at least since the 1992 AHRA. They added SCM to “protect against piracy”. All that managed to accomplish is to inconvenience their best customers (audiophiles), who were only ones who would notice or care about the quality differences of digital-to-digital copies. The real casual pirating of the time was done on $50 boomboxes equipped with tape-to-tape copying. Snort, perfect digital copies, ha ha!

    Of course the reality of AHRA and SCM was even worse than that – they killed off their market! This cost the CE firms a great deal of money, and considerable opportunity cost to the studios. DAT and MiniDisc did not provide enough benefits to overcome the disadvantages SCM imposed. I think the success of the DVD was because it had net positive value (cost, durability, convenience); even though it was encumbered (no back-up, MacroVision, Region Protection, and disabling of fast forward).

    The question for Blu-Ray and HD-DVD is how much value do they add to the current market? My prediction based on recent DVD-A and SACD history is pessimistic. There are a lot of parallels – higher quality, format war, strong DRM and higher costs. The only place where Blu-Ray and HD-DVD look better is in the computer area (we still don’t have SACD or DVD-A players for a computer). Since I do care about the quality of reproduction, it saddens me to see them make the same mistakes again and again.

  43. Ray Cromwell says

    The central authority doesn’t need to blacklist an entire line of compromised devices, it only needs to blacklist individual players. That’s the whole point of broadcast encryption techniques, that one can disable at a much finer granularity than simply blocking an entire range of devices, because unlike previous schemes, each player has a unique set of keys.

  44. Dave O'Flynn says

    To my mind, the easiest way to make sure the Central Authority doesn’t blacklist compromised devices is to make sure that the compromised devices are those most expensive, in terms of cash/image/whatever, to update.

    If, in two years time, someone published the device keys for Sony’s most popular standalone Blu-Ray player, I believe that Sony and Blu-Ray’s public image could not survive the hammering that rendering hundreds of thousands of players inoperable would cause. It would, on its own, kill the format. Ergo, the Central Authority is going to be extremely reluctant to blacklist any devices that can’t perform an unattended update of their device key.

  45. Ray Cromwell says

    Steve,
    There are tamper-resistant self-destructing chips would could be used to decrypt title keys, and for which the title key never electrically escapes the pinouts of the chip. You can’t logic probe these chips, you need very expensive hardware, and even then, it’s hard.

    I think the answer with respect to the model is that the model’s assumptions are flawed. Business entities are not completely rational actors. Nor are pirates, which is why the criminal prosecution angle casts a chill over the activity even if the risk of actually getting caught is quite low, fear of piracy could resemble fear of flying if the AACS decides to get tough.

    And as the AACS system comes under more and more attack, the most likely response is not to drop the system, but “surge” the level of protection, sending out more troops to investigate pirates, and to place more onerous requirements on software players, which will most likely be the primary avenue of sustainable attack.

    There are only 2 commercial operating systems of note for AACS to care about: Windows and OS X. HD-DVD/BluRay already requires 64-bit Vista. Upcoming CPUs from AMD and Intel aim to provide an integrated trusted computing environment.

    Just as pirates could reserve compromised devices, the AACS could be biding its time until Vista/Leopard and next-gen AMD/Intel chips are so ubiquitous that they could one day require software players to implement trusted computing, with little impact to MVP since every new computer would have trusted computing capability and Vista or a compliant OS X alternative. 99% of consumers probably wouldn’t be impacted at all, except to be prompted to download an update to their player, a practice for which they are already used to.

    Just look at the Image Constraint Token. They aren’t using it *for now*, but at some time in the future, the percentage of displays not capable of dealing with ICT will be so small compared to the world market, that they could switch it on, and force everyone with an old analog HDTV to watch scaled down content. And guess what, I doubt many people would be able to visually detect the difference between 1080p downscaled to 480p and then upscaled by their TV, and true 1080p, so few consumers would complain.

    Only videophiles would really notice, and videophiles don’t tend to own old legacy TVs.

    I just think this kind of analysis is way too simplistic. The real world is far more complicated, with irrational actors and parallel strategies that can make the model no longer accurate.

    The reason we worry about nuclear proliferation is that simple game theory analysis of the situation (MAD) is not sufficient. We know that sooner or later, a non-rational actor will appear, and that nukes have other uses besides launching them on ballastic missiles, both real, and political.

  46. My guess is that ‘C’ will become very short, in that hackers will learn to tap into the hardware level of the devices and just grab the keys almost as soon as inserting the disk in the drive. Logic probes are still alive and doing well last time I checked. You can obfuscate the key distribution by taking it out of the software and putting it into the hardware, but you can never hide it completely from someone who is not afraid to really dig into a problem and get their hands dirty. My guess is that you will start to see DVD player ‘Mods’ appear on the web sometime after all the favorite DVD software programs have been black listed at least once.

  47. Release of compromised title keys, rather than entire ripped files, does not compromise the commercial value of the disk, because you still need to buy a disk to use the title key. If somebody uses the key to publish a ripped version, that compromises the value of the disk, though today only slightly for files of many gigabytes. Chances are this is a zone of negative MVP.

    Your analysis does not attend to the type of attacker the movie industry cares the most about, which is the companies that manufacture burned disks to sell on street corners. It’s some time before downloaded infringements match these guys. For these attackers, there are no decryption oracles. If a player is compromised they can keep using it as long as they like, until sequence keys start getting used.

    What makes sense for them is to crack several players so you have some in reserve. They wait until you have released enough disks decrypted with the keys of your first player so that the sequence keys can identify that player. Then they blacklist that player. However, if you have one in reserve, you can move to it immediately. So now you need to be able to crack players only as fast as they can detect players with sequence keys. If that takes examining several cracked titles by you, it’s a fair bit longer. You could consider only releasing titles when you have 2 sets of player keys so that there is no delay after blacklisting if you can get them fast enough. You might also decide to key compromised keys “in reserve” in order to be sure you can cream-skim and immediately crack the big hits, where most of the MVP would be lost, and not worry so much about delays waiting for a new compromise on lesser titles. If the 80-20 rule applies, you don’t need a lot of cracks to remove most of the MVP, which is not evenly distributed among titles.

  48. Carlie Coats says

    I think that h2g2bob has it right: the error lies in assuming that the
    movie industry are rational actors. A cynic would say that the whole
    history of the movie industry disproves that!

    This in fact suggests an interesting second-order tactic: corporate
    management is supposed to be rational actors who aim to maximize
    stockholder revenue; given that they provably are not, what are the
    possibilities for stockholder-lawsuits that attack that management over
    their irrationality in demanding DRM?

  49. My guess is that L would be measured in weeks rather than months. Take a look at the Billboard top 10 DVD sales chart:

    I think the commercial life is quite a bit longer–basically the time from DVD release to a substantial proportion (say 2/3’s) to the time it is shown on TV, probably.

  50. My guess is that L would be measured in weeks rather than months. Take a look at the Billboard top 10 DVD sales chart:

    http://www.billboard.com/bbcom/charts/chart_display.jsp?g=Videos&f=Top+DVD+Sales

    None have been on the chart for more than 5 weeks. After that time I would imagine sales have decreased considerably, suggesting an L of perhaps 3 or even 2 weeks.

    As far as C, when we speak of compromising “devices” it is helpful to distinguish hardware from software players. I would imagine that the cost to compromise a hardware device is at least two orders of magnitude greater than for a software player, at least for the first device of a given make and model. Compromising subsequent models of the same player would be relatively easy, although you do have to buy a new player which will run several hundred dollars for hardware players. It’s a little hard to see how a piracy organization which is distributing its wares for free could afford to keep buying new players.

    Blacklisting a compromised SW player would probably involve a redesign of the software and a mass blacklisting of all current versions, with customers having to download an update. This will more or less put the hackers back at square one, although it is still going to be a lot easier than breaking into hardware.

    Blacklisting compromised hardware is more likely to target the individual machine rather than kill off all players of that model, because free upgrades and replacements of hardware players are not economically feasible, and it would be bad publicity to make so many owners so unhappy. So this situation is in some ways more favorable to the pirates, although they still have to keep buying new players to replace the individual ones that are blacklisted.

    However my guess is that pirates will focus on software players, because that fits into the skill sets which they already have, and because more people can become able to do it just by giving them information, rather than their having to buy expensive electronic equipment. This leads to a scenario where new versions of software players are released with improved obfuscation, just as the new HDDVDs are released that blacklist old players. This then creates a window of opportunity where the movies are not pirated, until the new software can be broken. The question then is how fast this cycle can be repeated, given the lead times to master disks, and the engineering time needed to come up with new software obfuscation techniques that cannot be broken in hours.

  51. As I understand it, this analysis depends on the commercial lifetime of a single disc.

    But it seems to me that the value of compromising a device would be not so much to provide access to a single disc, but rather a collection.

    So to me (from a common-sense, rather than mathematical perspective), it seems that an attacker who can compromise multiple devices would

    1) Release a set of titles based on compromised device 1
    2) Wait for some “critical mass” of new titles to be released (with device 1 removed from list of players but device 2 still present)
    3) Release the new titles based on compromised device 2

    I would think the attacker would want to maximize the sum of the hits to MVP for all of the new discs (which would be at various stages in their revenue generating lifetimes). The attacker would have to think about how many revenue tails would be required to make up a critical mass.

    Clearly, modeling this would make the math much more complex