September 24, 2018

HD-DVD Camp Disses Blu-Ray DRM

Proponents of HD-DVD, one of the two competing next-gen DVD standards, have harsh words for the newly announced DRM technologies adopted by the competing Blu-Ray standard, according to a Consumer Electronics Daily article quoted by an AVS Forum commenter.

[Fox engineering head Andy] Setos confirmed BD+ [one of the newly announced Blu-Ray technologies] was based on the Self-Protecting Digital Content (SPDC) encryption developed by San Francisco’s Cryptography Research. That system, which provides “renewable security” in the event AACS is hacked, was rejected for HD DVD over concerns about playability and reliability issues (CED Aug 2 p1). BDA [the Blu-Ray group] obviously had a different conclusion, Setos said.

[Hitachi advisor Mark] Knox also took a shot at the BD+ version of SPDC, calling its “Virtual Machine” concept “a goldmine for hackers.” He said the Virtual Machine “must have access to critical security info, so any malicious code designed to run on this VM would also have access. In the words of one of the more high-tech guys ‘This feeble attempt to shut the one door on hackers is going to open up a lot of windows instead.’”

There’s an interesting technical issue behind this. SPDC’s designers say that most DRM schemes are weak because a fixed DRM design is built in to player devices; and once that design is broken – as it inevitably will be – the players are forever vulnerable. Rather than using a fixed DRM design, SPDC builds into the player device a small operating system. (They call it a lightweight virtual machine, but if you look at what it does it’s clearly an operating system.) Every piece of content can come with a computer program, packaged right on the disc with the content, which the operating system loads and runs when the content is loaded. These programs can also store data and software permanently on the player. (SPDC specifications aren’t available, but they have a semi-technical white paper and a partial security analysis.)

The idea is that rather than baking a single DRM scheme into the player, you can ship out a new DRM scheme whenever you ship out a disc. Different content publishers can use different DRM schemes, by shipping different programs on their discs. So, the argument goes, the system is more “renewable”.

The drawback for content publishers is that adversaries can switch from attacking the DRM to attacking the operating system. If somebody finds a security bug in the operating system (and, let’s face it, OS security bugs aren’t exactly unprecedented), they can exploit it to undermine any and all DRM, or to publish discs that break users’ players, or to cause other types of harm.

There are also risks for users. The SPDC documents talk about the programs having access to permanent storage on the player, and connecting to the Internet. This means a disc could install software that watches how you use your player, and reports that information to somebody across the Net. Other undesirable behaviors are possible too. And there’s nothing much the user can do to prevent them – content publishers, in the name of security, will try to prevent reverse engineering of their programs or the spread of information about what they do – and even the player manufacturer won’t be able to promise users that programs running on the player will be well-behaved.

Even beyond this, you have all of the usual reliability problems that arise on operating systems that store data and run code on behalf of independent software vendors. Users generally cope with such problems by learning about how the OS works and tweaking its configuration; but this strategy won’t work too well if the workings of the OS are supposed to be secret.

The HD-DVD advocates are right that SPDC (aka BD+) opens a real can of worms. Unless the SPDC/BD+ specifications are released, I for one won’t trust that the system is secure and stable enough to make anybody happy.

Comments

  1. Stephen Cochran says:

    To me, it appears that both camps are doing everything in their power to ensure that the HD format is delivered stillborn. I don’t know of any early adopters (and I am one of them, as my first $700 DVD player attests) that will consent to the level of control that the studios are requiring, and without the early adopter community pushing the format, it will go nowhere.

    Add in a requirement for a continuous connection to the internet, and you drop a large chunk of the “normal” consumers from being able to consider buying in.

    They are truly trying to produce a product that “only a mother could love”.

  2. That “security analysis” is interesting, especially for what it doesn’t cover. As soon as the idea of persistent state comes up, I start thinking about the possibility of a hostile disc making trouble for the player. It sounds, for instance, like it would be very easy for a disc to contain code that consumes all the player’s storage space for “slots”, and prevents any future discs requiring “slot” resources from playing. From the player’s point of view the intended use of the system could already be called hostile, so it may be that there’s just no way to prevent content from being hostile while allowing content to override the owner’s wishes. What it’s DRM or a virus is a matter of perspective.

    The tinfoil-hat brigade will want to take note of the fact that with persistent state on the player, it’s possible for the media cartel to not only say “Our algorithm thinks you pirated this disc, so it won’t play!” but actually “Out algorithm thinks you pirated this disc, so now your player won’t play any discs at all anymore!”

    I’d think players would have to have a way of resetting the internal storage – either by a documented or undocumented reset button, or something like opening the box and shorting a couple pins. If something like that wasn’t at least available to customer service, they’d have an unreasonable burden handling warranty returns for players “damaged” by hostile discs.

    I’m also intrigued by the “instruction filter” concept, which XORs a 32-bit value with instructions. That’s claimed to require attackers to emulate the virtual machine in order to be able to disassemble the code, but I can think of several ways to avoid having to do that. It would be a fun challenge.

  3. It seems to me that both manufacturers have ended up completely backwards. They are now treating the “consumer” as their product, and treating the movie industry as their customers. This is apparent in how they try to enhance the consumer as much as possible, by restricting the “bad” things they can do, while constantly courting the content producers.

    In reality, the movie industry is going to jump on whatever format ends up being more popular, which is probably simply whichever one comes out first. If they’re close, then it’ll be whichever one has more friendly-sounding features. The VCR was hated by the entertainment industry and yet they still pumped out millions of copies of their content for it.

    Rather than bowing down before the MPAA, the electronics companies should be practicing a divide-and-conquer strategy to get the individual studios on-board one by one. I imagine that, once you get to the core of things, the studios are more afraid of each other than they are of their customers.

  4. Anonymous says:

    Was it the Crab or was it the Tortoise who was continually destroying the record players of the other in Hofstadter’s ‘Godel, Escher, Bach’? I seem to recall the last, final, attempt was when the Crab created a player that would carefully analyze the disk it was presented, reconfigure itself, and proceed to play it “safely” … and the Tortoise did indeed choose to attack the “reconfiguration” mechanism, laying waste to the player.

    So if fiction is any indication, we are on the last cycle with the MPAA before they realize that physical reality is not subject to majority vote, committee approval, or whatever.

  5. sony and toshiba give up on unified of the next-gen DVD format.
    this going to hurt most of the consumers / users.

    still hoping that, one day both companies will come out wtih solution to standardized the format

    http://errortest.blogspot.com/2005/08/big-impact-blu-ray-and-hd-dvd.html

  6. I for one am not going to buy either format. This a perfect recipie for getting a virus on your computer that can’t be fixed. The virus can live in the OS of the DVD drive and you are screwed.

    When sales tank because no one buy their screwed up disks then they will change tune and deliver a new format. These DVD discs offer nothing to the consumer.

    Hell if I really want to pirate a DVD movie right now I can do it and put it on a regular DVD with new compression formats or with X-DVD COPY. Also for backuping up stuff the DVD drive I have now works just fine. It takes too long and I can’t imagine trying to burn 30gigs of data on a disk. 75% of people don’t even need or even have 30gigs of data to burn to dvd. Why not use a 100gig usb hard drive if you really need to have that much data backed up?

    Regular DVDs haven’t even taken in the PC game world. I ask for games on DVD at EBGames but I still end up getting it on CD because they don’t have them in stock.

    If you really look at this new technology it is total garbage and there is no need or real desire for it on the consumer level. I think most people will skip this generation of technology and wait for something better.

  7. Either way you go, it’s only a matter of time before disc to disc copying technology appears on the new disc format, then you need to buy a whole new set of machines and magic boxes as well.

  8. For now, lets just not buy any of their products. Hollywood isn’t happy unless our hardware is rendered so useless, you wind up with something the average joe isn’t going to want to buy.

  9. Bah, they have been charning such crap that its not even worth your time to pirate their shit, much less buy it. forget the technology, I dont want holliwood shit or artificial music.

  10. george barlow says:

    So how long before a hit movie (or two, or a hundred) come out with a spam-sending bot snuck into the instructions that the disc loads into the player? Imagine a horde of millions of always-online spam-sending video players, that the user can’t control. Will the unfortunate consumers have to resort to buying anti-virus discs for their video players? Talk about an intersesting battleground… Just the DRM overload itself will keep me from going past DVD, this added baggage simply adds confusion to the chaos.

    If I can’t use it in the ways I’m legally entitled to, I’m not interested in using it at all. And what happens when the next format comes along in a few years, and these video players are no longer supported? Your video library is totally unplayable? No thanks!