July 19, 2018

AACS: Game Theory of Blacklisting

[Posts in this series: 1, 2, 3, 4, 5, 6, 7.]

This is the fourth post in our series on AACS, the encryption scheme used for HD-DVD and Blu-Ray discs.

We’ve already discussed how it’s possible to reverse engineer an AACS-compatible player to extract its secret set of device keys. With these device keys you can extract the title key from any disc the player can play, and the title key allows anyone else with the same disc to decrypt the movie. Yesterday we explained how the AACS central authority has the ability to blacklist compromised device keys so that they can’t be used to decrypt any discs produced in the future. This defense is limited in two obvious ways: the central authority needs to know which keys have been compromised in order to put them on the blacklist, and this only protects future discs, not ones that have already been produced.

It turns out there’s a third way in which blacklisting is limited. Counterintuitively, it is sometimes in the central authority’s best interest not to blacklist a compromised device key even when they have the ability to do so.

We can model one such scenario as a simple game between the central authority and an attacker. Suppose there is only one attacker who has compromised a single player and extracted its device keys. Initially, he keeps the device keys secret (for fear they will be blacklisted), but he and his friends acquire some number of discs every week and post the title keys on the web. Let’s also suppose that the central authority has enough resources to infiltrate this cabal and learn which player has been cracked, so that they can blacklist the device keys if they wish.

The authority faces a very interesting dilemma: if it does blacklist the keys, the attacker will have no reason to keep them secret any longer. He will publish them, irrevocably breaking the encryption on all previously released discs. If the authority doesn’t blacklist the keys, the attacker will continue to trickle out title keys for certain movies, but the rest will remain secure.

In other words, the authority needs to weigh the value of continuing to protect all the old discs for which title keys have not been published against the value of protecting the new releases that will be cracked if it doesn’t blacklist the keys. The result is that the central authority will need to exercise more restraint than we would naively expect when it comes to blacklisting. Once attackers realize this, they will adjust how quickly they release title keys until they are just below the threshold where the authority would resort to blacklisting.

Things get even more interesting if we consider a more realistic scenario where different players are gradually cracked over time. We’ll write more about that next week.

Comments

  1. Why are you assuming that the title key will be the same for all copies of a title? Would it be prohibitively expensive to change the key for each disc pressed? What about changing it, say, every 10000 pressings?
    If this is possible then it seems publishing title keys would become a very inefective way of attacking AACS, as there would be a low probability that a key you publish would work on my copy of the disc.

  2. As I’m sure we all know, most real-world organizations aren’t nearly as rational as they’re presented in game theoretic treatments of their behavior. It would be interesting to discuss how the politics of the hardware and content producers and the mentality of the people involved in the organization will cause them to deviate from the theoretically optimal behavior.

    To a first approximation, hardware makers will never want a key to be revoked. Revoking a key effectively destroys their hardware in the field and presumably greatly annoys their customers, and forces them to make production changes.

    To a first approximation, content producers will always want a key to be revoked as soon as possible. They won’t want to continue producing disks which work with a known-compromised player key.

    These approximations aren’t completely accurate because both sides have a vested interest in the continuing health of the system as a whole. Instant blacklisting of every compromised device is likely to cause people to abandon the format. Never blacklisting anything may cause content producers to abandon the format. (Although it should be noted that DVD has been completely broken for years and you can still buy new DVDs.) But given human nature, each side is likely to weigh its own specific needs over the needs of the system as a whole, even though they’re completely dependent on it. I imagine there will be a lot of conflict between the two sides as they try to decide how to deal with these things.

  3. My understanding is that the great majority of the revenues from a content release generally come in the first few days and weeks after release. The cost to content owners of having an old title key published may not be all that bad. Their main concern is protecting future releases. So I’d imagine they will go forward with blacklisting, at least in the context of the concern raised here.

  4. Well, theere are other perspectives which would cause the central authority to not want to blacklist a device, namely if they did so, it would reveal tto the cabal that they had been infiltrated. It is all about information, and the central authority is in the position of trying to stop the flow of information as much as possible, as every little bit of it can be used by the attacker.

    Not to mention, of course, that everyone who bought the blacklist device would unable to use them. If they can’t use their device, now they have a motivation to participate in the cracking effort. By blacklisting a device the central authority would be decreasing its moral connectivity. (See Col. boyd on that!)

  5. If keys are unique to a particular unit, rather than a particular model, how does it inconvenience the customers to revoke one of them? Apart from the one customer whose unit key gets revoked?

    Please correct me if I am wrong, but I have read that this encryption scheme has a branching structure of keys, like a tree of species in biology, and that individual keys or whole branches can be de-authorized.

    I don’t know how that works, but given multiple keys, is it possible to generate other working keys? If so, how broad would the compromised part of the system be? Would it open up all keys back to the most recent branch that the cracked keys have in common?

  6. As regards the cost – suppose that the oracle industry proliferates, and the aacs authority find that they need a huge staff and IT set up that grows and grows in order to keep up with what is going on. Who is going to pay for all of that?

  7. Michael Ash’s point about the behavior of content producers is important, at least for the game-theoretic analysis, because the relative value of new and old releases depends (in some complicated way) on the volume and nature of new releases. If content producers started adjusting their business models to avoid releasing new material (or to release it in other, supposedly safer formats), having a player that could only play old material wouldn’t be such a big deal.

    Of course, as he notes, the situation with DVDs suggests that serious DRM isn’t really important to content producers. All they really seem to insist on (at least as far as voting with their wallets and their intellectual property goes) is enough DRM to deter the casual copier. (And that’s probably anything where the cost of the time/money to make a copy is less than the cost of a rental, i.e. about 15-20 minutes or a few dollars.)

  8. One community completely ignored in all this is the hacker community that despises DRM and has a vendetta to rid the earth of it. Those hackers might extract and collect all the different players keys until they have enough to publish and make a real catch-22 for the Media companies. If you tick off a million people in one shot you are likely to see class action suits all over the map. Chaos ensues and the whole DRM thing eats some major finances from everyones bank account. Media companies, manufactures, retailers, and innocent users as well. That would not be a pretty picture I am sure.

  9. The volume unique keys needed for backupHDDVD has now started to appear for various movies here: http://forum.doom9.org/showthread.php?t=120611
    With this keys the movies can be decrypted.

  10. “Why are you assuming that the title key will be the same for all copies of a title? Would it be prohibitively expensive to change the key for each disc pressed? What about changing it, say, every 10000 pressings?”

    The cost of production goes way up because you would need a new master for each new title key. Remember, you have to re-encode the entire movie if you want to change the title key. Now, if you are producing enough coppies that you are using more then one line to press them, then you could have a different title key for the master used on each line. I don’t see more then one master for each movie being created any time soon.

    Now, if someone came up with a cheaper way of producing masters, or a cheap way to produce disks that didn’t require expencive masters, then changing titles keys would become attractive. Right now, it would cut into the profits because it would not result is anough additional disks being sold.

    Has anyone seen an honest study about the costs of DRM, and if it realy does stop enough priating to be worth the cost?

  11. Just stumbled across this series and each entry has been more interesting than the last. Thanks for the information!

  12. Looks like the number of title keys that have been published is starting to prolferate, and at least one HD title is now on the torrents.

    Has there been any comment yet from the snake oil purveyors?

  13. So, how difficult is it to discover working device keys by having a large enough sample of encrypted title keys and their decrypted counterparts? Would a brute-force attack be possible on the set of device keys currently used to decrypt title keys?

    It seems like once you’ve got a few hundred title keys in their encrypted and decrypted state, you could eventually pull some device keys out of thin air. The mathematics of broadcast cryptography are over my head, but hackers have lots of time and computing power on their side, and nothing to lose by training some of that power on the problem of generating device keys before any devices using them have even been built.

    I’m assuming that the number of device keys used to encrypt a title key is going to be like a funnel. Today, every possible device key that the authority ever wants to be able to play a disc going in to production was used to encrypt its title key. Two years down the road, if they’ve blacklisted million of those device keys, and 5 years down the road, they’ve blacklisted a billion of those device keys, but they haven’t put any new ones in there because players who used those new keys wouldn’t be able to play older discs.

    I’m thinking they won’t run out of device keys for new devices (it is probably a very large set), but if the authority can’t assert that every blacklisted key is from a device owned by an evildoer, they’re quickly going to get a large set of consumers who just bought a HD-DVD player that can’t play Superman Returns to form a class-action lawsuit, or worse, an effective boycott.

    Then there is the possibility of a very large set of device keys (say, all of them) being ‘found’ somehow. Industrial espionage still occurs these days, doesn’t it?

    My bet is that the device key problem is going to be what brings AACS down eventually. Any large, static set of keys is just begging to be discovered.

  14. Maybe there is time to create a ACCS@Home screensaver to brute force device keys?

    /Perty

  15. I think that revoking keys is not the simple formality that some people think.

    My perception from what is going on is that at least two different people have cracked players independently of each other. Title keys are starting to appear on the net. At the time of writing this, valid title keys for at least 30 different titles are posted on the net, at least one movie has been uploaded to a bit torrent, and the details of one player that has been broken are also circulating. There is some question that “backuphddvd” might not be perfect – but that is a programming and not an encryption issue.

    So we have a situation where the means is now there for anyone to crack any HD-DVD disk that has already been made. Details of one compromised player are public – but not any others.

    If keys are now revoked, what happens to stocks of disks already made but not yet sold. What about existing production from masters – are they to be stopped and new masters made.

    What if a production run is stopped, new masters made, and before any new production reaches the stores, there is another “incident”. Who is going to pay for all of this.

    I think that HD-DVD might well be “the second coming of the DVD” – in a way that the author of that expression did not mean.

  16. Govt Skeptic says:

    Prof Felten et al:
    I totally call foul on making prediction 8 for 2007 and then turning around and running the AACS meltdown series.
    Either this was up your sleeves and prediction 8 was tongue-in-cheek, OR you’re desperately trying to rebound from your horrendous wipeout on the 2006 predictions by getting the ball rolling on the meltdown.
    If your next series is on how to hobble your freshly-flying pig, I’m calling total BS.
    BTW, my office pool on your predictions is now completely ruined. Several people already want their money back.

  17. graphex: The encryption should be strong enough for anything below millions of plaintext/ciphertext pairs to be insufficient. The weakness is that the whole system architecture is not tamperproof — enough device keys can be recovered, and presumably HD content extracted from the display path with rather unsubstantial quality loss.

  18. IMO the assumption underlying the HD business/protection model is that HD content is so superior to e.g. DVD/EVD-style quality that making it difficult (and thus costly) enough for pirates to produce HD copies will deter piracy, and not unrelated that consumers will readily upgrade to HD and shun DVD. It is not immediately clear to me that this assumption holds, but time will show.

    Perhaps we will indeed see some deterrence of HD->HD piracy, but learn that the easier path HD->DVD, which should not require breaking AACS, is good enough.

    Although it’s not a proper analogy, compare MP3 piracy — apparently MP3 is good enough to match CD quality for large audiences.

  19. As regards the analogy with mp3’s, that is a valid point. The mass market is where people play unprotected mp3’s on small players where the quality only has to reach a mediocre level. In order to introduce a new format, there would have to be a desirable new attribute to create demand. People do not buy into new formats that have only been created as platforms for stronger drm on a product that is otherwise the same.

    It remains to be seen if people really do want huge television sets and monitors. If you don’t want a huge screen, then you don’t need HD.

    As regards the current story of title keys, a web site has been set up with a list of keys at:

    http://www.aacskeys.com/

    I am surprised that hackers involved have revealed the details of the players that can be used to extract these keys. – Unless that is, there is something else they have also discovered, and the plan is to wait for the device keys for the players to be revoked, the rhetoric about damage limitation to be said and new titles to come out – and then keys start appearing for those as well.

  20. Perty,

    That’s probably quite a good idea.

    Bung an HD-DVD in the drive. Hash is communicated to distributed system to see if keys are available, if so, keys are provided to client software to decrypt DVD (for non-copyright infringing purposes).

    If keys, aren’t available, encrypted DVD is communicated with DRM intact (thus no copyright infringement can occur if TPM lives up to its name) for a distributed analysis.

    A day later, its keys become available to all who possess that DVD.

    No-one possesses any circumvention software for the purposes of copyright infringement.

    No copyright infringement occurs, except by nefarious users who abuse the keys they’ve obtained. However, this doesn’t incriminate the distributed analysis system for bonafide users.

  21. As to game theory…

    Has anyone considered that AACS may be expected to be easily broken (despite representing a duly diligent attempt)?

    Moreover, the inevitable blacklisting and consumer outcry a perversely beneficial publicity?

    It may be part of a strategy to demonstrate that general purpose computers should become a proscribed munition, and that henceforth only strictly controlled devices such as Windows Vista PCs could be permitted for domestic use.

    That’s why MS is pushing for TCP, Vista, and DRM. It knows that either copyright is dead, or DMCA wins to enforce its survival. It’s gambling on the latter, and expects that general purpose computers will need to be removed from domestic control – hence why an OS that achieves this will suddenly become far more valuable than one that doesn’t.

    MS can’t gamble on copyright’s demise, because the world of GPL software already has that inevitability sewn up quite nicely.

    Perhaps Linus sees either horse winning and doesn’t wish to commit one way or the other, hence decrying GPLv3’s anti-DMCA provisions.

  22. Crosbie Fitch,

    Hmm… That would be very neat, I would do it if I had the time…

    Can someone clarify, if I share a encrypted HD-DVD am I really not making anything illegal? (In US for example?)

    Sharing encrypted nonsense would never hold in a court, or?

    And if I want to watch the shared movie I just download the right key? And having the right key and an encrypted movie is it enought to be able to extract the content to?

    Is it possible they have created a legal way to share premium content?

    /Perty

  23. “they’re quickly going to get a large set of consumers who just bought a HD-DVD player that can’t play Superman Returns to form a class-action lawsuit…”

    Funny you should mention that particular movie, given what’s currently paused and idling behind my Firefox window. (FWIW, normal-definition DVD, legally obtained, in media software that came with this PC.)

  24. And the MPAA strikes back, although not directly at HD title key sites. Instead, they seem to have nailed a popular filesharing app (Torrent-capable) this AM.

    http://www.shareaza.com: Connection timed out
    forums.shareaza.com: Host unknown

    Three hours ago or so, these were normal.

    I don’t know if they’ve done much to degrade use of the application yet, but the web site and forums appear to be nuked. Trackers and gwebcaches are no doubt being blitzed as well.

  25. Both of those sites have been on and off in the past few hours. There is possibly a fault.

    The latest is that decrypted keys for around 46 titles are floating around the net.

    The bottleneck in not getting all the keys out straight away might well be due to the fact that the method being used involves actually having the disk to be able to extract the key, and not many people will have extensive disk collections yet. In fact, hackers do not usually have extensive collections of anything genuine.

  26. Would the arguments presented in this blog entry predict that the WinDVD player key will not be revoked? It will be interesting to watch the situation as it develops over the next few weeks and months. We are lucky that we can see some tests of this reasoning in the real world so quickly.

  27. One speaks of legal attacks, yet I’d expect either Title Keys, or a torrent containing the latest Title Keys to be available on The Pirate Bay and updated every Wednesday, after this week’s Tuesday releases. Especially if they buy SeaLand.

  28. Given that the offending devices have been made public, my first thought is that they would have to revoke the device keys for them.

    But when you think about it, I doubt if there will be much traffic in copies at the moment and I reckon that the job of revoking device keys by way of data on disks could disrupt the supply chain of disks, and they might wait.

    Unless someone devises a convenient way of making the files physically portable, pending cheap burnable media. Split the movie and put it on several DVD’s?

    Another title key site:

    http://www.hdkeys.com/

  29. Another approach to breaking it all. If someone can break the system of assigning Device Keys, then they can create a keygen for DKs that haven’t even been distributed yet, and create new ones at will the moment anything is revoked. Even a tree structure of revoking DK’s wouldn’t stand up to this attack since one should be able to create wildly divergent ones in moments. I would think the moment this arrives that AACS is dead for good.

  30. Re: software players

    One assumes that the keys have been extracted using software players. Revoking the keys to software players is much more practical for content providers, since a quick download can fix the previously disabled player.

    Doesn’t this change the analysis? Also, I seem to recall a scheme to update hardware players from disks. Was this actually implemented and doesn’t it provide a means to revoke a key without major problems for harwdware players?

  31. Perty:

    Sharing an encrypted DVD is still illegal. The information it contains isn’t random, it’s just a different way of presenting the same content as an unencrypted disc, so it’s still a copyright work.

  32. I think that this calls for an article that looks at what is being revealed (title keys) and the signiicance, what could be revoked and how that is achieved, and what the implications would be for owners of players, and the supply chain back to the manufacturers in terms of disks and masters in the pipeline, where it affects disks.

    The first key to be revealed (and there is a long story to that) may not have been grabbed using the players that have been identified, so what do the authorities do about that if keys then start to trickle out for new titles published after the revocation.

    I imagine that the revocation system is based on the assumption that problems will be few and far between and that damage can be limited. The problem illustrated here is that breaches can occur whereby all disks released to date can be broken into.

  33. manigen,

    You’ve just stumbled across the DMCA’s Achilles heel.

    😉

    What the owner of a DVD does is to encrypt the encrypted contents of the DVD as a TPM to protect the owner’s (now derivative) copyrighted work.

    How does the MPAA know whether the owner is transmitting a home video of their child’s birth or a derivative of the encrypted Superman Returns HD-DVD?

    They can only do this by circumventing the owner’s TPM (that the owner used to protect their copyrighted work). Unfortunately, the DMCA prohibits any such circumvention if in violation of copyright, e.g. to access the owner’s private home video.

    So, in order for the MPAA to prove that you are transmitting their work and not yours, they have to circumvent your TPM – which is prohibited by the DMCA.

    So, how can they violate the DMCA in circumventing your TPMs in order to demonstrate that you are infringing the copyright of their still encrypted work?

    And, remember, you’re not circumventing anything simply by transmitting data sourced from the DVD.

    Now, the MPAA has to violate the far more draconian DMCA in order to accuse you of a simple copyright infringement.

    You can of course include a snip of a home video within the encrypted payload to ensure that the MPAA would indeed infringe your copyright in the process of circumventing your TPMs.

    Moreover, the MPAA has to demonstrate precisely how they knew that your encrypted content contained their work without having circumvented its TPMs.

    Circumvention tools are also supposed to be illegal…

  34. Surely they don’t need to circumvent the TPM to know whether or not the image is theirs or not. After all, they already have an encrypted copy of the movie themselves; if the image they download from you matches the official copy, they can prove infringement without ever decrypting the content.

    Also, what is the legal definition of circumvention, and how can you be so sure that what the MPAA does falls under this definition? It can’t simply mean decryption or simple playback would be illegal.

    Incidentally, if all you do is use a key that you found on the internet to decrypt a movie, can you be charged under the DMCA? After all, you didn’t circumvent the TPM; you used the accepted means to decrypt it. Somebody else circumvented it for you — presumably the person who discovered the key in the first place.

    On that note, if somebody wrote an unsanctioned software player for HD-DVD content using an online oracle to obtain whatever keys it needs to decrypt the content, could it be sued as a circumvention device? If it can, doesn’t this effectively give the movie industry a monopoly on who can produce HD-DVD players?

  35. Devonavar, if you intercept an encrypted file I’m transmitting, how do you know what’s inside it unless either you have the decrypt key or you circumvent the encryption? Plus, the encrypted file is unique (so, no comparing hashes).

    Moreover, the file is not shared, it is divided into a few pieces and distributed to a few participants at random (for distributed analysis).

  36. I don’t think I understand what you have in mind. Are you re-encrypting the partial file when you send it out to the distributed clients? If that were done, then you’re right, but from the context it seems clear that we’re not talking about re-encryption but about transmitting a file (or parts of that file) that was encrypted by the original publisher — an MPAA member.

    Assuming my mind is in the right place, they don’t need to know what’s inside the encrypted file so long as they can compare it bit for bit with the original file that they created. However, this is where you lose me. In what way is the encrypted file unique? You say no hashing is possible, but you make specific reference in one of your earlier posts to a hash being used to determine whether a given file is flagged for cracking. Surely the MPAA can use this same hash?

    The fact that only a section of the original file is shared should present no barrier to matching the original file. It shouldn’t be difficult to reverse-engineer the distribution client to determine the block size used to distribute the file, and once that is known it would be simple to search for these blocks in the original file.

    Besides, I suspect that your conception of how much data a distributed client would distribute is flawed. A brute force cracker need not distribute the whole file; only enough to identify when a section has been successfully been decrypted… i.e. enough data to verify that the decrypted result contains an MPEG header.

    On top of that, I don’t see any reason why a distributed client wouldn’t count as circumvention software, making it outright entirely, regardless of whether it infringes on copyright during its operation.

  37. Distributed brute-force decryption is different from file sharing.

    If I am given N peers to which I should distribute my next set of cryptograms, then given I have each of those peers’ public keys, I can transmit my (further) encryption of each cryptogram to them. However, my encryption cannot be broken by an interceptor without them violating the DMCA. Of course, the recipient may coincidentally happen to be a member of the MPAA, but this is unlikely. If they are, then presumably they are just as culpable for participating in a distributed circumvention conspiracy.

    The division of a DVD into blocks is not to obscure their origin, but to divide the workload.

    As to whether a client in a p2p distributed brute-force decryption system counts as circumvention software, well maybe it does, but so what? Who’s to connect the transmission of encrypted DVDs with coincidental participation in a decryption system? The MPAA has to participate in such a circumvention system in order to avoid violating the DMCA, but then its very participation also violates the DMCA.

    Remember, the DMCA doesn’t outlaw distributed decryption systems per se, only such systems as dedicated to the circumvention of copyright oriented TPMs. And in order to demonstrate this, the MPAA has to collaborate.

    Anyway, the fact remains, you can transmit a re-encrypted DVD to anyone you like. The DMCA prevents the MPAA attempting to circumvent your TPM. If they demand they can break it to enjoy their fair use rights, then that works for you on their DVDs.

    Today we are all copyright holders – and all publishers.

    The DMCA works for everyone.