October 22, 2018

AACS: Sequence Keys and Tracing

[Posts in this series: 1, 2, 3, 4, 5, 6, 7.]

This is the sixth post in our series on AACS, the encryption scheme used for HD-DVD and Blu-Ray discs.

It’s time to introduce another part of AACS: the Sequence Key mechanism. Throughout our AACS discussion, we have done our best to simplify things so readers could follow our logic without having to digest the entire technical specification. At this point, continuing the discussion requires some background about Sequence Keys.

We wrote previously about the AACS traitor tracing algorithm, which the AACS central authority can use (under some circumstances) to figure out which device keys have leaked. The Sequence Key mechanism gives the authority further help in figuring out which devices are compromised.

Sequence keys don’t seem to matter as of yet. Discs are not required to use sequence keys, and indeed we have yet to see a disc that uses them. We would be interested to hear of any current HD-DVD discs that use them. (Your disc uses sequence keys if it contains the file “AACS/SKB.AACS”.)

The sequence key mechanism uses two tricks. First, it assigns each player device a unique (or nearly unique) set of sequence keys. Discs that use the mechanism contain a special header that a player can decode, using the player’s sequence keys, to get a group of six decryption keys called the variant volume keys. Things are set up so that different players, presented with the same disc, will often end up with different variant volume keys.

The second trick is to take a few snippets of the movie, and put those snippets on the disc several times, encrypted under different variant keys. The movie publisher might create eight slightly different variants of the snippet, and encrypt each variant under a different key. Every player will know one of the eight variant keys, so it will be able to decrypt one of the variants – but different players will decrypt different variants.

The effect of this is that the movie will look slightly different, depending on which player was used to decrypt it. If a ripped copy of a movie is redistributed, the central authority can look at which variant of each snippet is in the rip, and can then identify which player device did the ripping. Each snippet lets it narrow down the number of suspected players by roughly a factor of eight (assuming roughly one-eighth of the players get each variant of that snippet). Given multiple snippets, they can divide by eight for each snippet, rapidly narrowing down the suspects to a few players, or even just one.

Having identified a specific player, the authority can then blacklist its keys, as we described in previous posts, so the player will be unable to decrypt or play any new discs. (It will still be able to access existing discs.)

The BackupHDDVD tool, as it is today, cannot cope with discs that use the Sequence Key mechanism – it uses only the per-disc volume keys and does not have or use any sequence keys. It wouldn’t be hard to modify BackupHDDVD so that it also downloaded and used the variant keys for a disc, allowing it to access discs that use the Sequence Key mechanism. This would require reverse engineers to extract and publish more keys (probably the so-called Volume Variant Unique Keys, along with the associated Variant Data) but that probably isn’t a fundamental impediment.

Doing this would allow the central authority to look at the newly added keys and figure out which player they were extracted from. (Actually things get interesting if the attackers get Variant Keys from many different players and then combine them cleverly to try to avoid being identified; there’s a whole theory considering how well such attacks will work.)

In the end, none of this affects our basic analysis much. Our modeling of the interaction between attackers and the central authority already assumes that the central authority will be able to identify a compromised player, whenever that player is used to capture a significant number of keys. Sequence keys make the mechanism more complicated but they don’t make AACS much more effective, if the attackers are smart.

Comments

  1. Of course it’s scary to see how far they might go in the DRM Arms Race. In some ways they might be heartened by CSS. CSS was not very strong, and they were surprised it took as long as it did to break it. And after it was broken, did DVD sales take a hit? It seems not.

    So they may conclude they don’t really need to go all out (even with such tools as sequence keys) and just follow the speed bump methodology.

    Or they might take scarier tactics, such as attempting to register all software players and get an identity of the owner (as they do for screeners) so they can sue people who release rips or keys. Or they might decide to take the expensive route of including a small (by today’s standards) stripe of custom burned data on every disk in an effort to make every disk different. Attackers would have to publish that data, which is more clearly a copyright violation and might be tracked to them.

    And before too long they will start to consider demanding all disk players be online at some point, and that won’t be so onerous a demand a few years from now. They could make it so nobody could play a disk without an online transaction that attempts to identify them and put that in any rip. (Original divx required a player that was occasionally online, but failed to get market adoption.)

  2. Ray Cromwell says:

    One blindspot in all of this analysis is ignoring criminal prosecution. It reminds me of all the old debates in my cypherpunk days. Sure, you assume that central authorities will be able to track down responsible devices using sophisticated tracing techniques (like IBM’s Renewable Traitor Tracing), but completely ignore the real world consequences of this.

    We are left to assume that pirates will get a slap on the wrist, the mere revocation of their device keys via the MKB, which means they’ll have to go to Best Buy and get another copy of WinDVD to obtain new keys.

    What is missing from the analysis is the fact that in many cases, they will also be able to trace device keys to individuals. Anyone paying via anything but cash will be succeptable, and don’t assume for one second that every piece of inventory can’t be tracked, in fact, for many suppliers, it already is. I can call up Microsoft today and give them the serial # of my XBox360, and they can tell me what store I bought it at and when.

    Ultimately, even cash could be attacked by requiring software players to be activated online by credit card verification, which means pirates will also need to commit financial crimes as well by forging credit cards or identity theft.

    In any case, they will definately make an example out of pirates who are caught, even if they happen to be operating out of Russia or China, just take a look at satellite piracy.

    DirectTV uses broadcast encryption with revokable keys and relatively tamper resistent cryptocards. Combined with stiff penalties, both monetary and long prison terms, satellite piracy was significantly reduced. The P4 access cards from DirectTV made piracy alot more difficult for the average joe, and because of the prison terms, not many people dare to try and sell hacked boxes or cards anymore.

    So yes, people will rip title keys and content and distribute them. And at some point in the future, they will successfully detect some people, maybe because they made a stupid mistake, and those people will end up with huge fines and prison sentences.

    Now the game theory payoff matrix looks a little different.

  3. Reading this once again leads me to a conclusion I have reached several times before – and it still astonishes me, that the s.c. “central authorities” haven’t:

    All these protection mechanisms have mainly one effect: The piss of the paying customer.
    Many copy protected CDs don’t run in car stereos or DVD players, region code crippled DVDs (which at times simply aren’t available in the ‘correct’ region) force me to run some region code remover tools and the whole HD DVD / BD crap is forcing people to buy new players, TV-Sets and so one to allow for HDMI with HDCP.

    But all this shit is only making a paying customer’s live miserable!
    As long as I just download ripped DVD-movies from the internet, I can run those on my DVD player after burning them on a blank, I can watch the movie on my computer without caring about region code crap and ripped mp3s run on all my equipment.
    So somebody tell me again why I should spent money for some stuff which only works relyable when getting it illegally?!?

    My 56 bit,
    C.

  4. @RayCromwell;

    I worked through all your examples, and then I thought about the effects of special keys and immobilizers in automobiles. There has been a recent upswing in the number of house break-ins just to steal car keys, because with the car key, you just drive away.

    In this case, there would be a spike in demand for stolen players (and possibly even PCs) since that would break the custody chain you are following. In the case of PCs, you might also find that repair shops can become an outlet for sniffed player installations – an employee would simply pass on installation parameters, perhaps even for free (because they figure they ultimately benefit) and someone else cracks through the details.

    With a broken custody chain on the PC or player, any investigation of the device/software owner will run cold very quickly. It also raises a new set of problems for the investigator — witness the people charged with buying illegal goods who actually had their credit card details stolen. In that case, the investigators did not always ensure that the credit card owner had exclusive custody of the card details. Lives were ruined – one ended in suicide.

  5. Grandfather says:

    I’m not interested in pirating movies, I just want to watch them. My PC won’t play HD-DVD smoothly (it’s not quite powerful enough) and I have to unplug the HDMI and use VGA because I don’t have a ‘trusted’ video system. Now, if I can rip the movie and have it play smoothly through my digital monitor, wouldn’t I have to be a cretin not to do that? As a relatively law-abiding citizen it annoys me that the studios treat me like a criminal – and if I have to rip their stuff to play it, I may just be tempted to go all the way and give copies to my friends. May as well be hung for a sheep as a lamb.

    But to return to topic, Sequence Keys are an interesting twist on the issue of decrypting the content. As I see it, the flaw in the process is the number of combinations/revocations that can be implemented. The IBM paper rj10394.pdf makes that point too. If enough keys can be captured and published from many different players, the AACS-LA will run out of options for deterministic blacklisting and will have to consider the effect of disabling large proportions of a manufacturer’s output or screwing over innocents. If sequence keys are to be distributed on the web, they need to come from multiple players and a competent ripping program must be able to make variable choices as to how it assembles the ripped movie.

  6. Can someone explain how this is different from watermarking and thus not subject (modulo computational power) to the same kinds of responses?

  7. Paul,

    The short answer to your question is that this situation is closely related to watermarking. Presumably the studio would generate the eight variants of a snippet would differ by the presence of various watermarks. Attackers could try to attack the watermarks, thereby helping them “scrub” the identifying information out of a ripped copy.

    If the attackers are publishing only key information, rather than a full rip of the movie, then the key value will act as a kind of watermark. And the keys will be strong watermarks, in the sense that attacker’s won’t be able to remove them without making part of the content inaccessible.

    Attackers who get versions with different watermarks will be able to collude and try to produce spliced-together versions that could never have been created by a single compromised player; and there’s a whole body of theory about whether and how the studios could fight such collusion attacks.

  8. It is going to be interesting to see the reaction of the content providers to this initial compromise of HD-DVD. It is now likely that some commercial producer of DVD decryption software (perhaps Slysoft?) will take the seeds of hddvdbackup and the windvd key exploit to make some type of push and click solution.

    Since it can be argued that there is at least some collusion between the consumer electronics industry and the content providers (regarding DRM), might this extend to the pricing of HD-DVD burners and HD-DVD blank media? The Toshiba SD-H903A HD-DVD burner for PCs is expected to be over $1000 and 15GB HD-DVD-R media costs over $15 each.

    As long as blank HD-DVD-Rs are priced in the same ballpark as many commercial HD-DVD titles, there should be considerably less incentive to opt for a copy over an original. Even moreso since the 15GB capacity of HD-DVD-Rs will mean that copied originals must be recompressed to fit on a single layer HD-DVD-R. Even if pirated content were to be stored exclusively on hard drive(s), the cost would be siginifcant. With 1 terabyte hard drives coming soon at about $500 each, such drives would store perhaps 40-60 movies, at an effective cost of around $10 each.

    As far as widespread internet distribution of ripped HD-DVD content, the file size is likely to keep this in check for at least a while. The distribution of keys will likely be more popular.. but if people are seeking keys, this means they probably have an original disc, and if they do, these people would probably opt to choose a push and click solution that uses their own keys – should such a solution become available. The tracking of device keys used for copying on a local level will probably not be very effective.

    I think a smart move by industry at this point would be to ship players without device keys, and to require some sort of net/phone registration to obtain a key. There are flaws in this method of tracking and enforcement, as has been illustrated by Ed and others.

  9. Ray Cromwell says:

    No doubt pirates could engage in identity theft or player theft, but you have to consider the effect this has on the pirating community. Many people who pirate tend to rationalize that it’s a crime that doesn’t hurt anyone (e.g. non-rival good) or only hurts “a little”, and that it is also a crime in which most people are individuals doing it for their own use won’t be punished.

    I’m not sure casual piraters and hackers would engage in identity theft or player theft, because not only is it significantly more “evil” than content piracy, it comes with much stiffer criminal penalties.

    That leaves professionals and people willing to take serious risks to free content, or DoS attack the AACS revocation system. Why do professional pirates do what they do? Money. They replicate VCDs and DVDs and sell them, but the premise here is online distribution, so we’d have to posit a business model of professionals willing to host services online to take payment and sell title keys. It just doesn’t sound as compelling a business model compared to knockoff disc copying. And for the end user, how many people want to risk buying title keys through a nefarious pirate site? I certainly wouldn’t want to give them anything but anonymous cash.

    The remaining threat would come down to rebels who are people who don’t give a damn, stealing player keys or robbing identities in order to rip HD content/keys and distribute them online. Maybe there will be some people like this, most likely under the age of 18, as it certainly happened in the past, with the convergence of software piracy, cracking, and phreaking among teens. But the incentive for teens to commit credit fraud was not to buy pirated games, but to make money selling stolen goods. Most pirated software was obtained by people working in stores and handing early copies to cracking groups. (Do teens buy a $1500 CAD program? 🙂 )

    But if all publishers have to worry about is a few teens ripping stuff and distributing on continually-under-attack online P2P systems, the publishers will have gotten their money’s worth out of the DRM system.

    Distribution of 15-50gb of content per disc won’t exactly be easy for a long time, and the vast majority of people won’t want to incur the search cost and frustration of trying to find enough seeders to get reasonable D/L speed as well as a 10)0% complete copy. If it’s still hard for most of the world’s population in 10 years, they will have lost nothing over the lifetime of the format. And if pirates take 15gb movies at high bitrates, and decimate them to lower bitrates, like a 4mb VC-1 @ 480p or 720p, it will be less worrying than distribution of the original, with 1080p content and full menu content intact.

    This blog predicts AACS will die. I predict it won’t. Do I want it to succeed? No, but they’ve already entered the dollar auction. They paid for its development, and it is part of every player. They won’t remove it, ergo, they’ll keep publishing DRM content on autopilot, even if they believe it’s broken. DeCSS didn’t stop DVDs from being decrypted, did it?

    Likewise, with respect to forensics, rather than give up on it, they’ll continue to do it, however, they’ll just be more selective about it, choosing their enemies wisely, and going after the biggest fish they can find.

    Will they believe that they can catch all pirates? No, anymore than the CIA believes they can lock up all terrorist cells. Does that mean the government won’t try to use HUMINT/SIGINT/ELINT and FINCEN-style stuff to track financial networks used by terrorists or infiltrate or monitor their groups?

    As a teenager, I used to dream of a future of cryptoanarchy, where all my purchases were protected by absolutely untraceable digital cash, where my communications were confidentially protected against any power snooping on it, where traffic analysis was thwarted by networks of anonymous remailers, proxies, dining cryptographer protocols, wheat-and-chaff style networks, etc. It was a vision where the individual had ultimate power over controlling authorities.

    Then the reality sat in, we don’t live in an ideal world. In the real world, police investigative work is brutally and surprising effective, because it’s hard not to have a footprint in the real world, and real criminals aren’t 100% careful. I hope people planning to do civil disobedience acts against AACS consider this, and not assume that careful planning is going to assure them total anonymity, because I think it will be heart breaking to see someone sentenced to years, possibly a decade, in prison for engaging in principled rebellion against a non-life threatening and practically irrelevent to human-needs disc copyprotection system.

    Because even if AACS is broken, one thing I’m certain of, is that they will make an example out of a lot of people first.

  10. bonapart: Maybe I’m an old fart, but my take is that a movie with an actual plot that appeals to me does not gain substantially from HD (over let’s say DVD quality, or in most cases even the shitty quality of my analog cable). “The market” may decide otherwise. Fancy special effects will benefit from HD, but IMO overall they tend to be inversely correlated with plot.

  11. You don’t appear to mention in the original article, and skip over quite briefly in the comments section, but if the Sequence Keys control any major portion of the movie, one or more SQ’s will have to be published with the Title Key just to avoid gapping holes in the decryption since the sequences can be made as long as will fit on the overall disc, while only having to differ in a single frame. This would complicate the issue of just using/publishing Title Keys.

  12. cm: You are not alone there, my friend. A movie has virtually no value to me in HD after I’ve seen it in SD, or after any previous viewing. Well, maybe after two viewings, if I slept through part of the first viewing. If I can barely get through one viewing, why the hell would I want a backup?

    Of course, this is a subjective judgment. As others have pointed out in the comments to the other parts of this series, they like to make backups so their kids can watch the same video/movie up to tens/hundreds/thousands of times.

    I still remove the DRM, if only to have the freedom to use the device of my choice for the single viewing. I do think that HD is a significant improvement over SD. When the choice is available, I do choose HD content over SD.

  13. “We are left to assume that pirates will get a slap on the wrist, the mere revocation of their device keys via the MKB, which means they’ll have to go to Best Buy and get another copy of WinDVD to obtain new keys. ”

    We are left to assume that with all these anti-pirating weapons the studios can use that the public will actually still want to buy their goodies. If you had to do all these firmware upgrades, internet verification, etc., would you want to pay money for that privilege? Or would you rather just go with the quite inexpensive standard DVD with easy-to-defeat copy-protection?

  14. In an article on the Reuters site today, it is reported that:

    AACS spokesman Michael Ayers said on Thursday…”We want to make sure we address this now. It has a potentially limited impact now but some sobering possibilities.”

    That does not sound like someone who has confidence in his product.

    And I would like to know what the expression “potentially limited impact” means. That sounds like a statement thought up by an experienced excuse-author who is hedging his bets.

  15. So….. who’s going to be the first too reduce HDDVDBackup to a prime and start selling t-shirts?

    I don’t believe there will be any widespread law enforcement – but I’m sure they’ll look for a high profile scapegoat, as a deterrent.

  16. I’m curious about the snippets. How will these be “slightly different” on different players? It sounds like it’s a visible difference, since the AACS central authority has to be able to look at a pirated copy and note which snippets are included. Will these be detectable to the naked eye, like Coded Anti-Piracy in the theatres? (An ugly smear on the screen, which is visibly distracting, if only for an instant?)

    If so, it represents serious damage to the HD-DVD experience – theoretically the point of watching HD-DVD movies is that the quality is unparalleled; if that quality is sacrificed for a marginal security advantage, a lot of people are going to feel like they wasted their HD-DVD money.