July 13, 2014

avatar

Next-Gen DVD Encryption: Better, but Won't Stop Filesharing

Last week, specifications were released for AACS, an encryption-based system that may be used on next-generation DVDs. You may recall that CSS, which is currently used on DVDs, is badly misdesigned, to the point that I sometimes use it in teaching as an example of how not to use crypto. It’s still a mystery how CSS was bungled so badly. But whatever went wrong last time wasn’t repeated this time – AACS seems to be very competently designed.

The design of AACS seems aimed at limiting entry to the market for next-gen DVD players. It will probably succeed at that goal. What it won’t do is prevent unauthorized filesharing of movies.

To understand why it meets one goal and not the other, let’s look more closely at how AACS manages cryptographic keys. The details are complicated, so I’ll simplify things a bit. (For full details see Chapter 3 of the AACS spec, or the description of the Subset Difference Method by Naor, Naor, and Lotspiech.) Each player device is assigned a DeviceID (which might not be unique to that device), and is given decryption keys that correspond to its DeviceID. When a disc is made, a random “disc key” is generated and the video content on the disc is encrypted under the disc key. The disc key is encrypted in a special way and is then written onto the disc.

When a player device wants to read a disc, the player first uses its own decryption keys (which, remember, are specific to the player’s DeviceID) to unlock the disc key; then it uses the disc key to unlock the content.

This scheme limits entry to the market for players, because you can’t build a player without getting a valid DeviceID and the corresponding secret keys. This allows the central licensing authority, which hands out DeviceIDs and keys, to control who can make players. But there’s another way to get that information – you could reverse-engineer another player device and extract its DeviceID and keys, and then you could make your own players, without permission from the licensing authority.

To stop this, the licensing authority will maintain a blacklist of “compromised” DeviceIDs. Newly manufactured discs will be made so that their disc keys can be unlocked only by DeviceIDs that aren’t on the blacklist. If a DeviceID is added to the blacklist today, then players with that DeviceID won’t be able to play discs that are manufactured in the future; but they will still be able to play discs manufactured in the past.

CSS used a scheme rather like this, but there were only a few distinct DeviceIDs. A large number of devices shared a DeviceID, and so blacklisting a DeviceID would have caused lots of player devices in the field to break. This made blacklisting essentially useless in CSS. AACS, by contrast, uses some fancy cryptography to increase the number of distinct DeviceIDs to about two billion (2 to the 31st power). Because of this, a DeviceID will belong to one device, or at most a few devices, making blacklisting practical.

This looks like a good plan for controlling entry to the market. Suppose I want to go into the player market, without signing a license with the licensing authority. I can reverse-engineer a few players to get their DeviceIDs and keys, and then build those into my product. The licensing authority will respond by figuring out which DeviceIDs I’m using, and revoking them. Then the players I have sold won’t be able to play new discs anymore, and customers will shun me.

This plan won’t stop filesharing, though. If somebody, somewhere makes his own player using a reverse-engineered DeviceID, and doesn’t release that player to the public, then he will be able to use it with impunity to play or rip discs. His DeviceID can only be blacklisted if the licensing authority learns what it is, and the authority can’t do that without getting a copy of the player. Even if a player is released to the public, it will still make all existing discs rippable. New discs may not be rippable, at least for a while, but we can expect new reverse-engineered DeviceIDs to pop up from time to time, with each one making all existing discs rippable. And, of course, none of this stops other means of ripping or capturing content, such as capturing the output of a player or infiltrating the production process.

Once again, DRM will limit competition without reducing infringement. Companies are welcome to try tactics like these. But why should our public policy support them?

UPDATE (11:30 AM): Eric Rescorla has two nice posts about AACS, making similar arguments.

Comments

  1. Steve Laniel says:

    Will it again be impossible, under this next-generation system, to make a Linux DVD player? Will Linux users once again be forced to break the law to watch movies?

  2. BT says:

    if company A licenses and build a player, company B reverse-engineers A’s player and builds it’s own player using the DeviceID from A’s. then they black list this DeviceID would that not only black list B’s player but A’s player as well.

  3. AC says:

    Exactly, so make sure you copy Sony’s. :)

  4. Ed Felten says:

    Because there are so many valid DeviceIDs, Sony wouldn’t build the same DeviceID into all the units they sell. Most likely, each individual player unit that Sony sells will have its own DeviceID. So if you reverse-engineer the unit you bought, and the DeviceID you extract ends up being blacklisted, then only your individual unit will be affected. Other people who bought the same make and model of player won’t be affected, because their units will have different DeviceIDs.

    The very large number of possible DeviceIDs is what makes this possible. And the fancy crypto is what allows the discs to be encrypted for such a large number of DeviceIDs without requiring much space on the disk.

  5. Stephen Cochran says:

    I find it hard to believe that each player will get it’s own DeviceID. To do this, the device manufacturer would have to posses some way to produce valid decryption keys and assign them to a DeviceID. So either there will be a decryption key generator or a list of decryption keys floating around in the industry. Exactly how long would we suspect that to be held secure?

    In the real world, I expect that the AACS keys will be dolled out on a rationed, as-needed basis.

  6. Cypherpunk says:

    The real issue isn’t stopping competing manufacturers from making and selling unauthorized devices. Such an action is no threat to the content companies. The point is to stop people in the piracy community from ripping and distributing movies. I thought that was obvious.

    One of the key points that came out of the recent Wired article is that the common picture of how DVD ripping and distribution works is completely wrong. It’s not a matter of a few random people putting their movies out on the net and everyone downloading them. Instead, it’s a highly organized, hierarchical process. Data is ripped by professionals, hand-crafted with appropriate compression algorithms that fine-tune quality and file size, then handed over to lower levels on the hierarchy which massively duplicate the file, uploading it to as many places as possible so that when it hits the public nets, it’s already available. The dirty little secret of P2P networks is that they don’t work without widespread seeding. This piracy machine is designed to accomplish just that.

    Clearly any content protection system has to be oriented against this manifestation of Piracy, Inc. That is the threat model and that is how it has to be analyzed.

    One of the mysteries in the AACS spec is that it shows a PC player as having something called a “Decryption Module” in the PC itself (not part of the drive). What is this? Is it a Trusted Computing TPM? Does that mean that HD-DVD must wait for Longhorn, which will supposedly have some TC features? How else can they hope to stop people from intercepting the unencrypted stream, either from the drive or en route to the video card?

    The point is that the system will be designed to make it hard to extract device keys. It won’t be like CSS where they sat around in the Xing player waiting to be published. These keys will be protected by hardware devices with tamper resistant features. It could take hundreds of thousands of dollars of lab equipment and researcher work to pull a key out of such a chip. That is going to put a major crimp in the operations of Privacy, Inc.

    Even if and when these people manage to pull out some keys, it’s not going to be easy to keep them secret. They will be distributed in the underground community and the AACSLA is going to find them. So each one will have a finite lifetime.

    As you point out, only future disks can be protected against a key. But note that this provides the much-sought-after speed bump. Most of the revenue comes in the first weeks after release. New disks will have that window of protection in which their keys have not yet been compromised. In fact we might even see an unwritten truce between the MPAA and Piracy Inc, with the latter refraining from ripping disks until they have been out for a few weeks. People could get older movies for free but pay for new ones. It might be an acceptable compromise.

  7. Brian Srivastava says:

    Also won’t these valid device ID’s need to be stored somewhere before they can get put onto a player?

    Imagine sony buys 100 million DeviceID’s from the supplier, all you need is one person to copy that data or a section of that data once and you screw over the whole system back to where we are now.

    Depending on exactly how you implement DeviceID’s this could be really a problem. If you’re a vendor of DVD player software, then you either use one DeviceID for all your players and update every time it gets blacklisted, or you give every player its unique ID (the same way we have CD keys for MMORPG accounts basically), but those have to be stored somewhere.

    The other things is what about spoofing the DeviceID and key generator. How long are these keys going to be? People do that with CD keys all the time, granted they are short but all you need to really screw with the system is get some idea of what the possible secret keys are, publish them and uh.. ya blacklist every number? How about like the CDDB where you have an online repository of disc information, I can see an illegal equivalent that takes a disc, looks up what secret key (taken from a player) will play said disc and you’re off to the races.

    2 billion doesn’t strike me as going to go very far. Couple hundred million off the top for Xbox2′s PS3′s, couple of billion for PC’s and uh.. you’re out of ID’s. I can’t see this lasting more than 10 years before the lack of keys becomes a major problem.

  8. Jeff Epler says:

    I agree with Brian that the useful size of the address space may be the real issue that sinks AACS. rfc 1715 discusses the “h ratio” of different address spaces. The pessimistic h ratio of 0.14 gives a tiny population of 30000 in 32 bits.

    One instructive example is the system of VINs where a 17-character code is nevertheless “running out” after being used on only a few hundred million cars. A half billion autos in a 10^17 addres space is at the pessimistic end of the scale, 0.16 or so.

    If it turns out that 5 players share a compromised key, will the studios blacklist 4 innocents? If it turns out that 50,000 players do, will the studios really accept 49,999 households worth of collateral damage? Do they believe they can survive the kind of backlash that would create, or do they believe that a Wal*Mart(TM) $40 DVD player will never be manufactured in that kind of quantity with the same key?

    On the other hand, if players can’t be sold at the $40 price-point, will people switch from DVD? I don’t see any carrot, just the stick.

  9. Daniel says:

    Wouldn’t it be a reasonably simple exercise to build a DVD player with a re-flashable DeviceID? Then if it gets blacklisted, just change keys.

  10. Grant Gould says:

    This system sounds like it’s tailor-designed to work in tandem with a watermark — the DeviceID revocation scheme solves the wrong problem (noncompliant players instead of shared files) unless shared files can be traced to the originating DeviceID. Is this whole scheme just a setup for watermarking down the road?

  11. seaan says:

    Interesting “Freudian slip” on Cypherpunk’s part:

    > That is going to put a major crimp in the
    > operations of >> Privacy

  12. Brian Srivastava says:

    It might have to be.

    The more I think about this, the less I think it solves any problems. As long as you can read the data on a disc you can rip it off (granted not legally or necessarily trivially), and then pass it around. If people are passing around unencrypted movies for free what motivation do you as a production company have to keep making discs that are encrypted? You’re only adding to your costs and outright discouraging your customers from using their discs. If I as the customer am unlikely to be able to play the disc on my player why would I bother buying it? I have this problem as it is, that I use a PS2 as my DVD player, but my old PS2 (now dead), would skip over adds better than this one, while neither of them could play more modern DVD’s properly (like Ray and Alien VS Predator). If my player isn’t going to work why am I going to spend my money, if I’m not going to spend my money what are you getting from encrypting it in the first place? Which takes us to the restriction on who can get deviceID’s to make players, if there is motivation to explicitly not make encrypted discs, why would I bother making one to play them?

    I can’t see how this helps really, because your DVD’s need to play on ‘old’ players, meaning they need to be decryptable with old keys (that are attached to the deviceID’s, but the DeviceID itself seems little more than a list of secret keys, get the keys and the DeviceID itself doesn’t really do anything). So if you find a compromised DeviceID what are you going to do, block all those secret keys? Ok that sounds lovely, but isn’t a disc going to require a specific key to open it, new discs not only won’t work on players with compromised ID’s but they won’t work on any player which has common keys with a compromised DeviceID?

    I grant that I’m not doing all that well in cryptography so I may be missing something obvious (with Tomoyuki Yamakami for you princeton types who might know him). Uh.. hopefully I am because otherwise this seems as useuful as CSS.

  13. Sean Ellis says:

    Several respondents have talked about the insecurity of the keys, but what about the insecurity of the blacklists? If the blacklists become polluted, how would you tell? How would you correct the situation?

    If I upgrade my player, then, at any moment, a rogue blacklist entry can attack it and stop me from watching anything new. Of course, it needn’t be a rogue entry – it could be a real blacklist entry if the IDs aren’t unique.

    Will the manufacturers indemnify me against this for the lifetime of the player? I think not.

    So, Hollywood types, think again. If I’m going to spend my money, it’s on something I can control, thank you very much.

    (Oh, and another thing. I want the 3 weeks of my life back I’ve spent sitting through warnings, copyright notices, and stupid logos that I can’t skip.)

  14. Mat Hall says:

    “Newly manufactured discs will be made so that their disc keys can be unlocked only by DeviceIDs that aren’t on the blacklist.”

    How? Either each disk will have to contain the *entire* blacklist (which will eventually start occupying way too much space on the disk; even if only 1% of the keys get blacklisted, that’s still 20,000,000 keys that need to be crammed onto a disk) or they’ll have to blacklist keys through some sort of hashing leading to the possibility that non-compromised keys will also be broken.

    This sounds like the stupidest idea ever!

    (And even without this problem, I give it a month or so before someone works out how to generate new keys thus rendering the entire system useless. If the content producers stopped wasting cash developing idiotic DRM schemes then they could give the poor struggling artists a bit more money and everyone would be happy!)

  15. Mat Hall says:

    Ah, having read the specifications it seems my objection isn’t valid due to some clever maths. Even so, I still suspect that key generation will happen sooner rather than later; even if it isn’t, without watermarking, trusted computing platforms, etc., it’s all going to be a waste of time.

  16. Brian St. Pierre says:

    This discussion of encryption completely misses the analog hole. You can get a decent-quality copy of a movie by simply putting a capture device on the output of your player. It’s admittedly not a “perfect digital copy”, but as we’ve seen with MP3s, nobody really seems to care as long as it is “good enough”.

  17. Cypherpunk says:

    If you look at the original paper the AACS technology is based on, “Revocation and Tracing Schemes for Stateless Receivers”, http://www.wisdom.weizmann.ac.il/~naor/PAPERS/2nl_no_fig.pdf, there is indeed reference to tracing the source of content. However it is not done by watermarking, rather they assume that the system administrators can find out the keys which are being used to decrypt movies through old-fashioned investigative means. (A competing system pushed by Paul Kocher’s company Cryptography Research, cryptography.com, would have used watermarking for tracing, but apparently it was not selected.)

    In the case of AACS this means that they assume that if keys are extracted from players and used for widescale piracy, those keys will be publicly known and can be invalidated. They go to some lengths to defeat an attack which is not particularly relevant in this context, namely a “black box” decryption engine which holds keys stolen from a variety of devices and which tries to mislead the attackers about which keys it has. They show an algorithm for feeding this black box various encrypted disks and by learning which ones it can decrypt, they can determine which keys to invalidate.

    Maybe this black box attack would be useful in the case Felten describes, where an overseas commercial entity is producing unauthorized players using stolen keys. But it’s not going to be of much help against what I called Piracy Inc, the well-organized underground effort which seeds the P2P network with decrypted content. They aren’t making any black boxes.

    In fact, the tracing scheme appears to be weak against a simple Piracy, Inc countermeasure. Rather than publishing the complete suite of keys held by a broken device, they can hold back most of the data. It turns out that only a few keys have to be published in order to enable decryption, especially in the early days of the system when not too many devices have been revoked. In the most trivial case, if no devices have yet been revoked, the pirates can just publish the key for the root of the tree. Everyone shares that key so it reveals no information about which device was revoked.

    A more complete analysis is beyond the scope of this comment, but it is clear that a secret hacking effort that gradually broadcasts discovered keys can release information much more slowly than envisioned in the paper, requiring many more generations of HD-DVDs to be manufactured before the licensing administrator is able to deduce which devices have had their keys stolen.

  18. Ed Felten says:

    Cypherpunk,

    Thanks for pointing out that countermeasure, which would indeed allow the keying material from one compromised device to be used for multiple generations of unauthorized players. Copyright owners can fight back by randomly partitioning the tree and releasing discs encrypted under the keys for the random partitions, rather than trying to minimize the size of the encrypted headers on each disc. This leads to an interesting game between copyright owners and the reverse engineers. As above, a more complete analysis is beyond the scope of a simple blog comment.

  19. Kevin Kenny says:

    It suddenly occurs to me that the equipment
    manufacturers have another incentive to
    participate in this type of scheme – planned
    obsolescence. Imagine what would result if
    the studios were to revoke all keys more than
    3-5 years old. Consumers would be forced to
    repurchase their players in order to play
    new media – and would probably simply do so;
    with the observation that “they just don’t
    build ‘em like they used to.”

  20. Wes Felter says:

    Planned obsolescence == class-action lawsuits.

  21. Jean Camp says:

    It continues to amaze me how the owners of high-cost mass produced digital content are convinced that in order to sell they must control the customer. The technologies described here make illegal copies – that can be backed up; run on any machine; and will not become obsolete – much more attractive.

    Why would customers pay for items that are decreasingly functional, decreasingly reliable, and increasingly likely to violate privacy when there is a free option? (Assuming they move to watermarks.)

    Decreasing competition and ignoring mass illegal copies (which will be unencrypted) is bad policy indeed.

    -Jean

  22. Dan Maas says:

    And this system still does nothing against “replicator pirates” who just burn bit-for-bit copies of encrypted DVDs?

  23. Paul TS Lee says:

    Talk about not owning the content you buy, this gem on the “Content Revocation List” set off my alarms:

    The CRL identifies content that has been signed and contains a valid certificate but has since been revoked and therefore should not be accessed by a compliant player.—Pre-recorded Video Book, page 2

    Why disc replicators would embed code which might prevent their own discs from being played back is beyond me. The only thing that comes to mind is that the CRL can act as an offline patch for the player, which can then update some internal store of “revoked content”. Of course, this doesn’t explain why content is “revokable” at all, unless we ascribe some truly machiavellian thinking to IP owners who “revoke” content to force re-purchase. Perhaps we should start saving money for yet another version of the White Album. :-)

  24. Steve Purpura says:

    DVDs are one of the most commercially successful technologies in the history of the world. I see the same types of posts repeated here, but never an explanation for why CSS or AACS don’t achieve the movie industry’s goals. While the technology may lack sophistication, the use (coupled with U.S. law) seems to work very well for the DVD suppliers and consumers.

  25. Ed Felten says:

    Steve,

    I think the encryption in DVDs does nothing to help the movie industry meet its goals. DVDs succeeded because they are an attractive, reasonably priced product. DVDs without CSS would have been just as successful. The main effect of CSS was as a security blanket so the industry could rationalize taking the perceived risk of releasing movies in digital form.

  26. Neo says:

    “Planned obsolescence == class-action lawsuits.”

    Some sort of anti-liability EULA == no class-action lawsuits. :P

  27. Steve Purpura says:

    Ed,

    I want to believe you. But the security blanket seems to work effectively at some things. For instance, the industry was able to use the law to stop wide-scale commercial availability of DVD copying products in the U.S. Even as a person that wants to make alternative uses of DVDs (like playing on a cell phone), that doesn’t seem that wrong to me.

    The thing that troubles me about this debate is that the anti-DRM side doesn’t seem to have compelling empirical evidence that DRM (in DVDs) harms anyone. While I understand the property rights debate, my DVDs seem no more “restricted” than my paperback books. I can loan them to people, I can use them multiple times, and I can also destroy them both by accident.

    Most of the people that read your blog like to thing that we’re scientists (although some are lawyers). Although I understand the legal arguments about property rights and copyright, from a scientist’s perspective, it seems like we have flimsy evidence that DVD technology implementation is harming anyone. Or, if we do have evidence, then I haven’t seen it presented in a manner that is convincing.

  28. Ed Felten says:

    Steve,

    Many people who would otherwise have been harmed have just circumvented the DRM.

    But here are a few specific examples of harms:

    (1) the continuing unavailability of a licensed DVD player for Linux;
    (2) legal attacks on legitimate products like the Kaleidescape DVD jukebox;
    (3) unavailability of DVD content to video analysis researchers;
    (4) DVDs and/or players becoming useless due to region coding (as described, e.g., in Cory Doctorow’s rant at http://www.boingboing.net/2005/02/01/apple_restricting_dv.html).

    It seems to me, though, that you’re framing the question backward. The burden of proof should be on those who would restrict liberty, to show that the restriction they propose would provide tangible benefits to society (not just to private interests). We’ve had DVD-DRM for years now. Where is the proof that DVD-DRM has made society as a whole better off?

  29. Steve Purpura says:

    Ed,

    To me, the proof that the DVD product has made society better off is that people buy it, using disposable income, in amazing quantities. DVD players held the record for the fastest growing technology, in terms of unit sales, until camera cell phones beat it. I don’t know how to ignore that evidence. I also couple this market success with a long-standing history in our country of the belief in copyright as an incentive to producers. Although I realize that this belief can easily be challenged, I also realize that someone will need to produce compelling evidence to convince people that it is not true.

    The four harms that you listed are all caused by legal regime and not by the DRM technology itself. The legal regime is produced by an “iron triangle” — a policy monopoly involving many actors working together to control legislative agenda. Disproving the assumptions that perpetuate the political power of the policy monopoly will allow someone to challenge it. You need a “Silent Spring”.

    As a scientist, I think the more interesting thing to study is whether industry enjoys the network effect of illegal copying to increase demand for their products and grow the market. If industry benefits from the effect of illegal copying AND it benefits from the traditional copyright regime then it has very limited limited incentive to build a truly effective DRM technology. In such a case, it has incentive to build a weak DRM technology while using its policy monopoly to control legitimate channels. And this appears to intuitively explain the results we witness in the world.

  30. Ed Felten says:

    Steve,

    Sure, DVDs are beneficial. More interesting questions are whether DVDs without DRM, or DVDs with the DRM but without the DMCA, would have been just as beneficial, or even more beneficial.

    We can also look at milder variants of the DMCA, such as ones where circumvention without infringement is allowed. It’s hard to see how allowing circumvention without infringement would have made DVDs less valuable from a total welfare perspective.

  31. Steve Purpura says:

    Ed,

    I agree that these questions are interesting for optimizing economic efficiency, but whether the answer to them is an increase or decrease in total welfare will just tell me where we are in the cycle of the policy monopoly.

    Our society, and every OECD nation, routinely disregards optimizing total welfare in exchange for desired social outcomes. You might be better served by making a Sen-inspired argument about maximizing freedoms instead of utilities, because the existing policy monopoly clearly doesn’t optimize freedoms.

    Because copyright is a policy monopoly, it will inevitably grow stale and go to far. It’s staleness and excess is the only way to get public support to topple it! You may see “allowing circumvention without infringement” as a tweak but the policy monopoly saw it as a threat.

    Ironically, the more the actions of the policy monopoly decrease total welfare and total freedoms, the more likely you are to be successful at opposing them. Will AACS seem so insane to customers that they may be swayed that the industry & government partnership is out of control? Perhaps. Especially if a lot of people experience a situation where their $1k next-gen DVD player can’t play new DVDs.

  32. Neo says:

    What’s with comments like the one by Avril, above? Surely nobody actually bothers following obviously off-topic links, so why do they bother?

  33. Wes Felter says:

    Google follows all links.

  34. Seth Schoen says:

    Google wouldn’t follow those links if they had nofollow attributes added, something that a large number of recent versions of blog applications are automatically doing to comment posts.

  35. Neo says:

    How is Google relevant? Google’s bot doesn’t buy things from ecommerce sites. Human beings do, but they ignore irrelevant links. (And that includes “legit” ad banners and the like, too. Click through rates on those are what? 0.001%? And dropping.)