April 21, 2014

avatar

Understanding the HDCP Master Key Leak

On Monday, somebody posted online an array of numbers which purports to be the secret master key used by HDCP, a video encryption standard used in consumer electronics devices such as DVD players and TVs. I don’t know if the key is genuine, but let’s assume for the sake of discussion that it is. What does the leak imply for HDCP’s security? And what does the leak mean for the industry, and for consumers?

HDCP is used to protect high-def digital video signals “on the wire,” for example on the cable connecting your DVD player to your TV. HDCP is supposed to do two things: it encrypts the content so that it can’t be captured off the wire, and it allows each endpoint to verify that the other endpoint is an HDCP-licensed device. From a security standpoint, the key step in HDCP is the initial handshake, which establishes a shared secret key that will be used to encrypt communications between the two devices, and at the same time allows each device to verify that the other one is licensed.

As usual when crypto is involved, the starting point for understanding the system’s design is to think about the secret keys: how many there are, who knows them, and how they are used. HDCP has a single master key, which is supposed to be known only by the central HDCP authority. Each device has a public key, which isn’t a secret, and a private key, which only that device is supposed to know. There is a special key generation algorithm (“keygen” for short) that is used to generate private keys. Keygen uses the secret master key and a public key, to generate the unique private key that corresponds to that public key. Because keygen uses the secret master key, only the central authority can do keygen.

Each HDCP device (e.g., a DVD player) has baked into it a public key and the corresponding private key. To get those keys, the device’s manufacturer needs the help of the central authority, because only the central authority can do keygen to determine the device’s private key.

Now suppose that two devices, which we’ll call A and B, want to do a handshake. A sends its public key to B, and vice versa. Then each party combines its own private key with the other party’s public key, to get a shared secret key. This shared key is supposed to be secret—i.e., known only to A and B—because making the shared key requires having either A’s private key or B’s private key.

Note that A and B actually did different computations to get the shared secret. A combined A’s private key with B’s public key, while B combined B’s private key with A’s public key. If A and B did different computations, how do we know they ended up with the same value? The short answer is: because of the special mathematical properties of keygen. And the security of the scheme depends on this: if you have a private key that was made using keygen, then the HDCP handshake will “work” for you, in the sense that you’ll end up getting the same shared key as the party on the other end. But if you tried to use a random “private key” that you cooked up on your own, then the handshake won’t work: you’ll end up with a different shared key than the other device, so you won’t be able to talk to that device.

Now we can understand the implications of the master key leaking. Anyone who knows the master key can do keygen, so the leak allows everyone to do keygen. And this destroys both of the security properties that HDCP is supposed to provide. HDCP encryption is no longer effective because an eavesdropper who sees the initial handshake can use keygen to determine the parties’ private keys, thereby allowing the eavesdropper to determine the encryption key that protects the communication. HDCP no longer guarantees that participating devices are licensed, because a maker of unlicensed devices can use keygen to create mathematically correct public/private key pairs. In short, HDCP is now a dead letter, as far as security is concerned.

(It has been a dead letter, from a theoretical standpoint, for nearly a decade. A 2001 paper by Crosby et al. explained how the master secret could be reconstructed given a modest number of public/private key pairs. What Crosby predicted—a total defeat of HDCP—has now apparently come to pass.)

The impact of HDCP’s failure on consumers will probably be minor. The main practical effect of HDCP has been to create one more way in which your electronics could fail to work properly with your TV. This is unlikely to change. Mainstream electronics makers will probably continue to take HDCP licenses and to use HDCP as they are now. There might be some differences at the margin, where manufacturers feel they can take a few more liberties to make things work for their customers. HDCP has been less a security system than a tool for shaping the consumer electronics market, and that is unlikely to change.

Comments

  1. Anonymous says:

    My hope is that the result of this disclosure will be software that tells my video card that my monitor is always HCDP compliant (it is). Thus I will no longer have to choose between being able to watch BluRay disks on my computer and not wasting 30 seconds waiting for the HDCP handshake every time the monitor comes out of blanking mode.

    • Anonymous says:

      you might get a box/cable that you can insert in the chain; but realistically it wont change a thing for a software level driver.

  2. Another Kevin says:

    My guess: there will be an HDCP-II rolled out any day now with which all existing devices are incompatible. And new “HDCP-II compliant” media will be required to play on the HDCP-II devices. And it will become a violation of the HDCP license agreement to sell HDCP-1 devices.

    This will have the simultaneous benefit to the electronics industry that their customers will have to repurchase their devices, and to the content industry that their customers will have to repurchase their libraries. It will be a terrific boon to the economy – essential in these down economic times. Everyone wins!

    • sjs says:

      Sadly, I think you’re probably right, although I think it will take a slightly different form. HDCP was developed in an era where most video consumption took place on specialized hardware (set-top-boxes, DVD players, and televisions). As we have migrated to an environment where more an more consumption takes place on general-purpose computers, I’d expect “HDCP-II” to move up the stack into software. This is precisely what we see with standards like DTCP that are already widespread in newer “TV Anywhere” style devices. Although DTCP may also have weaknesses, compared to HDCP it is even more closed (and it is controlled by an independent cabal of corporations).

      I think that forcing consumers to repurchase hardware devices, however, is too big of a pill for the market to swallow. More likely, they will try to implement something in the next generation of devices/uses.

    • rst101 says:

      except the consumer………

    • Anonymous says:

      they wouldnt be able to do it. no electronics company could realistically expect every customer they had in the last 10 years to purchase a new version of their product at the drop of a hat, especially now

      • HDMI Developer says:

        I don’t think that the cable / sat companies would like that after committing to ten year plus roll outs of their set top boxes. it is very unlikely that they would recall them for a HDCP upgrade.

        • John Millington says:

          Not to mention those same companies have the most to gain from HDCP being defeated. “Welcome back, PVR-using former customers!”

    • Anonymous says:

      So, will you complain if someone goes through and breaks every window on your street?

  3. Anonymous says:

    I was thinking that this could be used to circumvent all DVD/Blu-ray/HDDVD content by allowing a software developer to build a dummy monitor device or dummy video card device that would simply be used to copy the stream to disk.

  4. Anonymous says:

    HCDP is the reason it takes my TV and Amp a second or two to sync and why I can’t switch between HDMI sources quickly. Watch them now replace it in the future with something more complex that inconviences the end users even more.

  5. Anonymous says:

    DRM in any form is Evil and only serves to harm the legitimate users of any given device. The pirates media always plays perfectly as all DRM is removed.
    Consequently the content producers do more to turn their legitimate users into pirates than they do to actually deter piracy through DRM.

    All an end user wants is ease of use. When it’s easier to download and burn a movie than it is do try and play a HDCP compliant movie on a HDCP compliant TV connected to a HDCP compliant amplifier with their HDCP compliant 3D shutter glasses then well… Is it any wonder.

    What the content providers are yet to realise is this…. End users are not HDCP compliant.

    • GuyverXT9 says:

      Well said.

    • Anonymous says:

      You are so right, DRM makes the good guys bad , and the bad guys heroes.

      Consumer are grossly abused by the Media companies with something as simple as er regional DVD’s totally unacceptable behaviour, even racist in nature – and they get away with it!. Then there is DRM even worse.

      I absolutely hate pirates ripping off the production companies, but when the copyright owners act no better than criminals by sympathy drains somewhat. The fact that there was a levy on recording cassettes to give these companies some compensation says how wrong the systems is.

      In my book copy protection should be made illegal, and the penalties for deliberately breaking copyright extremely harsh – i.e. selling or giving it away without permission – Guess the pirates and company execs would be sharing the same holding cells :)

    • Anonymous says:

      What the consumer want is everything for free or as close to free as possible. Piracy is plain and simple bad for the economy and is theft. The consumer thinks that the media’s owner makes too much money so it’s not really wrong that they steal from them. It would be akin to me saying Walmart makes a lot of money so it’s not that bad if I steal from them. You might be able to justify stealing food to feed your family, but families don’t starve from lack of videos. Not paying for the movie is just plain wrong and you can’t justify it.

      The thing is that a lot of movies don’t make hordes of money and they are a lot of work to make. Producers spend years working on their product and it takes hundreds of people to finish it. All of those little people that help make the movie cost a lot of money to pay. Then there are the film distributors and the video distributors that also take a cut. This all generates money and employs people which helps the economy. Stealing the movie by illegally copying it forces the distributors to raise their prices. It could also mean that a movie that didn’t make a profit at the box office won’t recoup its losses on video sales.

      People can argue that they need to make a backup copy in case their original gets damaged, but videos are cheap enough to go out and buy a new one, it’s not like they are several hundred dollars so just take care of them and they will last.

      • AC says:

        DRM is inherently evil – HDCP is so bad, the most jaded bondage fetishist would probably find it too restrictive. When combined with the DMCA, absurdly long copyright periods, and corporate copyright holders, you have a situation where you can’t do any of the things you should be able to do without being considered a “felon” by the corporate-controlled legislature and the pouch-bearing courts.

        Copyright protection for audio, video, and combined audio/video recordings should be severely curtailed – both in scope and in length (forever plus 80 years is not a reasonable length term) – or just eliminated entirely: Hollywood really produces nothing of any real value or utility, and we could easily live without them.

        At its core, copyright is an agreement between the people and the content creators. The creator get an exclusive distribution right for a reasonable term (no longer than 20 years), and afterward the material falls into the public domain. It was a fair and good deal. Was. They broke the deal, and current copyright law has absolutely no legitimacy – the people have a duty to society to ignore and oppose current copyright laws.

      • Anonymous says:

        All this would explain why the movie and music industries have been growing while they’ve been complaining about piracy?
        2009 was a record breaking year for the movie business.
        Cinema attendance up.
        Number of movies made up.
        DVD sales down but Bluray sales up 123%.
        More money being spent on the music industry than ever, according to the music industry’s own figures.

        Copyright infringement is not theft.
        Theft deprives the owner of the object.
        If I take your car, you don’t have a car and have to spend money to buy a new car, or rent a car or use public transit, with copyright infringement the owners losses are precisely nil.
        Movie and music industry “losses” to copyright infringement are entirely fictional, based on the concept that if people had not infringed copyright they would’ve bought something or other.
        In fact the only quantifiable costs of “copyright infringement” are the money spent on applying DRM.
        The industries spend over $1bn a year on DRM, set to rise to $1.9bn by 2012.

        These are the actual facts, I invite you all to check them for yourselves and confirm them.

        • warui_inu says:

          I haven’t seen a movie in at least a decade that’s subject matter and/or entire story line hadn’t been taken from older movies and books. Students of the arts aren’t taught to be creative anymore, they are taught the cookie cutter approach to art. Sure, casting directors can put Will Smith as the lead instead of Arnold, but the ideas and stories in these new movies are all ideas I’ve seen before. If your still a youngster, you may not be able to fathom this. All youth think they are special and have original thoughts and ideas (especially now with the “no child left behind” syndrome) and maybe man has been around so long there’s not an original idea left among us. Maybe the way of telling the story has changed and with the use of technology has become more and more a visual experience, but the infringement started with the story teller.

      • Anonymous says:

        I have an Apple iPhone. And while I like it well enough, I pretty much loathe the whole iTunes DRM crap. The best way to avoid thievery of content is to price the content low enough that people aren’t compelled to steal. I find it remarkably annoying that the industry feels that it can control what is or is not played on my hi-tech components.

      • Steve R. says:

        How can you justify depriving someone of their civil liberties to protect your revenue stream? It may be “wrong” for someone to appropriate content without the authors permission, but remember that adage that two wrongs don’t make a right. Depriving the consumer of their rights is a wrong.

        We live, in theory, in a free market economy. What that means is that if you can’t make money with a product; too bad.

        Remember the principle of scarcity, value depends on scarcity. If your product has infinite availability then its value is $0. Thanks for contributing to the advancement of the arts and sciences. Society appreciates your contribution.

        You may want to consider “The Grand Unified Theory On The Economics Of Free”.

      • Richard says:

        “What the consumer want is everything for free or as close to free as possible. Piracy is plain and simple bad for the economy and is theft….”

        Your argument amounts to:

        “This is terrible, therefore something must be done, DRM is something therefore it must be done.”
        The point is that if you read the technical articles on this blog regulalrly you would have realised that the problems of HDCP are not just a bad implementation, they are inherent in all DRM. There just is no way to implement it “properly”.

        (Actually, even your argument that piracy is theft and hurts the industry is fatally flawed – as numerous studies have shown. When you actually look at the real data (instead of the fantasy data used by industry sponsored research) you discover that piracy has no negative (and possibly even a positive) effect on the industry.

        • HDMI Developer says:

          The so called ‘Industry’ is just a Oligopoly cartel that decides that you have to pay again and again for your access to what is rightfully yours after you purchase it. They have budgeted for the product and paid all of the people involved in making the content. and then ‘milk’ you again and again for more profit by restricting your rights to access the content that you have shelled out for. I am not advocating theft by ripping of content, Piracy is defiantly a bad thing and does go to fund the organised crime world, which is no good for anybody. but they should tackle this part of the problem and not f@#k over the consumer by profiteering and stomping on our rights.

  6. Anonymous says:
  7. scharkalvin says:

    Why is it that it takes so long to switch between HDMI sources? What SHOULD happen is that the receiver and content source devices should go and do their handshakes for ALL hdmi inputs on hot plug or power on (from either side) and then just shut up and be quiet until the user switches sources. All hdmi connections remain hot and ready. Maybe this takes too much processing power, but I would think the hdmi interface could be distilled down to a single chip (one per hdmi connector) with the HDCP smarts built in.

    • Anonymous says:

      Considering the electronics industry is one such that shaving a capacitor out of the power supply is often considered a good thing; i cant see that any ‘consumer’ level gear would ever pay for multiple chips to handle inputs that most of the time wont be used to begin with. Especially since the licensing fee is probably per ‘chip’ and each chip might well need a different key; and i’m not sure what the rules for un-encoded video on the circuit board are.

      The biggest problem, and im not sure that DRM aside, this would have been fixable back then, is that HDMI is a point-to-point protocol using different frequencies for different data – ie, 720p gets a different speed then 1080p or 1080i. (Compare to displayport ; ati’s ‘eyefinity’ connector, among others ).

      Means at the least the chips have to resync speeds and data capabilities just to get to the ‘exchange hdmi keys’ part.

    • John Millington says:

      “What SHOULD happen is that the receiver and content source devices should go and do their handshakes for ALL hdmi inputs on hot plug or power on (from either side) and then just shut up and be quiet until the user switches sources. All hdmi connections remain hot and ready.”

      That makes sense from an engineering perspective, but not legal. You have to look at how DMCA works to understand this.

      DMCA prohibits bypassing tech measures which limit access, without the copyright holder’s authorization. Not the DRM scheme inventor’s authorization; the copyright holder’s. If your computer used HDCP to talk to its monitor all the time, guess who is usually the copyright holder of the content being shown? You. Not MPAA members, and not Intel.

      If, most of the time, the copyright holder of the encrypted information (you) were perfectly fine with someone decrypting it (authorization were granted), then a device that strips HDCP would be primary intended for, marketed for, and largely used for bypassing measures that limit access WITH authorization. That is, neither using such a device nor trafficking in such devices would be legally prohibited; the bypassing wouldn’t be “circumvention” by the definitions in DMCA.

      It is very important to the people who purchased DMCA, that DRM only be used by parties who will not grant authorization to users to bypass the DRM. This is why there can never be a standard for DRM, nor can any DRM scheme be “always on” when the makers of the device don’t know whose content is being accessed. All the users of a DRM scheme must collude to deny authorization, or else that DRM scheme’s DMCA prohibitions are at risk.

      As the writer of this comment (the copyright holder), I hereby grant (to everyone in the universe) authorization to bypass any technological measures that control access to this comment, by any means that such a person desires to use. (Are you using an HDCP-connected monitor right now?)

  8. Jeff S. says:

    The commenters all make good points, but they miss the most important point. Re-read the last sentence.

    “HDCP has been less a security system than a tool for shaping the consumer electronics market, and that is unlikely to change.”

    That last sentence is an entirely different thesis from the rest of this article.

    The technical explanations of public and private and master keys are fascinating to a nerd like me, but HDCP (and other DRM schemes) aren’t about absolute control of content (though that’s nice secondary benefit.) No, these mechanisms are to force consumer electronics manufacturers and consumers to buy only “approved” equipment.

    A DVD player can be manufactured for a few bucks, but it is useless until a licensing fee is paid to the DVD authorities.

    My Nintendo Wii has all the hardware capability to play a DVD, but without that licensing, it will only play games. (And now Netflix, but that’s another conversation…)

    HDCP and other DRM is about licensing behavior without legislation, or contrary to standing legislation.

    • rp says:

      HCDP will still work for at least a while, because none of the major producers of equipment is going to want to get into a spitting match with the licensing authority.

      What this probably will do is open the door for people who want to make dongles that play HDCP-protected content on the zillions of current and future devices that don’t have HDMI plugs.

      Which, ironically, may significantly increase sales of HD cameras and HD players. I think there are lots of people out there like me, who’ve been saying, “well, the next time I replace my TV/video monitor/DVR/etc we’ll see about getting all-HDMI.”

    • HDMI Developer says:

      You are right, the cost of implementing hdmi is very expensive, $15,000 for the HDMI Licence and $15,000 For the HDCP Key, not including the $100,000 needed for a compliance test.
      As a small developer it is prohibiting to even consider producing the next best Set top – super whammy multi fangled HDMI device that I cant afford to develop. so as the consumer you are loosing out on innovation. Take the current 3d format wars. 3d comes in HDMI 1.4 / 1.3b / Side by side / checker board / frame sequential / field sequential / 1080p-i / 720p-i – nonsense and would be quit easily sorted out by a fairly cheap FPGA based dongle. but you have to pay over $500 for a format converter because of the cost of implementing it on such a small scale is prohibiting.

  9. Michael Donnelly says:

    As is typically the case with these DRM systems, there is an invisible hand that is not obvious in analysis from the consumer’s perspective. In this case, it’s forcing device manufacturers to pay big money for the “protection” of HDCP. Since it’s an effective requirement to producing a television or Blu-ray player, the guys handing out the keys are in a perfect position: everyone must buy and nobody can compete with them.

    So now Chinese companies can create Blu-ray players without having to pay that brutal fee, allowing them to compete very effectively against the licensees who are just throwing money away. In fact, there’s a decent chance that rolling your own keypair on the source side isn’t even a DMCA problem, since they’re not circumventing anything.

    Of course, the sink side will see a few new toys. Rolling a display driver to record PowerDVD output is awfully tempting already… ;)

  10. Old Dominion says:

    People that keep trying to promote this “unauthorized copying is theft” nonsense are just turning a blind eye to the thousand of years of history of humanoid creatures on the planet Earth creatively forming things with their hands and the fact that the whole idea of a copyright is merely a recent artifice with respect to those thousands of years in which human commerce functioned just fine without it.

    Things that were created (and copied) without recourse to a copy “right” stimulus:

    1, Jewelry.

    2. Cuneiform documents.

    3. Hieroglyphic documents.

    4. Greek scrolls.

    5. Roman scrolls.

    6. Complete works of art of the Ancient Greeks.

    7. Complete works of art of the Roman Civilization.

    8. Complete works of art of the Ancient Egyptians

    7. The Bible.

    etc.

    This whole notion of sole exclusivity to traded works of art didn’t arise until the invention of the printing press and then it wasn’t about preventing theft but controlling the spread of anti status quo church and government thoughts and ideas by ceding, through license, exclusive right to publish to the publishers.

    • DES says:

      Bullshit.

      Copyright (in a reasonable form) is necessary precisely because of the printing press. It has nothing to do with suppressing information; anti-establishment pamphlets have existed almost as long as movable type. The problem is that with the advent of the printing press, it became almost trivial to print up copies of somebody else’s work. A plagiarist will always be able to undercut a legitimate publisher, because he does not need to pay the author. A statue, on the other hand, takes as much time and work for a plagiarist to copy as it took the artist to carve the original, and the copy is likely to be of noticeably inferior quality.

      The Bible is not a valid example, because it was never sold for anyone’s profit but the printer’s; I wouldn’t be surprised if the number of copies given away for free (e.g. Gideon’s) exceeds the number of copies sold for profit.

      The problem is not copyright, the problem is that the media cartels are subverting the legislative and judicial process and using (or trying to use) technology to artificially sustain an outdated business model, instead of trying to find new ones.

  11. Insight Homewood says:

    Old Dominion put this in historical context.
    In fact, it was primarily the Roman church that required publishers to print only church-approved materials. That was the beginning of the copyright system that has evolved into the state it is today.

    You know those industries that want to protect their content are so greedy that actors, singers, song-writers have had to sue in court to get their due. This is the kind of industry we are dealing with. It is self-serving anachronism that is fighting to stay relevant and keep as much of the money that they can from the hard work of actors and producers.

  12. Steve R. says:

    Just think of all the time, money, engineering, and effort that went into designing and implementing HDCP. So, if the industry can organize itself to develop a universal DRM standard, that hurts the consumer, why won’t they make the same effort to make standard power adapters and ink cartridges that would benefit the consumer?

    In fact why should the consumer be willing to put-up with onerous DRM in the name of honesty when the industry purposely designs proprietary products that deprive the consumer of interoperability. I was recently astounded by the fact that DELL had different proprietary power plugs for its laptops. So not only did DELL have a proprietary plug, but it had different proprietary plugs between laptop models!!! Nothing wrong with making money, but gouging the customer does not seem to imply that companies are interested in an honest business relationship. So why should the customer be honest towards a company? A relationship, where only one party has to be honest is a bad relationship.

    Now that HDCP is defunct, I encourage the technology companies to put their efforts into something useful, like standard power adapter and print cartridges. They might even make more money!

    • DES says:

      Dell uses different power plugs for different models because they don’t make their own laptops; they buy and rebrand other manufacturers’ products.

  13. mee says:

    HDCP did jack to prevent content liberation on the other side of the sink.

    Would it not be easier to charge “consumers” for content and then NEVER let them have it? … akin to the UK radio/tv privilege-fee… but better.

    Remember, all consumers are pirates and simply because they pay fees for content does not make them any less pirates “by definition” apparently.

    upside… maybe now channel changing will be less laggy

    probably not an upside: liberty (as opposed to the anarchy claim of hollyfascists)

  14. them says:

    consider the similarities of coercion here with the numerous won class action lawsuits against ram chip manufacturers.

    hmmmmm