December 27, 2024

Search Results for: aacs

You Can Own an Integer Too — Get Yours Here

Remember last week’s kerfuffle over whether the movie industry could own random 128-bit numbers? (If not, here’s some background: 1, 2, 3)

Now, thanks to our newly developed VirtualLandGrab technology, you can own a 128-bit integer of your very own.

Here’s how we do it. First, we generate a fresh pseudorandom integer, just for you. Then we use your integer to encrypt a copyrighted haiku, thereby transforming your integer into a circumvention device capable of decrypting the haiku without your permission. We then give you all of our rights to decrypt the haiku using your integer. The DMCA does the rest.

The haiku is copyright 2007 by Edward W. Felten:

We own integers,
Says AACS LA.
You can own one too.

Here is your very own 128-bit integer, which we hereby deed to you:

[can’t display integer]

If you’d like another integer, just hit Shift-Reload, and we’ll make a fresh one for you. Make as many as you want! Did we mention that a shiny new integer would make a perfect Mother’s Day gift?

If you like our service, you can upgrade for a low annual fee to VirtualLandGrab Gold – and claim thousands of integers with a single click!

Why the 09ers Are So Upset

The user revolt at Digg and elsewhere, over attempts to take down the now-famous “09 F9 …” number, is now all over the press. (Background: 1, 2) Many non-techies, including some reporters, wonder why users care so much about this. What is it about “09F9…” that makes people willing to defend it by making T-shirts, writing songs, or subjecting their dotcom startup to lawsuit risk?

The answer has several parts. The first answer is that it’s a reaction against censorship. Net users hate censorship and often respond by replicating the threatened content. When Web companies take down user-submitted content at the behest of big media companies, that looks like censorship. But censorship by itself is not the whole story.

The second part of the answer, and the one most often missed by non-techies, is the fact that the content in question is an integer – an ordinary number, in other words. The number is often written in geeky alphanumeric format, but it can be written equivalently in a more user-friendly form like 790,815,794,162,126,871,771,506,399,625. Giving a private party ownership of a number seems deeply wrong to people versed in mathematics and computer science. Letting a private group pick out many millions of numbers (like the AACS secret keys), and then simply declare ownership of them, seems even worse.

While it’s obvious why the creator of a movie or a song might deserve some special claim over the use of their creation, it’s hard to see why anyone should be able to pick a number at random and unilaterally declare ownership of it. There is nothing creative about this number – indeed, it was chosen by a method designed to ensure that the resulting number was in no way special. It’s just a number they picked out of a hat. And now they own it?

As if that’s not weird enough, there are actually millions of other numbers (other keys used in AACS) that AACS LA claims to own, and we don’t know what they are. When I wrote the thirty-digit number that appears above, I carefully avoided writing the real 09F9 number, so as to avoid the possibility of mind-bending lawsuits over integer ownership. But there is still a nonzero probability that AACS LA thinks it owns the number I wrote.

When the great mathematician Leopold Kronecker wrote his famous dictum, “God created the integers; all else is the work of man”, he meant that the basic structure of mathematics is part of the design of the universe. What God created, AACS LA now wants to take away.

The third part of the answer is that the link between the 09F9 number and the potential harm of copyright infringement is pretty tenuous. AACS LA tells everyone who will listen that the discovery and distribution of the 09F9 number is no real threat to the viability of AACS or the HD-DVD/Blu-ray formats. A person getting the 09F9 number could, if he or she is technically skillful, invest a lot of work to get access to movies. But there are easier, less tech-intensive ways to get the same movies. Publishing the number has approximately zero impact on copyright infringement.

Which brings us to the civil disobedience angle. It’s no secret that many in the tech community despise the DMCA’s anticircumvention provisions. If you’re going to defy a law to show your disagreement with it, you’ll look for a situation where (1) the application of the law is especially inappropriate, (2) your violation does no actual harm, and (3) many others are doing the same thing so the breadth of opposition to the law is evident. That’s what we see here.

It will be interesting to see what AACS LA does next. My guess is that they’ll cut their losses, refrain from sending demand letters and filing lawsuits, and let the 09F9 meme run its course.

Software HD-DVD/Blu-ray Players Updated

The central authority that runs AACS (the anticopying/DRM system used on commercial HD-DVD and Blu-ray discs) announced [April 6, 2007 item] last week the reissue of some software players that can play the discs, “[i]n response to attacks against certain PC-based applications”. The affected applications include WinDVD and probably others.

Recall that analysts had previously extracted from software players a set of decryption keys sufficient to decrypt any disc sold thus far. The authority could have responded to these attacks by blacklisting the affected applications or their decryption keys, which would have limited the effect of the past attacks but would have rendered the affected applications unable to play discs, even for law-abiding customers – that’s too much collateral damage.

To reduce the harm to law-abiding customers, the authority apparently required the affected programs to issue free online updates, where the updates contain new software along with new decryptions keys. This way, customers who download the update will be able to keep playing discs, even though the the software’s old keys won’t work any more.

The attackers’ response is obvious: they’ll try to analyze the new software and extract the new keys. If the software updates changed only the decryption keys, the attackers could just repeat their previous analysis exactly, to get the new keys. To prevent this, the updates will have to restructure the software significantly, in the hope that the attackers will have to start their analysis from scratch.

The need to restructure the software explains why several months expired between the attacks and this response. New keys can be issued quickly, but restructuring software takes time. The studios reportedly postponed some planned disc releases to wait for the software reissue.

It seems inevitable that the attackers will succeed, within a month or so, in extracting keys from the new software. Even if the guts of the new software are totally unlike the old, this time the attackers will be better organized and will know more about how AACS works and how implementations tend to store and manage keys. In short, the attackers’ advantage will be greater than it was last time.

When the attackers manage to extract the new keys, a new round of the game will start. The player software will have to be restructured again so that a new version with new keys can replace the old. Then it will be the attackers’ turn, and the game will continue.

It’s a game that inherently favors the attackers. In my experience, software analysts always beat the obfuscators, if the analysts are willing to work hard, as they are here. Every round of the game, the software authors will have to come up with new and unexpected tricks for restructuring their software – tricks that will have to resist the attackers’ ever-growing suite of analysis tools. And each time the attackers succeed, they’ll be able to decrypt all existing discs.

We can model the economic effect of this game. The key parameter is the attackers’ reaction time, that is, how long it takes the attackers to extract keys from each newly issued version of the player software. If this time is short – say, a few weeks – then the AACS authority won’t benefit much from playing this game, and the authority would be nearly as well off if it simply gave up and let the extracted keys remain valid and the exploited software stay in the field.

My guess is that the attackers will extract keys from the new software within about three weeks of its availability.

2007 Predictions

This year, Alex Halderman, Scott Karlin and I put our heads together to come up with a single list of predictions. Each prediction is supported by at least two of us, except the predictions that turn out to be wrong, which must have slipped in by mistake.

Our predictions for 2007:

(1) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.

(2) An easy tool for cloning MySpace pages will show up, and young users will educate each other loudly about the evils of plagiarism.

(3) Despite the ascent of Howard Berman (D-Hollywood) to the chair of the House IP subcommittee, copyright issues will remain stalemated in Congress.

(4) Like the Republicans before them, the Democrats’ tech policy will disappoint. Only a few incumbent companies will be happy.

(5) Major record companies will sell a significant number of MP3s, promoting them as compatible with everything. Movie studios won’t be ready to follow suit, persisting in their unsuccessful DRM strategy.

(6) Somebody will figure out the right way to sell and place video ads online, and will get very rich in the process. (We don’t know how they’ll do it. If we did, we wouldn’t be spending our time writing this blog.)

(7) Some mainstream TV shows will be built to facilitate YouTubing, for example by structuring a show as a series of separable nine-minute segments.

(8) AACS, the encryption system for next-gen DVDs, will melt down and become as ineffectual as the CSS system used on ordinary DVDs.

(9) Congress will pass a national law regarding data leaks. It will be a watered-down version of the California law, and will preempt state laws.

(10) A worm infection will spread on game consoles.

(11) There will be less attention to e-voting as the 2008 election seems far away and the public assumes progress is being made. The Holt e-voting bill will pass, ratifying the now-solid public consensus in favor of paper trails.

(12) Bogus airport security procedures will peak and start to decrease.

(13) On cellphones, software products will increasingly compete independent of hardware.

HD-DVD Camp Disses Blu-Ray DRM

Proponents of HD-DVD, one of the two competing next-gen DVD standards, have harsh words for the newly announced DRM technologies adopted by the competing Blu-Ray standard, according to a Consumer Electronics Daily article quoted by an AVS Forum commenter.

[Fox engineering head Andy] Setos confirmed BD+ [one of the newly announced Blu-Ray technologies] was based on the Self-Protecting Digital Content (SPDC) encryption developed by San Francisco’s Cryptography Research. That system, which provides “renewable security” in the event AACS is hacked, was rejected for HD DVD over concerns about playability and reliability issues (CED Aug 2 p1). BDA [the Blu-Ray group] obviously had a different conclusion, Setos said.

[Hitachi advisor Mark] Knox also took a shot at the BD+ version of SPDC, calling its “Virtual Machine” concept “a goldmine for hackers.” He said the Virtual Machine “must have access to critical security info, so any malicious code designed to run on this VM would also have access. In the words of one of the more high-tech guys ‘This feeble attempt to shut the one door on hackers is going to open up a lot of windows instead.’”

There’s an interesting technical issue behind this. SPDC’s designers say that most DRM schemes are weak because a fixed DRM design is built in to player devices; and once that design is broken – as it inevitably will be – the players are forever vulnerable. Rather than using a fixed DRM design, SPDC builds into the player device a small operating system. (They call it a lightweight virtual machine, but if you look at what it does it’s clearly an operating system.) Every piece of content can come with a computer program, packaged right on the disc with the content, which the operating system loads and runs when the content is loaded. These programs can also store data and software permanently on the player. (SPDC specifications aren’t available, but they have a semi-technical white paper and a partial security analysis.)

The idea is that rather than baking a single DRM scheme into the player, you can ship out a new DRM scheme whenever you ship out a disc. Different content publishers can use different DRM schemes, by shipping different programs on their discs. So, the argument goes, the system is more “renewable”.

The drawback for content publishers is that adversaries can switch from attacking the DRM to attacking the operating system. If somebody finds a security bug in the operating system (and, let’s face it, OS security bugs aren’t exactly unprecedented), they can exploit it to undermine any and all DRM, or to publish discs that break users’ players, or to cause other types of harm.

There are also risks for users. The SPDC documents talk about the programs having access to permanent storage on the player, and connecting to the Internet. This means a disc could install software that watches how you use your player, and reports that information to somebody across the Net. Other undesirable behaviors are possible too. And there’s nothing much the user can do to prevent them – content publishers, in the name of security, will try to prevent reverse engineering of their programs or the spread of information about what they do – and even the player manufacturer won’t be able to promise users that programs running on the player will be well-behaved.

Even beyond this, you have all of the usual reliability problems that arise on operating systems that store data and run code on behalf of independent software vendors. Users generally cope with such problems by learning about how the OS works and tweaking its configuration; but this strategy won’t work too well if the workings of the OS are supposed to be secret.

The HD-DVD advocates are right that SPDC (aka BD+) opens a real can of worms. Unless the SPDC/BD+ specifications are released, I for one won’t trust that the system is secure and stable enough to make anybody happy.