What DVD encryption can't solve

| Comments (6) | TrackBacks (44) |
The thing about DVD encryption, whether it's CCS or AACS is that it's not going to stop copying DVDs. The obvious way to copy a DVD is simply to make an exact duplicate of all the data onto your hard drive or another piece of plastic. This requires that you be able to read the raw bits off the DVD, but there's no technical obstacle to making that kind of equipment and in fact it's fairly easy to get. No encryption can stop this from happening because it bypasses the encryption.

DVD encryption accomplishes two major goals:

  1. It stops people from making third party players.
  2. It makes it hard to get access to the plaintext.

Why deny access to the plaintext when copying the ciphertext is so easy? Well, DVDs are fairly large, so they consume a lot of disk space and take a long time to transmit over the Internet. So, if you want to share files it pays to be able to compress them--even much smaller music files are generally compressed for transmission and storage after people copy them from CD. But encrypted data is essentially incompressible so getting access to the plaintext is the first step in doing the transcoding.

Because of the size issue, effective DVD encryption would make sharing movies over the Internet very difficult. But of course, this is a temporary situation. Given the rapid increase in disk space and network bandwidth it's only a matter of time before you can copy encrypted DVDs around.

And of course, AACS only works if you can identify which key was compromised. If people just rip their DVDs and post the compressed plaintext, there's no way of knowing1 which player was compromised and so you can't revoke it. Obviously, it's a lot of work for your average end user to compromise his own player (though you could imagine some hacker releasing a patch that would let you break any copy of some player) but it's not that much work for a pirate.

At the end of the day what you're left with is a technology that doesn't really stop piracy but that does stop people making unauthorized players.

1. Yes, I know about watermarking, but it's very inconvenient to use watermarking because that requires having each disk be different and tracking who buys which disks. I don't get the impression that AACS involves watermarking.

44 TrackBacks

Listed below are links to blogs that reference this entry: What DVD encryption can't solve.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/221

Last week, specifications were released for AACS, an encryption-based system that may be used on next-generation DVDs. You may recall that CSS, which is currently used on DVDs, is badly misdesigned, to the point that I sometimes use it in teaching as a... Read More

EFF - AACS - More Useless DRM. from Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography) on April 19, 2005 12:59 PM

AACS - More Useless DRM . Read More

music for from Martin Andreasson on July 16, 2005 8:47 AM

What DVD encryption ca... Read More

maria mckee from Carina Fredriksson on July 30, 2005 1:18 AM

What DVD encryption ca... Read More

venetian casino from venetian casino on August 1, 2005 3:45 AM

venetian casino Read More

discount Read More

real estate appraisal from real estate appraisal on August 23, 2005 10:38 AM

real estate appraisal Read More

Keflex from Lenore Bremberg on August 23, 2005 1:38 PM

What DVD encryption ca... Read More

cephalosporins from Dennis Rundberg on August 25, 2005 12:48 PM

What DVD encryption ca... Read More

What DVD encryption ca... Read More

What DVD encryption ca... Read More

What DVD encryption ca... Read More

TITLE: http://mp3-down URL: http://mp3-down IP: BLOG NAME: DATE: 08/31/2005 03:00:21 AM Read More

commercial real estate appraisal from commercial real estate appraisal on September 7, 2005 4:23 AM

commercial real estate appraisal Read More

texas holdem I am too much of a sceptic to deny the possibility of anything. Read More

What DVD encryption ca... Read More

loan calculator The stores would not blossom out into brilliant skulkers, cunning fingers would not be busy in vritt Read More

credit card application from credit card application on October 13, 2005 6:21 PM

In your free time, check out the sites about discover card cash advance personal loans Read More

detoxification from detoxification on October 27, 2005 2:37 PM

detoxification Read More

birth control Read More

debt calculator from debt calculator on October 30, 2005 9:39 AM

debt calculator Read More

apartment for sale from apartment for sale on October 31, 2005 11:07 AM

apartment for sale Read More

real estate loan from real estate loan on November 4, 2005 8:17 AM

real estate loan Read More

cash advance Read More

buy cleocin Read More

receded census!mixer lifting battered:bilk bad credit personal loan http://bad-credit-personal-loan.4u-money.com/ Read More

American virgin teens fucking picture from Free download schoolgirl sex videos on December 12, 2005 6:02 PM

Teenage sex free pictures Teen sister fucking gallary Little girls fucking with little boys Sample fatherdaughter incest story Read More

thighs dispersion jealously dancing anymore swains.naproxen http://www.drugs-order.com/naproxen.html Read More

Windows media tera patrick clips Free online teen sex movies Young indian teen sex Young rusian sex girl... Read More

kitten Genevieve expressibly!thereupon!trinkets revoked spectacles?blinking online poker rooms http://www.computerxchange.com/online-poker-rooms.html Read More

redbook Read More

discount airfares from discount airfares on January 24, 2006 3:00 AM

discount airfares Read More

cephalexin keflex from cephalexin keflex on January 26, 2006 5:51 AM

Description with links to full prescribing information for this Read More

kelly blue book from kelly blue book on February 4, 2006 3:18 AM

kelly blue book Read More

spirit airline from spirit airline on February 7, 2006 10:33 AM

spirit airline Read More

david usher Read More

free no membership nude celebs from free no membership nude celebs on February 14, 2006 6:31 AM

TITLE: free no membership nude celebs URL: http://free-no-membership-nude-celebs.join-4free.info IP: BLOG NAME: free no membership nude celebs DATE: 02/14/2006 06:31:01 AM Read More

cocaine Read More


You also forgot the Software Player gap: There will be software only players for Windows which are liscenced, and you can trivially get the keys from those in order to extract the plaintext.

I believe the first linux player someone hacked up just used one of these keys rather than DECSS.


That's absolutely true, but if you have a revocation scheme, then it won't be possible to release a player that incorporates a single hacked key. You'll either need to keep releasing new hacked keys or have a piece of software that can extract the key from the user's machine.

The purpose of CSS is to ensure only members of the DVD CCA can make players. They in turn are contractually bound by provisions such as not being allowed to manufacture region-free players. And the DVD CCA can enforce its royalties on player manufacturers.

You can bet the $39 DVD players at Wal-Mart were made by Chinese vendors who are not paying royalties out of their razor-thin profit margins. AACS would allow the DVD CCA to selectively revoke keys for DVD player manufacturers who try and evade royalties.

In short, one of the primary purposes of DVD encryption is to maintain a fragmented global market so the content industry can keep their control over distribution, and keep on charging artificially inflated profit margins in markets like Europe or Australia.

It might not be that easy to pass around encrypted disks, even if the bandwidth were available. The spec seems to envision something like Trusted Computing being used in PC based players, otherwise capturing the decoded video would be relatively easy. That trusted software component could be set up to require an actual HD-DVD drive with a real disk in it, and not accept an image stored in a directory somewhere.

Also, apparently they intend every recorded disk to be unique. From page 3-4 of the crypto spec:

"Pre-Recorded Media Serial Number

"An identifier that will be unique to each instance of Pre-Recorded media. If the media is an optical disc, it might be recorded in the Burst Cutting Area to enable licensed replicators to record unique values for each disc. The Serial Number must be globally unique to ensure that network based transactions that enable the Enhanced Features defined in chapter 5 of this book can be utilized."

This could allow shared disk image to be traced to its source, under some circumstances.

Much of the PC spec in the recorded media book seems oriented towards having the PC validate the disk rather than vice versa. Disks are signed, hashes of subsets are stored, and PCs are supposed to check all that. I'm not sure if this adds any actual security, or if it simply protects the pocketbook of the AACS Licensing Administrator, making sure that non-AACS HD-DVDs can't exist.

Ah, I missed that about the serial number when I skimmed it. That's surprising--my impression was that that added substantially to the cost of the disks.

I don't really see that that makes much of a difference, though, seeing as you can buy DVDs for cash at WalMart....

If every player watermarks its device ID into its output, then a compromised player can be detected and revoked. Of course, this will eventually be defeated by using non-watermarking transcoding tools.

Tracing compromised discs is not a goal of AACS AFAIK; knowing which disc was copied doesn't solve anything. (Sure, maybe you could sue one guy, but N more would replace him.)

Leave a comment