Content Scramble System

Last updated
Content Scramble System (CSS)
General
Designers DVD Forum
First publishedAround 1996
Certification DVD Copy Control Association
Cipher detail
Key sizes 40 bits
Security claims240
State size2048 bytes (DVD sector size)
Structure Linear-feedback shift register-based stream cipher
Best public cryptanalysis
Defeated in 1999 by DeCSS, 40-bit key size is subject to brute-force attack, effective key size is about 16 bits. This can be brute-forced in about a minute by a Pentium II, or a few seconds by a modern CPU.

The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 1996 and was first compromised in 1999. [1]

Contents

CSS is one of several complementary systems designed to restrict DVD-Video access.

It has been superseded by newer DRM schemes such as Content Protection for Recordable Media (CPRM), or by Advanced Encryption Standard (AES) in the Advanced Access Content System (AACS) DRM scheme used by HD DVD and Blu-ray Disc, which have 56-bit and 128-bit key sizes, respectively, providing a much higher level of security than the less secure 40-bit key size of CSS.

Preliminary note

The content scramble system (CSS) is a collection of proprietary protection mechanisms for DVD-Video discs. CSS attempts to restrict access to the content only for licensed applications. According to the DVD Copy Control Association (CCA), which is the consortium that grants licenses, CSS is supposed to protect the intellectual property rights of the content owner.

The details of CSS are only given to licensees for a fee. The license, [2] which binds the licensee to a non-disclosure agreement, would not permit the development of open-source software for DVD-Video playback. Instead, there is libdvdcss, a reverse engineered implementation of CSS. Libdvdcss is a source for documentation, along with the publicly available DVD-ROM [3] and MMC [4] specifications. There has also been some effort to collect CSS details from various sources. [5]

A DVD-Video can be produced with or without CSS. The publisher may for instance decide to go without CSS protection to save license and production costs.

Introduction

The content scramble system deals with three participants: the disc, the drive and the player. The disc holds the purported copyright information and the encrypted feature. The drive provides the means to read the disc. The player decrypts and presents the audio and visual content of the feature. All participants must conform to the CCA's license agreement.

There are three protection methods:

The first two protection methods have been broken. Circumvention of regional protection is not possible with every drive—even if the drive grants access to the feature, prediction of title keys may fail. [5] However, DVD players exist which do not enforce regional restrictions (after being disabled manually), which makes regional restrictions less effective as a component of CSS. [6]

Disc

The DVD-ROM's main-data (§16 [3] ), which are consecutive logical blocks of 2048 bytes, are structured according to the DVD-Video format. The DVD-Video contains (besides others) an MPEG program stream which consists of so-called Packs. If CSS is applied to the disc then a subset of all Packs is encrypted with a title-key.

A DVD-ROM contains, besides the main-data, additional data areas. CSS stores there:

CSS also uses six bytes in the frame header for each logical block of user data (§16.3, [3] §6.29.3.1.5 [4] ):

Drive

The drive treats a DVD-Video disc as any DVD-ROM disc. The player reads the disc's user-data and processes them according to the DVD-Video format. However, if the drive detects a disc that has been compiled with CSS, it denies access to logical blocks that are marked as copyrighted (§6.15.3 [4] ). The player has to execute an authentication handshake first (§4.10.2.2 [4] ). The authentication handshake is also used to retrieve the disc-key-block and the title-keys.

The drive may also support Regional Playback Control (RPC) to limit the playback of DVD-Video content to specific regions of the world (§3.3.26 [4] ). RPC Phase II drives hold an 8-bit region-code and adhere to all requirements of the CSS license agreement (§6.29.3.1.7 [4] ). It appears that RPC Phase II drives reject title-key requests on region mismatch. However, reading of user-data may still work. [5]

Cipher

CSS employs a stream cipher and mangles the keystream with the plain-text data to produce the cipher text. [7] The stream cipher is based on two linear-feedback shift register (LFSR) and set up with a 40-bit seed.

Mangling depends on the type of operation. There are three types:

In order to decrypt a DVD-Video, the player reads the disc-key-block and uses its player-key to decrypt the disc-key. Thereafter, the player reads the title-keys and decrypts them with the disc-key. A different title-key can be assigned for the Video Manager and for each Video Title Set. The title-keys are used to decrypt the encrypted Packs. [5]

Cryptanalysis

CSS employs cryptographic keys with a size of only 40 bits. This makes CSS vulnerable to a brute-force attack. At the time CSS was introduced, it was forbidden in the United States for manufacturers to export cryptographic systems employing keys in excess of 40 bits, a key length that had already been shown to be wholly inadequate in the face of increasing computer processing power (see Data Encryption Standard).

Based on the leaked DeCSS source-code, Frank A. Stevenson published in November 1999 three exploits that rendered the CSS cipher practically ineffective: [7]

The latter exploit recovers a disk-key from its hash-value in less than 18 seconds on a 450 MHz Intel Pentium III.

The CSS design was prepared for the leak of a few player-keys. New discs would not contain an encrypted variant for these player-keys in the disc-key-block. However, Stevenson's exploits made it possible to generate all player-keys. Libdvdcss uses such a list of generated player-keys.

There are cases when no title-keys are available. A drive may deny access on region mismatch but still permit reading of the encrypted DVD-Video. Ethan Hawke presented a plain-text prediction for data repetitions in the MPEG program stream that enables the recovery of title-keys in real-time directly from the encrypted DVD-Video. [8]

In Geeks Bearing Gifts , author Ted Nelson states "DVD encryption was intentionally made light by the DVD encryption committee, based on arguments in a libertarian book Computer Lib .", a claim cited as originating from personal communication with an anonymous source; Nelson is the author of Computer Lib. [9]

See also

Related Research Articles

<span class="mw-page-title-main">DeCSS</span> Free open-source program to decode DVDs with encryption

DeCSS is one of the first free computer programs capable of decrypting content on a commercially produced DVD video disc. Before the release of DeCSS, free and open source operating systems could not play encrypted video DVDs.

<span class="mw-page-title-main">Block cipher mode of operation</span> Cryptography algorithm

In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.

<span class="mw-page-title-main">DVD-Audio</span> DVD format for storing high-fidelity audio

DVD-Audio is a digital format for delivering high-fidelity audio content on a DVD. DVD-Audio uses most of the storage on the disc for high-quality audio and is not intended to be a video delivery format.

High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio and video content as it travels across connections. Types of connections include DisplayPort (DP), Digital Visual Interface (DVI), and High-Definition Multimedia Interface (HDMI), as well as less popular or now deprecated protocols like Gigabit Video Interface (GVIF) and Unified Display Interface (UDI).

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

VOB is the container format in DVD-Video media. VOB can contain digital video, digital audio, subtitles, DVD menus and navigation contents multiplexed together into a stream form. Files in VOB format may be encrypted.

Windows Media DRM or WMDRM, is a digital rights management service for the Windows Media platform. It is designed to provide delivery of audio or video content over an IP network to a PC or other playback device in such a way that the distributor can control how that content is used.

Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

EncFS is a Free (LGPL) FUSE-based cryptographic filesystem. It transparently encrypts files, using an arbitrary directory as storage for the encrypted files.

In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achieved with inexpensive hardware resources.

Institute of Electrical and Electronics Engineers (IEEE) standardization project for encryption of stored data, but more generically refers to the Security in Storage Working Group (SISWG), which includes a family of standards for protection of stored data and for the corresponding cryptographic key management.

This is a technical feature comparison of different disk encryption software.

<span class="mw-page-title-main">BackupHDDVD</span> AACS decryption software

BackupHDDVD is a small computer software utility program available in command line and GUI versions which aids in the decryption of commercial HD DVD discs protected by the Advanced Access Content System. It is used to back up discs, often to enable playback on hardware configurations without full support for HDCP. The program's source code was posted online, but no licence information was given.

<span class="mw-page-title-main">Advanced Access Content System</span> Standard for content distribution and digital rights management

The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, intended to restrict access to and copying of the post-DVD generation of optical discs. The specification was publicly released in April 2005. The standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc (BD). It is developed by AACS Licensing Administrator, LLC, a consortium that includes Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony. AACS has been operating under an "interim agreement" since the final specification has not yet been finalized.

BD+ is a component of the Blu-ray Disc digital rights management system. It was developed by Cryptography Research Inc. and is based on their Self-Protecting Digital Content concept. Its intent was to prevent unauthorized copies of Blu-ray discs and the playback of Blu-ray media using unauthorized devices.

<span class="mw-page-title-main">Security of Advanced Access Content System</span>

The security of Advanced Access Content System (AACS) has been a subject of discussion amongst security researchers, high definition video enthusiasts, and consumers at large since its inception. A successor to Content Scramble System (CSS), the digital rights management mechanism used by commercial DVDs, AACS was intended to improve upon the design of CSS by addressing flaws which had led to the total circumvention of CSS in 1999. The AACS system relies on a subset difference tree combined with a certificate revocation mechanism to ensure the security of high definition video content in the event of a compromise.

<span class="mw-page-title-main">DVD-Video</span> Format used to store digital video on DVD discs

DVD-Video is a consumer video format used to store digital video on DVDs. DVD-Video was the dominant consumer home video format in Asia, North America, Europe, and Australia in the 2000s until it was supplanted by the high-definition Blu-ray Disc, before eventually both were replaced by streaming services such as Netflix and Disney+. Discs using the DVD-Video specification require a DVD drive and an MPEG-2 decoder. Commercial DVD movies are encoded using a combination of MPEG-2 compressed video and audio of varying formats. Typically, the data rate for DVD movies ranges from 3 to 9.5 Mbit/s, and the bit rate is usually adaptive. DVD-Video was first available in Japan on November 1, 1996, followed by a release on March 26, 1997, in the United States—to line up with the 69th Academy Awards that same day.

<span class="mw-page-title-main">Media Key Block</span>

The Media Key Block (MKB) is one of the keys included inside the copying protection system (DRM) AACS. This system is used to prevent Blu-ray and HD DVD formats from being copied. The system was developed by companies from the film industry and the electronics industry including IBM, Intel, Microsoft, Matsushita (Panasonic), Sony, Toshiba, The Walt Disney Company and Warner Bros.

Encrypted Title Key is an encrypted key that belongs to anticopy Advanced Access Content System (AACS). This key is included in the Media Key Block system and is an important part of the content protection process of Blu-ray and HD-DVD contents.

References

  1. Frank, Stevenson (2020-09-26) [1999]. "mail1.txt". cs.cmu.edu. Retrieved 2020-09-26.
  2. "DVD CCA CSS License Agreement" (PDF). Archived from the original (PDF) on May 30, 2015.
  3. 1 2 3 "Standard ECMA-267, 3rd edition, 2001, 120 mm DVD - Read-Only Disk" (PDF).
  4. 1 2 3 4 5 6 7 8 "File Access Monitor" (PDF). www.t10.org.
  5. 1 2 3 4 "The Content Scramble System – A Study" (PDF). GitHub .
  6. "Make Your DVD Player Region-Free in Seconds". Wise Bread.
  7. 1 2 Frank A. Stevenson (November 8, 1999). "Cryptanalysis of Contents Scrambling System". Archived from the original on March 2, 2000.{{cite journal}}: Cite journal requires |journal= (help)
  8. "Ethan Hawke: DeCSSplus (Source Code)".
  9. Nelson, Ted (2008). Geeks bearing gifts : how the computer world got this way (Ed. 1.0. ed.). Sausalito, CA: Mindful Press. pp.  199. ISBN   978-0-578-00438-9.