Advanced Access Content System

Last updated

AACS decryption process AACS dataflow.svg
AACS decryption process

The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, intended to restrict access to and copying of the post-DVD generation of optical discs. The specification was publicly released in April 2005. The standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc (BD). It is developed by AACS Licensing Administrator, LLC (AACS LA), a consortium that includes Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony. AACS has been operating under an "interim agreement" since the final specification (including provisions for Managed Copy) has not yet been finalized.

Contents

Since appearing in devices in 2006, several AACS decryption keys have been extracted from software players and published on the Internet, allowing decryption by unlicensed software.

System overview

Encryption

AACS uses cryptography to control and restrict the use of digital media. It encrypts content under one or more title keys using the Advanced Encryption Standard (AES). Title keys are decrypted using a combination of a media key (encoded in a Media Key Block) and the Volume ID of the media (e.g., a physical serial number embedded on a pre-recorded disc).

The principal difference between AACS and CSS (the DRM system used on DVDs) lies in how the device decryption keys and codes are organized.

Under CSS, all players of a given model group are provisioned with the same shared activated decryption key. Content is encrypted under the title-specific key, which is itself encrypted under each model's key. Thus each disc contains a collection of several hundred encrypted keys, one for each licensed player model.

In principle, this approach allows licensors to "revoke" a given player model (prevent it from playing back future content) by omitting to encrypt future title keys with the player model's key. In practice, however, revoking all players of a particular model is costly, as it causes many users to lose playback capability. Furthermore, the inclusion of a shared key across many players makes key compromise significantly more likely, as was demonstrated by a number of compromises in the mid-1990s.

The approach of AACS provisions each individual player with a unique set of decryption keys which are used in a broadcast encryption scheme. This approach allows licensors to "revoke" individual players, or more specifically, the decryption keys associated with the player. Thus, if a given player's keys are compromised and published, the AACS LA can simply revoke those keys in future content, making the keys/player useless for decrypting new titles.

AACS also incorporates traitor tracing techniques. The standard allows for multiple versions of short sections of a movie to be encrypted with different keys, while a given player will only be able to decrypt one version of each section. The manufacturer embeds varying digital watermarks (such as Cinavia) in these sections, and upon subsequent analysis of the pirated release the compromised keys can be identified and revoked (this feature is called Sequence keys in the AACS specifications). [1] [2]

Volume IDs

Volume IDs are unique identifiers or serial numbers that are stored on pre-recorded discs with special hardware. They cannot be duplicated on consumers' recordable media. The point of this is to prevent simple bit-by-bit copies, since the Volume ID is required (though not sufficient) for decoding content. On Blu-ray discs, the Volume ID is stored in the BD-ROM Mark. [3]

To read the Volume ID, a cryptographic certificate (the Private Host Key) signed by the AACS LA is required. However, this has been circumvented by modifying the firmware of some HD DVD and Blu-ray drives. [4] [5]

Decryption process

To view the movie, the player must first decrypt the content on the disc. The decryption process is somewhat convoluted. The disc contains 4 items—the Media Key Block (MKB), the Volume ID, the Encrypted Title Keys, and the Encrypted Content. The MKB is encrypted in a subset difference tree approach. Essentially, a set of keys are arranged in a tree such that any given key can be used to find every other key except its parent keys. This way, to revoke a given device key, the MKB needs only be encrypted with that device key's parent key.

Once the MKB is decrypted, it provides the Media Key, or the km. The km is combined with the Volume ID (which the program can only get by presenting a cryptographic certificate to the drive, as described above) in a one-way encryption scheme (AES-G) to produce the Volume Unique Key (Kvu). The Kvu is used to decrypt the encrypted title keys, and that is used to decrypt the encrypted content. [4] [6]

Analog Outputs

AACS-compliant players must follow guidelines pertaining to outputs over analog connections. This is set by a flag called the Image Constraint Token (ICT), which restricts the resolution for analog outputs to 960×540. Full 1920×1080 resolution is restricted to HDMI or DVI outputs that support HDCP. The decision to set the flag to restrict output ("down-convert") is left to the content provider. Warner Pictures is a proponent of ICT, and it is expected that Paramount and Universal will implement down-conversion as well. [7] AACS guidelines require that any title which implements the ICT must clearly state so on the packaging. The German magazine "Der Spiegel" has reported about an unofficial agreement between film studios and electronics manufacturers to not use ICT until 2010 – 2012. [8] However, some titles have already been released that apply ICT. [9]

Audio watermarking

On 5 June 2009, the licensing agreements for AACS were finalized, which were updated to make Cinavia detection on commercial Blu-ray disc players a requirement. [10]

Managed Copy

Managed Copy refers to a system by which consumers can make legal copies of films and other digital content protected by AACS. This requires the device to obtain authorization by contacting a remote server on the Internet. The copies will still be protected by DRM, so infinite copying is not possible (unless it is explicitly allowed by the content owner). It is mandatory for content providers to give the consumer this flexibility in both the HD DVD and the Blu-ray standards (commonly called Mandatory Managed Copy). The Blu-ray standards adopted Mandatory Managed Copy later than HD DVD, after HP requested it. [11]

Possible scenarios for Managed Copy include (but are not limited to):

This feature was not included in the interim standard, so the first devices on the market did not have this capability. [12] It was expected to be a part of the final AACS specification. [13]

In June 2009, the final AACS agreements were ratified and posted online, and include information on the Managed Copy aspects of AACS.

History

On 24 February 2001, Dalit Naor, Moni Naor and Jeff Lotspiech published a paper entitled "Revocation and Tracing Schemes for Stateless Receivers", where they described a broadcast encryption scheme using a construct called Naor-Naor-Lotspiech subset-difference trees. That paper laid the theoretical foundations of AACS. [14]

The AACS LA consortium was founded in 2004. [15] With DeCSS in hindsight, the IEEE Spectrum magazine's readers voted AACS to be one of the technologies most likely to fail in the January 2005 issue. [16] The final AACS standard was delayed, [17] and then delayed again when an important member of the Blu-ray group voiced concerns. [18] At the request of Toshiba, an interim standard was published which did not include some features, like managed copy. [12] On July 5, 2009 the license of AACS1 went online. [19]

Unlicensed decryption

On 26 December 2006, a person using the alias "muslix64" published a working, open-sourced AACS decrypting utility named BackupHDDVD, looking at the publicly available AACS specifications. Given the correct keys, it can be used to decrypt AACS-encrypted content. A corresponding BackupBluRay program was soon developed. [20] Blu-ray Copy is a program capable of copying Blu-rays to the hard drive or to blank BD-R discs. [21]

Security

Both title keys and one of the keys used to decrypt them (known as Processing Keys in the AACS specifications) have been found by using debuggers to inspect the memory space of running HD DVD and Blu-ray player programs. [22] [23] [24] [25] Hackers also claim to have found Device Keys [26] (used to calculate the Processing Key) and a Host Private Key [27] (a key signed by the AACS LA used for hand-shaking between host and HD drive; required for reading the Volume ID). The first unprotected HD movies were available soon afterwards. [28] The processing key was widely published on the Internet after it was found and the AACS LA sent multiple DMCA takedown notices in the aim of censoring it. [29] Some sites that rely on user-submitted content, like Digg and Wikipedia, tried to remove any mentions of the key. [30] [31] The Digg administrators eventually gave up trying to censor submissions that contained the key. [32]

The AACS key extractions highlight the inherent weakness in any DRM system that permit software players for PCs to be used for playback of content. No matter how many layers of encryption are employed, it does not offer any true protection, since the keys needed to obtain the unencrypted content stream must be available somewhere in memory for playback to be possible. The PC platform offers no way to prevent memory snooping attacks on such keys, since a PC configuration can always be emulated by a virtual machine, in theory without any running program or external system being able to detect the virtualization. The only way to wholly prevent attacks like this would require changes to the PC platform (see Trusted Computing) which could provide protection against such attacks. This would require that content distributors do not permit their content to be played on PCs without trusted computing technology, by not providing the companies making software players for non-trusted PCs with the needed encryption keys.

On 16 April 2007, the AACS consortium announced that it had expired certain encryption keys used by PC-based applications. Patches were available for WinDVD and PowerDVD which used new and uncompromised encryption keys. [33] [34] The old, compromised keys can still be used to decrypt old titles, but not newer releases as they will be encrypted with these new keys. All users of the affected players (even those considered "legitimate" by the AACS LA) are forced to upgrade or replace their player software in order to view new titles.

Despite all revocations, current titles can be decrypted using new MKB v7, v9 or v10 keys widely available in the Internet.

Besides spreading processing keys on the Internet, there have also been efforts to spread title keys on various sites. [35] The AACS LA has sent DMCA takedown notices to such sites on at least one occasion. [36] There is also commercial software (AnyDVD HD) that can circumvent the AACS protection. Apparently this program works even with movies released after the AACS LA expired the first batch of keys. [37]

While great care has been taken with AACS to ensure that contents are encrypted right up to the display device, on the first versions of some Blu-ray and HD DVD software players a perfect copy of any still frame from a film could be made simply by utilizing the Print Screen function of the Windows operating system. [38] [39]

Patent challenges

On 30 May 2007, Canadian encryption vendor Certicom sued Sony alleging that AACS violated two of its patents, "Strengthened public key protocol" [40] and "Digital signatures on a Smartcard." [41] The patents were filed in 1999 and 2001 respectively, and in 2003 the National Security Agency paid $25 million for the right to use 26 of Certicom's patents, including the two that Sony is alleged to have infringed on. [42] The lawsuit was dismissed on May 27, 2009. [43]

See also

Related Research Articles

<span class="mw-page-title-main">DVD-Audio</span> DVD format for storing high-fidelity audio

DVD-Audio is a digital format for delivering high-fidelity audio content on a DVD. DVD-Audio uses most of the storage on the disc for high-quality audio and is not intended to be a video delivery format.

FairPlay is a family of digital rights management (DRM) technologies developed by Apple Inc. for protecting videos, books and apps and historically for music.

High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio and video content as it travels across connections. Types of connections include DisplayPort (DP), Digital Visual Interface (DVI), and High-Definition Multimedia Interface (HDMI), as well as less popular or now deprecated protocols like Gigabit Video Interface (GVIF) and Unified Display Interface (UDI).

VOB is the container format in DVD-Video media. VOB can contain digital video, digital audio, subtitles, DVD menus and navigation contents multiplexed together into a stream form. Files in VOB format may be encrypted.

<span class="mw-page-title-main">AnyDVD</span> DVD ripping software

AnyDVD is a device driver for Microsoft Windows which allows decryption of DVDs on the fly, as well as targeted removal of copy preventions and user operation prohibitions (UOPs). With an upgrade, it will also do the same for HD DVD and Blu-ray Disc. The AnyDVD program runs in the background, making discs unrestricted and region-free. In addition to removing digital restrictions, AnyDVD will also defeat Macrovision analog copy prevention. Analog prevention distorts the video signal to prevent high quality copying from the output. AnyDVD is also able to remove copy-prevention from audio CDs.

Broadcast encryption is the cryptographic problem of delivering encrypted content over a broadcast channel in such a way that only qualified users can decrypt the content. The challenge arises from the requirement that the set of qualified users can change in each broadcast emission, and therefore revocation of individual users or user groups should be possible using broadcast transmissions, only, and without affecting any remaining users. As efficient revocation is the primary objective of broadcast encryption, solutions are also referred to as revocation schemes.

The High-Definition Audio-Video Network Alliance (HANA) was a cross-industry collaboration of members addressing the end-to-end needs of connected, HD, home entertainment products and services. Leading companies formed the organization from the four industries most affected by the HD revolution: content providers, consumer electronics, service providers, and information technology. HANA created design guidelines for secure high-definition audio-video networks that would speed the creation of new, high-quality, easy-to-use HD products. HANA membership was open to all companies involved in the digital entertainment industry. HANA was dissolved in September 2009, and the 1394 Trade Association assumed control of all HANA-generated intellectual property.

<span class="mw-page-title-main">RedFox</span> Belizean software development company

RedFox is a software development company based in Belize. The company is most prominently known for its software AnyDVD, which can be used to bypass copy protection measures on optical media, including DVD and Blu-ray Disc media, as well as CloneCD, which is used to back up the contents of optical discs.

Self Protecting Digital Content (SPDC), is a copy protection architecture designed by Cryptography Research, Inc. for Blu-ray discs.

<span class="mw-page-title-main">BackupHDDVD</span> AACS decryption software

BackupHDDVD is a small computer software utility program available in command line and GUI versions which aids in the decryption of commercial HD DVD discs protected by the Advanced Access Content System. It is used to back up discs, often to enable playback on hardware configurations without full support for HDCP. The program's source code was posted online, but no licence information was given.

The Protected Media Path is a set of technologies creating a "Protected Environment," first included in Microsoft's Windows Vista operating system, that is used to enforce digital rights management (DRM) protections on content. Its subsets are Protected Video Path (PVP) and Protected User Mode Audio (PUMA). Any application that uses Protected Media Path in Windows uses Media Foundation.

<span class="mw-page-title-main">HD DVD</span> Obsolete optical disc format

HD DVD is an obsolete high-density optical disc format for storing data and playback of high-definition video. Supported principally by Toshiba, HD DVD was envisioned to be the successor to the standard DVD format, but lost to Blu-ray, supported by Sony and others.

BD+ is a component of the Blu-ray Disc digital rights management system. It was developed by Cryptography Research Inc. and is based on their Self-Protecting Digital Content concept. Its intent was to prevent unauthorized copies of Blu-ray discs and the playback of Blu-ray media using unauthorized devices.

<span class="mw-page-title-main">Security of Advanced Access Content System</span>

The security of Advanced Access Content System (AACS) has been a subject of discussion amongst security researchers, high definition video enthusiasts, and consumers at large since its inception. A successor to Content Scramble System (CSS), the digital rights management mechanism used by commercial DVDs, AACS was intended to improve upon the design of CSS by addressing flaws which had led to the total circumvention of CSS in 1999. The AACS system relies on a subset difference tree combined with a certificate revocation mechanism to ensure the security of high definition video content in the event of a compromise.

AACS LA is the body that develops and licenses the AACS copy-protection system used on the HD DVD and Blu-ray Disc high-definition optical disc formats.

The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 1996 and was first compromised in 1999.

<span class="mw-page-title-main">Media Key Block</span>

The Media Key Block (MKB) is one of the keys included inside the copying protection system (DRM) AACS. This system is used to prevent Blu-ray and HD DVD formats from being copied. The system was developed by companies from the film industry and the electronics industry including IBM, Intel, Microsoft, Matsushita (Panasonic), Sony, Toshiba, The Walt Disney Company and Warner Bros.

<span class="mw-page-title-main">AACS encryption key controversy</span> Controversy regarding copyright

A controversy surrounding the AACS cryptographic key arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC began issuing cease and desist letters to websites publishing a 128-bit (16-byte) number, represented in hexadecimal as 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0, a cryptographic key for HD DVDs and Blu-ray Discs. The letters demanded the immediate removal of the key and any links to it, citing the anti-circumvention provisions of the United States Digital Millennium Copyright Act (DMCA).

Encrypted Title Key is an encrypted key that belongs to anticopy Advanced Access Content System (AACS). This key is included in the Media Key Block system and is an important part of the content protection process of Blu-ray and HD-DVD contents.

<span class="mw-page-title-main">Cinavia</span> Analog watermarking and steganography system

Cinavia, originally called Verance Copy Management System for Audiovisual Content (VCMS/AV), is an analog watermarking and steganography system under development by Verance since 1999, and released in 2010. In conjunction with the existing Advanced Access Content System (AACS) digital rights management (DRM) inclusion of Cinavia watermarking detection support became mandatory for all consumer Blu-ray Disc players from 2012.

References

  1. Hongxia Jin; Jeffery Lotspiech; Nimrod Megiddo (4 October 2006). "Efficient Traitor Tracing" (PDF). Retrieved 2 May 2007.
  2. "AACS Reference: Pre-recorded Video Book" (PDF). Archived from the original (PDF) on 6 February 2012. Retrieved 2 May 2007.
  3. "Blu-ray Disc Pre-recorded Book" (PDF). AACS LA. 27 July 2006. p. 15. Archived from the original (PDF) on 6 November 2007. Retrieved 1 November 2007.
  4. 1 2 Reimer, Jeremy (15 April 2007). "New AACS cracks cannot be revoked, says hacker". Ars Technica. Archived from the original on 4 May 2007. Retrieved 4 May 2007.
  5. Geremia (4 April 2007). "Got VolumeID without AACS authentication :)". Doom9.net forums. Archived from the original on 10 May 2007. Retrieved 4 May 2007.
  6. "Advanced Access Content System (AACS): Introduction and Common Cryptographic Elements" (PDF). AACS Licensing Administrator. 17 February 2007. Archived from the original (PDF) on 2 March 2007. Retrieved 5 June 2007.
  7. Sweeting, Paul (19 January 2006). "High-def 'down-converting' forced". Video Business. Archived from the original on 15 April 2006. Retrieved 4 May 2007.
  8. Ken Fisher (21 May 2006). "Hollywood reportedly in agreement to delay forced quality downgrades for Blu-ray, HD DVD". arstechnica.com. Archived from the original on 5 November 2007. Retrieved 2 November 2007.
  9. "HD DVD: "Resident Evil" nur in Standard-Auflösung via YUV". areadvd.de (in German). 29 October 2007. Archived from the original on 11 January 2008. Retrieved 2 November 2007.
  10. "AACS Issues Final Agreements, Enabling Commercial Deployment of Cinavia in Blu-ray Disc Players" (Press release). Verance. 5 June 2009. Archived from the original on 9 October 2009. Retrieved 11 October 2010.
  11. "HP to Support HD-DVD High-definition DVD Format and Join HD-DVD Promotions Group". 5 February 2006. Archived from the original on 4 May 2007. Retrieved 3 May 2007.
  12. 1 2 Perenson, Melissa J. (21 March 2006). "Burning Questions: No Copying From First High-Def Players". PC World. Archived from the original on 9 October 2007. Retrieved 5 May 2007.
  13. "HD DVD, Blu-ray "Managed Copy" coming later this year". arstechnica.com. 24 May 2007. Archived from the original on 26 May 2010. Retrieved 29 June 2010.
  14. Dan Nicolae Alexa (28 December 2006). "HD DVD's AACS Protection Bypassed. In Only 8 Days?!". playfuls.com. Archived from the original on 10 February 2008. Retrieved 25 October 2007.
  15. Katie Dean (15 July 2004). "Can Odd Alliance Beat Pirates?". Wired. Retrieved 20 January 2015.
  16. Tekla S. Perry (January 2007). "Loser: DVD Copy Protection, Take 2". Spectrum Online. Archived from the original on 8 June 2007. Retrieved 4 May 2007.
  17. Martyn Williams (14 December 2005). "Toshiba Hints at HD-DVD Delay". pcworld.com. Archived from the original on 5 October 2007. Retrieved 19 October 2007.
  18. Craig Morris (14 February 2006). "AACS copy protection for Blu-ray disc and HD DVD delayed again". heise.de. Archived from the original on 2 November 2007. Retrieved 19 October 2007.
  19. Calonge, Juan (8 June 2009). "AACS Final License Goes Online". blu-ray.com. Retrieved 11 March 2023.
  20. Drawbaugh, Ben (24 January 2007). "BackupBluray available now too". Engadget. Archived from the original on 16 May 2007. Retrieved 3 May 2007.
  21. Broida, Rick (9 July 2012). "Get Blu-ray Copy (Win) for free". CNET . Retrieved 18 July 2013.
  22. "HD-DVD Content Protection already hacked?". TechAmok. 28 December 2006. Retrieved 2 January 2007.
  23. "Hi-def DVD security is bypassed". BBC News. 26 January 2007. Archived from the original on 5 May 2007. Retrieved 2 May 2007.
  24. Block, Ryan (20 January 2007). "Blu-ray cracked too?". Engadget. Archived from the original on 23 January 2007. Retrieved 22 January 2007.
  25. Leyden, John (23 January 2007). "Blu-ray DRM defeated". The Register. Archived from the original on 25 January 2007. Retrieved 22 January 2007.
  26. ATARI Vampire (24 February 2007). "WinDVD 8 Device Key Found!". Doom9.net forums. Retrieved 4 May 2007.
  27. jx6bpm (3 March 2007). "PowerDVD private key". Doom9.net forums. Archived from the original on 29 March 2007. Retrieved 4 May 2007.{{cite web}}: CS1 maint: numeric names: authors list (link)
  28. Yam, Marcus (17 January 2007). "First Pirated HD DVDs Released". DailyTech. Archived from the original on 19 February 2007. Retrieved 3 May 2007.
  29. "AACS licensor complains of posted key" . Retrieved 2 May 2007.
  30. Boutin (1 May 2007). "Wikipedia Locks Out "The Number"". Wired. Archived from the original on 4 May 2007. Retrieved 2 May 2007.
  31. Greenberg, Andy (2 May 2007). "Digg's DRM Revolt". Forbes. Archived from the original on 4 May 2007. Retrieved 4 May 2007.
  32. "DVD DRM row sparks user rebellion". BBC News. 2 May 2007. Archived from the original on 16 May 2007. Retrieved 2 May 2007.
  33. "Press Messages: AACS – Advanced Access Content System". Archived from the original on 30 April 2007. Retrieved 2 May 2007.
  34. Yam, Marcus (26 January 2007). "AACS Responds to Cracked HD DVD and Blu-ray Disc Protections". DailyTech. Archived from the original on 11 February 2007. Retrieved 3 May 2007.
  35. Lindsay Martell (26 January 2007). "Blu-ray and HD DVD Encryption Cracked". NewsFactor Network. Archived from the original on 3 November 2007. Retrieved 29 May 2007.
  36. Alexander Kaplan (5 April 2007). "Illegal Offering of Title/Volume Keys to Circumvent AACS Copyright Protection: hdkeys.com" (pdf). DMCA takedown notice. Retrieved 29 May 2007.
  37. Ryan Paul (7 May 2007). "Latest AACS revision defeated a week before release". Ars Technica. Archived from the original on 20 May 2007. Retrieved 29 May 2007.
  38. "Work Around for New DVD Format Protections". Slashdot . 7 June 2006. Retrieved 2 May 2007.
  39. Edward Henning (7 July 2006). "Copy protection hole in Blu-ray and HD DVD movies". heise Security. Archived from the original on 22 February 2008. Retrieved 2 May 2007.
  40. Scott A. Vanstone; et al. (1 April 1999). "Strengthened public key protocol". US Patent Office. Retrieved 31 May 2007.
  41. Scott A. Vanstone; et al. (29 August 2001). "Digital signatures on a Smartcard". US Patent Office. Retrieved 31 May 2007.
  42. Nate Anderson (31 May 2007). "Encryption vendor claims AACS infringes its patents, sues Sony". Ars Technica. Archived from the original on 2 June 2007. Retrieved 31 May 2007.
  43. "Certicom Corporation et al v. Sony Corporation et al Featured Case Has Decisions". justia.com. 27 May 2009. Retrieved 12 August 2013.