This article includes a list of references, related reading or external links, but its sources remain unclear because it lacks inline citations . (July 2012) (Learn how and when to remove this template message) |
Device Keys play a role in the cryptographic key management procedure in the Advanced Access Content System (AACS) specification. This specification defines a method for protecting audiovisual entertainment content, including high-definition content.
The AACS’s cryptographic key management procedure uses Device Keys to decrypt one or more elements of a Media Key Block (MKB), in order to extract a secret Media Key (Km). A MKB is located on the physical support (the disc) together with the content of the disc encrypted. MKB enables system renewability. The MKB is generated by AACS LA , and allows all compliant devices, each using their set of secret Device Keys, to calculate the same Media Key (Km).
If a set of Device Keys is compromised in a way that threatens the integrity of the system, an updated MKB can be released that causes a device with the compromised set of Device Keys to be unable to calculate the correct Km. In this way, the compromised Device Keys are “revoked” by the new MKB.
Key or Variable | Size |
---|---|
Device Keys (Kd0,Kd1,…,Kdn-1) | 128 bits each |
Media Key Block (MKB) | Variable, multiple of 4 bytes |
Media Key (Km) | 128 bits |
Each compliant device is given a set of secret Device Keys when manufactured. The actual number of keys may be different in different media types. These Device Keys, referred to as Kdi (i=0,1,…,n-1), are provided by AACS LA. The set of Device Keys may either be unique per device, or used commonly by multiple devices.
A device shall treat its Device Keys as highly confidential.
The MKB is encrypted in a subset difference tree approach. In order to decrypt it, a device must know the right Processing Key (P) which is available via the subset-difference tree process.
Essentially, the set of Device Keys are arranged in a tree such that any given Device Key can be used to find lower level Processing keys. The processing keys at higher position in the tree than the given set of Device Keys are not reachable.
A given set of Device Keys give access to a given set of Processing keys, it is to say to a given set of decodable MKB.
This way, to revoke a given device key, the MKB needs only be encrypted with a Processing Key which is not reachable by its Device Keys set.
Each device is given its Device Keys and a 31-bit number d called the device number.
For each Device Key, there is an associated number denoted the path number, the “u” bit mask, and the “v” bit mask.
The path number denotes the position in the tree associated with the Device Key. This path number defines a path from the root to that node in the tree.
The “u” and “v” masks are used in the subset difference tree process. They are always a single sequence of 1-bits followed by a single sequence of 0-bits. The bit masks indicate “don’t care” bits in the path number; if a bit is 0 in the mask, the corresponding bit in the path number is “don’t care”.
The deeper the position of a node in the tree, the shorter the sequence of 0-bits in the mask associated to that node.
The device number, path number, and masks denote nodes within a binary tree.
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Historically, various forms of encryption have been used to aid in cryptography. Early encryption techniques were often utilized in military messaging. Since then, new techniques have emerged and become commonplace in all areas of modern computing. Modern encryption schemes utilize the concepts of public-key and symmetric-key. Modern encryption techniques ensure security because modern computers are inefficient at cracking the encryption.
A5/1 is a stream cipher used to provide over-the-air communication privacy in the GSM cellular telephone standard. It is one of seven algorithms which were specified for GSM use. It was initially kept secret, but became public knowledge through leaks and reverse engineering. A number of serious weaknesses in the cipher have been identified.
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is transmitted through a series of network nodes called onion routers, each of which "peels" away a single layer, uncovering the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.
Key exchange is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.
High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio & video content as it travels across connections. Types of connections include DisplayPort (DP), Digital Visual Interface (DVI), and High-Definition Multimedia Interface (HDMI), as well as less popular or now deprecated protocols like Gigabit Video Interface (GVIF) and Unified Display Interface (UDI).
Key generation is the process of generating keys in cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted.
This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see cryptographic key types.
Broadcast encryption is the cryptographic problem of delivering encrypted content over a broadcast channel in such a way that only qualified users can decrypt the content. The challenge arises from the requirement that the set of qualified users can change in each broadcast emission, and therefore revocation of individual users or user groups should be possible using broadcast transmissions, only, and without affecting any remaining users. As efficient revocation is the primary objective of broadcast encryption, solutions are also referred to as revocation schemes.
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.
In cryptography, Derived Unique Key Per Transaction (DUKPT) is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Therefore, if a derived key is compromised, future and past transaction data are still protected since the next or prior keys cannot be determined easily. DUKPT is specified in ANSI X9.24 part 1.
Simple Key-Management for Internet Protocol or SKIP was a protocol developed circa 1995 by the IETF Security Working Group for the sharing of encryption keys. SKIP and Photuris were evaluated as key exchange mechanisms for IPsec before the adoption of IKE in 1998.
BackupHDDVD is a small computer software utility program available in command line and GUI versions which aids in the decryption of commercial HD DVD discs protected by the Advanced Access Content System. It is used to back up discs, often to enable playback on hardware configurations without full support for HDCP. The program's source code was posted online, but no licence information was given.
The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, intended to restrict access to and copying of the post-DVD generation of optical discs. The specification was publicly released in April 2005 and the standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc (BD). It is developed by AACS Licensing Administrator, LLC, a consortium that includes Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony. AACS has been operating under an "interim agreement" since the final specification has not yet been finalized.
The Key Selection Vector means the numeric value associated with a Device Key Set and distributed by Licensor or its designee to Adopters and used to support authentication of Licensed Products and Revocation. It is considered a confidential set of keys used in Restricted Authentication process of the HDCP. Restricted authentication is an AKE method for devices with limited computing resources. This method is used by copying devices of any kind and devices communicating with them for authenticating copy-one-generation and no-more-copies contents. The restricted authentication protocol employs asymmetric key management and common key cryptography and relies on the use of shared secrets and hash functions to respond to a random challenge.
Forward anonymity, analogous to forward secrecy, in computer security and cryptography is the property which prevents an attacker who has recorded past communications from discovering the identities of the participants, even after the fact.
The security of Advanced Access Content System (AACS) has been a subject of discussion amongst security researchers, high definition video enthusiasts, and consumers at large since its inception. A successor to Content Scramble System (CSS), the digital rights management mechanism used by commercial DVDs, AACS was intended to improve upon the design of CSS by addressing flaws which had led to the total circumvention of CSS in 1999. The AACS system relies on a subset difference tree combined with a certificate revocation mechanism to ensure the security of high definition video content in the event of a compromise.
The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced on October 29, 1996 and was first compromised in 1999.
The Media Key Block (MKB) is one of the keys included inside the copying protection system (DRM) AACS. This system is used to protect Blu-ray and HD DVD formats from being copied. The system was developed by companies from the film industry and the electronics industry including IBM, Intel, Microsoft, Matsushita (Panasonic), Sony, Toshiba, The Walt Disney Company and Warner Bros.
A controversy surrounding the AACS cryptographic key arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC began issuing cease and desist letters to websites publishing a 128-bit (16-byte) number, represented in hexadecimal as 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0, a cryptographic key for HD DVDs and Blu-ray Discs. The letters demanded the immediate removal of the key and any links to it, citing the anti-circumvention provisions of the United States Digital Millennium Copyright Act (DMCA).
Encrypted Title Key is an encrypted key that belongs to anticopy Advanced Access Content System (AACS). This key is included in the Media Key Block system and is an important part of the content protection process of Blu-ray and HD-DVD contents.