Encrypted Title Key

Last updated June 16, 2020

Encrypted Title Key is an encrypted key that belongs to anticopy Advanced Access Content System (AACS). This key is included in the Media Key Block system and is an important part of the content protection process of Blu-ray and HD-DVD contents.

What is it used for?

The main objective of the Encrypted Title Key is to reinforce the discs’ content security during the decryption process of content stored in the media. The content stored in medias like Blu-ray or HD-DVDs is composed and divided in information units called Titles. The owner of the protected contents, divide this information in the form of one or more Titles. It also provides a license to the player, a series of rules called Usage Rules which will be used later on to decrypt the disc information.

To protect the content, the information units are encrypted using encryption keys called Title Keys. To achieve more security and so that the key obtention process cannot be obtained by player without license, the Title Keys are encrypted giving as a result the Encrypted Title Keys.

The licensed replicator shall select a secret, random Title Key for each Title to be protected. Each Title Key shall be used to encrypt the content of its corresponding Title, as specified for each supported content format elsewhere in this specification. At the replicator’s discretion, a given Title may be encrypted using the same Title Key for all instances of pre-recorded media, or different Title Keys may be used for different instances.

Decryption Procedure

So that the players with license can achieve reading the discs’ content, there are some decryption procedures before achieving the reading. The discs have a volume identifier called VID (Volume ID), the Encrypted Title Key and a decryption key (Media Key Block).

Process to obtain the Media key, from the MKB and the Device Keys MKB obtencion.jpg — Process to obtain the *Media key*, from the *MKB* and the *Device Keys*

The players have some keys, according to each model, called Device Keys, which are granted by the AACS organization. In the reproduction moment, one of these keys decrypts the contained MKB in the disc and as a result of this process, the Media Key, is obtained. The Media Key is combined with the VID (Volume ID) and the Volume Unique Key (KVU) is originated so that the decryption of the Encrypted Title Key can finally be done and in consequence the necessary Title Key is obtained to decrypt and reproduce the discs’ content.^[1]

To codify the Encrypted Title Key, a codification is made following the next formula:

AES-128E (Kvu, Kt ⊕ Nonce ⊕ AES_H(Volume ID || title_id))

It is possible to demonstrate, with a simple analysis of the formula, that the result is obtained of a combination between the Volume ID and a Title identifier obtained from the Media Key, giving as a result the Kvu (Volume Unique Key).

Decryption Problems

Although the process of updating all the Title Keys for an application usually takes a very small amount of time (much less than a second), it is a critical time. If the device were to fail during the re-encryption process, the user's content might be lost. To reduce the risk of user loss, recording devices shall begin the reencryption process by renaming the old MKB to a temporary name before writing the new MKB. When the device completes the re-encryption process, it shall delete the temporary MKB. If any recorder discovers a temporary MKB on a piece of media, it is an indication that the encrypted Title Keys might be corrupted. The device shall perform one of the following protocols to recover the corrupted encrypted Title Keys. Which protocol is chosen depends on where the encrypted Title Keys are stored in the particular application. A device re-encrypting Title Keys as a normal result of updating a recordable MKB shall also use these same protocols.

These protocols are:

- Recovery Protocol When the Encrypted Title Keys are in a Separate File: In this case, the original recording device shall rename the old encrypted Title Keys to a defined temporary name before beginning to write the new encrypted Title Key File.

-Recovery Protocol When the Encrypted Title Keys are in the Content File: In the extreme case, each content file contains its own encrypted Title Key. In that case, it is not likely that there is a temporary version of the encrypted Title Keys.

Where is it located?

The Encrypted Title Keys are located in the Blu-ray and HD-DVDs where there is content to reproduce by the player with license. The information stored in the discs is found divided in three different parts: Reading/Writing area, read-only area and protected area.

The Encrypted Title Keys are found in the Reading/Writing area with the Media Key Block, the Usage Rules and the encrypted content.

Sources

Introduction and Common Cryptographic Elements Rev 0.91
AACS Technical Overview 7/2004

Related Research Articles

In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Historically, various forms of encryption have been used to aid in cryptography. Early encryption techniques were often utilized in military messaging. Since then, new techniques have emerged and become commonplace in all areas of modern computing. Modern encryption schemes utilize the concepts of public-key and symmetric-key. Modern encryption techniques ensure security because modern computers are inefficient at cracking the encryption.

DVD-Audio is a digital format for delivering high-fidelity audio content on a DVD. DVD-Audio uses most of the storage on the disc for high-quality audio and is not intended to be a video delivery format.

The affine is a type of monoalphabetic substitution cipher, where each letter in an alphabet is mapped to its numeric equivalent, encrypted using a simple mathematical function, and converted back to a letter. The formula used means that each letter encrypts to one other letter, and back again, meaning the cipher is essentially a standard substitution cipher with a rule governing which letter goes to which. As such, it has the weaknesses of all substitution ciphers. Each letter is enciphered with the function $(ax + b) mod 26$ , where $b$ is the magnitude of the shift.

Key exchange is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.

High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio & video content as it travels across connections. Types of connections include DisplayPort (DP), Digital Visual Interface (DVI), and High-Definition Multimedia Interface (HDMI), as well as less popular or now deprecated protocols like Gigabit Video Interface (GVIF) and Unified Display Interface (UDI).

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

Broadcast encryption is the cryptographic problem of delivering encrypted content over a broadcast channel in such a way that only qualified users can decrypt the content. The challenge arises from the requirement that the set of qualified users can change in each broadcast emission, and therefore revocation of individual users or user groups should be possible using broadcast transmissions, only, and without affecting any remaining users. As efficient revocation is the primary objective of broadcast encryption, solutions are also referred to as revocation schemes.

BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

BackupHDDVD is a small computer software utility program available in command line and GUI versions which aids in the decryption of commercial HD DVD discs protected by the Advanced Access Content System. It is used to back up discs, often to enable playback on hardware configurations without full support for HDCP. The program's source code was posted online, but no licence information was given.

The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, intended to restrict access to and copying of the post-DVD generation of optical discs. The specification was publicly released in April 2005 and the standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc (BD). It is developed by AACS Licensing Administrator, LLC, a consortium that includes Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony. AACS has been operating under an "interim agreement" since the final specification has not yet been finalized.

BD+ is a component of the Blu-ray Disc Digital Rights Management system. It was developed by Cryptography Research Inc. and is based on their Self-Protecting Digital Content concept. Its intent was to prevent unauthorized copies of Blu-ray discs and the playback of Blu-ray media using unauthorized devices.

The security of Advanced Access Content System (AACS) has been a subject of discussion amongst security researchers, high definition video enthusiasts, and consumers at large since its inception. A successor to Content Scramble System(CSS), the digital rights management mechanism used by commercial DVDs, AACS was intended to improve upon the design of CSS by addressing flaws which had led to the total circumvention of CSS in 1999. The AACS system relies on a subset difference tree combined with a certificate revocation mechanism to ensure the security of high definition video content in the event of a compromise.

The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced on October 29, 1996 and was first compromised in 1999.

The Media Key Block (MKB) is one of the keys included inside the copying protection system (DRM) AACS. This system is used to protect Blu-ray and HD DVD formats from being copied. The system was developed by companies from the film industry and the electronics industry including IBM, Intel, Microsoft, Matsushita (Panasonic), Sony, Toshiba, The Walt Disney Company and Warner Bros.

A controversy surrounding the AACS cryptographic key arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC began issuing cease and desist letters to websites publishing a 128-bit (16-byte) number, represented in hexadecimal as 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0, a cryptographic key for HD DVDs and Blu-ray Discs. The letters demanded the immediate removal of the key and any links to it, citing the anti-circumvention provisions of the United States Digital Millennium Copyright Act (DMCA).

Device Keys play a role in the cryptographic key management procedure in the Advanced Access Content System (AACS) specification. This specification defines a method for protecting audiovisual entertainment content, including high-definition content.

Database encryption can generally be defined as a process that uses an algorithm to transform data stored in a database into "cipher text" that is incomprehensible without first being decrypted. It can therefore be said that the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially "malicious" intentions. The act of encrypting a database also reduces the incentive for individuals to hack the aforementioned database as "meaningless" encrypted data is of little to no use for hackers. There are multiple techniques and technologies available for database encryption, the most important of which will be detailed in this article.

Linux.Encoder is considered to be the first ransomware Trojan targeting computers running Linux. There are additional variants of this Trojan that target other Unix and Unix-like systems. Discovered on November 5, 2015, by Dr. Web, this malware affected at least tens of Linux users.

References

↑ AACS reference (2006-02-17). "Recordable Video Book" (PDF). Archived from the original (PDF) on 2008-09-07. Retrieved 2008-12-15.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] AACS reference (2006-02-17). "Recordable Video Book" (PDF). Archived from the original (PDF) on 2008-09-07. Retrieved 2008-12-15.