Security of Advanced Access Content System

Last updated

The security of Advanced Access Content System (AACS) has been a subject of discussion amongst security researchers, high definition video enthusiasts, and consumers at large since its inception. A successor to Content Scramble System (CSS), the digital rights management mechanism used by commercial DVDs, AACS was intended to improve upon the design of CSS by addressing flaws which had led to the total circumvention of CSS in 1999. The AACS system relies on a subset difference tree combined with a certificate revocation mechanism to ensure the security of high definition video content in the event of a compromise.

Contents

Even before AACS was put into use, security researchers expressed doubts about the system's ability to withstand attacks.

AACS decryption process AACS dataflow.svg
AACS decryption process

Comparison of CSS and AACS

Content Scramble System Advanced Access Content System
Algorithm Proprietary LFSR-based AES
Key strength 40-bit128-bit
Certificate revocation NoYes

History of attacks

The AACS proposal was voted one of the technologies most likely to fail by IEEE Spectrum magazine's readers in the January 2005 issue. [1] Concerns about the approach included its similarity to past systems that failed, such as CSS, and the inability to preserve security against attacks that compromise large numbers of players. Jon Lech Johansen, who was part of the team that circumvented CSS, said he expected AACS to be cracked by the end of 2006 or the beginning of 2007. [2]

In late 2006, security expert Peter Gutmann released "A Cost Analysis of Windows Vista Content Protection", a technical paper criticizing the implementation of various content protection technologies in Windows Vista. [3]

Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server).

Microsoft later claimed that the paper contained various factual errors. [4] [5]

While great care had been taken with AACS to ensure that content was encrypted along the entire path from the disc to the display device, it was discovered in July 2006 that a perfect copy of any still frame from a film could be captured from certain Blu-ray and HD DVD software players by using the Print Screen function of the Windows operating system. [6] [7] It was suggested that this approach could be automated to allow a perfect copy of an entire film to be made, in much the same way that DVD films were copied before the CSS was cracked, but to date no such copy has been discovered. This exploit has been closed in subsequent software versions.

Such approaches do not constitute compromises of the AACS encryption itself, relying instead on an officially licensed software player to perform the decryption. As such, the output data will not be in the form of the compressed video from the disc, but rather decompressed video. This is an example of the analog hole.

Both title keys and one of the keys used to decrypt them (known as Processing Keys in the AACS specifications) have been found by using debuggers to inspect the memory space of running HD-DVD and Blu-ray player programs. [8] [9] [10] [11] Hackers also found Device Keys, [12] which are used to calculate the Processing Key, and a Host Private Key [13] (a key signed by the AACS LA used for hand-shaking between host and HD drive; required for reading the Volume ID). The first unprotected HD DVD movies appeared on BitTorrent trackers soon afterwards. [14] The Processing Key for the first Media Key Block version, which could be used to decrypt any AACS protected content released up to that point, was found and published on the Internet at the Doom9 forums. AACS Licensing Authority sent multiple DMCA takedown notices to web sites hosting the key. [15] Some administrators of sites which consist of user-submitted content, such as Digg and Wikipedia, tried to remove mentions of the key fearing reprisals from AACS LA. [16] [17] Both sites' administrators eventually decided to allow publication of the key. [18]

Cyberlink, the company which sells the PowerDVD player, stated that their software could not have been used as part of these exploits. [19]

On April 16, 2007, the AACS consortium announced that it had revoked the Device Keys used by both Cyberlink PowerDVD and InterVideo WinDVD, and patches were made available for users which provided uncompromised encryption keys and better security for the keys. [20] [21] To continue having the ability to view new content users were forced to apply the patches, which also hardened the security of player applications.

On 23 May 2007 the Processing Key for the next version of the Media Key Block was posted to the comments page of a Freedom to Tinker blog post. [22]

The use of encryption does not offer any true protection against memory snooping, since the software player must have the encryption key available somewhere in memory and there is no way to protect against a determined PC owner extracting the encryption key (if everything else fails the user could run the program in a virtual machine making it possible to freeze the program and inspect all memory addresses without the program knowing).

The only way to wholly prevent attacks like this would require changes to the PC platform (see Trusted Computing) or that the content distributors do not permit their content to be played on PCs at all (by not providing the companies making software players with the needed encryption keys).

On January 15, 2007 a website launched at HDKeys.com containing a database of HD DVD title keys. It also featured a modified copy of the BackupHDDVD software allowing for online key retrieval (the latter was later removed after a DMCA complaint).

SlySoft has released AnyDVD HD which allows users to watch HD DVD and Blu-ray movies on non-HDCP-compliant PC hardware. The movies can be decrypted on the fly directly from the disc, or can be copied to another medium. AnyDVD HD is also capable of automatically removing any unwanted logos and trailers. Slysoft has stated that AnyDVD HD uses several different mechanisms to disable the encryption, and is not dependent on the use of compromised encryption keys. They have also stated that AACS has even more flaws in its implementation than CSS; this renders it highly vulnerable, [23] but they will release no details on their implementation. Users at Doom9 claim that the program makes use of the host certificate of PowerDVD version 6.5, [24] but SlySoft has claimed that the program would be unaffected by the AACS revocation system. [25]

Media key block renewals

VersionFirst titlesDate releasedDate circumvented
1 The Last Samurai , Million Dollar Baby 2006-04-182007-02-13 [26]
2Never used [27]
3 The Matrix Trilogy 2007-05-222007-05-17 [28]
4 Transformers , Spider-Man 3 2007-10-30
5Never used [29]
6 Never used [29]
7 Alvin and the Chipmunks , Aliens vs. Predator: Requiem 2008-04-06 [30] 2008-04-11 [31]
8 The Forbidden Kingdom 2008-08-26 [32] 2008-08-26 [33]
9  ?Approximately 2008-09-03 [34] 2009-03-20 [35]
10  ? ?2009-03-20 [35]
11 ? ? ?
12 Body of Lies , Baraka 2008-10-092009-04-06 [36]
13
14
15
16
17
18
61
62
63
64
65 ?Approximately 2018-06-19 [37]  ?
66 ?Approximately 2018-11-20 [38]  ?
67Never used [39]
68 ?Approximately 2019-03-11 [39]  ?
69Never used [40]
70 ?Approximately 2019-07-04 [40]  ?
71 ? ? [41]  ?
72 ?Approximately 2019-10-15 [42]  ?
73Never used [43]
74Never used [43]
75 ? ? [44]  ?
76 ?Approximately 2020-04-05 [43]  ?
77 ?Approximately 2022-06-24 [44]  ?
78 ?Approximately 2022-08-02 [45]  ?

See also

Related Research Articles

<span class="mw-page-title-main">Jon Lech Johansen</span> Norwegian programmer (born 1983)

Jon Lech Johansen, also known as DVD Jon, is a Norwegian programmer who has worked on reverse engineering data formats. He wrote the DeCSS software, which decodes the Content Scramble System used for DVD licensing enforcement. Johansen is a self-trained software engineer, who quit high school during his first year to spend more time with the DeCSS case. He moved to the United States and worked as a software engineer from October 2005 until November 2006. He then moved to Norway but moved back to the United States in June 2007.

VOB is the container format in DVD-Video media. VOB can contain digital video, digital audio, subtitles, DVD menus and navigation contents multiplexed together into a stream form. Files in VOB format may be encrypted.

Windows Media DRM or WMDRM, is a Digital Rights Management service for the Windows Media platform. It is designed to provide delivery of audio or video content over an IP network to a PC or other playback device in such a way that the distributor can control how that content is used.

<span class="mw-page-title-main">Slyck.com</span> Technology news website (defunct)

Slyck.com was a website that produced unique original file sharing news stories, shared aggregated technology news stories from the World Wide Web, and had a user forum.

<span class="mw-page-title-main">RedFox</span> Belizean software development company

RedFox is a software development company based in Belize. The company is most prominently known for its software AnyDVD, which can be used to bypass copy protection measures on optical media, including DVD and Blu-ray Disc media, as well as CloneCD, which is used to back up the contents of optical discs.

<span class="mw-page-title-main">Defective by Design</span> Anti-DRM initiative

Defective by Design (DBD) is a grassroots anti-digital rights management (DRM) initiative by the Free Software Foundation (FSF) and CivicActions. Launched in 2006, DBD believes that DRM makes technology deliberately defective, negatively affects digital freedoms, and is "a threat to innovation in media, the privacy of readers, and freedom for computer users." The initiative regularly campaigns against the use of DRM by the media industry and software industry to increase awareness of the anti-DRM movement and pressure industries into no longer using DRM. They are known for their use of hazmat suits in their demonstrations.

Windows Vista, an operating system released by Microsoft for consumers on January 30, 2007, has been widely criticized by reviewers and users. Due to issues with new security features, performance, driver support and product activation, Windows Vista has been the subject of a number of negative assessments by various groups.

<span class="mw-page-title-main">BackupHDDVD</span> AACS decryption software

BackupHDDVD is a small computer software utility program available in command line and GUI versions which aids in the decryption of commercial HD DVD discs protected by the Advanced Access Content System. It is used to back up discs, often to enable playback on hardware configurations without full support for HDCP. The program's source code was posted online, but no licence information was given.

The Protected Media Path is a set of technologies creating a "Protected Environment," first included in Microsoft's Windows Vista operating system, that is used to enforce digital rights management protections on content. Its subsets are Protected Video Path (PVP) and Protected User Mode Audio (PUMA). Any application that uses Protected Media Path in Windows uses Media Foundation.

<span class="mw-page-title-main">Advanced Access Content System</span> Standard for content distribution and digital rights management

The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, intended to restrict access to and copying of the post-DVD generation of optical discs. The specification was publicly released in April 2005. The standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc (BD). It is developed by AACS Licensing Administrator, LLC, a consortium that includes Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony. AACS has been operating under an "interim agreement" since the final specification has not yet been finalized.

Doom9 is a website featuring information on digital audio and video manipulation and digital copyrights. It is also the forum username of the author of the page, an Austrian who was a college student at the time of the creation of the site. The site's tagline is "The Definitive DVD Backup Resource".

<span class="mw-page-title-main">HD DVD</span> Obsolete optical disc format

HD DVD is an obsolete high-density optical disc format for storing data and playback of high-definition video. Supported principally by Toshiba, HD DVD was envisioned to be the successor to the standard DVD format, but lost to Blu-ray, supported by Sony and others.

BD+ is a component of the Blu-ray Disc digital rights management system. It was developed by Cryptography Research Inc. and is based on their Self-Protecting Digital Content concept. Its intent was to prevent unauthorized copies of Blu-ray discs and the playback of Blu-ray media using unauthorized devices.

The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 1996 and was first compromised in 1999.

The WIPO Copyright and Performances and Phonograms Treaties Implementation Act, is a part of the Digital Millennium Copyright Act (DMCA), a 1998 U.S. law. It has two major portions, Section 102, which implements the requirements of the WIPO Copyright Treaty, and Section 103, which arguably provides additional protection against the circumvention of copy prevention systems and prohibits the removal of copyright management information.

Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM) like access control technologies, can restrict the use of proprietary hardware and copyrighted works. DRM technologies govern the use, modification and distribution of copyrighted works and of systems that enforce these policies within devices. DRM technologies include licensing agreements and encryption.

<span class="mw-page-title-main">Media Key Block</span>

The Media Key Block (MKB) is one of the keys included inside the copying protection system (DRM) AACS. This system is used to prevent Blu-ray and HD DVD formats from being copied. The system was developed by companies from the film industry and the electronics industry including IBM, Intel, Microsoft, Matsushita (Panasonic), Sony, Toshiba, The Walt Disney Company and Warner Bros.

<span class="mw-page-title-main">AACS encryption key controversy</span> Controversy regarding copyright

A controversy surrounding the AACS cryptographic key arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC began issuing cease and desist letters to websites publishing a 128-bit (16-byte) number, represented in hexadecimal as 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0, a cryptographic key for HD DVDs and Blu-ray Discs. The letters demanded the immediate removal of the key and any links to it, citing the anti-circumvention provisions of the United States Digital Millennium Copyright Act (DMCA).

Encrypted Title Key is an encrypted key that belongs to anticopy Advanced Access Content System (AACS). This key is included in the Media Key Block system and is an important part of the content protection process of Blu-ray and HD-DVD contents.

<span class="mw-page-title-main">Cinavia</span> Analog watermarking and steganography system

Cinavia, originally called Verance Copy Management System for Audiovisual Content (VCMS/AV), is an analog watermarking and steganography system under development by Verance since 1999, and released in 2010. In conjunction with the existing Advanced Access Content System (AACS) digital rights management (DRM) inclusion of Cinavia watermarking detection support became mandatory for all consumer Blu-ray Disc players from 2012.

References

  1. Tekla S. Perry (January 2007). "Loser: DVD Copy Protection, Take 2". Spectrum Online. Archived from the original on 2007-06-08. Retrieved 2007-05-04.
  2. Johansen, Jon Lech (2006-01-08). "DeAACS.com". So sue me. Retrieved 2007-05-04.
  3. Peter Gutmann (2006-12-26). "A Cost Analysis of Windows Vista Content Protection" . Retrieved 2007-01-28.
  4. "Windows Vista Content Protection - Twenty Questions (and Answers)". Archived from the original on 2013-01-21.
  5. Peter Gutmann (computer scientist)#Criticism of Peter Gutmann.27s analysis of Vista DRM
  6. "Work Around for New DVD Format Protections". Slashdot . 2006-06-07. Retrieved 2007-05-02.
  7. Edward Henning ("ehe") (2006-07-07). "Copy protection hole in Blu-ray and HD DVD movies". heise Security. Retrieved 2007-05-02.
  8. "HD-DVD Content Protection already hacked?". TechAmok. 2006-12-28. Retrieved 2007-01-02.
  9. "Hi-def DVD security is bypassed". BBC News . 2007-01-26. Retrieved 2007-05-02.
  10. Block, Ryan (2007-01-20). "Blu-ray cracked too?". Engadget. Retrieved 2007-01-22.
  11. Leyden, John (2007-01-23). "Blu-ray DRM defeated". The Register. Retrieved 2007-01-22.
  12. ATARI Vampire (2007-02-24). "WinDVD 8 Device Key Found!". Doom9.net forums. Retrieved 2007-05-04.
  13. jx6bpm (2007-03-03). "PowerDVD private key". Doom9.net forums. Retrieved 2007-05-04.{{cite web}}: CS1 maint: numeric names: authors list (link)
  14. Yam, Marcus (2007-01-17). "First Pirated HD DVDs Released". DailyTech. Archived from the original on 2007-02-19. Retrieved 2007-05-03.
  15. "AACS licensor complains of posted key" . Retrieved 2007-05-02.
  16. Boutin, Paul (2007-05-01). "Wikipedia Locks Out "The Number"" . Retrieved 2007-05-02.
  17. Greenberg, Andy (2007-05-02). "Digg's DRM Revolt". Forbes . Archived from the original on 2007-05-04. Retrieved 2007-05-04.
  18. "DVD DRM row sparks user rebellion". BBC News . 2007-05-02. Retrieved 2007-05-02.
  19. Lanier, Chris (2007-01-02). "Cyberlink Responds to Alleged AACS Crack". Archived from the original on 2007-06-16. Retrieved 2007-05-02.
  20. "Press Messages: AACS - Advanced Access Content System". Archived from the original on 2007-04-30. Retrieved 2007-05-02.
  21. Yam, Marcus (2007-01-26). "AACS Responds to Cracked HD DVD and Blu-ray Disc Protections". DailyTech. Retrieved 2007-05-03.
  22. "You Can Own an Integer Too". Archived from the original on 2007-08-24. Retrieved 2007-06-09.{{cite web}}: CS1 maint: bot: original URL status unknown (link) (original link dead)
  23. peer (2007-02-13). "Device key revokation". Slysoft forums. Archived from the original on 2007-09-27. Retrieved 2007-04-09.
  24. evdberg (2007-02-15). "AnyDVD method of operation". Doom9.net Forums. Retrieved 2007-04-09.
  25. James (2007-03-02). "And after the process. key is revoked?". Slysoft forums. Archived from the original on 2007-09-27. Retrieved 2007-04-09.
  26. Thomas Ricker (2007-02-13). "Hackers discover HD DVD and Blu-ray "processing key" -- all HD titles now exposed". engadgethd.com. Retrieved 2007-11-02.
  27. aKzenT (2007-06-01). "New Processing Key found!! (MKB v3 is now open)". doom9.org forums. Retrieved 2007-11-02.
  28. Thomas Ricker (2007-05-17). "Newest AACS circumvented: The Matrix Trilogy set free". engadgethd.com. Retrieved 2007-11-02.
  29. 1 2 "AVP: Requiem/Alvin and the Cipmunks logfiles" . Retrieved 2008-04-09.
  30. "AVP: Requiem/Alvin and the Cipmunks logfiles" . Retrieved 2008-04-09.
  31. "AnyDVD (HD) 6.4.1.1 released" . Retrieved 2008-04-11.
  32. "The Forbidden Kingdom (2008) - MKBv8 - Update server down?" . Retrieved 2008-04-09.
  33. "The Forbidden Kingdom (2008) - MKBv8 - Update server down?" . Retrieved 2008-04-11.
  34. "Blu-ray YELLOW DRAGON'S COLORS Read Error" . Retrieved 2009-03-28.
  35. 1 2 "MKBv9 and MKBv10 Processing Keys found" . Retrieved 2009-03-28.
  36. "Disc using MKBv12 decrypted" . Retrieved 2009-04-06.
  37. "Public MKBs". 2018-06-19. Retrieved 2022-12-22.
  38. "Public MKBs". 2018-11-20. Retrieved 2022-12-22.
  39. 1 2 "Public MKBs". 2019-03-11. Retrieved 2022-12-22.
  40. 1 2 "Public MKBs". doom9.org forums. 2019-07-04. Retrieved 2022-12-22.
  41. "Public MKBs". doom9.org forums. 2019-10-15. Retrieved 2022-12-22.  MKBv71 was identical to MKBv70 as far as HRL/DRL 
  42. "Public MKBs". doom9.org forums. 2019-10-15. Retrieved 2022-12-22.
  43. 1 2 3 "Public MKBs". doom9.org forums. 2020-04-05. Retrieved 2022-12-22.
  44. 1 2 "Public MKBs". doom9.org forums. 2022-06-24. Retrieved 2022-12-22.  I found out that MKBv75 does exist. However, HRL/DRL is identical to MKBv72
  45. "Public MKBs". doom9.org forums. 2022-08-02. Retrieved 2022-12-22.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.