[IETF-IDRM] [IDRM] Fwd: RE: [DC28.4] HDCP penetrated

Mark Baugher mbaugher@cisco.com
Fri, 17 Aug 2001 16:00:51 -0700 

This may be of interest to some of us on this list.

Mark



>For further information, you can find a paper, "Four Simple Cryptographic
>Attacks on HDCP" at:
>wysiwyg://1/http://angelfire.com/realm/keithirwin/HDCPAttacks.html
>
>
> > ----------
> > From:         Mark Baugher
> > Sent:         Thursday, August 16, 2001 9:59 AM
> > To:   Robert Schumann
> > Cc:   ramizer@wmr.com; 'dc28-ca-list@smpte.vwh.net'
> > Subject:      Re: [DC28.4] HDCP penetrated
> >
> > I don't know the specifics of the HDCP compromise.  Consider a
> > hypothetical
> > example:  A particular solution has been compromised but it requires
> > millions of dollars of equipment and personnel to do so, or something of
> > that order.  I doubt that there are any solutions that will withstand an
> > attack mounted with those sorts of resources.
> >
> > I'm arguing that some criteria need to be applied because every watermark,
> >
> > tamper-resistant hardware, and tamper-resistant software implementation is
> >
> > vulnerable to compromise given the resources, say, of a government or
> > large
> > corporation.  The question is "how" and not "whether."
> >
> > Mark
> >
> > At 11:25 PM 8/15/2001 -0400, Robert Schumann wrote:
> > >While I certainly agree that any potential solution is potentially
> > >hackable/compromised (given enough time and resources) it is not clear to
> >
> > >me how it follows that it makes sense to look at solutions which have
> > >already been compromised.
> > >
> > >Rob
> > >
> > >At 06:43 PM 8/15/2001 -0700, Mark Baugher wrote:
> > >>At 04:42 PM 8/15/2001 -0700, richard mizer wrote:
> > >>>I guess this eliminates this as one of the possible solutions...
> > >>
> > >>My personal opinion is that it does not.  If we limit ourselves to
> > >>solutions that cannot be compromised, we will have no solutions
> > >>at all.  Once a device is under the control of a determined
> > >>attacker, I expect that attacker will be able to obtain its secrets.
> > >>
> > >>Mark
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>> > Amsterdam, Netherlands -- A Dutch programmer who claims to have
> > found
> > >>> > weaknesses in Intel's security technology for digital entertainment
> > >>> > content says he will not publish his findings for fear of
> > prosecution
> > >>> > under the Digital Millennium Copyright Act. Independent cryptography
> > >>> > consultant Niels Ferguson claims to have penetrated Intel's
> > >>> High-bandwidth
> > >>> > Digital Content Protection (HDCP), a specification that protects
> > >>> > copyrights by encrypting content sent in-between digital televisions
> > and
> > >>> > devices such as DVD players and digital camcorders, so that it
> > cannot be
> > >>> > copied. Ferguson said that neither Intel nor the U.S. Justice
> > Department
> > >>> > have threatened any legal action or contacted him, but that he
> > remains
> > >>> > wary because of the threats that Princeton researcher Edward Felten
> > >>> > received and programmer Dmitry Sklyarov arrest for publishing
> > information
> > >>> > on circumventing copy-protection technologies. Ferguson's website,
> > >>> > provided at a link below, further explains his argument.
> > >>> > http://www.macfergus.com/niels/dmca/index.html
> > >>> > http://www.digital-cp.com/
> > >>> >
> > >>>
> > >>>To remove yourself from this mailing list, send mail to
> > >>><Majordomo@smpte.vwh.net> with the following command in the body
> > >>>of your email message:  unsubscribe dc28-ca-list
> > >>
> > >>To remove yourself from this mailing list, send mail to
> > >><Majordomo@smpte.vwh.net> with the following command in the body
> > >>of your email message:  unsubscribe dc28-ca-list
> >
> > To remove yourself from this mailing list, send mail to
> > <Majordomo@smpte.vwh.net> with the following command in the body
> > of your email message:  unsubscribe dc28-ca-list
> >
> >