[IETF-IDRM] Re: [IDRM] Fwd: RE: [DC28.4] HDCP penetrated

Sat, 18 Aug 2001 02:37:28 +0100

I think there are two points being missed in the discussion below.  One
is that the attack on HDCP is swift and total; acording to Neils the
attack takes a couple of weeks if you have four modern PCs to hand, and
the result is that you then have the whole thing wide open and can
compromise any given source at will.  Thus I feel that this attack takes
HDCP out of the running.

The second issue is related; HDCP was fatally flawed from the start by
using encryption based on common secrets.  Thus the fact that the system
has a perfectly decent rights revocation system does you no good since
the attacker does not just get to clone a single device that he has
broken, he can fake any device he wishes.  If the system were designed
using decent public key crypto then the removal of the secret key from
one compromised device would not deal a fatal blow to the system as a whole.
The combination of public key crypto, individual keying of devices and a
devent viral revocation system should allow us to design systems that can
stand up to the successful attacks of individual devices that Robert
Schumann (below) rightly points out are inevitable.

	Nicko

Mark Baugher wrote:
> 
> This may be of interest to some of us on this list.
> 
> Mark
> 
> >For further information, you can find a paper, "Four Simple Cryptographic
> >Attacks on HDCP" at:
> >wysiwyg://1/http://angelfire.com/realm/keithirwin/HDCPAttacks.html
> >
> >
> > > ----------
> > > From:         Mark Baugher
> > > Sent:         Thursday, August 16, 2001 9:59 AM
> > > To:   Robert Schumann
> > > Cc:   ramizer@wmr.com; 'dc28-ca-list@smpte.vwh.net'
> > > Subject:      Re: [DC28.4] HDCP penetrated
> > >
> > > I don't know the specifics of the HDCP compromise.  Consider a
> > > hypothetical
> > > example:  A particular solution has been compromised but it requires
> > > millions of dollars of equipment and personnel to do so, or something of
> > > that order.  I doubt that there are any solutions that will withstand an
> > > attack mounted with those sorts of resources.
> > >
> > > I'm arguing that some criteria need to be applied because every watermark,
> > >
> > > tamper-resistant hardware, and tamper-resistant software implementation is
> > >
> > > vulnerable to compromise given the resources, say, of a government or
> > > large
> > > corporation.  The question is "how" and not "whether."
> > >
> > > Mark
> > >
> > > At 11:25 PM 8/15/2001 -0400, Robert Schumann wrote:
> > > >While I certainly agree that any potential solution is potentially
> > > >hackable/compromised (given enough time and resources) it is not clear to
> > >
> > > >me how it follows that it makes sense to look at solutions which have
> > > >already been compromised.
> > > >
> > > >Rob
> > > >
> > > >At 06:43 PM 8/15/2001 -0700, Mark Baugher wrote:
> > > >>At 04:42 PM 8/15/2001 -0700, richard mizer wrote:
> > > >>>I guess this eliminates this as one of the possible solutions...
> > > >>
> > > >>My personal opinion is that it does not.  If we limit ourselves to
> > > >>solutions that cannot be compromised, we will have no solutions
> > > >>at all.  Once a device is under the control of a determined
> > > >>attacker, I expect that attacker will be able to obtain its secrets.
> > > >>
> > > >>Mark
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>> > Amsterdam, Netherlands -- A Dutch programmer who claims to have
> > > found
> > > >>> > weaknesses in Intel's security technology for digital entertainment
> > > >>> > content says he will not publish his findings for fear of
> > > prosecution
> > > >>> > under the Digital Millennium Copyright Act. Independent cryptography
> > > >>> > consultant Niels Ferguson claims to have penetrated Intel's
> > > >>> High-bandwidth
> > > >>> > Digital Content Protection (HDCP), a specification that protects
> > > >>> > copyrights by encrypting content sent in-between digital televisions
> > > and
> > > >>> > devices such as DVD players and digital camcorders, so that it
> > > cannot be
> > > >>> > copied. Ferguson said that neither Intel nor the U.S. Justice
> > > Department
> > > >>> > have threatened any legal action or contacted him, but that he
> > > remains
> > > >>> > wary because of the threats that Princeton researcher Edward Felten
> > > >>> > received and programmer Dmitry Sklyarov arrest for publishing
> > > information
> > > >>> > on circumventing copy-protection technologies. Ferguson's website,
> > > >>> > provided at a link below, further explains his argument.
> > > >>> > http://www.macfergus.com/niels/dmca/index.html
> > > >>> > http://www.digital-cp.com/
> > > >>> >
> > > >>>
> > > >>>To remove yourself from this mailing list, send mail to
> > > >>><Majordomo@smpte.vwh.net> with the following command in the body
> > > >>>of your email message:  unsubscribe dc28-ca-list
> > > >>
> > > >>To remove yourself from this mailing list, send mail to
> > > >><Majordomo@smpte.vwh.net> with the following command in the body
> > > >>of your email message:  unsubscribe dc28-ca-list
> > >
> > > To remove yourself from this mailing list, send mail to
> > > <Majordomo@smpte.vwh.net> with the following command in the body
> > > of your email message:  unsubscribe dc28-ca-list
> > >
> > >