[IETF-IDRM] Re: [IDRM] Fwd: RE: [DC28.4] HDCP penetrated

Mark Baugher mbaugher@cisco.com
Sat, 18 Aug 2001 12:08:26 -0700


At 02:37 AM 8/18/2001 +0100, Nicko van Someren wrote:
>i think there are two points being missed in the discussion below.  one
>is that the attack on hdcp is swift and total; acording to neils the
>attack takes a couple of weeks if you have four modern pcs to hand, and
>the result is that you then have the whole thing wide open and can
>compromise any given source at will.  thus i feel that this attack takes
>hdcp out of the running.

For what?  Digital cinema is one thing, home use is another.
One of the most pervasive protection schemes for home use today is
Macrovision, which is easily circumvented.

I raise this issue because I think that many of us are searching
for the holy grail of copy protection.  It is very difficult to say
at which point the complexity of a copy-protection solution
outweighs the benefits.  Two legal representatives
of the studio and consumer electronic industry flatly state that
technical protection measures are only intended to keep honest
people honest (http://www.linux.gr/DeCSS/imp99_3.pdf).
Simple measures will often work best for that.

Mark


>the second issue is related; hdcp was fatally flawed from the start by
>using encryption based on common secrets.  thus the fact that the system
>has a perfectly decent rights revocation system does you no good since
>the attacker does not just get to clone a single device that he has
>broken, he can fake any device he wishes.  if the system were designed
>using decent public key crypto then the removal of the secret key from
>one compromised device would not deal a fatal blow to the system as a whole.
>the combination of public key crypto, individual keying of devices and a
>devent viral revocation system should allow us to design systems that can
>stand up to the successful attacks of individual devices that robert
>schumann (below) rightly points out are inevitable.
>
>         nicko
>
>mark baugher wrote:
> >
> > this may be of interest to some of us on this list.
> >
> > mark
> >
> > >for further information, you can find a paper, "four simple cryptographic
> > >attacks on hdcp" at:
> > >wysiwyg://1/http://angelfire.com/realm/keithirwin/hdcpattacks.html
> > >
> > >
> > > > ----------
> > > > from:         mark baugher
> > > > sent:         thursday, august 16, 2001 9:59 am
> > > > to:   robert schumann
> > > > cc:   ramizer@wmr.com; 'dc28-ca-list@smpte.vwh.net'
> > > > subject:      re: [dc28.4] hdcp penetrated
> > > >
> > > > i don't know the specifics of the hdcp compromise.  consider a
> > > > hypothetical
> > > > example:  a particular solution has been compromised but it requires
> > > > millions of dollars of equipment and personnel to do so, or 
> something of
> > > > that order.  i doubt that there are any solutions that will 
> withstand an
> > > > attack mounted with those sorts of resources.
> > > >
> > > > i'm arguing that some criteria need to be applied because every 
> watermark,
> > > >
> > > > tamper-resistant hardware, and tamper-resistant software 
> implementation is
> > > >
> > > > vulnerable to compromise given the resources, say, of a government or
> > > > large
> > > > corporation.  the question is "how" and not "whether."
> > > >
> > > > mark
> > > >
> > > > at 11:25 pm 8/15/2001 -0400, robert schumann wrote:
> > > > >while i certainly agree that any potential solution is potentially
> > > > >hackable/compromised (given enough time and resources) it is not 
> clear to
> > > >
> > > > >me how it follows that it makes sense to look at solutions which have
> > > > >already been compromised.
> > > > >
> > > > >rob
> > > > >
> > > > >at 06:43 pm 8/15/2001 -0700, mark baugher wrote:
> > > > >>at 04:42 pm 8/15/2001 -0700, richard mizer wrote:
> > > > >>>i guess this eliminates this as one of the possible solutions...
> > > > >>
> > > > >>my personal opinion is that it does not.  if we limit ourselves to
> > > > >>solutions that cannot be compromised, we will have no solutions
> > > > >>at all.  once a device is under the control of a determined
> > > > >>attacker, i expect that attacker will be able to obtain its secrets.
> > > > >>
> > > > >>mark
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>> > amsterdam, netherlands -- a dutch programmer who claims to have
> > > > found
> > > > >>> > weaknesses in intel's security technology for digital 
> entertainment
> > > > >>> > content says he will not publish his findings for fear of
> > > > prosecution
> > > > >>> > under the digital millennium copyright act. independent 
> cryptography
> > > > >>> > consultant niels ferguson claims to have penetrated intel's
> > > > >>> high-bandwidth
> > > > >>> > digital content protection (hdcp), a specification that protects
> > > > >>> > copyrights by encrypting content sent in-between digital 
> televisions
> > > > and
> > > > >>> > devices such as dvd players and digital camcorders, so that it
> > > > cannot be
> > > > >>> > copied. ferguson said that neither intel nor the u.s. justice
> > > > department
> > > > >>> > have threatened any legal action or contacted him, but that he
> > > > remains
> > > > >>> > wary because of the threats that princeton researcher edward 
> felten
> > > > >>> > received and programmer dmitry sklyarov arrest for publishing
> > > > information
> > > > >>> > on circumventing copy-protection technologies. ferguson's 
> website,
> > > > >>> > provided at a link below, further explains his argument.
> > > > >>> > http://www.macfergus.com/niels/dmca/index.html
> > > > >>> > http://www.digital-cp.com/
> > > > >>> >
> > > > >>>
> > > > >>>to remove yourself from this mailing list, send mail to
> > > > >>><majordomo@smpte.vwh.net> with the following command in the body
> > > > >>>of your email message:  unsubscribe dc28-ca-list
> > > > >>
> > > > >>to remove yourself from this mailing list, send mail to
> > > > >><majordomo@smpte.vwh.net> with the following command in the body
> > > > >>of your email message:  unsubscribe dc28-ca-list
> > > >
> > > > to remove yourself from this mailing list, send mail to
> > > > <majordomo@smpte.vwh.net> with the following command in the body
> > > > of your email message:  unsubscribe dc28-ca-list
> > > >
> > > >