Security
Both title keys and one of the keys used to decrypt them (known as Processing Keys in the AACS specifications) have been found by using debuggers to inspect the memory space of running HD DVD and Blu-ray player programs. Hackers also claim to have found Device Keys (used to calculate the Processing Key) and a Host Private Key (a key signed by the AACS LA used for hand-shaking between host and HD drive; required for reading the Volume ID). The first unprotected HD movies were available soon afterwards. The processing key was widely published on the Internet after it was found and the AACS LA sent multiple DMCA takedown notices in the aim of censoring it. Some sites that rely on user-submitted content, like Digg and Wikipedia, tried to remove any mentions of the key. The Digg administrators eventually gave up trying to censor submissions that contained the key.
The AACS key extractions highlight the inherent weakness in any DRM system that permit software players for PCs to be used for playback of content. No matter how many layers of encryption are employed, it does not offer any true protection, since the keys needed to obtain the unencrypted content stream must be available somewhere in memory for playback to be possible. The PC platform offers no way to prevent memory snooping attacks on such keys, since a PC configuration can always be emulated by a virtual machine, in theory without any running program or external system being able to detect the virtualization. The only way to wholly prevent attacks like this would require changes to the PC platform (see Trusted Computing) which could provide protection against such attacks. This would require that content distributors do not permit their content to be played on PCs without trusted computing technology, by not providing the companies making software players for non-trusted PCs with the needed encryption keys.
On 16 April 2007, the AACS consortium announced that it had expired certain encryption keys used by PC-based applications. Patches were available for WinDVD and PowerDVD which used new and uncompromised encryption keys. The old, compromised keys can still be used to decrypt old titles, but not newer releases as they will be encrypted with these new keys. All users of the affected players (even those considered "legitimate" by the AACS LA) are forced to upgrade or replace their player software in order to view new titles.
Despite all revocations, current titles can be decrypted using new MKB v7, v9 or v10 keys widely available in the Internet.
Besides spreading processing keys on the Internet, there have also been efforts to spread title keys on various sites. The AACS LA has sent DMCA takedown notices to such sites on at least one occasion. There is also commercial software (AnyDVD HD) that can circumvent the AACS protection. Apparently this program works even with movies released after the AACS LA expired the first batch of keys.
While great care has been taken with AACS to ensure that contents are encrypted right up to the display device, on the first versions of some Blu-ray and HD DVD software players a perfect copy of any still frame from a film could be made simply by utilizing the Print Screen function of the Windows operating system. This was broken in later versions.
Read more about this topic: Advanced Access Content System
Famous quotes containing the word security:
“The horror of class stratification, racism, and prejudice is that some people begin to believe that the security of their families and communities depends on the oppression of others, that for some to have good lives there must be others whose lives are truncated and brutal.”
—Dorothy Allison (b. 1949)
“Our security depends on the Allied Powers winning against aggressors. The Axis Powers intend to destroy democracy, it is anathema to them. We cannot provide that aid if the public are against it; therefore, it is our responsibility to persuade the public that aid to the victims of aggression is aid to American security. I expect the members of my administration to take every opportunity to speak to this issue wherever they are invited to address public forums in the weeks ahead.”
—Franklin D. Roosevelt (1882–1945)
“Learned institutions ought to be favorite objects with every free people. They throw light over the public mind which is the best security against crafty and dangerous encroachments on the public liberty.”
—James Madison (1751–1836)