Content protection using trusted hardware

The traditional approach to redistribution control relies on prevention by trusted client hardware. The most recent example of such schemes, and their problems, is the Digital Versatile Disk system. DVD-Video player manufacturers must accept a license agreement that imposes several requirements on their hardware to restrict media redistribution [Bell99]:

• Digital video outputs are only allowed over an encrypted channel to another compliant device. Analogue outputs must include an approved analogue protection scheme like Macrovision that prevents analogue VCR copying.

• Watermarks in the data specify whether copies may be made of that data. Compliant display devices must not play unauthorised copies.

• A Content Scrambling System (CSS) cipher is used to encrypt data on disks. Only licensed manufacturers are given one of the 408 master keys needed to decrypt the session key on each disk, which enables decryption of the disk content.

Unfortunately for the DVD Forum, this model has proven to be rather flawed.

CSS is a poorly designed cipher. It uses 40-bit keys, which can be trivially discovered through brute force search. This was a decision made to allow global export of players under the

contemporary US export controls – even though the Bureau of Export Administration would likely have allowed stronger ciphers given that the DVD Forum could have provided them with the 408 master secrets allowing decryption of any data. But an attack has anyway already been discovered that allows ciphertext to be decrypted with a workload of only O(216) [Stevenson99].

The master secrets in players are starting to be reverse engineered and put into software DVD players. One such program, DeCSS, has become the target of ferocious legal activity by the Motion Picture Association of America. They have obtained an injunction in the New York courts against websites hosting the program, and encouraged the Norwegian police to arrest and confiscate the computing equipment of a 16-year old Norwegian alleged to have authored the program [Burke00]. The DVD Copyright Control Association obtained an injunction in California against sites publishing the program, master keys or CSS algorithms [Elfving00]. Unfortunately they introduced the source code for CSS, the trade secret at issue in their case, as a public court document. By the time they realised their mistake and had the document sealed, just one site hosting a copy had already reported 70,000 downloads [Young00]. But most simply, the entire security apparatus can be circumvented through basic bit-wise copies of DVD disks. While blank disks are currently sold with a crucial header area pre- embossed, preventing pre-recorded disks being copied onto them, it will take very little effort for pirates to obtain truly blank disks. Thus large-scale piracy will flourish, while consumers are denied their fair rights with regard to making personal copies [Samuelson98].

Such vulnerabilities will be present to a greater or lesser extent in any scheme that relies on a client acting against the interests of its owner (the consumer). The amount of effort an attacker will expend on defeating such measures is a function of the value of the protected material and how easily it could be re-sold. Because Internet transmissions have virtually zero marginal cost, re-sale is very easy and hence an attacker has a great incentive to defeat even complex schemes protecting any kind of valuable content

Smartcards are often mistakenly considered to allow protocols to act against the interests of their owner, due to their “tamper-proof” protection of stored keys. Unfortunately this property is better described as “slightly tamper-resistant.” A wide spectrum of attacks, both physically on cards and using analysis of card power consumption from an external line, make it simple for a determined adversary to compromise current cards [Kömmerling99].

Cryptoprocessors, microprocessors that can decrypt and execute code on-chip [Best80], have been touted as a means of preventing reverse engineering and secret recovery from software. They provide an extremely high level of assurance against software tampering. But again, they would rely on a small number of master secrets held by chip manufacturers used to sign chip certificates. If compromise of one of those secrets allowed pirate microchips to be produced, there would be an enormous incentive for attackers to do so.

There are also grave civil liberties issues with allowing a chip manufacturer rather than the owner of a machine to control which software is allowed to run. The behaviour of the US government described in chapter four provides a template for the impositions it would be likely to force upon chip manufacturers in any way vulnerable to the US legal system. Preventing the execution of strong encryption software could be only the beginning of restrictions [Gladman99].

The few large-scale systems that have used this type of technology have also proven unpopular with consumers. DivX (Digital video express) was a video format that allowed users to watch a newly purchased title for two days before needing to pay for further screenings. Encryption was used to protect content, and players would only display content that had been paid for. Consumer dislike of these features led to the death of the format [Kane99].