Douglas Crockford

Blog

Books

Videos

2019 Appearances

JavaScript

JSLint

JSON

Github

How JavaScript Works

About

CPTWG 88

I attended the 88th meeting of the Copy Protection Technology Working Group at the Sheraton Four Points Hotel at LAX on April 14. This was the most interesting meeting of CPTWG that I have attended so far.

Washington Update

The Senate passed the Family Entertainment and Copyright Act in February. It must now be passed by the House. It is expected to pass and become law. The Congress moves slowly.

The Digital Media Consumers' Rights Act is waiting for action from the House Energy and Commerce Committee and the House Judiciary Committee. This is a good bill. It probably will not become law.

Some of the CPTWG lawyers attended the oral arguments at the Supreme Court on March 29, when it heard MGM v Grokster. There was a lot of discussion about the questions and comments of the Justices, speculation about their positions, and agreement that it is impossible to make good guesses about the outcome: We must wait for the decision.

The decision will probably be issued before the Court's summer recess. However, the Betamax case of 20 years ago, which the present case is dependent on, was not decided in its original term. It was held over to the following term.

ATSC

An Ad Hoc group is forming to produce recommendations for ATSC for imbedding SRM (System Renewability Messages) into MPEG-2 and ATSC transport streams. This is intended to make it easier to send hardware revocation messages to non-networked devices.

AACS

The 0.9 specifications are now available at http://aacsla.com/.

The next meetings are April 14, June 2, and July 13.

Tampering

One of the key requirements for reliable DRM is tamperproof hardware. Someone from Cryptography Research gave a presentation on this subject. His intention was to encourage people to use his company's services for developing secure devices. The actual result was to create panic: Until now, most of the people at CPTWG were unaware of how easy it is to break hardware security. The presenter claimed that their services can boost the odds of a successful secure device to about 80%. I think this is doubtful.

The examples presented were from attacks on Pay TV applications. Generally, Pay TV is an easier system to protect than a DRM system because there are fewer points of failure. The concept of hardware security is that a key is sealed inside of the device that does the cryptographic operations, and that the device, by design, will never give up its key. But this is a fallacy.

Decapping

The first attack is Decapping. The device is removed from its package, and layers are chemically stripped off. This can cost about $100-$150. A $10,000 analyzer and a good technician can recover the key in about an hour. He then went on to list 8 other attacks that are much easier and much less expensive.

Timing

Cryptographic operations tend to be very time consuming, so implementations are usually designed to be fast. The things that are done to gain speed can reveal key information, because different keys will take differing amounts of time.

Glitching

Intentionally causing a glitch can sometimes put the device in an unexpected state in which it is possible to trick it into revealing the key.

Power Analysis

Measuring the amount of power drawn by the device can reveal information about the key being processed.

DEMA/SEMA

Electromagnetic radiation from the device can reveal information about the key being processed.

JTAG/SCAN

It may be possible to use the self-test and debugging features of the device to reveal the key.

Software Bugs

If the software is not perfect (and it never is) a bug may allow access to the key.

Hardware Bugs

Hardware is increasingly looking more like software, and so has the same reliability issues with bugs.

Firmware Modifications

It may be possible to modify the system's firmware to get around protection. For example, DVD Players can be modified to not enforce region codes.

All of these attacks are possible because the hacker is in possession of the device.

All of these attacks are non-invasive, cheap, and easy to repeat. Once a device is compromised, that information can go instantly to the Internet. Hollywood has been hoping that the System Renewability features of IBM and Intel's DRM algorithms would protect the system from this sort of attack. But now it is clear that the hackers can break and publicize keys at a rate that is faster than Hollywood's ability to issue revocation messages. This will very quickly lead to total failure of the DRM system.

There was a lot of discussion by the lawyers on this point. The technology people were silent. AACS has not yet published its 1.0 specification, but we can already see how it will be defeated.

MPAA

MPAA announced that they sued ESS Technologies because ESS's CSS chips had been found in unlicensed DVD players. MPAA and ESS have reached a settlement, in which ESS will help MPAA take action against its customers.