The High-Def Security Crack

HDCP, the security system for protecting high-definition video, has been compromised by the posting of the master encryption key to the Internet. This release has raised some fears that HD video will suffer the same fate as DVD after the encryption key was found in 1999. Intel, the inventor of HDCP, has reported that the key is legitimate. However, many believe that legal and technical barriers will keep HDCP relevant for the foreseeable future.

HDCP uses a public key cryptography mechanism, approved by the FCC in 2004, to protect the outputs of set-top boxes, Blu-Ray players and other entertainment devices. The system uses a sophisticated encryption key-management system to provide a chain of trust for protecting digital content. The master key, managed by Intel, is used to generate device-specific keys. Once content is encrypted by a studio, it only can be unlocked by device keys that have been generated by the master key.

A lock-out mechanism within HDCP allows Intel to revoke the credentials for compromised devices.  In order to lock a device out, content creators would have to include a list of revoked keys on any new Blu-Ray or broadcast HD content. But this mechanism will be ineffective in locking out newly generated keys because hackers could create a new key whenever an old one had been blocked.

Raising The Bar

Content providers are in a constant cat-and-mouse game with pirates.  As new security mechanisms are established, pirates are finding different ways of illicitly capturing digital copies of content. Although analog HDCP strippers have been produced in the past, these suffer reduced quality compared to the exact digital copy.

The growth of the DVD industry was enabled by a content scrambling system (CSS), which gave the movie industry the confidence to post digital copies of its content. But in 1999, hackers identified the master key and created a tiny program capable of decrypting DVDs and of saving the unencrypted data to a hard disk.

The practical effects of the HDCP crack might take more time, owing to the higher technical bar in decrypting content, notes Paul Kocher, chief scientist at Cryptography Research: "From a piracy perspective, it’s unlikely to make a large difference in the immediate future, although I’m expecting that video capture systems that break HDCP will get built within the next few years."

The biggest technical challenge is that capturing uncompressed video data from interfaces like HDMI requires special-purpose hardware. Although the hardware is not complex in theory, there is little demand because it would be awkward to use and there is no legitimate purpose. Kocher explains, "Rather high data rates are also involved in capturing raw video, so it also would take a significant amount of engineering to deal with the data after it was captured and decrypted.  For example, the most likely option would be to re-compress it, but high-quality, real-time video encoders are still fairly hard to make. That said, somebody will build such a device sooner or later, so it’s just a matter of time."

Keeping Pirates at Bay

In the short run, Intel plans to pursue all legal options to keelhaul these pirates.

According to Intel spokesman Tom Waldrop, "Technical answers are not going to solve 100 percent of all issues. That’s why enforcement is a big part of our strategy."

In the longer term, studios might start looking at other approaches like HDCP 2.0, a new copy-protection implementation with better encryption. However, studio and equipment vendors face a difficult challenge in improving security without angering legitimate customers.

Comments Kocher, "While any of today’s TVs remain in use, all set-top boxes need to be compatible and those TVs will have to support output using the current (broken) HDCP.  Even if new TVs supported a better protocol, attackers could always trick the set-top box into using the old protocol."

– George Lawton