White Paper: HD Video Encryption

Nathan Edwards

A replicator encrypts content on a Blu-ray or HD DVD disc using a Media Key and Media Key Block provided by the AACS Licensing Authority (AACS LA). The AACS LA provides the media player (either a stand-alone device or a PC application) with a corresponding Device Key. The media player combines its Device Key with the Media Key Block to calculate the Media Key. If the calculated Media Key matches the Media Key on the disc, the content can be decrypted.

We’re philosophically opposed to any technology that impairs our fair-use rights, but the Hollywood studios insist on infesting their products with annoyances such as HDCP (High-bandwidth Digital Content Protection) and AACS (Advanced Access Content System) which do just that. Since we also believe knowledge is power, here’s a primer on how those systems work.

But before we dive into the details, allow us to point out the absurdity of digital rights management—in all its many forms. DRM treats those of us who purchase movies and music, and then make backup copies or transfer that content to our PCs and digital media players, as criminals. We are not pirates; we are Hollywood’s best customers. And we understand that purchasing content is a prerequisite to claiming fair-use rights.

HDCP and AACS add to the complexity and the cost of every PC, every HD DVD and Blu-ray drive and disc, every monitor, every commercial operating system, most every A/V receiver, and every HD television on the market—and all it takes to defeat this supposedly invincible technology is an easily obtained program: SlySoft’s AnyDVD HD (www.slysoft.com).

The Cryptonomicon

AACS is a cryptographic system designed to limit the output and recording of protected content to methods the content owner approves of. Unlike the simpler CCS (Content Scramble System) used to encrypt commercial DVDs, AACS uses a set of keys that can be tied to a specific player—much like a serial number.

The AACS process results in a “play” or “don’t play” validation. A Blu-ray or HD DVD disc includes a Media Key Block that is combined with a playback device’s unique set of keys to generate a Media Key, which is then combined with another piece from the disc—the Volume ID key. (Only a commercial burner can reach the hidden section of that disc to write the Volume ID key, a technique designed to thwart disc-to-disc copies on consumer-grade equipment.) The combination of aforementioned keys culminates in the Volume Unique Key. This key is used to decrypt the disc’s title keys and then—finally—the movie itself. At this point, the content moves into the HDCP chain, where it is re-encrypted until it reaches the display (we’ll explain HDCP in more detail shortly).

If an AACS device is compromised, newly pressed content can be published with an updated Media Key Block that is incompatible with the compromised device’s keys. This, in essence, revokes the known cracked keys and disables the associated players. The new Media Key Block, however, will continue to function with any older keys that remain secure.

Secret Handshakes

HDCP is an interconnect system that works hand-in-glove with AACS. Designed to protect the transmission of high-bandwidth audiovisual streams—at rates up to 5GB/s—HDCP has been deployed in all three of the major digital display interfaces: DVI, HDMI, and DisplayPort. It is also supported in the less-common UDI (Unified Display Interface) and GVIF (Gigabit Video Interface). Since it must be everywhere in the display chain, you’ll also find HDCP in videocards, Blu-ray and HDVD DVD drives, HDTVs, A/V receivers, and CableCARD digital CATV tuners. The technology can also be incorporated into repeaters (which can be essential for long cable runs) and switches (crucial for connecting more than one player to a display with a single digital-video input).

The HDCP authentication process is the same for every content player: Software on the PC or set-top box generates a playback signal, which initiates a handshake process. Using a temporary random number, unique keys built into each HDCP transmit device (e.g., a videocard) and receive device (e.g., an HDTV) are used to generate a checksum. If the checksums are identical at each stage, the content is green-lit for playback.

This process is repeated every few seconds, and the signal is reauthenticated at each node in order to prevent the signal from being intercepted midstream (to prevent anyone from tapping into and recording the digital bit stream). If the handshake fails at any point along the way, that authentication failure is reported to the playback software.

Furthermore, the audio-video stream is re-encrypted before it enters the HDCP pipeline, and it’s decrypted when it arrives at the final playback device.

Don't Hate the Player

Representatives from the companies responsible for creating these technologies are quick to point out that they’ve developed “content protection,” not “copy protection,” systems. The technologies are inert, they say; it’s up to the movie studios to deploy them as copy-protection schemes. HDCP, for instance, simply notifies the player if there’s a non-HDCP device in the playback chain. Software in the player then executes the rules, (established by the media owner) that are encoded within the content.
One of those rules is known as managed copy, which allows the consumer to make a limited number of legal backup copies of an HD DVD or Blu-ray disc or transfer the copy-protected content to another device, such as a media server. Theoretically, this backup copy would be subject to verification through an online verification system, which would require the playback device to be connected to the Internet. Unfortunately, managed copy still hasn’t been implemented in the real world.

The Image Constraint Token is a more onerous rule that gives content owners the power to make the software stop playing content or downsample video to 960x540 resolution—a fraction of the image quality you thought you were buying—if HDCP is missing at any stage in the playback chain. This can occur when the video is played through an analog component connection, but there are also many early HDTVs, videocards, and computer monitors in people’s homes that were manufactured prior to the development of AACS and HDCP. Owners of Microsoft’s Xbox 360 HD DVD drive should be aware that since that device uses a USB connection—considered to be an unsecure display path—it is also susceptible to the Image Constraint Token. Sony’s PlayStation 3, on the other hand, is fully HDCP and AACS compliant (unless you’re using one of its analog display connections).
The Image Constraint Token is invoked on a per-disc basis, and as far as we know, no studio has activated the technology in their current releases. In fact, rumor has it that they’ve informally agreed not to implement it until at least 2012; but that is of little consolation to anyone who’s still using non-HDCP gear.

Around the web