High-Bandwidth Digital Content Protection

From Wikipedia, the free encyclopedia

High-Bandwidth Digital Content Protection (HDCP) is a form of digital rights management (DRM) developed by Intel Corporation to control digital audio and video content as it travels across Digital Visual Interface (DVI) or High Definition Multimedia Interface (HDMI) connections. The HDCP specification is proprietary and an implementation of HDCP requires a license.

HDCP is licensed by Digital Content Protection, LLC, a subsidiary of Intel. In addition to paying fees, licensees agree to limit the capabilities of their products. For example, High-definition digital video content must be restricted to DVD quality on non-HDCP compliant video outputs when requested by the source. DVD-Audio content is restricted to DAT quality on non-HDCP digital audio outputs (analog audio outputs have no quality limits). Licensees cannot allow their devices to make copies of content, and must design their products to "effectively frustrate attempts to defeat the content protection requirements."

Contents 1 Specification 2 Cryptanalysis 3 Uses 4 References 5 External links

[edit] Specification

HDCP's main target is to prevent transmission of non-encrypted high definition content. Three systems were developed to achieve that goal:

1. Authentication process disallows non-genuine devices to receive HD content.
2. Encryption of the actual data sent over DVI or HDMI interface prevents eavesdropping of information. It also prevents "man in the middle" attacks.
3. Key revocation procedures ensure that devices manufactured by any vendors who violate the license agreement could be relatively easily blocked from receiving HD data.

Each HDCP capable device model has a unique set of keys; there are 40 keys, each 56 bits long. These keys are confidential and failure to keep them secret may be seen as a violation of the license agreement. For each set of keys a special key called a KSV (Key Selection Vector) is created. Each KSV has exactly 20 bits set to 0 and 20 bits set to 1.

During the authentication process, both parties exchange their KSVs. Then each device adds (without overflow) its own secret keys together according to a KSV received from another device. If a particular bit in the vector is set to 1, then the corresponding secret key is used in the addition, otherwise it is ignored. Keys and KSVs are generated in such a way that during this process both devices get the same 56 bit number as a result. That number is later used in the encryption process.

Encryption is done by a stream cipher. Each decoded pixel is encrypted by applying an XOR operation with a 24-bit number produced by a generator. The HDCP specifications ensure constant updating of keys (after each encoded frame).

If some particular model is considered "compromised", its KSV is put into revocation lists, which are written e.g. on newly produced disks with HD content. Each revocation list is signed with a digital signature using the DSA algorithm; this is supposed to prevent malicious users from revoking legitimate devices. During the authentication process, if the receiver's KSV is found by a transmitter in the revocation list, then the transmitter considers the receiver to be compromised and refuses to send HD data to it.

[edit] Cryptanalysis

Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System" [1]. This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.

The authors conclude:

"HDCP's linear key exchange is a fundamental weakness. We can:

• Eavesdrop on any data
• Clone any device with only their public key
• Avoid any blacklist on devices
• Create new device keyvectors.
• In aggregate, we can usurp the authority completely."

Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act [2].

The most well-known attack on HDCP is the conspiracy attack, where a number of devices are compromised and the information gathered is used to reproduce the private key of the central authority.

[edit] Uses

HD DVD and Blu-ray Disc players allow content providers to set an Image Constraint Token (ICT) flag that will only output full-resolution digital signals using HDCP. If such a player is connected to a non-HDCP-enabled television set and the content is flagged, the player will output a downsampled 480p signal. Many high-definition television sets currently in use are not HDCP-capable, and this would initially negate some of the key benefits of HD DVD and Blu-ray Disc for those consumers. Movie studios are apparently in agreement to not include the ICT flag on any HD DVDs or Blu-ray Discs in the immediate future. ^{[1] [2]}

In the United States the Federal Communications Commission approved (PDF file) HDCP as a "Digital Output Protection Technology" on August 4, 2004 despite its known flaws. The FCC's Broadcast flag regulations, which were struck down by the United States Court of Appeals for the District of Columbia Circuit, would have required digital output protection technologies on all digital outputs from HDTV signal demodulators. Congress is still considering legislation that would implement something similar to the Broadcast Flag. Analog outputs from digital receivers do not require output protections, but the analog output must be limited to a resolution of 480p, which effectively limits sets with analog input to non-HD resolutions. The HDCP standard is more restrictive than the FCC's Digital Output Protection Technology requirement. HDCP bans compliant products from converting HDCP-protected content to full-resolution analog form, presumably in an attempt to reduce the size of the analog hole.

On January 19, 2005, the European Industry Association for Information Systems (EICTA) announced that HDCP is a required component of the European "HD ready" label.

Microsoft has announced that their next operating system release, Windows Vista, will support this technology in the context of computer graphics cards and monitors. [3] [4]

By 2005, devices were developed and freely sold in countries without restrictions on copy-protection circumvention. Those usually take the form of filters that have to be installed in the signal path between the movie player or decoder and the TV and strip any HDCP protection out of the video signal, leaving the movie to play on unprotected displays. The Clicker: HDCP's Shiny Red Button (2005-07-21)

[edit] References

1. ^ Hugh Bennett. The Authoritative Blu-ray Disc (BD) FAQ.
2. ^ Hugh Bennett. The Authoritative HD DVD FAQ.

[edit] External links

• HDCP specification (PDF)
• HDCP HDCP Encoding and Decoding - What Does This Mean to You? (theprojectorpros.com)
• DVI HDCP and DVI MAGIC Compatibility-enhancement devices for non-HDCP monitors [5]
• Windows Vista and HDCP How Windows Vista will handle HDCP and Hi-Def output.
• Current hardware incompatible: HDCP: The nightmare on computer graphic cards and monitors (2006-01-06)
• All ATI and nVidia cards announced un-supportive of HDCP: [6]
• Lack of Consumer Understanding about HDTV and HDCP
• A Cryptanalysis of HDCP
• Prof. Ed Felten's description of the conspiracy attack
• An example of the HDCP conspiracy attack