High-bandwidth Digital Content Protection

From Wikipedia, the free encyclopedia

High-bandwidth Digital Content Protection (HDCP) is a form of Digital Rights Management (DRM) developed by Intel Corporation to control digital audio and video content as it travels across Digital Visual Interface (DVI) or High-Definition Multimedia Interface (HDMI) connections. The specification is proprietary, and creating an implementation of HDCP requires a license.

HDCP is licensed by Digital Content Protection, a subsidiary of Intel. In addition to paying fees, licensees agree to limit the capabilities of their products. For example, high-definition digital video content must be restricted to DVD quality on non-HDCP compliant video outputs when requested by the source. DVD-Audio content is restricted to DAT quality on non-HDCP digital audio outputs (analog audio outputs have no quality limits). Licensees cannot allow their devices to make copies of content, and must design their products to "effectively frustrate attempts to defeat the content protection requirements."

1 Specification
2 Cryptanalysis
3 Uses
4 References
5 External links

[edit] Specification

HDCP's main target is to prevent transmission of non-encrypted high definition content. Three systems were developed to achieve that goal:

Authentication process disallows non-licensed devices to receive HD content.
Encryption of the actual data sent over DVI or HDMI interface prevents eavesdropping of information. It also prevents "man in the middle" attacks.
Key revocation procedures ensure that devices manufactured by any vendors who violate the license agreement could be relatively easily blocked from receiving HD data.

Each HDCP capable device model has a unique set of keys; there are 40 keys, each 56 bits long. These keys are confidential and failure to keep them secret may be seen as a violation of the license agreement. For each set of keys a special key called a KSV (Key Selection Vector) is created. Each KSV has exactly 20 bits set to 0 and 20 bits set to 1.

During the authentication process, both parties exchange their KSVs. Then each device adds (without overflow) its own secret keys together according to a KSV received from another device. If a particular bit in the vector is set to 1, then the corresponding secret key is used in the addition, otherwise it is ignored. Keys and KSVs are generated in such a way that during this process both devices get the same 56 bit number as a result. That number is later used in the encryption process.

Encryption is done by a stream cipher. Each decoded pixel is encrypted by applying an XOR operation with a 24-bit number produced by a generator. The HDCP specifications ensure constant updating of keys (after each encoded frame).

If some particular model is considered "compromised", its KSV is put into revocation lists, which are written e.g. on newly produced disks with HD content. Each revocation list is signed with a digital signature using the DSA algorithm; this is supposed to prevent malicious users from revoking legitimate devices. During the authentication process, if the receiver's KSV is found by a transmitter in the revocation list, then the transmitter considers the receiver to be compromised and refuses to send HD data to it.

[edit] Cryptanalysis

Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System". This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.^[1]

The authors conclude:

"HDCP's linear key exchange is a fundamental weakness. We can:

Eavesdrop on any data
Clone any device with only their public key
Avoid any blacklist on devices
Create new device keyvectors.
In aggregate, we can usurp the authority completely."

Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act [1].

The most well-known attack on HDCP is the conspiracy attack, where a number of devices are compromised and the information gathered is used to reproduce the private key of the central authority.

[edit] Uses

HD DVD, Blu-ray Disc and DVD players (with HDMI or DVI connector) use HDCP to establish an encrypted digital connection. If the display device—or in the case of using a PC to decrypt and play back HD-DVD or Blu-ray media, the graphics card (hardware, drivers and playback software)—does not support HDCP, then a connection cannot be established. As a result, a black picture and/or error message will likely be displayed instead of the video content.

Content providers for HD-DVD and Blu-ray media can set an Image Constraint Token (ICT) flag that will only output full-resolution digital signals using a digital HDCP connection. If a HDCP enabled player is connected to a non-HDCP-enabled television set with a non-HDCP-compliant analog connection (VGA or Component), and the content is flagged, the player will output a downsampled 960x540 pixel signal. If using non-HDCP-compliant DVI connection (with HDMI to DVI cable), the user will not get any picture at all. Many older high-definition television sets currently in use are not HDCP-capable, and this would negate some of the key benefits of HD DVD and Blu-ray Disc for those consumers. Also, the Microsoft Xbox360 game console, for which there is a HD-DVD add-on available, is only capable of analog non-HDCP-connections, although a new SKU of the Xbox360 called the "Xbox 360 Elite" has HDMI support, which enables it to play such protected content at full resolution. If ICT would be forced, Microsoft's flagship console (note that MS is integral part of the HD-DVD camp, currently providing the VC-1 codec that is used in over 90% of all HD-DVD releases) would only be able to display a quarter of the actual resolution of the media, so movie studios are apparently in agreement not to include the ICT flag on any HD DVDs or Blu-ray Discs in the immediate future.^[2]^[3]

In the United States the Federal Communications Commission approved HDCP as a "Digital Output Protection Technology" on August 4, 2004 despite its known flaws.^[4] The FCC's Broadcast flag regulations, which were struck down by the United States Court of Appeals for the District of Columbia Circuit, would have required DRM technologies on all digital outputs from HDTV signal demodulators. Congress is still considering legislation that would implement something similar to the Broadcast Flag. Analog outputs from digital receivers do not require output restrictions, but the analog output must be limited to a resolution of 480p, which effectively limits sets with analog input to non-HD resolutions. The HDCP standard is more restrictive than the FCC's Digital Output Protection Technology requirement. HDCP bans compliant products from converting HDCP-restricted content to full-resolution analog form, presumably in an attempt to reduce the size of the analog hole.

On January 19, 2005, the European Industry Association for Information Systems (EICTA) announced that HDCP is a required component of the European "HD ready" label.^[5]

Microsoft's new operating system, Windows Vista, utilizes this technology in the context of computer graphics cards and monitors. [2] [3]

By 2005, HDCP filtering devices were developed and freely sold in countries without restrictions on circumventing DRM. Those usually take the form of filters that have to be installed in the signal path between the movie player or decoder and the TV. The devices strip HDCP information out of the video signal, leaving the movie playable on non-HDCP displays.^[6]