on drm

Via Slashdot we learn that HD-DVD/BluRay protection is cracked. Or is it?

Reading the comments or the interview, you’d think the whole scheme had come tumbling down like a house of cards. Slashdotters want to believe that so badly, it almost feels like it’s true.

Well, AACS is not cracked. It probably never will be – the mathematics is sound, and is basically an extension of CSS with the weak point (limited key revocation) removed. They might discover a weakness in key generation again or something similar, but it seems unlikely. Given the set of massive flukes that were required to beat CSS, with each revision of the scheme it becomes less likely to break.

DRM schemes in particular tend to make people spout a lot of crap. Here’s the short’n’skinny:

1. This guy has not cracked AACS. He has written a program that can extract title keys from a weakly protected player. The whole reason AACS exists is to solve this very problem of poorly made players. I suspect there are not that many HD-DVD/BluRay players out there right now, so it won’t be hard to figure out which one he is debugging and revoke it. It’ll mean a software upgrade for the early adopters, but who cares?
2. More software players will be cracked in future, but it’s not inevitable any player can be cracked. Having spent many hours in the debugger myself, I know that increasing complexity of an app by a small amount is simple and following that small increase in complexity as an attacker is hard. It can be done, I’ve done it myself, but every time you add another anti-debugger check, encrypt another piece of code, or hide the data you need inside other pieces, the number of attackers that can/will continue drops. As there is a finite number of motivated people to start with, it is in fact possible for that number to reach zero. Then you win, at least for a time. This is especially true if the software is adaptive, that is, the protections can be changed by the programmers at any time, Warden being a good example of that.
3. Hardware protection is much harder to beat than software protection, for obvious reasons. Satellite TV encryption has remained unbroken for years, which proves the point that DRM can work (giving you data you can’t access unless you pay is what it does, after all). Vista supports streaming encrypted data direct to the video card, which largely solves the problem of exposed title keys and as the type of people who play BluRay videos are likely to want to do so on new machines that can handle the requirements.

There are three mistakes people make when thinking about DRM.

you give me the data and the key, therefore I can beat you

Wrong. You might be able to beat them, but you might not. It’s possible to make a scheme so hard to beat that nobody manages it. Defeating the smartcards using by Rupert Murdochs satellite companies requires you to find a vulnerability in the microprocessor on the chip, then obtain a dump of its memory, then reverse engineer an unknown instruction set, then look for a weakness in the software on the smartcard, then somehow manage to turn all of that into a repeatable hack. There is tremendous profit involved for people who can manufacture then sell the final tool or program, but despite the millions up for grabs cracks are long since history. Severe jail terms for those involved act as an additional deterrant (we’re not talking DMCA here, we’re talking Economic Espionage Act).

the analog hole exists, therefore I can beat you

Sure, go ahead and point a video camera at the screen and make your own video copy. It might even be good quality! Point is, nobody cares. DRM is meant to discourage copying at scale. If it requires somebody to set up a darkroom, a HD camera and to “rip” videos in less than real-time, so few people will do it the impact on sales won’t be significant. You win the battle but lose the war. If all it requires is for you to click a few buttons, then you get every video being uploaded to LimeWire and that’s a bigger problem. The iTunes DRM is defeatable by burning to CD then re-ripping, which would in theory lead to all the iTunes tracks being available via peer to peer. Yet it still sells millions of tracks.

drm is anti-consumer so nobody will accept it

Wrong. People already accepted it en-masse when DVDs first came out, when the iTunes Music Store came out, when World of Warcraft came out, and when satellite TV came out. Most people can’t even explain what DRM is, let alone argue that it’s bad. Well implemented DRM does not inconvenience people much, beyond the “inconvenience” of having to pay for media. A lot of DRM is not well implemented but that says more about the people implementing it than anything else.

I don’t know if the RIAA, the MPAA, the book publishers, and so on will keep persuing DRM until they win. The struggle might wear them out, they might give up. Nonetheless, the fact that the TV companies were successful shows it can be done. Also, even though in the software realm copy protection and anti-hack programs are fallible, they are still used which implies the value they give outweighs their cost.

Eventually, it seems likely that commodity PCs will move all the vulnerable parts into hardware. The TPM already does this for key storage, but it can’t do streaming decryption. Secure Audio Path/Secure Video Path allow you to move audio/video decryption into hardware, meaning only the key manipulation part is still in software. Combine the two and it’s not a stretch to ensure the keys are never “in the clear” in the processor at all. Even if that’s still required, Intels LaGrande already allows a program to insulate itself from other programs and the kernel at the hardware level, which makes debugging it into a hardware cracking problem rather than a software one. It’s only shipping in some chips right now, but presumably it’ll end up in all their chips at some point.

Desktop computer users have got this mentality that DRM can always be defeated, re-enforced by a history of weak schemes that were eventually cracked (even though it took years to beat CSS, something often forgotten). It seems likely that eventually they’ll be proven wrong.