CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT

What is missing? WHAT IS MISSING IN THIS PICTURE? Here we see scheme of networked multimedia system, red part is hardware, blue is content, green is software for running it. WHAT IS MISSING IN THIS PICTURE? The missing part is CONTENT PROTECTION AND DRM

DIGITAL CONTENT (AUDIO, VIDEO, GRAPHICS, IMAGES) CAN BE EASILY COPIED, TRANSMITTED AND DISTRIBUTED THIS HAS GREAT ADVANTAGES AND BUSINESS POTENTIAL

BUT DIGITAL MEDIA CAN ALSO MAKE BIG PROBLEMS FOR CONTENT OWNERS DUE TO UNAUTHORIZED USE. THEY CAN EASILY LOSE THEIR PROPERTY CONTENT OWNERS NEED THUS STRONG PROTECTION

THUS DIGITAL CONTENT SHOULD BE PROTECTED AGAINST UNAUTHORIZED USE THIS PROBLEM IS KNOWN CURRENTLY UNDER THE NAME DRM DIGITAL RIGHTS MANAGEMENT

Digital Rights Management (DRM) = technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device can be used to protect high-value digital assets control their distribution and usage Ultimate goal: persistent content protection against unauthorized access to the digital content, limiting access to only those with the proper authorization to manage usage rights for different kinds of digital content (e.g.music files, video streams, digital books, images) different platforms (e.g. PCs, laptops, PDAs, mobile phones) control access to content delivered on physical media or any other distribution method (e.g., CD-ROMs, DVDs) Essential to the content whuch production requires huge amount of money, but can be copied in a second

Digital Rights Management (DRM) Different methods for Audio Video Internet stores Documents (Enterprise DRM) Digital licenses the consumer purchases a license with certain rights A license is a digital data file that specifies certain usage rules (frequency of access,expiration date, restriction of transfer to other devices, copy permission etc., may combined to try-before-buy) for the digital content Several players involved in E.g. online distribution: content provider, distributor, consumer, clearing house DVD’s manufacturer, replicator, player… Consumer: privacy, fair use (research, education..), usability (compatibility, seamless, updates) Essential to the content whuch production requires huge amount of money, but can be copied in a second

EXAMPLE: Apple music store Buying music from the network means that the content has to be protected against copying

WHAT ARE THE REQUIREMENTS FOR DRM? IT SHOULD PREVENT COPYING IT SHOULD AUTHORIZE ACCESS LIMITED TO: PARTICULAR USER, SPECIFIC TIME, SPECIFIC NUMBER USAGE AND COPIES, ETC. IT SHOULD FACILITATE PAYMENT FOR CONTENT (E.G. RENEWAL OF RIGHTS)

ALL REQUIREMENTS FOR DRM ARE VERY DIFFICULT TO SATISFY IN PARTICULAR THEY ARE DIFFICULT IF THE DRM SYSTEM WOULD BE STANDARDIZED, THAT IS IS STRUCTURE IS KNOWN THIS IS BECAUSE STANDARDIZED SYSTEM MIGHT BE EASIER TO BREAK THAN SECRET SYSTEM

IN PRINICPLE DIGITAL CONTENT CAN BE EASILY (?) PROTECTED BY ENCRYPTION WHAT IS ENCRYPTION? THE CONTENT BITS ARE MANIPULATED IN SECRET WAY BY SOME ALOGRITHM.

THE ORIGINAL BITS CAN BE RECOVERED BY REVERSING THE OPERATION OF THE ALGORITHM CONTENT ENCRYPTION ALGORITHM DECRYPTION ALGORITHM CONTENT

BUT SUCH SYSTEM HAS PROBLEMS IF ALGORITHM IS KNOWN, EVERYBODY WILL USE IT HOW TO CONTROL ACCESS? THAT IS USERS MAY BUY ACCESS FOR SOME TIME AND FOR SOME CONTENT ONLY WHAT TO DO WITH USERS WHICH WILL USE PROPER ACCESS FOR ILLEGAL COPYING?

THUS THE DRM CONTENT PROTECTION MUST BE MORE CLEVER IT HAS TO BE BASED ON CONDITIONAL ACCESS ENCRYPTION ALGORITHMS and the newest addition is: 3. REVOCATION OF RIGHTS

WHAT IS CONDITIONAL ACCESS? IT IS ACCESS GIVEN ON LIMITED CONDITIONS, E.G. TIME, CONTENT, PAYMENT CONDITIONAL ACCESS CONTENT ENCRYPTION ALGORITHM DECRYPTION ALGORITHM CONDITIONAL ACCESS CAN BE A CARD GIVEN TO THE USER, OR CERTIFICATE SEND VIA INTERNET

EXAMPLE – THE SYSTEM USED IN DIGITAL TELEVISION FOR WATCHING PAY PROGRAMS IN THIS SYSTEM CA HAS A FORM OF SUBSCRIPTION CARDS HOWEVER, THERE ARE SEVERAL ENCRYPTION ALGORITHMS USED. FOR DECRYPTION, THERE ARE DIFFERENT HARDWARE CAM’s CONDITIONAL ACCESS MODULES

RECEIVER FOR DIGITAL TELEVISION SUBSCRIPTION CARD CAM MODULE

ONE RECEIVER CAN HAVE SEVERAL CAM’s FOR RECEIVING PAY PACKAGES WITH DIFFERENT SUBSCRIPTION CARDS. SUCH SYSTEMS ARE WIDELY USED IN TELEVISION. BUT MANY SYSTEMS WERE ALSO BROKEN SINCE ONE CAN ANALYZE PROGRAM ON THE CARD AND TRACE TRAFFIC BETWEEN CARD AND CAM.

BUT WHAT TO DO IF A USER HAS VALID SUBSCRIPTION BUT USES IT FOR RECORDING AND DISTRIBUTING CONTENT ILLEGALLY? ONE SOLUTION IS TO PREVENT RECORDING AND/OR TO PREVENT GETTING THE RECORDING OUT OF THE DEVICE

IN MEDIA TERMINAL USER CAN RECORD DIGITAL TV PROGRAMS ON INTERNAL HARD DISC BUT RECORDED CONTENT IS ENCRYPTED AND THERE IS NO WAY OF GETTING IT OUT OF THE TERMINAL

REVOCATION OF RIGHTS Revocation means that grants given once are removed from the user who breached the contract. We shall explain revocation on the new example of High Definition DVD discs

Current DRM systems for DVD Legacy Format Advanced Format Standard Definition High Definition CSS = Content Scramble System AACS = Advanced Access Content System DVD HD DVD Blu-ray Disc Other formats OTHER FORMATS: - FOR AUDIO: Pre-recorded audio CPPM (56-bit key) DVD Content Protection is broken HD DVD is a new system with much improved protection and REVOCATION

Content Scramble System (CSS) Protection for DVD A data encryption and authentication scheme to prevent copying video files from the disks Several keys included in: authentication key, disc key, player key, title key, second disk key set, and/or encrypted key a weak 40-bit stream cipher algorithm Brute Force Attact, possible to find the keys, only 2^40 options, attacts to the hash codes Published 1996, but only usable in licensed DVD playbacks (Windows, MAC), not in Linux  1999 DeCSS

Advanced Access Content System (AACS) for HD DVD = a standard for content distribution and digital rights management, intended to restrict access to and copying of the next generation of optical discs and DVDs. “ a specification for managing content stored on the next generation of prerecorded and recorded optical media for consumer use with PCs and CE devices. “ “will complement new innovations in the next-generation of optical discs, and enable consumers to enjoy next-generation content, including high-definition content.” The specification released in April 2005 In addition to the general objectives described in the Introduction and Common Cryptographic Elements book of this specification, the use of AACS for protecting pre-recorded video content was designed to meet the following specific criteria: • Provide robust protection for both off-line playback and optional enhanced uses enabled via on-line connection. • Provide for extended and extensible usage (e.g. jukebox storage, pay for copy). • Independent of physical storage format to the degree possible. • Compliant players can authenticate that content came from an authorized, licensed replicator. AACS is designed to meet the following general criteria: • Meet the content owners’ requirements for robustness and system renewability o Content encryption based on a published cryptographic algorithm. o Limit access to protected content to only licensed compliant implementations. o Support revocation of individual compromised devices’ keys. o Limit output and recording of protected content to a list of approved methods. • Suitable for implementation on both general-purpose computer and fixed-function consumer electronics platforms. • Applicable to both audio and video content, including high-definition video. • Applicable to various optical media formats. • Transparent to authorized use by consumers. To meet these general objectives, AACS is based in part on the following technical elements: • Robust encryption of protected content using the AES cipher. • Key management and revocation using advanced Media Key Block technology.

AACS – Design criteria Meet the content owners’ requirements for robustness and system renewability Content encryption based on a published cryptographic algorithm. Limit access to protected content to only licensed compliant implementations. Support revocation of individual compromised devices’ keys. Suitable for implementation on both general-purpose computer and fixed-function consumer electronics platforms. • Applicable to both audio and video content, including high-definition video. • Applicable to various optical media formats. • Transparent to authorized use by consumers. Basic technical elements: Robust encryption of protected content using the AES cipher. Key management and revocation using advanced Media Key Block technology.

AACS - Usage Scenarios Compared to CSS: + Legal copies +fexibility to use

AACS : Content validation and revocation Content Owner Content Owner Licenced Player Licensed Players will contain the Entity Public Keys that will be used as the root of trust for validating content signatures. Media containing content signed in accordance with this scheme will contain the following items: • Content Certificate • Content Hash Table • Content Revocation List The Content Certificate and Content Hash Table  Validate the the authenticity of the content  prevent playback of that content if the signature is not valid. The Content Revocation List  prevent playback of content that contains a valid signature but is not valid content. The Content Certificate, Content Hash Table, and Content Revocation List must be stored on the pre-recorded media with the signed content. Licensed replicators shall include with any Certified Content that they produce, a signed Content Certificate covering that content. Licensing Entity

AACS: System overview – pre-recorded video CONTENT OWNER SERVCE PROVIDER Content Usage rules Enhanced uses enabled via online authentication PRE-RECORDED VIDEO Title keys - Encrypted content - Usage rules of content Content certificate Conten hash Device revocation data [MKB] Content revocation list [CRL] Sequence key block LICENCED REPLICATOR LICENCED PLAYER Device revocation data [MEDIA KEY BLOCK] Content revocatio list [CRL] Content sertificate Sequence Key Block Secret keys Device keys (unique for the device /application) Entity public keys (to check the content revocation data and content sertificate) CONTENT OWNER: + provides AV content + usage rules + title keys LICENSING ENTITY  LICENCED REPLICATOR + DEVICE REVOCATION DATA = MEDIA KEY BLOCK + MKB enable players using own device keys to calculate the MEDIA KEY + If the keys hackered ´the old keys can be revoked by new MEDIA KEY BLOCK + CONTENT REVOCATION LIST = identifies the sign content with valid certificate, but has later on revoked and should not be accessed by compliant player + CONTENT SERTIFICATE = for content identifying, including cryptographic hash collection + SEQUENCE KEY BLOCK + SECRET KEYS based on device variation and media key LICENCED REPLICATOR + encrypts the content + TITLE KEY – content with media key information - contains the USAGE RULES OF THE CONTENT  uses several secret keys  called TITLE KEYS (for playback you need to know several title keys) Media keys differes between the movies a lot + all other information stored on storage medium LICENSING ENTITY  LICENCED PLAYER + DEVICE KEYS (unique for devices and applications) - needed to encrypt the device revocation data + ENTITY PUBLIC KEYS  used to check the CONTENT REVOCATION DATA and CONTENT CERTIFICATE PLAYER + uses DEVICE KEYS to check the compatibility to MEDIA KEY BLOCK, to calkulate media key form media key block + based on MEDIA KEY + SEQUENCE KEYS  SKB (Sequence Key Block)  Media key variant + TITLE KEY to check to provide the compliant playback + CRL + compliant player keeps the CRL in non-volatile storage, unless it already has a more up-to-date list. + Using the most up-to-date CRL, the player checks to see if the content is revoked, and if it is, access is aborted. + During playback, the compliant player calculates a series of content hashes using the same method used by the replicator. Replicators and player’s hashs needs to match. ENHANCED USES ENABLED VIS ONLINE AUTHENTICATION + For example, a home video server might connect with a service provider to obtain authorization to make a protected local copy of a given pre-recorded Title for “jukebox” purposes. - authorization  free-of-charge to the owner of the optical media - Thus, this and other enhanced uses may entail business interaction between content owners and service providers, as indicated by the dashed line in the figure above. LICENSING ENTITY

AACS: Content encryption and decryption

AACS: Revoking the keys – in practice In practice the operation of revocation in AACS is as follows: - Each content (e.g. movie disc) release gets special key Each type of player (hardware and software) gets special key Now let’s think that somebody has broken protection of this movie disc and released illegal copies or has modified player so it can play illegally the content. Then those discs and players will be put on the revocation list. The list is updated on all new discs, so the when new disc is played on the player, playback of the broken disc will be disabled or the player is disabled! + IN FEB. 128-bit string of handful numbers and digits was published on websites  The websites were ask to be taken off  now in you tube in T-shirts + Just one of the several needed keys, but it compromises the part of AACS UNIQUE MACHINE SPECIFIC KEYS OF HW COMPANIES  USED FOR PLAYERS COMMON KEYS FOR THE SOFTWARE  CAN BE USED IN EVERY COPY OF THE PROGRAM VERSION THE RELEASED key was a COMMON KEY FROM Cyberlink corp and Intervideo AACS ASKED 1. SOFWARE COMPANIES TO REVOKE THE RELEASED KEY IN 2 WEEKS - Lots of work. E.g. PC stores have lots of PC’s and Laptop’s where the programs are installed as default 2. NEW MEDIA KEY BLOCK for HD DVD MANUFACTURERS  New disks on markets this month  Customers not able to play any disks released after may 2007 until the sofware versions are released THERE MIGHT BE CUSTOMERS SAYING THAT THEIR CD DOES NOT PLAY

AACS: Revoking the keys – in practice Feb 2007. 128-bit string of keys was published Compromises the part of AACS Common keys for software players (Cyberlink, Intervideo) Revocation started HD DVD’s with New Media Block’s on markets in May  Customers not able to play any disks released after may 2007 until the sofware versions are released - Sofware updates = lots of work, not available yet? + IN FEB. 128-bit string of handful numbers and digits was published on websites  The websites were ask to be taken off  now in you tube in T-shirts + Just one of the several needed keys, but it compromises the part of AACS UNIQUE MACHINE SPECIFIC KEYS OF HW COMPANIES  USED FOR PLAYERS COMMON KEYS FOR THE SOFTWARE  CAN BE USED IN EVERY COPY OF THE PROGRAM VERSION THE RELEASED key was a COMMON KEY FROM Cyberlink corp and Intervideo AACS ASKED 1. SOFWARE COMPANIES TO REVOKE THE RELEASED KEY IN 2 WEEKS - Lots of work. E.g. PC stores have lots of PC’s and Laptop’s where the programs are installed as default 2. NEW MEDIA KEY BLOCK for HD DVD MANUFACTURERS  New disks on markets this month  Customers not able to play any disks released after may 2007 until the sofware versions are released THERE MIGHT BE CUSTOMERS SAYING THAT THEIR CD DOES NOT PLAY RESPONSE TO REPORTS OF ATTACKS ON AACS TECHNOLOGY April 16, 2007 - AACS LA Announces Security Updates (Updated URLs) In response to attacks against certain PC-based applications for playing HD DVD and Blu-ray movie discs, Advanced Access Content System Licensing Administrator, LLC (“AACS LA”) announces that it has taken action, in cooperation with relevant manufacturers, to expire the encryption keys associated with the specific implementations of AACS-enabled software. Consumers can continue to enjoy content that is protected by the AACS technology by refreshing the encryption keys associated with their HD DVD and Blu-ray software players. This refresh process is accomplished via a straightforward online update. Through this online update process, manufacturers are also able to see that consumers update their player implementations prior to distribution of encryption key expiration information via new movie discs. Consumers are advised to check with the manufacturer of their AACS-enabled Blu-ray or HD DVD PC-based player to make sure you have installed the latest version. The following manufacturers have provided links to provide relevant information and facilitate consumer updating of their players: InterVideo – publishers of WinDVD products http://www.intervideo.com/jsp/Press.jsp?mode=04-06-2007   CyberLink – publishers of PowerDVD products http://www.cyberlink.com/multi/patch/index.jsp February 15, 2007 Regarding the reported attacks on 2/13/2007, AACS has confirmed that an additional key (called a “processing key”) has been published on public websites without authorization. This is a variation of the previously reported attack (a compromise of a specific implementation) on one or more players sold by AACS licensees. Although a different key was extracted, this represents no adverse impact on the ability of the AACS ecosystem to address the attack. All technical and legal measures applicable to the previously reported attack will be applicable against this attack as well.

Summary DMR = technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device to protect high-value digital assets control their distribution and usage AACS Cross-industry collaboration to facilitate next generation content distribution Enables new, flexible ways to enjoy content while protecting copyrighted works Technical specifications and licensing RELEASE OF KEYS IN FEB 2007 + On websites  AACS players put down + YouTube + a "processing key," an 128-bit string represented by a handful of numbers and digits. + By itself an individual processing key is no major threat. + It is just one of several keys needed as part of a cryptographic process to unlock content on an HD DVD or Blu-Ray HD disk. + Nevertheless, the public release of a key does compromise part of a system developed by the Advanced Access Content System (AACS), + a consortium of content and systems companies that defined the security for HD disks. + Once the key was in the clear, AACS started a process of revoking it. TWO TYPE OF KEYS: + Unique keys  hardware companies to use in HD players, belongs to spesific machine + Common keys  software players to be used in the every copy of a program of the given version + keys on HD disks ---------------------------------- In cryptographic process all these keys are used to unlock the content on a disk. THE RELEASED KEYS WERE COMMON KEYS SOFTWARE COMPANIES, CyberLink Corp. And InterVideo AACS  RELESED KEYS TO BE REVOKED + new versions of software has to be released in two weeks with new keys! + software companies (Cyberlink and Intervideo) need to inform + their partners e.g. their sofwares as default softwares in Samsung’s PC’s NEW MEDIA KEY BLOCK released to HD disk manufacturers + new key blocks avalable in May + people can still use the keys to access the content form the disk printed before may 2007 SOFTWARE UPDATE + Updates may not been released  products on the market chich cannot play the disks thhat has new Media key block, released in this month + the process is an imperfect one and some users may not discover the problem until they put in a new HD disk and see the screen go blank. "There's a whole eco-system of content owners, software companies, PC makers and consumer here,"