Feeds

Cryptography Research wants piracy speed bump on HD DVDs

The rush is on

  • alert
  • submit to reddit

Boost IT visibility and business value

Cryptographic Research's senior security architect, who also mockingly refers to himself as "chief anti-pirate" is Carter Laren, and Cryptography Research is both realistic about just what it takes to stop pirates and how difficult that is, as well as optimistic that the two competing associations are set to choose its own submission as the basis for this protection system.

Cryptography Research (CR) is just a 15-man intellectual property company, but it was single handedly responsible for discovering how professional pirates use Differential Power Analysis to read encryption keys and break complex coding systems thought to be uncrackable, and has also come up with circumvention strategies. Virtually all the intellectual property around DPA is held by CR and is licensed all over the world. CR also wrote the SSL3 secure sockets layer security version for the IETF.

Put simply, DPA is a system of "listening" to power distribution on semiconductors as they read encryption keys. Circumvention comes from balancing out all power use when an encryption key is being applied so that it cannot be read just by observing which circuits are active.

If it appears to you that DPA is really about making it harder for the "professional" pirate who makes a fortune from illicit manufacture of pirated goods, rather than about stopping college kids from using P2P networks to swap files, then you'd be right.

"We would rather chase professional pirates than College students," says Laren, and this shows in his strategy to build a protection system.

What CR has built, he calls Self Protecting Digital Content or SPDC. In effect this is a form of content that is no longer passive and includes code that can execute in a specially constructed SPDC virtual machine that resides in each player.

The logic behind this approach is that so far Digital Rights Management systems have tried to both support a trust chain, a way of moving decryption keys around between devices, as well as allowing the expression of rules to decide what usage is allowed with that content.

What CR does instead is much simpler and more direct. It tries to cut off any player that has been used for mass piracy.

"When a pirate makes a copy of a film encoded as SPDC, the output file is cryptographically bound to a set of player decryption keys. So it is easy when looking at a pirated work on a peer to peer network, or any copies found on copied DVDs, to identify which player made those copies," said Laren "When the content owner sends out any further content it can contain on it a revocation of just the player that was used to make a pirated copy."

"We picture a message popping up on a screen saying something like 'Disney movies won't play on your player any more please call this number for further information.' Or perhaps 'To fix this please call Disney with your credit card,' something like that anyway.

"We know that pirates can make copies by tapping the MPEG stream with modified players, or by making a bit for bit copy of the disk, or by using an analog attack (catching the film stream on the way to the TV over aerial cabling and re-digitizing it). But using this cryptographical binding we have forensic marking visible on the copy."

The neat thing about this process is that if someone makes copies for their own use, that can be enabled. Private individuals could be allowed to make copies for other players, even for their friends, and that's no problem.

It's only when a pirated copy is discovered coming back to a content owner (presumably watching P2P sites) that a player will get revoked, and that is only effective on content made after that point, with the revocation message in it.

Build a business case: developing custom apps

Next page: Related stories

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
Microsoft: We're making ONE TRUE WINDOWS to rule us all
Enterprise, Windows still power firm's shaky money-maker
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.