Feeds

Cryptography Research wants piracy speed bump on HD DVDs

The rush is on

  • alert
  • submit to reddit

3 Big data security analytics techniques

When asked, Laren said: "No, this is not the same as fingerprinting or watermarking. When you generate a fingerprint you are making each copy that is sold, slightly different and that has some cost implications when stamping disks. Our forensic information is being created by the player's virtual machine at the time it is played (copied) so all the disks can be identical."

The virtual machine players create movie outputs that are artistically identical but each one is altered if some minor way. This alteration is just the changing of a few bits of data every few seconds, so every 50 frames or so. And the CR system works such that if ten separate players are used in collusion in a copying process, taking samples of frames from each, it will not only identify one of the players, but all of them and they can be revoked from all future content.

"The big problem for studios is piracy based on film copies that have no digital identifiers. Because they can be sent around the internet with no chance of catching the original copier and then you have to go after the P2P user."

"The problem now is that everything in this market has accelerated. There are time constraints in that all the studios want to move to better protection as soon as the new disk formats come out and that is set for the end of next year. This means that AACS has to get its skates on if the players for this market are not to be launched ahead of its choice of security system.

By that time, if the CR system, or any other system, is to be used, the virtual machine players need to be integrated onto the two format in time for testing and studio acceptance to take place prior to the end of 2005.

CR has in fact dropped any attempt to have its actual encryption technologies used in this process. The disk formats will accept RSA or AES 128 bit encryption or both, but CR says this doesn't matter.

"The cryptographic portion of this is pretty easy to solve and any cryptographer that knows what he is doing can do a good job of that. So we have withdrawn from that part of the spec and we're just putting forward the binding process to our virtual machine," said Laren.

The virtual machine is based on a stripped down DLX processor. CR has taken out the floating point arithmetic and we've made a few changes for the sake of extra security. The DLX is a 32-bit pipelined embedded RISC CPU architecture that has come out of academia and was originally designed for teaching, but is not too unlike the ARM or any other RISC device.

It can be built in hardware, expressed in a hardware language like the Verilog Hardware Description Language and CR has a reference implementation in the C programming language.

As for the business model of CR, it plans to charge no royalty to the consumer electronics manufacturers, and adheres to the principle of charging the businesses whose security problems it solves, in this case the studios. So it plans to charge, perhaps as little as a couple of cents, for each HD disk that is pressed using the technology.

What if only one of the two disk formats agrees to install the player in their HD DVD players? "Well if one format gets its security broken, then that is a basis for suppliers to switch to the other format isn't it," says Laren in a clearly rehearsed sales pitch.

But in the end, Self Protecting Digital Content remain only a speed bump. For real pirates, buying a new player every time they get a set of keys revoked is just an inconvenience, but for someone that is casually taking content and placing it on the internet, the loss of function on their personal devices will certainly reduce the activity to only the seriously committed.

"We realize that all we are doing is enabling the game that goes on between the pirate and the content owners. We see revocation of keys through this system as taking last mover advantage away from the pirates, and giving it back to the content owners," concludes Laren.

Copyright © 2004, Faultline

Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of the week's events in the world of digital media. Faultline is where media meets technology. Subscription details here.

Related stories

MPAA to serve lawsuits on BitTorrent servers
Ethical fair trade - you knew it made sense until MS embraced it
The Supremes prep for P2P battle royal

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.