Cryptography Research wants piracy speed bump on HD DVDs
The rush is on
When asked, Laren said: "No, this is not the same as fingerprinting or watermarking. When you generate a fingerprint you are making each copy that is sold, slightly different and that has some cost implications when stamping disks. Our forensic information is being created by the player's virtual machine at the time it is played (copied) so all the disks can be identical."
The virtual machine players create movie outputs that are artistically identical but each one is altered if some minor way. This alteration is just the changing of a few bits of data every few seconds, so every 50 frames or so. And the CR system works such that if ten separate players are used in collusion in a copying process, taking samples of frames from each, it will not only identify one of the players, but all of them and they can be revoked from all future content.
"The big problem for studios is piracy based on film copies that have no digital identifiers. Because they can be sent around the internet with no chance of catching the original copier and then you have to go after the P2P user."
"The problem now is that everything in this market has accelerated. There are time constraints in that all the studios want to move to better protection as soon as the new disk formats come out and that is set for the end of next year. This means that AACS has to get its skates on if the players for this market are not to be launched ahead of its choice of security system.
By that time, if the CR system, or any other system, is to be used, the virtual machine players need to be integrated onto the two format in time for testing and studio acceptance to take place prior to the end of 2005.
CR has in fact dropped any attempt to have its actual encryption technologies used in this process. The disk formats will accept RSA or AES 128 bit encryption or both, but CR says this doesn't matter.
"The cryptographic portion of this is pretty easy to solve and any cryptographer that knows what he is doing can do a good job of that. So we have withdrawn from that part of the spec and we're just putting forward the binding process to our virtual machine," said Laren.
The virtual machine is based on a stripped down DLX processor. CR has taken out the floating point arithmetic and we've made a few changes for the sake of extra security. The DLX is a 32-bit pipelined embedded RISC CPU architecture that has come out of academia and was originally designed for teaching, but is not too unlike the ARM or any other RISC device.
It can be built in hardware, expressed in a hardware language like the Verilog Hardware Description Language and CR has a reference implementation in the C programming language.
As for the business model of CR, it plans to charge no royalty to the consumer electronics manufacturers, and adheres to the principle of charging the businesses whose security problems it solves, in this case the studios. So it plans to charge, perhaps as little as a couple of cents, for each HD disk that is pressed using the technology.
What if only one of the two disk formats agrees to install the player in their HD DVD players? "Well if one format gets its security broken, then that is a basis for suppliers to switch to the other format isn't it," says Laren in a clearly rehearsed sales pitch.
But in the end, Self Protecting Digital Content remain only a speed bump. For real pirates, buying a new player every time they get a set of keys revoked is just an inconvenience, but for someone that is casually taking content and placing it on the internet, the loss of function on their personal devices will certainly reduce the activity to only the seriously committed.
"We realize that all we are doing is enabling the game that goes on between the pirate and the content owners. We see revocation of keys through this system as taking last mover advantage away from the pirates, and giving it back to the content owners," concludes Laren.
Copyright © 2004, Faultline
Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of the week's events in the world of digital media. Faultline is where media meets technology. Subscription details here.
Sponsored: Today’s most dangerous security threats