Feeds

Cryptography Research wants piracy speed bump on HD DVDs

The rush is on

  • alert
  • submit to reddit

Security for virtualized datacentres

When asked, Laren said: "No, this is not the same as fingerprinting or watermarking. When you generate a fingerprint you are making each copy that is sold, slightly different and that has some cost implications when stamping disks. Our forensic information is being created by the player's virtual machine at the time it is played (copied) so all the disks can be identical."

The virtual machine players create movie outputs that are artistically identical but each one is altered if some minor way. This alteration is just the changing of a few bits of data every few seconds, so every 50 frames or so. And the CR system works such that if ten separate players are used in collusion in a copying process, taking samples of frames from each, it will not only identify one of the players, but all of them and they can be revoked from all future content.

"The big problem for studios is piracy based on film copies that have no digital identifiers. Because they can be sent around the internet with no chance of catching the original copier and then you have to go after the P2P user."

"The problem now is that everything in this market has accelerated. There are time constraints in that all the studios want to move to better protection as soon as the new disk formats come out and that is set for the end of next year. This means that AACS has to get its skates on if the players for this market are not to be launched ahead of its choice of security system.

By that time, if the CR system, or any other system, is to be used, the virtual machine players need to be integrated onto the two format in time for testing and studio acceptance to take place prior to the end of 2005.

CR has in fact dropped any attempt to have its actual encryption technologies used in this process. The disk formats will accept RSA or AES 128 bit encryption or both, but CR says this doesn't matter.

"The cryptographic portion of this is pretty easy to solve and any cryptographer that knows what he is doing can do a good job of that. So we have withdrawn from that part of the spec and we're just putting forward the binding process to our virtual machine," said Laren.

The virtual machine is based on a stripped down DLX processor. CR has taken out the floating point arithmetic and we've made a few changes for the sake of extra security. The DLX is a 32-bit pipelined embedded RISC CPU architecture that has come out of academia and was originally designed for teaching, but is not too unlike the ARM or any other RISC device.

It can be built in hardware, expressed in a hardware language like the Verilog Hardware Description Language and CR has a reference implementation in the C programming language.

As for the business model of CR, it plans to charge no royalty to the consumer electronics manufacturers, and adheres to the principle of charging the businesses whose security problems it solves, in this case the studios. So it plans to charge, perhaps as little as a couple of cents, for each HD disk that is pressed using the technology.

What if only one of the two disk formats agrees to install the player in their HD DVD players? "Well if one format gets its security broken, then that is a basis for suppliers to switch to the other format isn't it," says Laren in a clearly rehearsed sales pitch.

But in the end, Self Protecting Digital Content remain only a speed bump. For real pirates, buying a new player every time they get a set of keys revoked is just an inconvenience, but for someone that is casually taking content and placing it on the internet, the loss of function on their personal devices will certainly reduce the activity to only the seriously committed.

"We realize that all we are doing is enabling the game that goes on between the pirate and the content owners. We see revocation of keys through this system as taking last mover advantage away from the pirates, and giving it back to the content owners," concludes Laren.

Copyright © 2004, Faultline

Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of the week's events in the world of digital media. Faultline is where media meets technology. Subscription details here.

Related stories

MPAA to serve lawsuits on BitTorrent servers
Ethical fair trade - you knew it made sense until MS embraced it
The Supremes prep for P2P battle royal

Choosing a cloud hosting partner with confidence

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.