Feeds

Cryptography Research wants piracy speed bump on HD DVDs

The rush is on

  • alert
  • submit to reddit

Application security programs and practises

When asked, Laren said: "No, this is not the same as fingerprinting or watermarking. When you generate a fingerprint you are making each copy that is sold, slightly different and that has some cost implications when stamping disks. Our forensic information is being created by the player's virtual machine at the time it is played (copied) so all the disks can be identical."

The virtual machine players create movie outputs that are artistically identical but each one is altered if some minor way. This alteration is just the changing of a few bits of data every few seconds, so every 50 frames or so. And the CR system works such that if ten separate players are used in collusion in a copying process, taking samples of frames from each, it will not only identify one of the players, but all of them and they can be revoked from all future content.

"The big problem for studios is piracy based on film copies that have no digital identifiers. Because they can be sent around the internet with no chance of catching the original copier and then you have to go after the P2P user."

"The problem now is that everything in this market has accelerated. There are time constraints in that all the studios want to move to better protection as soon as the new disk formats come out and that is set for the end of next year. This means that AACS has to get its skates on if the players for this market are not to be launched ahead of its choice of security system.

By that time, if the CR system, or any other system, is to be used, the virtual machine players need to be integrated onto the two format in time for testing and studio acceptance to take place prior to the end of 2005.

CR has in fact dropped any attempt to have its actual encryption technologies used in this process. The disk formats will accept RSA or AES 128 bit encryption or both, but CR says this doesn't matter.

"The cryptographic portion of this is pretty easy to solve and any cryptographer that knows what he is doing can do a good job of that. So we have withdrawn from that part of the spec and we're just putting forward the binding process to our virtual machine," said Laren.

The virtual machine is based on a stripped down DLX processor. CR has taken out the floating point arithmetic and we've made a few changes for the sake of extra security. The DLX is a 32-bit pipelined embedded RISC CPU architecture that has come out of academia and was originally designed for teaching, but is not too unlike the ARM or any other RISC device.

It can be built in hardware, expressed in a hardware language like the Verilog Hardware Description Language and CR has a reference implementation in the C programming language.

As for the business model of CR, it plans to charge no royalty to the consumer electronics manufacturers, and adheres to the principle of charging the businesses whose security problems it solves, in this case the studios. So it plans to charge, perhaps as little as a couple of cents, for each HD disk that is pressed using the technology.

What if only one of the two disk formats agrees to install the player in their HD DVD players? "Well if one format gets its security broken, then that is a basis for suppliers to switch to the other format isn't it," says Laren in a clearly rehearsed sales pitch.

But in the end, Self Protecting Digital Content remain only a speed bump. For real pirates, buying a new player every time they get a set of keys revoked is just an inconvenience, but for someone that is casually taking content and placing it on the internet, the loss of function on their personal devices will certainly reduce the activity to only the seriously committed.

"We realize that all we are doing is enabling the game that goes on between the pirate and the content owners. We see revocation of keys through this system as taking last mover advantage away from the pirates, and giving it back to the content owners," concludes Laren.

Copyright © 2004, Faultline

Faultline is published by Rethink Research, a London-based publishing and consulting firm. This weekly newsletter is an assessment of the impact of the week's events in the world of digital media. Faultline is where media meets technology. Subscription details here.

Related stories

MPAA to serve lawsuits on BitTorrent servers
Ethical fair trade - you knew it made sense until MS embraced it
The Supremes prep for P2P battle royal

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.