DRM & Key DRM & Key RevocationRevocation

ByBy

David ColemanDavid Coleman

DRM & Key RevocationDRM & Key Revocation

► Digital Rights Management – A system for Digital Rights Management – A system for controlling the use of contentcontrolling the use of content

► Key Revocation – The ability for content producers Key Revocation – The ability for content producers to “revoke” the ability of a given device/player to to “revoke” the ability of a given device/player to consume the contentconsume the content

► Important because…Important because… Digital content can be perfectly reproducedDigital content can be perfectly reproduced CD Audio was a disaster from music studios’ perspective CD Audio was a disaster from music studios’ perspective

(the need for DRM)(the need for DRM) DVD-Video wasn’t much better (the need for good DRM)DVD-Video wasn’t much better (the need for good DRM)

► I’ll be discussing 3 systems: CSS (DVD-Video), I’ll be discussing 3 systems: CSS (DVD-Video), Microsoft Windows Media DRM, and AACSMicrosoft Windows Media DRM, and AACS

DRM & Key RevocationDRM & Key RevocationContent Scramble System (CSS)Content Scramble System (CSS)► Used on DVD-Video discsUsed on DVD-Video discs► 40-bit keys using a secret encryption algorithm (2 LFSRs)40-bit keys using a secret encryption algorithm (2 LFSRs)► KeysKeys

Disc key – Key that allows (indirectly) decrypting the contentDisc key – Key that allows (indirectly) decrypting the content Player key – Key that allows player to decrypt disc keyPlayer key – Key that allows player to decrypt disc key 400+ player keys400+ player keys

► Key blockKey block Disc key hashed with CSS hashing algorithmDisc key hashed with CSS hashing algorithm Table containing disc key encrypted with all valid player keysTable containing disc key encrypted with all valid player keys Player would decrypt the disc key and then hash it to compare against Player would decrypt the disc key and then hash it to compare against

hashed valuehashed value► RevocationRevocation

Removing the player key from the key blockRemoving the player key from the key block► Completely brokenCompletely broken

Player key recovered from Xing software playerPlayer key recovered from Xing software player Remaining player keys were poorly chosen and quickly guessedRemaining player keys were poorly chosen and quickly guessed Encryption was very weak anyway (a few discrepencies allowed for an O(25) Encryption was very weak anyway (a few discrepencies allowed for an O(25)

attack)attack)

DRM & Key RevocationDRM & Key Revocation

Microsoft Windows Media DRMMicrosoft Windows Media DRM► My motivation for this topicMy motivation for this topic► Widely used in online music services (not Widely used in online music services (not

Apple)Apple)► BasicsBasics

StubLib – Certificate that is statically linked in to StubLib – Certificate that is statically linked in to playerplayer

Encrypted content fileEncrypted content file License – Contains key to decrypt the content file. License – Contains key to decrypt the content file.

Encrypted with player’s public key (from StubLib).Encrypted with player’s public key (from StubLib).

DRM & Key RevocationDRM & Key Revocation

Microsoft Windows Media DRMMicrosoft Windows Media DRM

License acquisitionLicense acquisition

Encrypted Content

FilePlayer Software

Contains Player Key / Certificate

(1) Play

(2) Need License

License Server

(3) Request License. Player cert.

(4) License encrypted with player certificate

containing key to decryptfile

(5) Play file with License

DRM & Key RevocationDRM & Key Revocation

Microsoft Windows Media DRMMicrosoft Windows Media DRM►RevocationRevocation

Certificate Revocation List (CRL)Certificate Revocation List (CRL) Microsoft maintains the CRL and license Microsoft maintains the CRL and license

servers are expected to pull and keep servers are expected to pull and keep local copy currentlocal copy current

CRL is included in the licenseCRL is included in the license Works because API to play is a black boxWorks because API to play is a black box

DRM & Key RevocationDRM & Key Revocation

Advanced Access Control System (AACS)Advanced Access Control System (AACS)► Used on next generation DVD (blue laser)Used on next generation DVD (blue laser)► Strong encryption based on published standards (AES-128, Strong encryption based on published standards (AES-128,

SHA-1, etc.)SHA-1, etc.)► CertificatesCertificates

Not X.509Not X.509 Each player & drive have a certificateEach player & drive have a certificate

► KeysKeys Media key – necessary to decrypt contentMedia key – necessary to decrypt content Device keysDevice keys

► Each device given a set of keysEach device given a set of keys► Sets overlap, but no two devices have the identical setSets overlap, but no two devices have the identical set► NNL Key Management NNL Key Management ► Keys actually organized in a binary tree where child keys of a node Keys actually organized in a binary tree where child keys of a node

can be computed via a one-way functioncan be computed via a one-way function

DRM & Key RevocationDRM & Key Revocation

AACSAACS► RevocationRevocation

Two methodsTwo methods CRLCRL

► Every disc has a player CRL and a drive CRLEvery disc has a player CRL and a drive CRL► CRLs must be stored after readingCRLs must be stored after reading

Player key revocationPlayer key revocation► Media key is encrypted with the minimal set of keys s.t. Media key is encrypted with the minimal set of keys s.t.

no revoked device’s key is used but one of every valid no revoked device’s key is used but one of every valid device’s key is useddevice’s key is used

► Subset-differenceSubset-difference► Tree structure helpsTree structure helps

DRM & Key RevocationDRM & Key Revocation

Questions?Questions?