HDCP master key cracking

It’s managed to stay out of the general press, mostly — probably because it’s geeky, it’s hard to explain what it really means, and it’s not likely to affect anything any time soon — but the tech press has been covering the cracking of the HDCP master key. But even PC Mag got it wrong at first, having to correct their article.

To see what it does mean, it helps to back up a bit. If you have a TV made in the last few years, look at the back, where all the associated components can plug in. Especially if your TV is high-definition, you’ll have quite a mass of sockets back there.

Originally, televisions just got their signals off the air, using antennas. The only connectors on those TVs, if any, were for antenna wires. By the time cable and VCRs came along, they just plugged into the TV through the 75-ohm antenna connector, you tuned your TV to the appropriate channel (usually 3 or 4), and the signal on the wire looked to the TV just like a broadcast station. The quality was only OK, but there wasn’t any better quality available anyway, so it didn’t matter.

Eventually, TVs started to sprout other connectors, and components had outputs to match. One yellow RCA connector brought a two-wire composite video signal to the TV, and you no longer had to worry about what the tuner did on channels 3 or 4. Then we got S-Video — Super Video, quite an advance in quality at the time — which came on a four-wire cable with round 4-pin connectors.

S-Video served us through the 1980s, but in the ’90s we went to component video cables: three separate two-wire cables that brought in the red, green, and blue signals for the picture. This was the highest quality yet, and remains the best available for analogue TV.

Of course, each of those only brings in video, so two audio cables (left and right channel) are also needed. Five connectors for each component-video input can really clutter up the back of the TV. And, as I said, all that just works for analogue signals. What do we do for high-definition digital stuff?

For that, we have Digital Visual Interface (DVI), available on some TVs but largely used for computer displays, and High-Definition Multimedia Interface (HDMI). Modern televisions will have two to four HDMI inputs, so users can connect several HD components, such as cable boxes, digital video recorders, game systems, Internet streaming boxes, and Blu-ray disc players. HDMI carries audio, as well as video, so no extra audio cables are needed.

With digital data comes the ability to make perfect copies of source material. There’s no quality lost within the components or through the transmission medium, as there is with analogue data, and what comes out of the TV end of the HDMI cable is exactly the same as what was sent out of the cable provider’s office, sent by the streaming company, or burned onto the Blu-ray disc. The industry needed to prevent users from storing the stream and retaining — and distributing — perfect copies of the content.

That’s where High-bandwidth Digital Content Protection (HDCP) comes in. It’s a system that was developed by Intel, and it ensures that the digital content is encrypted during transmission and can only be decrypted by a licensed device at the other end. Further, the encryption negotiation involves assuring the sending device that the receiving device is licensed, so the data won’t even be sent in the first place if there’s a non-approved device connected. And approved devices promise not to do things the industry doesn’t want them to do.

The system is designed so that each device (not each individual device, but each model) has its own key, generated from a master key, which is used during the negotiation. If someone manages to get a rogue device licensed, or modifies a licensed device to break the rules, the Digital Content Protection company can revoke that device’s key. Other devices will, once they’ve received the revocation information, refuse to send to the compromised device.

OK, so what’s been cracked?

The crackers have, perhaps by analyzing the data from a few dozen licensed devices, generated a master key that can create device keys, allowing a device to negotiate as a licensed device, get a digital data stream that it can decrypt, and circumvent the revocation system. Intel has confirmed that this is real.

This is a big deal. But it’s not a big deal immediately, and it is limited. For one thing, it does not mean that people will be able to copy Blu-ray discs: the HDCP encryption is just dealing with the protocol between devices, and has nothing to do with how the data is encoded at the source (onto discs, or whatever). To copy the content, one has to play the disk and capture the HDMI stream.

For another thing, it’s currently impractical to do all this in software, so someone has to create a piece of hardware that uses this cracked master-key system. That’s clearly possible, and perhaps likely, but it means that we’re not going to have a couple of college students writing HDMI copying code in their dorm room.

It’s also the case that Intel knew about this weakness in the HDCP system at least as long ago as 2001 (before HDMI), when Crosby, et al wrote a paper on it, A Cryptanalysis of the High-bandwidth Digital Content Protection. From the abstract:

We describe a practical attack on the High Bandwidth Digital Content Protection (HDCP) scheme. HDCP is a proposed identity-based cryptosystem for use over the Digital Visual Interface bus, a consumer video bus used in digital VCRs, camcorders, and personal computers. Public/private key pairs are assigned to devices by a trusted authority, which possesses a master secret. If an attacker can recover 40 public/private key pairs that span the module of public keys, then the authority’s master secret can be recovered in a few seconds. With the master secret, an attacker can eavesdrop on communications between any two devices and can spoof any device, both in real time. Additionally, the attacker can produce new key pairs not on any key revocation list. Thus the attacker can completely usurp the trusted authority’s power. Furthermore, the protocol is still insecure even if all devices’ keys are signed by the central authority.

In 2001, it was theoretical, and Intel did nothing to address it. Now, it’s real, and they threaten legal action against anyone who takes advantage of it. I am not a lawyer, but they seem lacking in due diligence, don’t they?

Personally, I would like to see HDCP fall; it’s a terrible nuisance. As with many of these sorts of data-protection technologies, as with any sort of DRM system, HDCP gets in the way of legitimate, normal usage of licensed devices. It makes it difficult or impossible to interconnect multiple devices. There can be random negotiation errors that show up without warning, preventing devices from working — not great if you’ve scheduled the recording of a high-definition program on your licensed DVR while it’s connected to your licensed TV, and something goes wrong.

In general, I don’t support the use of any technology that stops people from doing legitimate things with products they’ve legitimately purchased. No copy-protection scheme has stood the test of time, and they’ve only caused problems for the legitimate users. I hope this is the beginning of the end of HDCP... not now, and not soon enough... but soon.