REN: Now, listen, Cadet. I've got a job for you. See this button? DON'T TOUCH IT! It's the
HDCP eraser button, you fool!
STIMPY: So what'll happen?
REN: That's just it! We don't know! Maayyybeee something bad?... Mayyybeee something good! I guess we'll never know! 'Cause you're going to guard it! You won't touch it, will you?
So you read last week's column on OPM and you thought, "That's not fair! That's just evil – pure evil." You subsequently traversed the twelve different stages of DRM grief (eleven of which appear to be anger) and you happily arrived at step 12, hackery.
The next day, you, as a loyal reader, returned to Engadget and were greeted by the apparent answer to all your DVI/HDMI/HDCP woes. There in front of you stood Spatz-Tech's DVIMAGIC. "Take that, you evil HDCP doers. You can't keep me down."
For those unaware Ė Spatz-Techís DVIMAGIC, while sold and marketed as a DVI amplifier, is attracting attention among
the consumer crowd as an HDCP stripper. The device is placed between your playback device (e.g. computer, cable box,
HD-DVD player, etc) and your display device. The DVIMAGIC then pretends to be a secure device. Once the DVIMAGIC
convinces the playback device to send the signal, it receives the signal, decrypts the signal, and sends a bit-perfect
copy of the signal out the other end to your monitor. The result is a pristine restriction-free copy of your
Oh, sure Ė- used like this, these devices fly in the face of the DMCA. But thatís a small price to pay for a working display. Besides, as many proudly proclaimed, ďWeíre not from the US. They canít touch us.Ē
WellÖ thereís a bigger problem looming ahead. Unfortunately, the good people behind HDCP werenít complete idiots. If you thought that the idea of OPM was a little scary, youíre going to love Key Revocation Lists. Consider revocation HDCPís version of the History Eraser Button.
So what is revocation? Letís first start with a brief look at HDCP.
There are three main parts to HDCPís security system. First, there is the cryptographic Authentication and Key Exchange (AKE). When a company wishes to produce an HDCP-compliant device, that company requests a set of keys from the HDCP licensing body. After the licensing body has determined that the companyís product has been designed in a manner robust enough to withstand attacks and that the keys will be protected, the company will be given a series of unique secret keys.
AKE is the cryptographic method that uses these keys to determine a mutual value with which to encrypt the data traveling between the playback device and the display device.
Once both the playback device and the display device have settled on a value with which to encrypt the content, all the video content will be encrypted using this mutual value (this is the second part). Additionally, the system will check every couple of seconds to ensure the integrity of both the keys and the link.
So far, that seems reasonable. However, what happens when rogue devices start to appear on the market? What happens when a companyís design wasnít as robust as first thought or, worse yet, a companyís secret keys are leaked ďinto the wild.Ē
This is where key-revocation lists come into play. The third aspect of HDCP security is ďdevice renewability.Ē This is the ability for media, streaming content, or even other devices to invalidate keys known to be a problem. For instance, letís assume that youíve purchased a DVIMAGIC. That little device is sitting between your cable box and your television. Everything is going fine. Then, one day, you wake up to discover that your television is no longer working with all the channels. What happened? Your cable box just used System Renewability Messages (SRMs) to invalidate the keys used by your DVIMAGIC. From that point on, your cable box will treat your DVIMAGIC as a rogue device. As such, it will not allow it to pass AKE.
Will your DVIMAGIC work with a HD-DVD player? That depends: what discs have you tried to play? Revocation lists are encoded onto the DVDs. The newer the disc is, the larger the revocation list will be, and, once youíre ďcaught,Ē that playback device should never pass AKE.
For a ďhack,Ē this might be annoying. However, what happens when legitimate keys are ďin the wild?Ē For instance, letís assume for a second that a large plasma-television company was the victim of a break-in/angry employee/etc. The result is that said companyís keys have landed in the hands of a DVIMAGIC-type dongle maker. When that dongle-maker is caught, will the powers-that-be revoke its keys knowing that, in doing so, there will be legitimate customers caught in the crossfire?
The answer isnít 100% clear. Content owners might very well say, ďToo bad Ė Company X didnít properly protect its keys.Ē The result? Unclear.
What we do know is that with HDCP there is shiny red button that can be used to retroactively remove functionality.
And did Stimpy press that button? You betcha!
Column note: there is no guarantee that the DVIMAGIC device will be added to any revocation list. The DVIMAGIC product is simply used to demonstrate the general type of product which could, in theory, be revoked.
If you have comments or suggestions for future columns, drop me a line at firstname.lastname@example.org.