From: Hal Finney (hal@finney.org)
Date: Sun Mar 24 2002 - 17:13:46 MST
There is some information about the new Hollings bill at www.eff.org.
Another helpful site is digitalconsumer.org, which is sponsored by a bunch
of Internet companies. They have a link you can click on and they will
fax your letter to Congress. You can either use their boilerplate or edit
it with your own thoughts. It's a very easy way to register your protest.
One of the links on the EFF site was a letter by Leslie Vadasz, an
Intel executive, to the Hollings committee expanding on his testimony
in opposition to the (then) proposed bill. Vadasz made one comment
which surprised me.
http://www.eff.org/IP/SSSCA_CBDTPA/20020228_intel_hollings_letter.html:
"I reiterate that the CPTWG cross-industry working group has developed
effective technology that is available today that can and will protect
new digital, secured content from being pirated on the Internet. If it is
protected 'at the source' it will always be protected from the illegal
activities of Internet pirates. Sony Pictures and AOL-Time/Warner have
in fact licensed this technology."
I was surprised that the EFF appears to be endorsing a letter which,
while opposing legislation, basically said that it was unnecessary because
the same thing could be achieved by existing technology. In doing some
additional research, I believe that the technology that Vadasz is talking
about is DTCP, the Digital Transmission Content Protection standard.
A set of slides about it is at http://www.dtcp.com/data/dtcp_tut.pdf.
The basic idea is that content is kept encrypted until it reaches a
hardware display device that has a key built into it. At that point
the data is decrypted and presented. The goal eventually is to get to
a point where the data is encrypted everywhere that it is in digital
form, only being decrypted in the same hardware device that will turn
it into analog signals. This will prevent the data from being captured
and duplicated with the full fidelity of the original.
The cryptography which is used is interesting, especially if you compare
it with the earlier DVD CSS system, which had a somewhat similar goal.
CSS was for protecting DVD video, while DTCP is for protecting broadband
streaming video and audio. Both of them rely on encrypting the data and
allowing only authorized systems to decrypt and display it.
In CSS, each different manufacturer was given a unique device key.
The DVD is encrypted with a single content key, then the content key is
encrypted with every possible device key and all those values are stored
on the DVD. Each device is able to decrypt one of the encrypted content
keys, recovering the content key and allowing it to decrypt and display
the movie.
Two things went wrong with this plan. The first is that one of the
content keys leaked. Some of the keys were associated with software
rather than hardware, and people were able to pull the key out of the
software. Second, CSS used a non-standard cryptographic algorithm,
which turned out to be weak. The algorithm was supposed to be secret,
but it was also revealed by inspecting software implementations.
By analyzing the algorithm, cryptographers found it to be weak enough
that even without knowing one of the device keys, it was still possible
to figure out the content key very easily.
DTCP tries to avoid both of these flaws. They are using more
sophisticated, and also more standard, cryptography. Since they are
dynamically streaming data rather than burning it onto a static disk,
they have an easier time of dealing with problems.
As with CSS, DTCP gives each device a unique key. When the data begins
to be streamed from the server to the client, they do a cryptographic
handshake using the client device's key. During this time the client
device proves that it is legitimate by offering a certificate on its
key, signed by the Digital Transmission License Administrator (DTLA).
This is very similar to the way cryptographic certificates are used today
in such protocols as SSL, which is commonly used for online shopping.
When you visit a site such as Amazon.com and go to the order page,
Amazon presents its own key to your browser, within a certificate created
typically by a company called Verisign. Your browser can check to see
that Amazon's key is legit by verifying the certificate. This prevents
someone from hijacking your browser session and pretending to be Amazon.
DTCP uses the same idea. Only devices with keys that are "blessed"
(certified) by the DTLA will be allowed to receive data. The interesting
thing about this is that it includes the concept of certificate
revocation. Suppose one of the DTCP keys got stolen out of a software
or hardware implementation and posted on the Internet. Then people
could create software which pretended to be that DTCP device, receive
an encrypted data stream, decrypt it and pirate it. This is similar to
what happened with the initial break of the CSS standard.
DTLA has a counter-measure. They can revoke the certificate of the
specific device whose key got stolen. That key will no longer be
accepted for use. Any key which gets stolen and widely publicized will
be invalidated by DTLA. This will stop the pirate software from working.
The other thing the DTCP standard does is to use relatively standard
cryptographic algorithms rather than roll their own as CSS did.
The cipher they are using is called M6, which has been around in
the cryptographic community for some time. I have heard that some
weaknesses have been found in it, but as far as I know it's not DOA like
CSS was as soon as it was publicized. M6 is using only a 56 bit key,
presumably due to export restrictions at the time the DTCP was designed.
That is a little weak by today's standards but it will still cost a lot
of money to break one of those keys. It's not going to be like CSS,
which could be broken in seconds even without a content key.
The CSS guys really blew it, which has added to the general impression
that digital content protection can't work without legislation.
Certainly the content providers appear to believe that, hence their push
for the Hollings bill. Intel and the hardware companies think they have
a standard, DTCP, which can work even without legislation.
I don't think the CBDTPA will get anywhere, personally. The firestorm
of opposition is just getting going. I suspect that we are going to see
a few more rounds of technological games as the battle between content
protectors and pirates continues. In the end I think they will succeed
in keeping data safe while digital; however versions with one generation
of analog loss will be pirated. That's my prediction for the eventual
outcome.
Hal
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:13:05 MST