http://www.nytimes.com/2007/01/01/technology/01hack.html?_r=1&ref=technology&oref=slogin
January 1, 2007
Studios’ DVDs Face a Crack in Security
SAN FRANCISCO, Dec. 31 — An
anonymous computer programmer may have skewed the competition over
standards for high-definition DVD discs by possibly defeating a scheme
that both sides use to protect digital content.
The standards, HD-DVD and Blu-ray, are being backed by rival
coalitions of Hollywood studios and consumer electronics and computer
companies that are eagerly marketing a new generation of digital media
players and video game machines tailored for widescreen TVs.
The HD-DVD coalition includes companies like Microsoft, Intel, Toshiba and NEC; the Blu-ray camp has Sony,
Philips and Samsung. Among studios, Universal is exclusively backing
HD-DVD. Paramount and Warner Brothers also support HD-DVD, but not
exclusively. Representatives of Walt Disney, 20th Century Fox and Warner
Brothers are on the board of the Blu-ray group.
The two groups have taken different technical approaches in their
efforts to prohibit consumers from making copies of movies and other
digital material stored on discs. Both groups use an encryption scheme
known as Advanced Access Copy System. The Blu-ray system also adds a
software-based component that makes it possible to modify the copy
protection scheme on new discs if the old one is broken by hackers.
The standards are brand new, but it appears that the two groups’
copy protection schemes are already about to be tested.
The HD-DVD camp may have suffered a setback when the programmer, who
identified himself as Muslix64, announced in the Internet discussion
forum Doom9 on Dec. 18 that he had successfully copied movies
distributed in the HD-DVD format. The note directed readers to a site
where demonstration software he had written could be downloaded.
“I was not aware of anyone having done that, so I did,” he wrote.
In an accompanying video demonstration posted on the YouTube Web
site, the programmer showed encryption keys for six movies and
concluded by stating “A.A.C.S. is unbreakable? I don’t think so. Do
you? Stay tuned for source code in January. Merry Christmas.”
Because the encryption system has a hierarchy of encryption keys,
simply breaking the system for a single movie does not mean that it is
possible to copy all movies.
Technical experts who have examined the software posted by Muslix64
said that it was only a partial solution for making copies of the
digitally protected material, but that it did not bode well for the
Advanced Access Content System.
“They’re playing with something that is incomplete, but it is still
a troubling sign,” said Richard Doherty, the president of
Envisioneering, a consumer electronics industry consulting firm.
The programmer has said that he plans to post more software on
Tuesday, describing a more complete attack on A.A.C.S.
On Friday, the industry group that is completing the A.A.C.S.
protection standard issued a short statement saying that it was aware
of the claims but had not yet verified them.
If the person who identified himself as Muslix64 is able to create a
complete version of a decryption program, or if others extend the
software so that consumers without technical expertise can readily make
copies of movies, that would create a crisis for the HD-DVD camp. That
system contains a “revocation” mechanism for shutting down HD-DVD
players whose encryption system has been compromised. But industry
analysts say that taking such a step would give the HD-DVD system a
tremendous black eye, angering consumers and shaking the confidence of
Hollywood studios in the system.
Today’s DVDs are protected using an earlier encryption technique
known as Content Scramble System, or C.S.S. That system was undermined
in 1999 by a small group of programmers, and movie studios have said
that the new A.A.C.S. would not fall victim to the same kind of
technological attack.
The Blu-ray system adds modifiable copy protection software, known
as BD Plus, that is based on an approach pioneered by a group of
technologists at Cryptography Research in San Francisco as a safeguard
in the event the A.A.C.S. is compromised. Industry executives said that
Microsoft opposed the Cryptography approach because it would shift
control to the studio and away from hardware makers.
If the HD-DVD protection system has indeed been compromised, it was
not immediately clear which camp would benefit most directly.
Some posters in Internet discussion groups have argued that the
cracking of HD-DVD may increase the popularity of the system among
consumers eager to make copies of movies they have purchased.
At the same time, a weakened encryption system could undermine
studio support, causing some to turn to the Blu-ray technology instead
and giving the Blu-ray group an advantage in offering a wider range of
content.