High-Bandwidth Digital Content Protection

From Free net encyclopedia

High-Bandwidth Digital Content Protection (HDCP) is a form of digital rights management (DRM) developed by the Intel Corporation to control digital audio and video content as it travels across Digital Visual Interface (DVI) or High Definition Multimedia Interface (HDMI) connections. The HDCP specification is proprietary and an implementation of HDCP requires a license.

HDCP is licensed by Digital Content Protection, LLC. In addition to paying fees, licensees agree to limit the capabilities of their products. High-definition digital video content is restricted to DVD quality on non-HDCP video outputs. DVD-Audio content is restricted to DAT quality on non-HDCP digital audio outputs (analog audio outputs have no quality limits). Licensees cannot allow their devices to make copies of content, and must design their products to "effectively frustrate attempts to defeat the content protection requirements."

Specification

HDCP's main target is to prevent transmission of non-encrypted high definition content. Three systems were developed to achieve that goal:

1. Authentication process disallows non-genuine devices to receive HD content.
2. Encryption of the actual data sent over DVI or HDMI interface prevents eavesdropping of information. It also prevents "man in the middle" attacks.
3. Key revocation procedures ensure that devices manufactured by any vendors who violate the license agreement could be relatively easily blocked from receiving HD data.

Each HDCP capable device model has a unique set of keys; there are 40 keys, each 56 bits long. These keys are confidential and failure to keep them secret may be seen as a violation of the license agreement. For each set of keys a special key called a KSV (Key Selection Vector) is created. Each KSV has exactly 20 zero bits and 20 bits set to 1.

During the authentication process, both parties exchange their KSVs. Then each device adds (without overflow) its own secret keys according to a KSV received from another device. If a particular bit in the vector is set to 1, then the corresponding secret key is used in the addition, otherwise it is ignored. Keys and KSVs are generated in such a way that during this process both devices get the same 56 bit number as a result. That number is later used in the encryption process.

Encryption is done by a stream cipher. Each decoded pixel is encrypted by applying an XOR operation with a 24-bit number produced by a generator. The HDCP specifications ensure constant updating of keys (after each encoded frame).

If some particular model is considered "compromised", its KSV is put into revocation lists, which are written e.g. on newly produced disks with HD content. Each revocation list is signed with a digital signature using the DSA algorithm; this is supposed to prevent malicious users from revoking legitimate devices. During the authentication process, if the receiver's KSV is found by a transmitter in the revocation list, then the transmitter considers the receiver to be compromised and refuses to send HD data to it.

Cryptanalysis

Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System" [1]. This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.

The authors conclude:

"HDCP's linear key exchange is a fundamental weaknesses [sic]. We can:

• Eavesdrop on any data
• Clone any device with only their [sic] public key
• Avoid any blacklist on devices
• Create new device keyvectors.
• In aggregate, we can usurp the authority completely."

Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he chose not to publish his research due to legal concerns arising from the Digital Millennium Copyright Act [2].

Uses

HD DVD and Blu-ray Disc players will allow content providers to set a flag that will only output full-resolution signals using HDCP. If such a player is connected to a non-HDCP-enabled television set and the content is flagged, the player will output a downsampled 540p signal. Most television sets currently in use are not HDCP-capable, and this would initially negate some of the key benefits of HD-DVD and Blu-ray for many consumers. However, most television sets currently in use are not able to display an image of higher quality than 480p anyway, and would therefore in any case not benefit from HD-DVD or Blu-ray. Sony has publicly stated that their initial Blu-ray movies will not include the downsample flag.

In the United States the Federal Communications Commission approved (PDF file) HDCP as a "Digital Output Protection Technology" on August 4th, 2004 despite its known flaws. The FCC's Broadcast flag regulations, which were struck down by the United States Court of Appeals for the District of Columbia Circuit, would have required digital output protection technologies on all digital outputs from HDTV signal demodulators. Congress is still considering legislation that would implement something similar to the Broadcast Flag. Analog outputs from digital receivers do not require output protections, but the analog output must be limited to a resolution of 480p, which effectively limits sets with analog input to non-HD resolutions. The HDCP standard is more restrictive than the FCC's Digital Output Protection Technology requirement. HDCP bans compliant products from converting HDCP-protected content to full-resolution analog form, presumably in an attempt to reduce the size of the analog hole.

On January 19, 2005, the European Industry Association for Information Systems (EICTA) announced that HDCP is a required component of the European "HD ready" label.

Microsoft has announced that their next operating system release, Windows Vista, will support this technology in the context of computer graphics cards and monitors. [3] [4]

By 2005, devices were developed and freely sold in countries without restrictions on copy-protection circumvention. Those usually take the form of filters that have to be installed in the signal path between the movie player or decoder and the TV and strip any HDCP protection out of the video signal, leaving the movie to play on unprotected displays. The Clicker: HDCP's Shiny Red Button (2005-07-21)

External links

• HDCP specification (PDF)
• HDCP HDCP Encoding and Decoding - What Does This Mean to You? (theprojectorpros.com)
• DVI HDCP and DVI MAGIC Compatibility-enhancement devices for non-HDCP monitors [5]
• Windows Vista and HDCP How Windows Vista handles HDCP and Hi-Def output.
• Current hardware incompatible: HDCP: The nightmare on computer graphic cards and monitors (2006-01-06)
• All ATI and nVidia cards announced un-supportive of HDCP: [6]de:High-bandwidth Digital Content Protection

es:High-Bandwidth Digital Content Protection fr:High-bandwidth Digital Content Protection nl:High-Bandwidth Digital Content Protection pl:HDCP fi:HDCP