DRM keys

Content managers are worried that their content will be illegally pirated, and content users are worried that their content use will be unfairly restricted. For now, that's as far as we'll go into the debate. Meanwhile, let's look at the technology behind digital rights management (DRM).

Varying degrees of control

In order to control the distribution of copyrighted material, content must be encrypted. This control can constrain access of the content (conditional access) or can limit further copies of the material (copy protection). Encryption works by scrambling the symbols used to transfer a message.

Early scrambling methods were easy to break. The word scramble puzzle published in newspapers is an example of this type of encryption. It implements a simple letter substitution code. A further advance on this method is transposition, where the positions of the characters in a word are changed. Breaking this kind of code is relatively straightforward.

The sender and receiver of encrypted messages usually share another piece of information, called a key. Without this key, the message cannot be deciphered by conventional means. Modern encryption falls into two categories: private key algorithms and public key algorithms. (See Figure 1.)

With private key algorithms (also called symmetric key encryption), the sender and receiver both share a unique secret key. Such a system requires a separate key for each user. Using the Data Encryption Standard (DES) or the newer Advanced Encryption Standard (AES), this encryption offers unique one-to-one connections, such as for e-mail or private voice or video communications.

With public key encryption (also called asymmetric key encryption), two keys are used. A public key allows anyone to encode the message, but each receiver uses a unique private decryption key. Public key encryption uses a form of the RSA algorithm (named for its inventors).

To understand how public key encryption works, imagine that the sender of a physical message locks the message by using a padlock on a box. The sender then publishes instructions on how to manufacture such a lock (or distributes such a lock, opened), but users cannot determine how to make a key that will unlock it. Anyone can thus use such a lock (called a public key) to send encrypted messages, but only the holder of a private key (the original sender) can unlock the box, or decrypt the message.

Theoretically, any encrypted message can be decrypted by brute force without a key, such as by trying every possible combination. The deterrence is the time and effort required. A 128-bit key, for example, would take trillions of years to crack by brute force using current technology. DES originally used a 56-bit key, which has been broken in less than a day's time. It has been replaced by triple-DES (TDES), which cascades three DES encryptions, using three keys, and by the AES algorithm, which uses 128-, 192- or 256-bit keys. The equivalent key length of TDES is 112 bits.

Protecting different systems

In order to prevent unauthorized playback or copying of DVD content, an encryption scheme was developed to protect the disks. Using various encrypted keys stored on the disks, and encrypting the content itself, access is permitted only by compliant DVD players. With this system, access can also be limited to desired worldwide regions. Introduced in 1996, the disks use the proprietary Content Scrambling System (CSS), which uses a 40-bit private key algorithm. Unfortunately, using brute-force methods, the CSS system was broken shortly after its release. Nonetheless, it maintains its function of deterring piracy, because of the inconvenience (and litigation risk) required for its compromise.

A newer, similar system has been developed for Blu-ray and HD-DVD discs, using the Advanced Access Content System (AACS) encryption scheme. AACS differs from CSS in that the decryption keys are unique to each player, thus giving content providers the ability to individually revoke compromised keys. This said, AACS was cracked several months ago.

Direct broadcast satellite (DBS) systems use various proprietary encryption and access control systems, essentially variants of TDES or AES schemes. (For obvious reasons, the operators do not describe the details of their encryption systems. The manufacturers of the various systems, however, are well-known.) Some of the keys used on these systems are usually contained within smart cards that are used in the consumers' set-top boxes. Other keys, usually called entitlement control messages (ECMs), are transmitted to the user as needed. Digital cable systems also use proprietary variants of these encryption methods. In many cable applications, different conditional-access methods can actually be used at the same time. For this reason, a specification called DVB Simulcrypt was developed and is now in use in the United States and abroad.

The analog hole

One way or another, a video signal must be presented to a display device. Until recently, this has been by way of an analog interface, using either composite video, S-video or modulated RF. With the advent of HDTV, this connection has evolved to a high-bandwidth component interface, usually called YPbPr. This signal is in the clear, so it is open to any use, including recording or retransmission. This leak in an otherwise secure system has been dubbed the analog hole. Various mechanisms have been employed to plug this hole, including intentional downconversion of the signal to limit its resolution, analog scrambling and watermarking.

Copy Generation Management System - Analog (CGMS-A) is a copy protection mechanism for analog television signals. In existence since 1995, it is used in devices such as PVRs and DVRs and DVD players and recorders, as well as in some television broadcasts. CGMS-A is signaled by two bits in the vertical blanking interval. By also adding a Rights Assertion Mark (RAM), copying is denied when the RAM is present but CGMS-A is not. Such a RAM can be encoded by using the proprietary VEIL watermarking technology that modifies the luminance values of pixels of selected frames of video. Equipment compliant with this technique can limit the number of copies.

Macrovision is an older, proprietary form of analog content protection used on prerecorded videotapes, VCRs and DVD players. The system operates by inserting extra pulses in the vertical blanking interval, thus interfering with the automatic gain control in a subsequent recording.

Broadcast flag uncertainty

For digital television, the industry developed the broadcast flag, technically called Digital Broadcast Television Redistribution Control. The broadcast flag rule required all digital TV demodulators to recognize and give effect to a transmitted flag by blocking the recording or output of a high-definition digital signal if the flag were set. Originally implemented in the FCC rules, to be required in all receivers as of July 2005, a federal court struck down the rule before that date. Its further use remains controversial.

Digital output protection

Created by the Digital Display Working Group, the Digital Visual Interface (DVI) is an analog and/or digital interface that can carry HDTV video. However, the appeal of a combined interface carrying video and audio soon led to the development of an all-digital interface: HDMI. The ability to transmit full-bandwidth digital HDTV across these interfaces also led to the development of HDCP, or high-bandwidth digital content protection. Using stream cipher encryption, a set of 56-bit keys is used to protect the content. An authentication process blocks nonlicensed devices, and key revocation procedures ensure that illegal devices can be permanently blocked from receiving data.

Digital Transmission Content Protection (DTCP) is an older encryption standard that allowed a digital set-top box to send protected content over the IEEE 1394 (FireWire) standard. The DTCP specification is proprietary and is disseminated only to licensed manufacturers. The interface has not achieved widespread use for consumer video displays, so DTCP has essentially been overtaken by HDCP.

DRM and business models

As we transition to all-digital content distribution, consumers are eager to use more of it from content distributors. They, in turn, are challenged to work out new business models that balance access with fair use. The best of all possible worlds will be one where DRM tools facilitate rather than undermine these relationships. In the end, everyone will benefit.

Aldo Cugnini is a consultant in the digital television industry.

Send questions and comments to:aldo.cugnini@penton.com