High-Bandwidth Digital Content Protection
Encyclopedia
High-bandwidth Digital Content Protection (HDCP; commonly, though incorrectly, referred to as High-Definition Copy(right) Protection) is a form of digital copy protection
developed by Intel Corporation
to prevent copying of digital audio and video content as it travels across connections. These connections include popular ones like DisplayPort
(DP), Digital Visual Interface
(DVI), and High-Definition Multimedia Interface
(HDMI), as well as non-popular or now defunct connections like Gigabit Video Interface
(GVIF), and Unified Display Interface (UDI).
The system is meant to stop HDCP-encrypted content from being played on devices that do not support HDCP or which have been modified to copy HDCP content. Before sending data, a transmitting device checks that the receiver is authorized to receive it. If so, the transmitter encrypts the data to prevent eavesdropping as it flows to the receiver.
Manufacturers who want to make a device that supports HDCP must obtain a license from Intel subsidiary Digital Content Protection LLC, pay an annual fee, and submit to various conditions. For example, devices cannot be designed to copy content; devices must "frustrate attempts to defeat the content protection requirements"; high-definition digital video sources must not transmit protected content to non-HDCP receivers; and DVD-Audio content can only be played at CD
-audio quality by non-HDCP digital audio outputs (analog audio outputs have no quality limits). HDCP does not allow copying permitted by fair use
laws.
Cryptanalysis researchers demonstrated flaws in HDCP as early as 2001. In September 2010, an HDCP master key that allows for the generation of valid device keys - rendering the key revocation feature of HDCP useless - was released to the public. Intel has confirmed that the crack is real, and believes the master key was reverse engineered
rather than leaked. In practical terms, the impact of the crack has been described as "the digital equivalent of pointing a video camera at the TV", and of limited importance for pirates because the encryption of high-definition discs has been attacked directly
, without the loss of interactive features like menus. Intel threatened to sue anyone producing an unlicensed device.
Each HDCP-capable device has a unique set of 40 56-bit keys. Failure to keep them secret violates the license agreement. For each set of values, a special public key called a KSV
(Key Selection Vector) is created. Each KSV consists of 40 bits (one bit for each HDCP key), with 20 bits set to 0 and 20 bits set to 1.
During authentication, the parties exchange their KSVs under a procedure called Blom's scheme
. Each device adds (unsigned
addition modulo
256) its own secret keys together according to a KSV received from another device. Depending on the order of the bits set to 1 in the KSV, a corresponding secret key is used or ignored in the addition. The generation of keys and KSVs gives both devices the same 56-bit number, which is later used to encrypt data.
Encryption is done by a stream cipher
. Each decoded pixel
is encrypted by applying an XOR operation with a 24-bit number produced by a generator. The HDCP specifications ensure constant updating of keys after each encoded frame.
If a particular set of keys is compromised, their corresponding KSV is added to a revocation list burned onto new discs in the DVD and Blu-ray formats. (The lists are signed with a DSA
digital signature, which is meant to keep malicious users from revoking legitimate devices.) During authentication, the transmitting device looks for the receiver's KSV on the list, and if it is there, will not send protected content to the revoked device.
Source: The source sends the content to be displayed. Examples include set-top boxes, DVD
, HD DVD
and Blu-ray Disc
players, and computer video cards. A source has only an HDCP/HDMI transmitter.
Sink: The sink renders the content for display so it can be viewed. Examples include TVs and digital projectors. A sink has one or more HDCP/HDMI receivers.
Repeater: A repeater accepts content, decrypts it, then re-encrypts and retransmits the data. It may perform some signal processing, such as upconverting video into a higher-resolution format, or splitting out the audio portion of the signal. Repeaters have HDMI inputs and outputs. Examples include home theater audio-visual receivers that separate and amplify the audio signal, while re-transmitting the video for display on a TV. A repeater could also simply send the input data stream to multiple outputs for simultaneous display on several screens.
Each device may contain one or more HDCP transmitters and/or receivers. (A single transmitter or receiver chip may combine HDCP and HDMI functionality.)
In the United States
, the Federal Communications Commission (FCC) approved HDCP as a "Digital Output Protection Technology" on August 4, 2004. The FCC's Broadcast flag
regulations, which were struck down by the United States Court of Appeals for the District of Columbia Circuit
, would have required DRM
technologies on all digital outputs from HDTV signal demodulators. Congress
is still considering legislation that would implement something similar to the Broadcast Flag. The HDCP standard is more restrictive than the FCC's Digital Output Protection Technology requirement. HDCP bans compliant products from converting HDCP-restricted content to full-resolution analog form, presumably in an attempt to reduce the size of the analog hole
.
On January 19, 2005, the European Information, Communications, and Consumer Electronics Technology Industry Associations (EICTA) announced that HDCP is a required component of the European "HD ready
" label.
Microsoft Windows Vista
and Windows 7 both use HDCP in computer graphics cards and monitors.
s) played-back by another device (e.g. a Blu-ray Disc player) connected to it.
wrote a paper with Ian Goldberg
, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System", and presented it at ACM-CCS8 DRM Workshop on November 5.
The authors concluded that HDCP's linear key exchange is a fundamental weakness, and discussed ways to:
They also said the Blom's scheme key swap could be broken by a so-called conspiracy attack: obtaining the keys of at least 40 devices and reconstructing the secret symmetrical master matrix that was used to compute them.
Around the same time, Niels Ferguson
independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act
.
In Nobember 2011 Professor Tim Güneysu of Ruhr-Universität Bochum revealed he had broken the HDMI 2.0 encryption standard.
website reported the release of a possible genuine HDCP master key which can create device keys that can authenticate with other HDCP compliant devices without obtaining valid keys from The Digital Content Protection LLC. This master key would neutralize the key revocation feature of HDCP, because new keys can be created when old ones are revoked. It was not immediately clear who discovered the key or how they discovered it, though the discovery was announced via a Twitter
update which linked to a Pastebin
snippet containing the key and instructions on how to use it. Engadget said the attacker may have used the method proposed by Crosby in 2001 to retrieve the master key, although they cited a different researcher. On September 16, Intel confirmed that the code had been cracked. Intel has threatened legal action against anyone producing hardware to circumvent the HDCP, possibly under the Digital Millennium Copyright Act
.
problems where devices cannot establish a connection, especially with older high-definition displays.
Edward Felten
wrote "the main practical effect of HDCP has been to create one more way in which your electronics could fail to work properly with your TV," and concluded in the aftermath of the master key fiasco that HDCP has been "less a security system than a tool for shaping the consumer electronics market."
Additional issues arise with interactive media (i.e. video games) from control latency due to the additional processing (encoding/decoding) required. Further, use cases such as live streaming or capture of game play, are also adversely affected.
Copy protection
Copy protection, also known as content protection, copy obstruction, copy prevention and copy restriction, refer to techniques used for preventing the reproduction of software, films, music, and other media, usually for copyright reasons.- Terminology :Media corporations have always used the term...
developed by Intel Corporation
Intel Corporation
Intel Corporation is an American multinational semiconductor chip maker corporation headquartered in Santa Clara, California, United States and the world's largest semiconductor chip maker, based on revenue. It is the inventor of the x86 series of microprocessors, the processors found in most...
to prevent copying of digital audio and video content as it travels across connections. These connections include popular ones like DisplayPort
DisplayPort
DisplayPort is a digital display interface standard produced by the Video Electronics Standards Association . The specification defines a royalty-free digital interconnect for audio and video. The interface is primarily used to connect a video source to a display device such as a computer monitor...
(DP), Digital Visual Interface
Digital Visual Interface
The Digital Visual Interface is a video interface standard covering the transmission of video between a source device and a display device. The DVI standard has achieved widespread acceptance in the PC industry, both in desktop PCs and monitors...
(DVI), and High-Definition Multimedia Interface
High-Definition Multimedia Interface
HDMI is a compact audio/video interface for transmitting uncompressed digital data. It is a digital alternative to consumer analog standards, such as radio frequency coaxial cable, composite video, S-Video, SCART, component video, D-Terminal, or VGA...
(HDMI), as well as non-popular or now defunct connections like Gigabit Video Interface
Gigabit Video Interface
Gigabit Video Interface is a digital video serial interface technology designed to deliver video display output over a single twisted pair. It was designed by Sony, and is intended primarily for automotive applications. Its design is compatible with the HDCP encryption system.- External links :*...
(GVIF), and Unified Display Interface (UDI).
The system is meant to stop HDCP-encrypted content from being played on devices that do not support HDCP or which have been modified to copy HDCP content. Before sending data, a transmitting device checks that the receiver is authorized to receive it. If so, the transmitter encrypts the data to prevent eavesdropping as it flows to the receiver.
Manufacturers who want to make a device that supports HDCP must obtain a license from Intel subsidiary Digital Content Protection LLC, pay an annual fee, and submit to various conditions. For example, devices cannot be designed to copy content; devices must "frustrate attempts to defeat the content protection requirements"; high-definition digital video sources must not transmit protected content to non-HDCP receivers; and DVD-Audio content can only be played at CD
Compact Disc
The Compact Disc is an optical disc used to store digital data. It was originally developed to store and playback sound recordings exclusively, but later expanded to encompass data storage , write-once audio and data storage , rewritable media , Video Compact Discs , Super Video Compact Discs ,...
-audio quality by non-HDCP digital audio outputs (analog audio outputs have no quality limits). HDCP does not allow copying permitted by fair use
Fair use
Fair use is a limitation and exception to the exclusive right granted by copyright law to the author of a creative work. In United States copyright law, fair use is a doctrine that permits limited use of copyrighted material without acquiring permission from the rights holders...
laws.
Cryptanalysis researchers demonstrated flaws in HDCP as early as 2001. In September 2010, an HDCP master key that allows for the generation of valid device keys - rendering the key revocation feature of HDCP useless - was released to the public. Intel has confirmed that the crack is real, and believes the master key was reverse engineered
Reverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
rather than leaked. In practical terms, the impact of the crack has been described as "the digital equivalent of pointing a video camera at the TV", and of limited importance for pirates because the encryption of high-definition discs has been attacked directly
AACS encryption key controversy
A controversy surrounding the AACS cryptographic key arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC began issuing demand letters to websites publishing a 128-bit number, represented in hexadecimal as 09 F9 11...
, without the loss of interactive features like menus. Intel threatened to sue anyone producing an unlicensed device.
Specification
HDCP uses three systems:- Authentication prevents non-licensed devices from receiving content.
- Encryption of the data sent over DisplayPort, DVI, HDMI, GVIF, or UDI interfaces prevents eavesdroppingEavesdroppingEavesdropping is the act of secretly listening to the private conversation of others without their consent, as defined by Black's Law Dictionary...
of information and man-in-the-middle attackMan-in-the-middle attackIn cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s. - Key revocation prevents devices that have been compromised and cloned from receiving data.
Each HDCP-capable device has a unique set of 40 56-bit keys. Failure to keep them secret violates the license agreement. For each set of values, a special public key called a KSV
Key selection vector
The Key Selection Vector means the numerical associated with a Device Key Set and distributed by Licensor or its designee to Adopters and used to support authentication of Licensed Products and Revocation. It is considered a confidential set of keys used in Restricted Authentication process of the...
(Key Selection Vector) is created. Each KSV consists of 40 bits (one bit for each HDCP key), with 20 bits set to 0 and 20 bits set to 1.
During authentication, the parties exchange their KSVs under a procedure called Blom's scheme
Blom's scheme
Blom's scheme is a symmetric threshold key exchange protocol in cryptography. The scheme was proposed by the Swedish cryptographer Rolf Blom in a series of articles in the early 1980s ....
. Each device adds (unsigned
Signedness
In computing, signedness is a property of data types representing numbers in computer programs. A numeric variable is signed if it can represent both positive and negative numbers, and unsigned if it can only represent non-negative numbers .As signed numbers can represent negative numbers, they...
addition modulo
Modular arithmetic
In mathematics, modular arithmetic is a system of arithmetic for integers, where numbers "wrap around" after they reach a certain value—the modulus....
256) its own secret keys together according to a KSV received from another device. Depending on the order of the bits set to 1 in the KSV, a corresponding secret key is used or ignored in the addition. The generation of keys and KSVs gives both devices the same 56-bit number, which is later used to encrypt data.
Encryption is done by a stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
. Each decoded pixel
Pixel
In digital imaging, a pixel, or pel, is a single point in a raster image, or the smallest addressable screen element in a display device; it is the smallest unit of picture that can be represented or controlled....
is encrypted by applying an XOR operation with a 24-bit number produced by a generator. The HDCP specifications ensure constant updating of keys after each encoded frame.
If a particular set of keys is compromised, their corresponding KSV is added to a revocation list burned onto new discs in the DVD and Blu-ray formats. (The lists are signed with a DSA
Digital Signature Algorithm
The Digital Signature Algorithm is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology in August 1991 for use in their Digital Signature Standard , specified in FIPS 186, adopted in 1993. A minor...
digital signature, which is meant to keep malicious users from revoking legitimate devices.) During authentication, the transmitting device looks for the receiver's KSV on the list, and if it is there, will not send protected content to the revoked device.
Uses
HDCP devices are generally divided into three categories:Source: The source sends the content to be displayed. Examples include set-top boxes, DVD
DVD
A DVD is an optical disc storage media format, invented and developed by Philips, Sony, Toshiba, and Panasonic in 1995. DVDs offer higher storage capacity than Compact Discs while having the same dimensions....
, HD DVD
HD DVD
HD DVD is a discontinued high-density optical disc format for storing data and high-definition video.Supported principally by Toshiba, HD DVD was envisioned to be the successor to the standard DVD format...
and Blu-ray Disc
Blu-ray Disc
Blu-ray Disc is an optical disc storage medium designed to supersede the DVD format. The plastic disc is 120 mm in diameter and 1.2 mm thick, the same size as DVDs and CDs. Blu-ray Discs contain 25 GB per layer, with dual layer discs being the norm for feature-length video discs...
players, and computer video cards. A source has only an HDCP/HDMI transmitter.
Sink: The sink renders the content for display so it can be viewed. Examples include TVs and digital projectors. A sink has one or more HDCP/HDMI receivers.
Repeater: A repeater accepts content, decrypts it, then re-encrypts and retransmits the data. It may perform some signal processing, such as upconverting video into a higher-resolution format, or splitting out the audio portion of the signal. Repeaters have HDMI inputs and outputs. Examples include home theater audio-visual receivers that separate and amplify the audio signal, while re-transmitting the video for display on a TV. A repeater could also simply send the input data stream to multiple outputs for simultaneous display on several screens.
Each device may contain one or more HDCP transmitters and/or receivers. (A single transmitter or receiver chip may combine HDCP and HDMI functionality.)
In the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
, the Federal Communications Commission (FCC) approved HDCP as a "Digital Output Protection Technology" on August 4, 2004. The FCC's Broadcast flag
Broadcast flag
A broadcast flag is a set of status bits sent in the data stream of a digital television program that indicates whether or not the data stream can be recorded, or if there are any restrictions on recorded content...
regulations, which were struck down by the United States Court of Appeals for the District of Columbia Circuit
United States Court of Appeals for the District of Columbia Circuit
The United States Court of Appeals for the District of Columbia Circuit known informally as the D.C. Circuit, is the federal appellate court for the U.S. District Court for the District of Columbia. Appeals from the D.C. Circuit, as with all the U.S. Courts of Appeals, are heard on a...
, would have required DRM
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
technologies on all digital outputs from HDTV signal demodulators. Congress
United States Congress
The United States Congress is the bicameral legislature of the federal government of the United States, consisting of the Senate and the House of Representatives. The Congress meets in the United States Capitol in Washington, D.C....
is still considering legislation that would implement something similar to the Broadcast Flag. The HDCP standard is more restrictive than the FCC's Digital Output Protection Technology requirement. HDCP bans compliant products from converting HDCP-restricted content to full-resolution analog form, presumably in an attempt to reduce the size of the analog hole
Analog hole
The analog hole is a fundamental and inevitable vulnerability in copy protection schemes for noninteractive works in digital formats which can be exploited to duplicate copy-protected works that are ultimately reproduced using analog means...
.
On January 19, 2005, the European Information, Communications, and Consumer Electronics Technology Industry Associations (EICTA) announced that HDCP is a required component of the European "HD ready
HD ready
The HD ready is a certification program introduced in 2005 by EICTA , now DIGITALEUROPE....
" label.
Microsoft Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and Windows 7 both use HDCP in computer graphics cards and monitors.
Circumvention
HDCP strippers remove HDCP information from the video signal, allow the data to flow freely to a non-HDCP display. Though it is currently unclear whether such devices would remain working if the HDCP licensing body issued key-revocation lists, which may be installed via new media (e.g. newer Blu-ray DiscBlu-ray Disc
Blu-ray Disc is an optical disc storage medium designed to supersede the DVD format. The plastic disc is 120 mm in diameter and 1.2 mm thick, the same size as DVDs and CDs. Blu-ray Discs contain 25 GB per layer, with dual layer discs being the norm for feature-length video discs...
s) played-back by another device (e.g. a Blu-ray Disc player) connected to it.
Cryptanalysis
In 2001, Scott Crosby of Carnegie Mellon UniversityCarnegie Mellon University
Carnegie Mellon University is a private research university in Pittsburgh, Pennsylvania, United States....
wrote a paper with Ian Goldberg
Ian Goldberg
Ian Avrum Goldberg is a cryptographer and cypherpunk. He is best known for breaking Netscape's implementation of SSL , and for his role as Chief Scientist of Radialpoint , a Canadian software company...
, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System", and presented it at ACM-CCS8 DRM Workshop on November 5.
The authors concluded that HDCP's linear key exchange is a fundamental weakness, and discussed ways to:
- Eavesdrop on any data.
- Clone any device with only its public key.
- Avoid any blacklist on devices.
- Create new device key vectors.
- In aggregate, usurp the authority completely.
They also said the Blom's scheme key swap could be broken by a so-called conspiracy attack: obtaining the keys of at least 40 devices and reconstructing the secret symmetrical master matrix that was used to compute them.
Around the same time, Niels Ferguson
Niels Ferguson
Niels T. Ferguson is a Dutch cryptographer and consultant who currently works for Microsoft. He has worked with others, including Bruce Schneier, designing cryptographic algorithms, testing algorithms and protocols, and writing papers and books...
independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act
Digital Millennium Copyright Act
The Digital Millennium Copyright Act is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization . It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to...
.
In Nobember 2011 Professor Tim Güneysu of Ruhr-Universität Bochum revealed he had broken the HDMI 2.0 encryption standard.
Master key release
On September 14, 2010, the EngadgetEngadget
Engadget is a multilingual technology blog network with daily coverage of gadgets and consumer electronics. Though on appearance Engadget functions much like a blog and may be defined as such, much of its editorial content takes the form of an online magazine...
website reported the release of a possible genuine HDCP master key which can create device keys that can authenticate with other HDCP compliant devices without obtaining valid keys from The Digital Content Protection LLC. This master key would neutralize the key revocation feature of HDCP, because new keys can be created when old ones are revoked. It was not immediately clear who discovered the key or how they discovered it, though the discovery was announced via a Twitter
Twitter
Twitter is an online social networking and microblogging service that enables its users to send and read text-based posts of up to 140 characters, informally known as "tweets".Twitter was created in March 2006 by Jack Dorsey and launched that July...
update which linked to a Pastebin
Pastebin
A pastebin is a type of web application that allows its users to upload snippets of text, usually samples of source code, for public viewing. It is very popular in IRC channels where pasting large amounts of text is considered bad etiquette. A new trend is that users use Pastebin to post Twitter...
snippet containing the key and instructions on how to use it. Engadget said the attacker may have used the method proposed by Crosby in 2001 to retrieve the master key, although they cited a different researcher. On September 16, Intel confirmed that the code had been cracked. Intel has threatened legal action against anyone producing hardware to circumvent the HDCP, possibly under the Digital Millennium Copyright Act
Digital Millennium Copyright Act
The Digital Millennium Copyright Act is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization . It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to...
.
Problems
HDCP can cause problems for users who want to connect multiple screens to a device; for example, a bar with several televisions connected to one satellite receiver. HDCP devices can create multiple keys, allowing each screen to operate, but the number varies from device to device; e.g., a Dish or Sky satellite receiver can generate 16 keys. The technology sometimes causes handshakingHandshaking
In information technology, telecommunications, and related fields, handshaking is an automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins...
problems where devices cannot establish a connection, especially with older high-definition displays.
Edward Felten
Edward Felten
Edward William Felten is a professor of computer science and public affairs at Princeton University. On November 4, 2010 he was named the Chief Technologist for the United States Federal Trade Commission, a position he officially assumed January 3, 2011.Felten has done a variety of computer...
wrote "the main practical effect of HDCP has been to create one more way in which your electronics could fail to work properly with your TV," and concluded in the aftermath of the master key fiasco that HDCP has been "less a security system than a tool for shaping the consumer electronics market."
Additional issues arise with interactive media (i.e. video games) from control latency due to the additional processing (encoding/decoding) required. Further, use cases such as live streaming or capture of game play, are also adversely affected.
Interface support by version
HDCP revision | Supported interfaces |
---|---|
1.0 | DVI |
1.1 | DVI, HDMI |
1.2 | DVI, HDMI |
1.3 | DVI, HDMI, DP DisplayPort DisplayPort is a digital display interface standard produced by the Video Electronics Standards Association . The specification defines a royalty-free digital interconnect for audio and video. The interface is primarily used to connect a video source to a display device such as a computer monitor... , GVIF Gigabit Video Interface Gigabit Video Interface is a digital video serial interface technology designed to deliver video display output over a single twisted pair. It was designed by Sony, and is intended primarily for automotive applications. Its design is compatible with the HDCP encryption system.- External links :*... , UDI |
2.0 | [Interface Independent Adaptation, Any IP based interface, compressed or uncompressed] |
2.1 | New mechanism to block old downstream devices from getting Type 1 content |
External links
- Digital Content Protection homepage
- HDCP Encryption/Decryption Code from Computer Science Department at Stony Brook University.