High-bandwidth Digital Content Protection

from Wikipedia, the free encyclopedia
The following important information is missing from this article or section:
Topicality
Help Wikipedia by researching and pasting it .

High-bandwidth Digital Content Protection ( HDCP ) is an encryption system developed by Intel in 2003, which is intended for the DVI , HDMI and DisplayPort interfaces for the protected transmission of audio and video data. HDCP is to become the standard for HDTV in Europe . HDCP is also used with Blu-ray Disc or HD DVD . HDCP is intended to prevent the tapping of video and audio material within the connection between transmitter and receiver. If the playing device (transmitter, e.g. SAT receiver or DVD player) requires an HDCP connection, the reproducing component (receiver, e.g. TV set, projector) must also support HDCP in order to display the video can. If the reproducing component does not support HDCP or there is no digital connection, the reproduction can be restricted (e.g. in low resolution) or completely prevented. Strictly speaking, the requirement for HDCP encryption is not made by the playing device itself, but communicated to it by the medium or content to be played (exception: DVD players, here the requirement for HDCP is part of the DVD license). An HDCP-capable HDTV satellite receiver, for example, will only activate HDCP when the set station requests it.

HDCP devices that the responsible bodies believe have been "corrupted" can be disabled in their HDCP functionality by blocking the keys of the corresponding HDCP chips. A similar mechanism was provided for CSS copy protection , but could not prevent the algorithm from being levered out.

HDCP is used for copy protection by the fact that the license prohibits the storage or recording of "protected" (= HDCP-encrypted) content except for signal processing purposes ( deinterlacing etc.) and also by the fact that analog signal outputs that may be present in parallel in their signal quality must be reduced or completely switched off on request.

In September 2010 the master key (“Master-Key”) of HDCP became known , with which new keys can be generated. This can be used to bypass the copy protection. Initially it was necessary to build a chip with an integrated master key, but a few years later it became clear that this could also be done without special hardware. The authenticity of the key has been confirmed by Intel. Black copiers, on the other hand, often use loopholes in the AACS copy protection instead .

technology

HDCP is based on encryption and cryptographic procedures to check the authenticity of a connection partner. According to the specification, every HDCP-compliant device has stored 40 keys with a length of 56 bits. To establish an encrypted connection, both components exchange their IDs at the beginning of the connection and agree on a one-time key for further communication using the Blom procedure . From now on, the rest of the connection runs using a specially designed encryption method. Which of the 40 keys of the two devices is used is negotiated. B. the keys are changed. The keys themselves are never transmitted in clear text.

The actual copy protection only comes about when the manufacturer of a device has to have it certified by Digital Content Protection LLC . The terms and conditions for licensing include the fact that HDCP-encrypted content may not be recorded. HDCP is therefore a "one-way street": once an image signal is HDCP-encrypted, it may no longer be recorded by any HDCP-licensed device.

So that not every single device has to be certified, there are rules for series production according to which z. B. the chip manufacturers control the sale of the appropriate decoder chips (for the recipient) and are only allowed to sell them to trustworthy partners. A requirement for trustworthy decoder customers is e.g. B. that the playback devices produced may not offer any points (even within the device) for tapping the unencrypted signal. In addition, the players will continue over revocation lists (Engl. Revocation List feature, to be with those illegal decoder IDs rejected).

For the HD DVD is currently a Central Applications Office for HD-DVD media in an interview to ensure that on-selling HD DVDs, the current revocation list is always stored that read the player and can pass to the HDCP encoder. DVD playback devices are currently unable to output any revocation data, as the DVD specifications do not provide any direct control options for these HDCP-specific control packages.

The blocking of HDCP devices is intended to prevent that decoder chips brought into circulation "improperly" and whose IDs could be traced, will continue to be played back in the future or that devices in which the decrypted image signals have been made accessible by manipulation, can still be used for making unlicensed copies.

The Spatz company put two decoder boxes on the market that convert HDCP-encrypted DVI signals into unencrypted DVI signals or into VGA . According to the computer magazine c't, Spatz had sanded the surfaces of the decoder chips in order to prevent the source for these chips from being reconstructed. Nevertheless, it remains to be seen whether sooner or later these will be on a revocation list of the content industry . In the meantime, the Spatz company has stopped selling the converters after being threatened with legal action.

The encryption used with HDCP, like the authorization procedure, is part of the publicly accessible specification that can be obtained from Digital Content Protection LLC . Only the keys used for authorization as well as the individual keys used for the serial devices are secret. Due to the short key length due to the high bandwidth and the (theoretically) different allocation of keys in each device, it can be assumed that a number of approx. 40 devices with different key sets together with a defined (e.g. black) image content would be sufficient. to identify the secret keys. Because of the legal situation in the USA after the introduction of the DMCA , which was introduced there on October 28, 1998, no scientist has dared to verify this claim.

It should be noted, however, that HDCP and DVI transmit data at a data rate of up to 1.6 Gbit / s (1080p). After subtracting the control and monitoring data, roughly 6 Gbytes of user data are generated per minute. Tapping at this point does not seem to be trivial from a purely technical point of view, so the importance of secure data transmission between playback device and screen for a functioning copy protection is basically not as decisive as it is often stated by the industry. Much more serious is the restriction within the HDCP specifications that an output device may not output analog video signals in parallel to an HDCP output better than in SD (Standard Definition) quality (for the USA and Japan NTSC , for the rest of the world PAL ). This prevents devices such as B. HD-DVD or Blu-ray Disc players can output recordable analog HDTV signals at all.

Publication of the master key

On September 14, 2010, an article was published on the technology blog Engadget, which announced the publication of a real HDCP master key. It is not yet clear who published the key and how it was found. The publication was initially announced on Twitter and linked to a pastebin text that contains instructions for using the key. The key is a 40 × 40 matrix, the elements of which are 56-bit numbers.

Although HDCP devices have their own key pairs that can be withdrawn, they should be published, the publication of the master key means that new valid keys can be generated. This could only be prevented by changing the HDCP master key. It is extremely unlikely that this will happen because it would render all those playback devices, projectors, set-top boxes, televisions and other HDMI devices unusable that do not have an update function for their key pair.

Originally it was assumed that the master key could only be used with specially manufactured hardware to decrypt the data stream, but in the meantime various methods have been published in which relatively simple and inexpensive hardware is used.

Copy protection cracked for the first time

In August 2015, the streaming provider Netflix , which uses HDCP technology to encrypt its 4K content, announced that it had been circumvented for the first time, and that an 18 GB (2160p50) pilot episode of Breaking Bad had hit various torrent sites.

criticism

HDCP is not only a copy protection , but also prevents the mere playback of content on unlicensed devices, regardless of whether they are able to make recordings or copies of the displayed content or not.

Since there is apparently a wide scope for interpretation for the implementation of HDCP, the presence of an HDCP output on the device being played and an HDCP input on the screen does not necessarily mean that an image will also appear. For the customer, the question then arises as to whether the playing or the displaying device is responsible for the malfunction. The reason for this failure of HDCP is likely to be the structure of the underlying DVI : In addition to communication via TMDS, which is not susceptible to interference but only runs in one direction (image data), another part of the communication is bidirectional (handshakes) via I²C , but it is secured neither by differential lines nor by test marks.

HDCP itself places very strict restrictions on "unprotected" in its certification guidelines. B. analog outputs for picture and sound: These restrictions apply e.g. T. beyond what the devices such. B. may offer DVD players due to their own rights management systems . Which of the restrictions ultimately apply is apparently a matter of interpretation: HD DVD players will initially also appear with analog component outputs, but these should no longer be operated with signals when HDCP is activated, and the same applies to sound output: a 5.1 According to the HDCP specifications, there shouldn't be a decoder on any commercially available DVD player with a DVI output, even only the output of matrix-encoded stereo sound would be permitted.

HDCP in action

HDCP in DVD players

Since the standards for DVD players initially provided for a purely analog signal output via PAL or NTSC and the DVI output was only established later in the PC sector, there was a need to catch up for digital image output on DVD players from around 2000. The corresponding standards for DVD players were then changed to allow digital output. This had to be designed as a DVI connector, but capable of HDCP. The DVD itself lacks control information to activate HDCP or not (the presence of CSS alone is not enough, and apparently the DVD standard does not make any statements about when exactly the protection must be activated). In addition, no blacklists can be transferred to the device output. Many DVD player manufacturers also allow HDCP to be switched off on their devices, and in some cases a dummy HDCP is operated which completely switches off the encryption if an incompatible device is detected.

HDCP in Blu-ray Disc and HD DVD players

For the AACS used on HD DVD and Blu-ray Disc , a copy-protected output is required for high-quality, compliant image output. Corresponding graphics cards and chipsets with HDCP-protected HDMI or DVI interfaces have been on the market since 2006.

HDCP in televisions

On January 19, 2005, the industry association EICTA (European Industry Association for Information Systems) announced HDCP as one of the required components for the “ HD ready ” label for high-resolution (television) screens.

HDCP and digital television

A Silicon Image HDCP transmitter chip in an Apple TV device

Digital television stations can transmit an HDCP control signal when they are broadcast. If the receiving digital receiver supports this, then it only sends the data stream in encrypted form via its HDMI output. The evaluation of the control signal is optional (the HDMI specification does not require the use of HDCP); the receiver can therefore also output the data stream unencrypted.

In practice, however, most receivers with an HDMI output evaluate the HDCP control signal correctly. The reason for this is likely to be that the manufacturers have their devices certified by pay-TV providers. As a rule, the providers only permit reception of their programs with receivers certified in this way via their terms and conditions . You probably don't want to jeopardize this business by selling equipment that goes against the wishes of the providers.

A DVI to HDMI adapter

Only a few devices from manufacturers that do not require certification by pay-TV providers do not evaluate the control signal. An example of this are the Dreambox models DM800 and DM8000 , which also use DVI outputs instead of HDMI in order to save licensing and the associated costs of using an HDMI interface. Technically, this is not a disadvantage, as DVI-D 24-5 and HDMI are electrically identical. Audio output via DVI is also possible and is also used in the above-mentioned Dreambox models. Using a DVI-HDMI adapter, such a device can be connected to any device with an HDMI input.

From a basic encryption of an entire television transmission path (. Eg a digital cable connection) or the encryption of individual pay-TV channels, one for their decryption smartcard is required HDCP is completely independent. An encrypted pay TV channel, like an unencrypted free TV channel, can be broadcast with or without an HDCP control signal.

Problems with Premiere

Premiere HD, which was officially presented in January 2006 by the pay broadcaster Premiere , requires DVB-S 2 receivers with an HDCP-capable digital video output for reception . When the channel offer started, only the film channel with HDCP activated was broadcast; however, 20 percent of customers experienced errors in the image output caused by copy protection. Operation with AV receivers that have HDMI inputs / outputs in order to output the image signal from several components such as DVD players and SAT or cable receivers on one screen was not possible even after firmware corrections were made to the receiver. It is currently unclear whether the mechanism of switching the HDCP on and off via broadcast flag is part of the DVB-S2 specifications or is only prescribed by the broadcaster for “Premiere HD” -capable receivers. The former is supported by the fact that other German HD broadcasters (e.g. Anixe HD ) started broadcasting with the broadcast flag activated as early as May 2006 .

Web links

Individual evidence

  1. Intel's HDCP video encryption allegedly cracked at heise online , September 14, 2010
  2. a b HDCP copy protection bypassed. Retrieved April 8, 2014 .
  3. Intel confirms the authenticity of the HDCP master key found at heise online, September 17, 2010
  4. Article description DVIHDCP ( Memento from January 3, 2006 in the Internet Archive )
  5. Article description DVIMAGIC ( Memento from January 5, 2006 in the Internet Archive )
  6. ^ Announcement about the discontinuation of the sales of DVIMAGIC and DVIHDCP
  7. HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently. Retrieved August 31, 2015 .
  8. Intel confirms the authenticity of the revealed HDCP master key. Retrieved August 31, 2015 .
  9. HDCP master key decrypted at ComputerBase , September 18, 2010
  10. Researchers succeed in man-in-the-middle attack on HDCP copy protection. Retrieved April 8, 2014 .
  11. Pirates steal 4K content from Netflix for the first time. Retrieved August 31, 2015 .