Bye CSS hello ACCS: The next protection for optical media?

Here is a great article over at the IEEE Spectrum site that takes a look at Advanced Access Content System or ACCS. This is the next big thing for content protection, sorely needed by content providers ever since a young Jon Johansen unravelled the present Content Scrambling System or CSS. Now, anyone can copy a DVD movie with just a bit of effort, despite the encryption scheme. This is not going to be acceptable with a new generation of discs about to hit the streets. Discs that will this time will hold master quality content! There are some heavy hitters working on this project such as IBM, Intel, Microsoft, Panasonic (Matsushita Electric), Sony, Toshiba, Disney, and Warner Bros. Studios. But, can they outsmart the hackers this time?  I don’t think so either.

But one key parameter has been made public. The CSS encryption in the first generation of DVDs, which Johansen defeated, used a proprietary 40-bit key for encryption. AACS will use a so-called strong key, the 128-bit Advanced Encryption Standard approved by the U.S. National Institute of Standards and Technology.

“This removes one of the obviously dumb things from CSS’”they were using a cipher that was easy to break,” says Dan Wallach, assistant professor of computer science at Rice University, in Houston.

Because even strong keys can be compromised, the heart of the new protection technology will be its ability to keep on protecting data even after it has been cracked.

The basic idea in recovering from cracking is to make a compromised player key obsolete. Compromised players could continue to play old discs, but not new releases. And crackers would have to start all over again.

Ripley identifies a technology called media key block as an important element in recovering from cracking. With this system, there are actually two keys’”one is on the disc itself, but it doesn’t work until it is decoded by a second key installed in each player. Multiple versions of this second key can exist; indeed, it is possible that each player would have a unique key, or that groups of players would share keys. Either way, if one key is compromised in the way that CSS was compromised by Johansen and if that decoding method becomes public, new DVDs could include updated on-disc keys that would cause the compromised player-based key to fail. They would, nevertheless, still work with other, uncompromised player-based keys.

The article does not stop there, it poses the possibility of someone who cracks a key, but keeps it secret and therefore could continue to copy new releases.  “When you give a secret to a million people, and one of them reverse-engineers it and releases a movie, you might not even be able to identify what key you need to disable,” says Rice University’s Wallach. As bad as the industry wants to recover from the devastating blow from that Norwegian teenager, it looks pretty unlikely that they wont suffer once again under this new scheme. It’s not even out yet and ways are being discovered to create workarounds. Take the time to head on over to the Spectrum site and read the whole article, then please give us your thoughts.

I guess what is rather ironic is that there would be no chance of any piracy if the studios would not release the data to the public to begin with. But, no way in heck are they going to kill that golden goose. Kind of like gas stations complaining about drive offs while they continue to sell gas and let the customer pump it to maximise profit.

Source: IEEE Spectrum