Crypto expert predicts demise of next gen DVD security
Princeton professor says HD-DVD and Blu-Ray disc encryption is in meltdown and tools could allow copied discs to be played.
The encryption system used to protect content on HD-DVD and Blu-Ray disc is fast becoming obsolete, according to an encryption expert.
Ed Felten, professor of computer science and public affairs at Princeton University and security researcher, said that decryption tools that find encryption keys - called title keys - used to decode the next generation formats will evolve and backup applications such as BackupHDDVD will be modified to use these keys to play copied discs.
"Somebody will make an online database of title keys, and will modify BackupHDDVD so it automatically consults that database and gets the title keys it needs," Professor Felten said. "This new decryption program will be able to decrypt any disc whose title key appears in the database. This decryption software and database don't exist yet, but they seem inevitable."
He compared this with the system used to distribute decrypted movies.
"One difference is that a 16-byte title key is much smaller and easier to distribute than a huge movie file - even a dialup line will be able to download title keys in the blink of an eye," he said.
He said the title key is only useful if you have the disc or a copy of it, but the keys will be enough to enable in-home fair use.
Felten said that the title keys could be obtained by either reverse engineering a player or more likely from a software application used to play a disc on a computer.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"In either case it will be possible. An engineer who extracts a key can upload it to the online database or share it with his friends," said Felten.
He predicted that such key extraction would eventually be automated.
But Felten said that if anyone published details of these recovered key then the central authority that governs the distribution of keys could black list these keys.
"So the engineer, if he is clever, won't necessarily publish everything he knows. The more he publishes, the more he helps others freely use their discs - but the more he also helps the central authority fight back," he said.
Felten said this would lead to an interesting strategic game between the engineer and the central authority.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.