Originally posted by: Janooo
I am just reading
this.
Maybe you can help me to understand it.
Ah, actual information. Very refreshing.
The first attack they describe is limited, but would allow you (theoretically) to 'copy' encrypted content, or to record it and then play it back. However, it would probably required hacked hardware to allow you to play back the content stream without the encryption chips balking at the stream you are feeding them (since each new stream should have a new PRNG seed). Basically, you'd need a way to bypass the HDCP chip in the display.
The second attack they describe also requires hardware-level control over the system:
...So one would need to build a device with a digital timer which controls both the timing of the connection of the power to the device and the timing of the connection of the devices to each other. So long as the timing of these events is consistent, then the same A_n will generated, and the unecrypted stream is easily attained.
I'm not sure that they are
required to use the amount of time that has passed since poweron in order to generate the random number on the transmitter side, or to reset this value to 0 at each powerup. If they used something more, well, 'random', this would fail. Also, you would need to do this for each piece of content you want to strip protection from, and it has to be done in real time (since you are capturing the data stream as it is transmitted). So it's not the most convenient of hacks.
The fourth attack they describe is the same one described in the paper I linked to above. Their third 'attack' discusses using brute force to break the keys -- yes, 56-bit keys can be broken (I'm surprised they didn't use 128-bit keys or more; this was not good foresight on their part), but breaking ~820 of them (at least; this assumes you don't have particularly bad luck in finding keys that are linearly independent) would take a while. A concerted distributed computing effort could probably do this in the multi-year range, though.
What this means, in summary, is that if 40 properly chosen devices each had 40 properly chosen keys cracked, then we can compute the encryption key used for any given connection to within a smaller number of possibilities, and, essentially, the whole system fails to provide any protection. This is not really what one would call robust. We are talking about a system involving millions of devices, but even when randomly selected only an average of 73 or so need be cracked to destroy the effectiveness of the entire system. With proper selection and without the aid of corporate leaks or hardware taps this would require 820 cracks of 56-bit keys, so it would not, for instance, happen the day that the system was released. But it does mean that realistically the system has a maximum effective lifetime. In as little as a few years, likely after everyone had locked into the system, the whole thing would become ineffective.
The addendum here is pretty interesting.
There is another assumption necessary for such, which is that we can feed nonsense to the monitor and that this will not result in the HDCP chip disconnecting. From reading the specification, there is no indication that there is any way for the video hardware to signal the HDCP module, so I feel this assumption justified.
The way this attack works is that we fix a pseudo-random A_n and then feed a set of random KSVs to the receiver and see what it gives back. Then we simulate a set of random 56-bit session keys with the same A_n and see what they predict that the receiver would give back. Then we see if they overlap. Overlaps indicate that we have almost certainly matched a KSV with a session key. To be absolutely certain, for any discovered overlap we can further get as many bits from either source as we want to ensure the match to whatever standard we should desire, or we could give them a different A_n and ensure that they match given that one as well.
You will note that this requires that several things be true. First, it is required that as outlined in the first attack, the receiver does no authentication of the transmitter. Second, it must be the case that the encryption function has no way to know that it is being fed gibberish. Since it's a simple one-time pad algorithm which XOR's the signal with a pseudo-random stream, it cannot. Third, the assumption mentioned in the previous paragraph is required, since we have no actual encrypted signal to feed to it. As a result, what comes out of the HDCP decoder will almost certainly be gibberish to the display circuitry. Fourth, it is needed that the input of the cryptographic function not include the KSV. It does not. Fifth, we require that the receiver (which mind you is a television or other display device) send some output back to the transmitter. It does. However, it only sends out 16 bits every 2 seconds. The purpose of these 16 bits are to provide continuing authentication of the receiver, but they will serve adequately well for our purpose.
In theory, the kind of attack he outlined could work. It has the advantage of being able to work on cracking multiple devices in parallel, which significantly would cut down on the time to break the system. However, I'm not sure you can count on all those assumptions being true, particularly the ones I bolded. It also implicitly counts on being able to manipulate the PRNG of the system.
There are also things that could be done to make some of his computational assumptions wrong -- for instance, deliberately designing the system so that valid keys are unlikely to be linearly independent (he assumes a uniform distribution of valid keys). That would make it so that you have to crack
far more than 820 keys to be able to rebuild the entire keyspace. The 'receiver does no authentication of the transmitter' assumption might not be true -- while the spec is described pretty well, they certainly don't divulge everything it does, and some sort of reverse authentication would not surprise me. Hardware can be made relatively tamper-resistant, making it hard to perform attacks that must bypass the encryption chip on the display side.
In short, I still don't see anything that makes breaking this system trivially easy. But it does have weaknesses. I see nothing here that would make me believe it is likely the system has already been compromised.