and content protection for recordable media (cprm)
TRANSCRIPT
2005/9/11 [email protected] 1
Content Protection for Content Protection for PrePre--recorded Media (CPPM) and recorded Media (CPPM) and
Content Protection for Recordable Content Protection for Recordable Media (CPRM)Media (CPRM)
- The “Introduction to Important DRM Standards” Series, NO. 2
Chun-Hsiang HuangCommunication and Multimedia Laboratory
Department of CSIE, National Taiwan University
2005/9/11 [email protected] 2
Outline
♦ Why do we need CPPM / CPRM?♦ The CPPM/CPRM specification proposed by 4C
Entity♦ Broadcast Encryption: the basis of CPPM/CPRM
2005/9/11 [email protected] 3
Current Status of Prerecorded Media Protection
Compliant player
Non-Compliant player
Legal, encrypted copy
Illegal, decrypted copy
Compliant recorder
Non-Compliant recorder
Playback controlby encryption (CSS)
Copy control by watermarking
• Non-compliant devices are more convenient….>___<
Compromised! Not Used!
2005/9/11 [email protected] 4
CPPM Basics
♦ CPPM is a renewable method for protecting content distributed on prerecorded (read-only) media types based on block-cipher.
♦ Currently, CPPM for DVD-audio is defined♦ Key technologies
– Key management– Content encryption– Media based renewability
2005/9/11 [email protected] 6
CPPM Cryptographic Functions
♦ C2 block cipher is used
♦ The C2 Block cipher is based on Feistel network– bit-shuffling – simple non-linear functions (often called S boxes) – linear mixing (in the sense of modular algebra) using XOR– parts of the IBM Lucifer cipher, which are basis of the famous DES – created by Horst Feistel in IBM
Input Block Size
Output Block Size
Input Key Size
Number of Rounds
64 bits
64 bits
56 bits
10
Encryption: C2_E(k, d)Decryption: C2_D(k,d)
Encryption: C2_ECBC(k, d)Decryption: C2_DCBC(k,d)
2005/9/11 [email protected] 7
Key Management in CPPM
Device Keys
MKB ProcessingMedia Key Block (MKB)
Media Key
Device Keys
MKB
Media Key
56bits each, n keys
Variable, multiple of 4 bytes
56 bits
2005/9/11 [email protected] 8
Devices Keys in CPPM
♦ Each CPPM-compliant playback device is given a set of secret device keys,Kd_0,…Kd_n-1, which are provided by 4C Entity and used in processing the MKB to calculate the Media Key
♦ Each device receives n Device Keys. Each Device Key corresponds to an associated Row and Column value, Rd_i and Cd_i(i=0,…,n-1).
♦ For a given device, no two Device Keys will have the same C_d_i , but Rd_i for two devices keys may be the same
2005/9/11 [email protected] 9
Media Key Block (1)
♦ Renewability is enabled by using Media Key Block♦ All compliant devices cane use their set of secret keys to
calculate the same Media Key♦ Revoking
– If a set of device keys is compromised, an updated MKB can be released and used by future contents, so that the devices with the compromised set of Device Keys will calculate a different Media Key from other compliant devices
– A Media Key of 000000000000000016 will be obtained by using a revoked key
2005/9/11 [email protected] 10
Media Key Block (2)
♦ Media Key Blocks are formatted as a sequence of contiguous Records.
♦ Record lengths are always multiple of 4 bytes
♦ Defined Record types– Verify Media Key Record
• Contains output values obtained by encrypting DEADBEEF16 with Media Key
– Calculate Media Key Record• Exactly one such record in each MKB
– Conditionally Calculate Media Key Record– End of Media Key Block Record
16 columns
2500 columns
CPRM MKB
2005/9/11 [email protected] 11
Calculate Media Key RecordRecord Type: 0116
Record Length
Reserved
Revision
Column
Generation: 00000116
Encrypted Key Data for Row 0 (Dke_0)
Encrypted Key Data for Row 1 (Dke_1)
:::
Checking Generation==000000116
Find Kd_i which Cd_I=Column
Km =C2_D(Kd_I, Dke_r)lsb_56 (+) f(c,r),c=Cd_i , r=Rd_i
Media Key=Km
2005/9/11 [email protected] 12
CPRM Basics
♦ Content Protection for Recordable Media ♦ Each recorded title is encrypted with a title-specific
key♦ CPRM also adopts similar renewing scheme♦ CPRM-compliant recorders may accelerate
revoking MKB faster by writing additional MKB Records
2005/9/11 [email protected] 15
Key Managements in CPRM
Device Keys
MKB ProcessingMedia Key Block (MKB)
Media Key
C2 Hash FunctionMedia ID
Title Key
2005/9/11 [email protected] 16
CPPM/CPRM Protected Scenario
Compliant player
Copy of compliant player
Legal title
Future title
Compliant recorder
Other compliant playerLegal Copy
Satellite or Cable CPPMCPRM
2005/9/11 [email protected] 17
Key Management Problem
♦ The success of CPPM/CPRM is based on different device keys in each device
♦ The amount of DVD is huge, thus causing serious key management problem
♦ Broadcast encryption is adopted – Amos Fiat & Moni Naor, Advances in Cryptography- CRYPTO ’93
Proceeding, LNCS, Vol. 773, 1994, pp. 480-491
2005/9/11 [email protected] 18
Trivial Key Management SolutionsBroadcast center
User 1 User 2 User 3 User N…
Key1 Key2 Key3 KeyN…
Total processing/transmission time is long!
Broadcast center
User 1 User 2 User 3 User N…
Keys for all subsets User 1 belongs to
Keys for all subsets User 2 belongs to
Keys for all subsets User 3 belongs to
Keys for all subsets User N belongs to
…
Every user must store a large number of keys!!
2005/9/11 [email protected] 19
Results of Broadcast Encryption
♦ By obtaining reasonable trade-off between key management related transmissions (size of MKB) and user key storage (device keys), original broadcast encryption scheme requires every user to store only O(k· log k · log n) keys and the center to broadcast O (k2 · log2 k · log n) transmissions