[NEWS] A Cryptanalysis of the High-bandwidth Digital Content Protection System
From: support@securiteam.comDate: 11/26/01
- Previous message: support@securiteam.com: "[UNIX] Off-By-One Security Vulnerability in THTTPd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] A Cryptanalysis of the High-bandwidth Digital Content Protection System Message-Id: <20011126075414.DA610138BF@mail.der-keiler.de> Date: Mon, 26 Nov 2001 08:54:14 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
A Cryptanalysis of the High-bandwidth Digital Content Protection System
------------------------------------------------------------------------
SUMMARY
High bandwidth Digital Content Protection (HDCP) is a system for
preventing access to plaintext video data sent over Digital Visual
Interface (DVI). Any technique that allows access to the plaintext data is
considered breaking the system.
The linked article will show that with the public and private keys from 40
devices and O(40^2) we can violate the design requirement, meaning that we
can access the plaintext. Furthermore, with the 40 sets of keys and at
most O(2^40) offline work we can usurp the central authority completely.
DETAILS
The attached paper discusses the feasibility of gaining access to the
clear text form of encrypted information provided inside the HDCP
information stream.
The paper comes to the following conclusions:
HDCP's linear key exchange is a fundamental weaknesses. We can:
* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
* Create new device keyvectors.
* In aggregate, we can usurp the authority completely.
The weaknesses are not easy to repair. Two proposed modifications are
broken and still susceptible in O(n^2) work and n sets of keys to:
* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
ADDITIONAL INFORMATION
The complete paper can be found at:
<http://nunce.org/hdcp/hdcp111901.htm>
http://nunce.org/hdcp/hdcp111901.htm
The information has been provided by Scott Crosby of Carnegie Mellon
University and Ian Goldberg of Zero Knowledge Systems.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Off-By-One Security Vulnerability in THTTPd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
