Digg this story   Add to del.icio.us  
Video crypto standard cracked?
Ann Harrison, SecurityFocus 2001-08-13

Noted cryptographer Niels Ferguson says he's broken Intel's vaunted HDCP Digital Video Encryption System, but fear of U.S. law is keeping him silent on the details.

ENSCHEDE, NETHERLANDS--A Dutch cryptographer who claims to have broken Intel Corp.'s encryption system for digital video says he will not publish his results because he fears being prosecuted or sued under the Digital Millennium Copyright Act.

Niels Ferguson announced last weekend that he has successfully defeated the High-bandwidth Digital Content Protection (HDCP) specification, an encryption and authentication system for the DVI interface used to connect digital cameras, high-definition televisions, cable boxes and video disks players.

"An experienced IT person could recover the master key in two weeks given four standard PCs and fifty HDCP displays," said Ferguson. "The master key allows you to recover every other key in the system and lets you decrypt [HDCP video content], impersonate a device, or create new displays and start selling HDCP compatible devices."

Ferguson, who announced his results at the Hackers At Large 2001 (HAL) security conference, is not providing details of how he defeated HDCP. But he says it is a textbook example of a cryptographic attack.

Intel spokesperson Daven Oswalt says the company has received several reports from people claiming that they have broken HDCP. But he says none have held up, and the company remains confident in the strength of the system.

"Intel believes that HDCP meets the intended goal of preventing the casual copying and distribution of entertainment content of DVI outputs," said Oswalt. He declined to comment on Ferguson's decision to withhold publication of his research.

A respected cryptographer, Ferguson helped design the Twofish algorithm, one of the algorithms selected as candidate for the U.S. Advanced Encryption Standard (AES).

In his address at HAL, Ferguson reviewed a well-known published attack on a reduced-round version of the Rijndael algorithm, which was discovered before Rijndael became the final AES. The cryptographer also presented an algebraic formula that describes the structure of Rijndael. If the formula is solved, Ferguson believes that the Rijndael block cipher could be broken.

Ferguson says he has contacted Intel and informed the company of his HDCP findings, but added that he declined to email the results to the U.S., because he is not sure of the legal risks.

Intel has not threatened him in any way, says Ferguson. But he says he was informed by a lawyer from the San Francisco-based Electronic Frontier Foundation (EFF) that he could be sued or prosecuted under the DMCA for publishing his research, even on his own Web site. And if Intel chooses not to sue, Ferguson fears that the motion picture industry, whose movies are encrypted with HDCP, may haul him into court.

Ferguson is a Dutch citizen, but travels to the U.S. regularly for both personal and professional reasons. He worries that if he presents his research, he will not be able to enter the U.S. without fear of persecution. "This is a country that tells others they should protect human rights, but they have trampled on mine," says Ferguson. "The U.S. Congress is telling me what I can or cannot say in my own country."

Ferguson notes that the Recording Industry Association of America (RIAA) used the DMCA to pressure Princeton professor Ed Felten to withhold his research on audio watermarking technology. Felten's subsequent suit against the music industry will be decided this month. But Ferguson, who filed a declaration in the Felten case, says he is not going to gamble on a favorable ruling that could be appealed and reversed.

Robin Gross, an EFF staff attorney for intellectual property, says chances are good that Ferguson could be prosecuted under the DMCA, like Russian researcher Dmitry Sklyarov who was arrested in Las Vegas following the Def Con hacker convention last month. Sklyarov is now free on bail.

Gross says Ferguson could be at risk for simply posting his results, despite the fact that he is not distributing software or presenting a paper. "Even though Ferguson is not doing these things, someone else could distribute his research in this country and he could potentially be liable," said Gross. "There is very little First Amendment protection for scientists in this country."

Gross added that other security researchers, including Alan Cox and Ross Anderson, have stated that they are concerned about traveling to the U.S. for fear of being prosecuted under the DMCA. She said U.S. technical conferences are considering moving offshore so as not to place attendees at risk.

According to Ferguson, his right to freely publish his scientific findings is upheld by the Universal Declaration of Human Rights, the U.S. Constitution and Dutch law. In practice, he says, his opponents have unlimited money and could drag the case along until he is forced to give in. "I would lose my pension, I would lose everything and probably go bankrupt," said Ferguson. "That is the threat."

Ferguson argues that, ultimately, the DMCA will end up costing Intel and the content industries money. While they are spending millions on HDCP, he says, they will be denied the benefits of research that can help fix the technology. Ferguson predicts that a year from now, someone will post a HDCP master key on the Internet, and the money spent on the system will be wasted.

"You can be sure that somehow, somewhere, someone will duplicate my results especially because I am telling them that I have results," says Ferguson. "Someone who is braver, who has less money, and who doesn't travel to the U.S."

    Digg this story   Add to del.icio.us  
Comments Mode:


Privacy Statement
Copyright 2010, SecurityFocus