A Cryptanalysis of the High-bandwidth Digital Content Protection System - Robotics Institute Carnegie Mellon University

A Cryptanalysis of the High-bandwidth Digital Content Protection System

Scott Crosby, Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner
Workshop Paper, CSS '01 Workshop on Security and Privacy in Digital Rights Management (DRM '01), pp. 192 - 200, November, 2001

Abstract

We describe a practical attack on the High Bandwidth Digital Content Protection (HDCP) scheme. HDCP is a proposed identity-based cryptosystem for use over the Digital Visual Interface bus, a consumer video bus used in digital VCRs, camcorders, and personal computers. Public/private key pairs are assigned to devices by a trusted authority, which possesses a master secret. If an attacker can recover 40 public/private key pairs that span the module of public keys, then the authority's master secret can be recovered in a few seconds. With the master secret, an attacker can eavesdrop on communications between any two devices and can spoof any device, both in real time. Additionally, the attacker can produce new key pairs not on any key revocation list. Thus the attacker can completely usurp the trusted authority's power. Furthermore, the protocol is still insecure even if all devices' keys are signed by the central authority.

BibTeX

@workshop{Crosby-2001-8344,
author = {Scott Crosby and Ian Goldberg and Robert Johnson and Dawn Song and David Wagner},
title = {A Cryptanalysis of the High-bandwidth Digital Content Protection System},
booktitle = {Proceedings of CSS '01 Workshop on Security and Privacy in Digital Rights Management (DRM '01)},
year = {2001},
month = {November},
pages = {192 - 200},
publisher = {ACM},
keywords = {cryptoanalysis HDCP},
}
Copyright notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.