Content Scramble System
|This article needs additional citations for verification. (March 2008)|
|Key sizes||40 bits|
|Block sizes||2048 bytes (DVD sector size)|
|Best public cryptanalysis|
|Defeated in 1999 by DeCSS, 40-bit key size is subject to brute-force attack, effective key size is about 16 bits. This can be brute-forced in about a minute by a Pentium II.|
Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on almost all commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 1996 and was first compromised in 1999.
The purpose of CSS is twofold:
- CSS prevents byte-for-byte copies of an MPEG (digital video) stream from being playable since such copies do not include the keys that are hidden on the lead-in area of the restricted DVD.
- CSS provides a reason for manufacturers to make their devices compliant with an industry-controlled standard, since CSS scrambled discs cannot in principle be played on noncompliant devices; anyone wishing to build compliant devices must obtain a license, which contains the requirement that the rest of the DRM system (region codes, Macrovision, and user operation prohibition) be implemented.
While most CSS-decrypting software is used to play DVD videos, other pieces of software (such as DVD Decrypter, AnyDVD, DVD43, Smartripper, and DVD Shrink) can copy a DVD to a hard drive and remove Macrovision, CSS encryption, region codes, and user operation prohibition.
CSS has been superseded by newer DRM schemes such as Content Protection for Recordable Media (CPRM), or by Advanced Encryption Standard (AES) in the Advanced Access Content System (AACS) DRM scheme used by HD DVD and Blu-ray Disc, which have 56-bit and 128-bit key sizes, respectively, providing a much higher level of security than the weak 40-bit key size of CSS.
- a process for a DVD drive and CSS Decryption module to recognize (or authenticate) each other; this is normally necessary before reading data from a CSS-encrypted DVD, and an authentication key is used for this purpose. Authentication can be bypassed with a brute-force attack (see below).
- Title key
- used for scrambling and descrambling DVD data known collectively as a title, which could be a complete motion picture, a trailer, or some similar self-contained unit.
- Disc key
- used for decrypting a title key on a DVD.
- Player key
- used for decrypting a disc key on a DVD; each DVD player manufacturer is allocated one of approximately 400 player keys to incorporate in its players.
The generic term CSS key may refer to an authentication key used in the CSS secure handshake with a descrambler, a disc key, a player key, a title key, a secured disk key set, or an encrypted title key.
The CSS key sets are licensed by the DVD Copy Control Association to manufacturers who incorporate them into products such as DVD movie releases, drives, and players; most DVD players are equipped with a CSS Decryption module.
Disc keys are stored on the lead-in area of the disc, an area that a compliant drive is only supposed to read in a special way; the sectors of the DVD are encrypted, preventing the copying of VOB (Video Object) content, which can only be retrieved with authentication keys. Furthermore, the key area on a DVD-R disc is immutable, thus preventing the trivial copying of a CSS-encrypted DVD to a DVD-R. However, the key area on a DVD+R disc is mutable, but standard drives have refused to write to it (with the exception of the Book type field, which is used for bitsetting). Keys can be passed from a DVD drive to a descrambler over a data bus using a secure (but now compromised) handshake protocol.
In October 1999, Jon Lech Johansen and two people who have remained anonymous reverse engineered CSS and created DeCSS to share the exploit with others, in a striking example of the trusted client problem. Not long after, CSS was further revealed to be easily susceptible to a brute force attack, which is implemented by the widely used libdvdcss; the brute-force attack works even if the keys cannot be retrieved from the lead-in area, as is the case when the DVD's region code is different from that of the drive. This allows region-free DVD player software to work with region-locked drives.
CSS's weakness is primarily due to the regulations placed on the export of cryptographic systems from the United States. At the time that CSS was introduced, it was forbidden in the United States for manufacturers to export cryptographic systems employing keys in excess of 40 bits, a key length that had already been shown to be wholly inadequate in the face of increasing computer processing power (see Data Encryption Standard). In addition, structural flaws in CSS reduce the effective key length to only around 16 bits, allowing for CSS to be compromised in less than a minute by brute-force with a 450 MHz processor.
In Geeks Bearing Gifts, author Ted Nelson states "DVD encryption was intentionally made light by the DVD encryption committee, based on arguments in a libertarian book Computer Lib.", a claim cited as originating from personal communication with an anonymous source; Nelson is the author of Computer Lib.
- Disc wobble
- DVD Copy Control Association
- Advanced Access Content System
- DVD ripper
- AnyDVD, DVD43, DeCSS, DVD Decrypter, Smartripper
- libdvdcss, a popular free software for enabling playback of discs on opensource players.
- Content Protection for Prerecorded Media (CPPM)
- Fair use
- ARccOS Protection, an additional form of DVD copy protection
- IEEE - Copy Protection for DVD Video p.2
- CSS - A butt of all the jokes
- Export of cryptography in the United States
- Frank A. Stevenson (November 8, 1999). Cryptanalysis of Contents Scrambling System. Archived from the original on March 2, 2000.
- Nelson, Ted (2008). Geeks bearing gifts : how the computer world got this way (Ed. 1.0. ed.). Sausalito, CA: Mindful Press. p. 199. ISBN 978-0-578-00438-9.