Self-Protecting Digital Content
|This article needs additional citations for verification. (March 2008) (Learn how and when to remove this template message)|
Self Protecting Digital Content (SPDC), is a copy protection (Digital Rights Management) architecture which allows restriction of access to, and copying of, the next generation of optical discs and streaming/downloadable content.
Designed by Cryptography Research, Inc. of San Francisco, SPDC executes code from the encrypted content on the DVD player, enabling the content providers to change DRM systems in case an existing system is compromised. It adds functionality to make the system "dynamic", as opposed to "static" systems in which the system and keys for encryption and decryption do not change, thus enabling one compromised key to decode all content released using that encryption system. "Dynamic" systems attempt to make future content released immune to existing methods of circumvention.
If a method of playback used in previously released content is revealed to have a weakness, either by review or because it has already been exploited, code embedded into content released in the future will change the method, and any attackers will have to start over and attack it again.
Targeting compromised players
If a certain model of players are compromised, code specific to the model can be activated to verify that the particular player has not been compromised. The player can be "fingerprinted" if found to be compromised and the information can be used later.
Code inserted into content can add information to the output that specifically identifies the player, and in a large-scale distribution of the content, can be used to trace the player. This may include the fingerprint of a specific player.
If an entire class of players is compromised, it is infeasible to revoke the ability to use the content on the entire class because many customers may have purchased players in the class. A fingerprint may be used to try to work around this limitation, but an attacker with access to multiple sources of video may "scrub" the fingerprint, removing the fingerprint entirely or rendering it useless at the very least.
Because dynamic execution requires a virtual environment, it may be possible to recreate an execution environment on a general purpose computer that feeds the executing code whatever an attacker wants the code to see in terms of digital fingerprints and memory footprints. This allows players running on general purpose computers to emulate any specific model of player, potentially by simply downloading firmware updates for the players being emulated. Once the emulated execution environment has decrypted the content, it can then be stored in decrypted form.
Because the content encryption scheme (such as BD+) is separate from the transport encryption scheme (such as HDCP), digital content is transferred inside the player between circuits in unencrypted form. It is possible to extract digital data directly from circuit traces inside a licensed and legal player before that content has been re-encrypted for transport across the wire, allowing a modified player to be used as a decryption device for protected content. Only one such device must exist for the content to be widely distributed over digital networks such as the Internet.
The final weakness of all DRM schemes for noninteractive works is the ultimate decryption for display to end-users. The content can at that time be re-encoded as a digital file. The presumption is that re-encoding is lossy, but fully digital copies can be made with modified viewing devices. For example, HDCP to unencrypted DVI adapters exist on the market and can be used by infringers to re-encode digital copies without modifying players. Further, infringers can make copies through the analog hole. Modern HD televisions are merely 2 megapixels in resolution and the HD specification will be static for at least two decades, as high-expense consumer product cycles are necessarily long and higher resolution provides decreasing benefit to the consumer. By the time the specification is mid-life, cameras with 20 megapixel resolution will be available and able to record full-motion video, allowing for full two-axis oversampling and software reconstruction of the original stream pixel-by-pixel, with the only analog losses being encoded as slight variations in pixel color--and even this loss can be compensated for with color profile adjustment after the re-encode has completed. It would not be possible to compensate for possible compression of the color space dynamic, however, leading to a slight posterizing effect. This effect is already apparent in compressed video and does not seem to bother most consumers.