Why AACS DRM is broken beyond repair

There’s good news this week if you want to watch HD-DVD and Blu-Ray disks on your computer, because reports indicate that their AACS Digital Restrictions Management (DRM) “feature” has been broken beyond repair: a victory for consumer rights.

AACS is Hollywood’s attempt at restricting what you can do with your HD-DVD and Blu-Ray disks – the latest in a succession of ill-fated measures designed to protect the failing business models of media middle-men.

The recent attacks on the system allow you to use software tools to decrypt high-definition disks and remove restrictions on accessing their content.

Now disc collections can be backed up; assistive technologies for disabled people can be implemented; extracts of works can be taken for academic study, review or parody; and artists are free to build on their cultural heritage by re-mixing it to create new content.

Many of these rights are enshrined in copyright law, but DRM systems prevent their exercise.

The AACS DRM system has fallen victim to the darknet in a familiar and highly predictable fashion. It’s fatal flaw is common to all DRM: the keys that keep it working must be given out with the media and the machines required to play it, else they will be useless; yet those keys must remain a secret or someone will use them to break the DRM. How do you keep a number secret if you’ve printed millions of copies of it and sent them all over the world?

Under these circumstances it can only be a matter of time before the keys are discovered and the restrictions are undone.

AACS was supposed to be robust against the discovery of its encryption secrets. The system includes an update mechanism for hardware and software players that can stop copied disks from being played by revoking compromised keys. However it turns out this mechanism is less than practical.

Exposed keys can be replaced, but this is largely irrelevant because the mechanism for extracting them is already known. It is trivial to uncover new keys once they have been released. Unfortunately for AACS, there is no way to fix the vulnerabilities in its internal mechanisms that allow this to be done.

In order to mitigate the key management burden on vendors of HD-DVD and Blu-Ray players, the AACS licensing authority promised that it would give 90 days notice of a key revocation event to allow the manufacturers to update their products. That means the AACS-LA can make up to four updates per year to try to recover from security breaches.

Therefore, if it takes less than three months for the attackers to extract a set of encryption keys from the system, then AACS is forever broken.

This sounds like a challenge, and sure enough, it took a good few months for the first set of keys to be discovered, which would suggest a modicum of success for the defenders. However, attacks only ever get better. To put the situation into perspective, consider that according to Freedom To Tinker the latest AACS keys have already been exposed, even though they’ve yet to be released!

Quoth the blog:

To be successful in the long run, AACS needs to outpace such attacks. Its backers might be able to accelerate the blacklisting cycle somewhat by revising their agreements with player manufacturers, but the logistics of mastering discs and shipping them to market mean the shortest practical turnaround time will be at least several weeks. Attackers don’t even have to wait this long before they start to crack another player.

The writing is on the wall for AACS, so we can all look forward to enjoying high-definition content without being restricted to the agenda of a few greedy corporations. But will the media moguls now learn their lesson and start channeling the millions they’re wasting on DRM into improving their products instead?

Calling Mr. Porky to runway one – it’s time for your flying lesson…