|
|
| |
High bandwidth Digital Content Protection (HDCP) is a system for preventing access to plaintext video data sent over Digital Visual Interface (DVI). Any technique that allows access to the plaintext data is considered breaking the system.
The linked article will show that with the public and private keys from 40 devices and O(40^2) we can violate the design requirement, meaning that we can access the plaintext. Furthermore, with the 40 sets of keys and at most O(2^40) offline work we can usurp the central authority completely. |
| |
Credit:
The complete paper can be found at:
http://nunce.org/hdcp/hdcp111901.htm
The information has been provided by Scott Crosby of Carnegie Mellon University and Ian Goldberg of Zero Knowledge Systems.
|
| |
The attached paper discusses the feasibility of gaining access to the clear text form of encrypted information provided inside the HDCP information stream.
The paper comes to the following conclusions:
HDCP's linear key exchange is a fundamental weaknesses. We can:
* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
* Create new device keyvectors.
* In aggregate, we can usurp the authority completely.
The weaknesses are not easy to repair. Two proposed modifications are broken and still susceptible in O(n^2) work and n sets of keys to:
* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
|
|
|
|
|
|
|
|
