Content Scramble System

The Content Scramble System (CSS ) is a procedure for the encryption of DVD-Video contents. It was developed primarily by Matsushita and Toshiba, and is supported by the DVD Copy Control Association (CCA ), a non-profit companies in the film and the consumer electronics industry, licensed. The license itself is free of charge, but it is charged an administrative fee of $ 5,000 a year. CSS uses only symmetric cryptography and is due to several design errors completely broken.

Operation

Licensed DVD player, whether hardware or software, contain one or more keys from a set of device keys 409 (Player - Keys), which were generated once by the CCA. Individual keys are provided various manufacturers of DVD players available, in principle, these keys should however remain secret.

The contents of a CSS -protected DVD is in encrypted form, which required to play key change from sector to sector (Sector -Key ) or from chapter to chapter (Title Key), but are in turn in encrypted form on the DVD. To decrypt the Title Keys the disc key is required. This, different in each CSS DVD disc key is encrypted with 409 all device keys and is 409 times with these 409 device keys encrypted on the DVD.

A licensed DVD player goes through the following steps to play a CSS - protected video:

• With a well-known player the device key for the disc key is decrypted.
• Using the Disk Keys of the Title Key is decrypted for that chapter.
• With the Title Key sector - key is decrypted.
• The sector - key is used to decrypt the partially encrypted MPEG -2- compressed video data.

A device license may be revoked by no longer encrypted in newly produced DVDs of the disc key using the corresponding device key. CSS thus far prevented the creation of bitgetreuen copies of a DVD, but playing DVDs on unlicensed devices that are not authorized by the CCA.

Although CSS encrypted movie files to DVD can be copied to the hard disk, for example, readily, but must be decrypted before playing or converting the video material only. It is also not possible to create without undoing encryption a working 1:1 copy to a recordable DVD, if the original CSS is protected. There are also for DVD content or regional codes that will allow playback of DVDs only in the regions for which they are intended market.

The CSS succession process that is used on HD DVDs and Blu -ray discs, called Advanced Access Content System ( AACS). As an alternative to this, mainly based on encryption methods, there are also physical copy protection methods, such as ARccOS.

CSS Hack

Since the cryptography used in CSS can be cracked with only 40 bits long keys, whose complexity can be reduced to 225, with normal PCs available today in a reasonable time by brute- force attack, the effort to restore the contents is controlled. This had to be taken knowingly purchase, since the former USA export restrictions did not permit export of strong cryptography abroad for security reasons by the DVD Forum in the standardization of CSS in 1996. The brute-force approach proved very soon even as unnecessary as cryptographers and hackers found out that CSS has fundamental design flaws that allow a player cracking the protection within seconds.

In all the efforts of the industry to keep the exact functioning of CSS secret, but the technology had to be implemented in each of millions of devices and programs ( software DVD player). Probably got the workings of the technology by reverse engineering the software DVD player to the public. Finally, the program DeCSS spread in October 1999 on the Internet, you may override the CSS.

Even before that was known as Ripper software available that intercepts the data when they are decrypted and decoded for display, and then allowed to store them unprotected. Also information for bypassing the regional lock can be found on various internet sites.

A code has been mentioned already the day after the publication of the DeCSS source code into an analysis of the CSS key generation, the only need on a clocked with 366 MHz Celeron processor 17 hours to generate a valid player keys.

Once again a day later Frank A. Stevenson described an attack of complexity 216 at 6 known bytes. Modern processors provide this almost immediately. This attack has been optimized even further, so you only needed 5 bytes (which are always known, according to the CSS standard and as a hash value lie on the DVD). At the same time a hacker built a crack, could be the one VOB file (DVD Video Object) is decrypted and stored on the hard disk as an MPEG file. At this time, it was the people involved already long been just a matter of figuring out how flawed CSS was total.

On October 30, 1999, all player keys have been published on the mailing list livid -dev. With the loss of individual player keys, the film industry had expected and CSS designed for the subsequent deletion of such keys as the minced in the DeCSS development Xing DVD player. With the recent development, however, showed that this method was not feasible: on the one hand, the replacement of all player keys would have meant that all existing players would not have been compatible with the new DVDs, on the other hand, the hackers had shown that they have the new player Keys would probably have found out as fast as the old ones. On the same day Stevenson posted yet another attack vector: Above the disk key hash, it was possible to get the disc key within a few seconds, without having to have a single player -Key.

From Chaos Computer Club CSS is called an " amateur encryption system ". The club has provided on its website a comprehensive report on the progress of the hack.

Also, Bruce Schneier, one of the leading cryptographers worldwide, CSS called " a very weak program with a very weak 40 -bit key, based on a weak algorithm ".

The Motion Picture Association of America ( MPAA ) stated in their FAQ a response to the accusation that CSS was easy to hack, to: "There is no perfect encryption system that is immune to attacks. Currently, newer and more complex copy protection systems are being developed; However, we admit that determined thieves will try to bypass these protection systems ".

Criticism and alternatives

Initiatives such as the Global Internet Liberty Campaign and OpenDVD committed against CSS. OpenDVD was founded by software and hardware engineers who are looking for new and better ways to use DVD industry's. They also want to protect the rights of copyright owners, but also allow consumers to make their own DVD videos and to make use of their fair-use rights. For this purpose, the Linux Video and DVD Project ( LiViD ) was formed, which introduced the Open Media system in February 2001, can be played with the DVDs under the operating system GNU / Linux.