Cinavia DRM: How I Learned to Stop Worrying and Love Blu-ray’s Self-Destruction
by Ganesh T S on March 21, 2012 11:00 AM EST- Posted in
- Home Theater
- Blu-Ray
- DRM
- Cinavia
Content providers mandate the presence of protection schemes at all times when the consumers want to access their wares. For the consumer, this entails:
1. Conditional access
2. Protected transmission
3. Protected distribution
4. Protected storage
Conditional access is applicable to cases where media travels over insecure channels (such as satellite or cable). This is implemented in STBs. Protected transmission is the path to the display device, and it is usually protected by HDCP (over HDMI) or Macrovision in legacy systems. Protected storage is encountered in broadcast content, with its copy flags to allow DVR archiving. Protected distribution is enabled by the DRM mechanism in Blu-rays / DVDs. In Blu-rays, this DRM scheme is called as AACS (Advanced Access Content System). AACS also provides for protected storage through the Managed Copy feature.
A Popular Webcomic's Take on DRM (c) xkcd
AACS uses 128-bit AES for encryption. Each Blu-ray player / device has a Device Key, while discs come with a Media Key Block (MKB). The shared key generated by using these two (Media Key) is used to decrypt the Title Key, which is then used to decrypt the audio/video data in the disc. AACS also has a revocation mechanism. The MKB in each disc has a Host Revocation List for software players and a Device Revocation List for hardware drives. For PC-based playback to be successful, both the player and the drive must not be on the revocation list.
In practice, key revocation is quite rare because device keys could be shared across an entire lineup, making it hard to pinpoint which particular device was compromised. AACS does provide some sequence keys to identify a particular device as compromised if one has access to multiple pirated copies of different discs from the same drive. In addition to the MKB-Media Key-Title Key combination, PC-based players also have support to generate a Shared Bus Key to encrypt the data inbetween the drive and the software player. This ensures that any snooped data can't be used to get to the original content on the disc. AACS also has a renewal process to prevent attacks similar to those carried out on CSS (with DVDs). The net result is that we are currently at AACS v30.
In addition to AACS, the BDA mandates a BD-ROM mark, which is a physical irregularity on the disc with a 128-bit VolumeID. Blu-ray players will not play back protected content without the VolumeID, as it is essential to the decryption process. Also, the VolumeID can't be generated by consumers (BD-Recorders don't have the capability to burn a VolumeID). The process is tied to the manufacturing facility (which can obtain a license only under strict security considerations). With a counterfeit Blu-ray, it is a simple matter of using the VolumeID to trace the place where the piracy took place.
Note that AACS is based solely on cryptography and, after having been compromised, has the possibility of revoking cryptographic keys as the only means of regaining its effectiveness. So far, this method has failed. This has tempted studios to move over to other forms of DRM such as BD+ and Sony Screen Pass.
It is mandatory for players to implement support for BD+, but not all Blu-rays need to be BD+ enabled. From a player's perspective, a Security Virtual Machine (SVM) needs to be implemented. Blu-rays with BD+ have special content code which are loaded by the SVM and executed during the playback process. The content code has full control over all the components involved in playback. It can alter menus and show on-screen messages if some security breach is detected in the player.
One of the most common BD+ implementations involves storing garbled video on the disc (i.e, after AACS decryption, certain segments of the video are distorted). The content code can implement a fix for the distorted video so that licensed playback is still problem free. For example, in the recently released Contagion Blu-ray, watching the disc with an old version of AnyDVD HD (which performs only AACS decryption, say) would result in heavily distorted video in various scenes. This is because the BD+ code to fix the video wasn't being executed by AnyDVD HD. Unlike AACS, technologies such as BD+ from Irdeto (responsible for the BD+ in the Contagion Blu-ray) and Sony Screen Pass continue to evolve with each new disc.
BD+ needs a SVM to be implemented, but note that the Blu-ray specifications already include a VM requirement for the BD-Java feature. This BD-J feature can also be used to implement structural protection schemes such as Sony DADC's Screen Pass. In this scheme, BD-J code on the disc actively looks for signs of protection being in place during playback. When the BD-J code finds that the protection features are missing (say, due to playing an unprotected copy, or when ripping tools are active in the background), playback is immediately stopped along with an on-screen message. DVDFab's blog has some more details on Screen Pass.
In addition to DRMs aimed at directly protecting content by encryption, the Blu-ray developers also considered some watermarking schemes. Watermarking doesn't actually encrypt the content, but places some non-discernible (to the naked eyes/ears) information in the audio / video tracks of the stream. By serving as a digital signature, it helps the player / analyzer identify the content status. In the next section, we will be talking in detail about Cinavia, the audio watermarking scheme from Verance. Thomson's NexGuard is a type of video watermarking scheme which works with the help of the BD+ SVM. The BD+ content code embeds some invisible information in the video track which contains details of the player / drive used to decrypt the stream. If the video gets out and becomes a 'pirated copy', the watermark can be analyzed to determine the player / drive responsible for the 'piracy'. BD+ code in subsequent Blu-rays can be used to blacklist the player / add it to a revocation list.
If you are interested in learning more about content protection in Blu-rays, I strongly suggest perusing Chapter 4 of Blu-ray Disc Demystified.
121 Comments
View All Comments
colonelciller - Wednesday, March 28, 2012 - link
wow that's lame... the industry is totally out of touch with reality aren't theyGuspaz - Wednesday, March 21, 2012 - link
But they make it impossible for me.Say I want to buy a movie or TV series. If I buy it on BluRay, I can't watch it on my iPad. If I buy it on iTunes, I can't watch it on my preferred PC player or TV (not without buying an Apple TV), and it costs twice as much as the bluray.
Meanwhile, if I were to download a torrent of the movie or TV episode, it plays on my TV, it plays on my computer, it is easily transcodable or remuxable to my iPad, and there is no DRM hassle whatsoever.
About the only bright spot in all this is Netflix, where the DRM simply isn't a problem by virtue of being completely transparent, and having clients for every conceivable device I'd want to watch it on. The problem is that I can't get all my content through Netflix, as much as I'd like to.
The music industry FINALLY got a clue, and at this point they begrudgingly sell their content DRM-free at reasonable prices. The current road the television and movie industries are on ends in a cliff.
colonelciller - Wednesday, March 28, 2012 - link
I agree with the music industry getting a clue finally with the DRM-free... but as for reasonable prices I'd have to disagree wholehartedly.IF... they were selling songs for about 90 cents each for CD quality FLAC or Apple Lossless then ok... but for the compressed mp3 format then the only price I'D pay is about 2cents per song.
I didn't invest in a hi-fi stereo to play crappy mp3 files
arjuna1 - Wednesday, March 21, 2012 - link
Yet another department where pirates get better service than paying customers.Gotta love the entertainment industry.
mindbomb - Wednesday, March 21, 2012 - link
it actually seems alright from what's presented in this article.Are they encoding from a lossless master, or do they just simply use blurays?
ganeshts - Wednesday, March 21, 2012 - link
Quality wise, it is pretty good. However, it still comes bundled with all the Blu-ray issues.. You can rent and watch it on a device but it comes with issues such as a 24 or 48 hour watch window. If you buy it, the purchased copy which is downloaded can only be played on that particular device / still bundled with DRM.I will ping Vudu PR about the details of the encoding process they are using (after our AppleTV 3 review is up, because it has some relevant details I would like to point out to their PR).
deva - Wednesday, March 21, 2012 - link
I can't help but think that the use of fancy DRM features by content has to be an element of the following:Senior Exec: "WE NEED TO PROTECT OUR CONTENT, WHY AREN'T WE DOING MORE TO PROTECT OUR CONTENT!?"
Engineer: "Yes sir, right away sir. There is this lovely new DRM produced by 'company x' that will protect our content to a high level....."
Senior Exec: "Excellent work young engineer. You're in line for a promotion for such innovation and forward thinking."
I hope my point come through OK. In all industries, in my experience there tends to be a fair bit of 'management appeasement' which can lead to poor choices being seen as great ones.
Zoomer - Wednesday, March 21, 2012 - link
The engineers don't care; their product experience isn't really that impacted by all that crap. Which they bypass.colonelciller - Wednesday, March 28, 2012 - link
I'd bet you that the guys who make these systems never actually have to tolerate these systems when they are at home watching a movie from their own collectionarcher75 - Wednesday, March 21, 2012 - link
Streaming doesn't work for me. The quality is poor, even on FIOS and there is no HD audio. Luckily I have no bandwidth caps but most do.So once quality improves and HD audio is included i'm on board. Until then i'll happily stick with discs.