Thread: Understanding AACS (including Subset-Difference)
View Single Post
Old 4th March 2007, 16:57   #125  |  Link
FoxDisc
Registered User
 
Join Date: Jan 2007
Posts: 274
Quote:
Originally Posted by arnezami View Post
@FoxDisc: I think what xyz987 is trying to say is that if the Device Keys from Player A are used (eg. to generate a Processing Key) to decrypt the bulk of the content and the Sequence Keys of Player B are used for the other parts then the AACS LA will only be able to trace Player B. Not Player A. And only the DKs (and SKs) of Player B will be revoked.
In that sense the DKs and SKs are "decoupled".
Preliminary comments: This is a complex system, and I do not pretend to fully understand it. I expect to make errors as I delve further. I truly thank you and xyz for your comments - they lead me to better understanding. At this point I'm trying to understand better, not to explain to others. Where I disagree, I will say so and say why. Where I think I am wrong, I will try to say that too.

I don't disagree with your characterization of "decoupled." It's just that once the SKs for a device B have been revoked by revoking the DKs and the SKs for device B, then the movie can no longer be decrypted by device B. Device A can still decrypt the movie for his own use, but so what? The AACS LA does not care if he is compromised, as long as he does not release 1) the decrypted title or 2) keys necessary to decrypt the whole title.

If he released either 1 or 2, then he releases enough information to identify his device for revocation.

Quote:
It may also be possible to get SKs out of many standalone players making it harder or impossible to track them. Effectively disabling (or slowing down) the tracing system. As far as I know SKs do not require any KCD-like something so they can be used on PC systems aswell. Meaning: get a Device/Processing Key from a software player (or alternatively: a Proc/Dev key from a standalone and using KCD enabled patched PC-drives) and keep using the SKs taken out of many standalones.

A more practical example: lets say there is a way to get SKs out of a certain type of standalone. And lets say there are 30 people willing to help. If each of them releases a few of their SKs it may be hard or impossible for the AACS LA to track these standalones down.

How difficult this actually is for the AACS LA and how to organize this ourselves is something we have to figure out. I do however believe the tracking system has its limits. It may be possible to permanently disable the tracking system this way . We'll have to do the math for this.
Here is how I see the future: I know my crystal ball is still cloudy, however

A decrypted title or a program that can decrypt a title will define a set of compromised sequence keys. That set and the matching DKs for that set can be revoked. As far as I can tell, no innocent devices will be revoked. The SKs involved will become "compromised" and only traitor devices will be involved in revocation.

I am not saying that this is the end of the matter - that the AACS LA will succeed in revoking and fixing the broken system. I actually think they will fail, but I think they will fail because of what you describe - multiple devices will be broken to get their SKs and DKs faster than they can be identified and revoked. Not all information will be revealed at once from all compromised devices.
FoxDisc is offline   Reply With Quote