View Single Post
Old 2nd March 2007, 01:32   #54  |  Link
xyz987
Registered User
 
Join Date: Dec 2006
Posts: 142
Quote:
Originally Posted by FoxDisc View Post
Device keys won't do much to break "the revocation system." Even if there is only one valid player out there and you have all the device keys for all the other players, the revocation system will still work to allow that one player and keep all the rest revoked.
You are right when you say that just Device Keys are not enought to break it. However the capability to get full sets of Device Keys will break it. It is this capability what matters, not the Device Key itself, and the way to get this capability is getting previously some DKs.

As I previously posted, if attacker A gets a full set of DKs, he can simply publish the DK that directly computes the PK. They can not revoke the player because they don't know its identity. If they revoke the DK, attacker simply publish the new DK that is used to "encrypt" (to compute the new PK). So they must try traitor tracing, but this is probably not effective (i.e. "traitor" can not be traced).

However to get this capability (getting full sets of DKs) attacker A needs some people have experimented how to get DKs. Attacker A can use this previously found keys to know what to search, or to check if his method is really getting DKs, and previous practice is even more important than keys. That's why I said we need to get so many keys and so hight in the trees as possible.

They can not revoke any player if they don't know its identity. Traitor tracing is at the very center of the problem, if they can not do it effectively, AACS will become quickly broken.

Edit: just an example:

Let's say WinDVD 8 is player 9 at master tree (22 level), so it has keys 8,5,3 in its DK set. If you get its DK set, you know which is WinDVD 8 position at master tree (you know it is player 9). A lot of useful information can be extracted of DK sets. This includes knowing if some standalones share the same keys, if soft players are contiguous at master tree, where a model of standalone stores DKs and how they are protected, and a lot of awaiting discoveries. WinDVD 8 will be revoked, the first compromised standalone will be revoked. So what?. Discoveries will remain.

Last edited by xyz987; 2nd March 2007 at 02:48.
xyz987 is offline   Reply With Quote