Checkmate! RUB researchers outsmart copy protection HDCP

“Man-in-the-middle” attack: undetected, the FPGA board manipulates the communication between the Blu-ray player and the flat screen as a middleman<br>Photo: Bastian Richter<br>

For over a decade, Intel’s widely used copy protection HDCP has been trusted by the media industry, which carries out business in high-resolution digital video and audio content worth thousands of millions. Researchers from the working group on secure hardware led by Prof. Dr.-Ing. Tim Güneysu of the Ruhr-Universität Bochum were able to checkmate the protection system of an entire industry with relatively little effort using a so-called “man-in-the-middle” attack. They will be presenting their results next week at the international security conference ReConFig 2011 in Cancun, Mexico.

Protection for digital entertainment

HDCP is now found in almost every HDMI or DVI-compliant TV or computer flat screen. It serves to pass digital content from a protected source media, such as a Blu-ray, to the screen via a fully encrypted channel. There have been concerns about the security of the HDCP system for some time. In 2010, an HDCP master key, which is intended to form the secret core element of the encryption system, appeared briefly on a website. In response, the manufacturer Intel announced that HDCP still represented an effective protection component for digital entertainment, as the production of an HDCP-compatible chip using this master key would be highly complex and expensive.

Attack on field-programmable gate arrays (FPGA)

That caught the attention of Bochum’s researchers. “We developed an independent hardware solution instead, based on a cheap FPGA board” explained Prof. Dr.-Ing. Tim Güneysu, who set to work with the final year student Benno Lomb. “We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.” We used the commercial ATLYS board from the company Digilent with a Xilinx Spartan-6 FPGA, which has the necessary HDMI interfaces and a serial RS232 port for communication.

Material costs of approximately 200 Euros

In their studies, the aim was never to find a way of making illegal copies. “Rather, our intention was to fundamentally investigate the safety of the HDCP system and to financially assess the actual cost for the complete knockout” reported Prof. Güneysu. “The fact that we have achieved our goal in a degree thesis and with material costs of approximately 200 Euro definitely does not speak for the safety of the current HDCP system.”

Manipulation via the middleman

This “man-in-the-middle” attack in which a middleman (the ATLYS FPGA board) manipulates the entire communication between the Blu-ray player and the flat screen TV without being detected is of little interest for pirates in practice due to the availability of simpler alternatives. The scientists do, however, envisage a real threat to security-critical systems, for example at authorities or in the military. Although Intel is already offering a new security system, HDCP 2.0, due to the backward compatibility, the weak point will also remain a problem in coming years, concluded Prof. Güneysu.

Further information

Prof. Dr.-Ing Tim Güneysu, Secure Hardware Group, Faculty of Electrical Engineering and Information Technology at the RUB, tel. +49 234 32 24626, gueneysu@crypto.rub.de

Editor: Jens Wylkop

Media Contact

Dr. Josef König idw

More Information:

http://www.ruhr-uni-bochum.de

All latest news from the category: Information Technology

Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.

This area covers topics such as IT services, IT architectures, IT management and telecommunications.

Back to home

Comments (0)

Write a comment

Newest articles

NASA: Mystery of life’s handedness deepens

The mystery of why life uses molecules with specific orientations has deepened with a NASA-funded discovery that RNA — a key molecule thought to have potentially held the instructions for…

What are the effects of historic lithium mining on water quality?

Study reveals low levels of common contaminants but high levels of other elements in waters associated with an abandoned lithium mine. Lithium ore and mining waste from a historic lithium…

Quantum-inspired design boosts efficiency of heat-to-electricity conversion

Rice engineers take unconventional route to improving thermophotovoltaic systems. Researchers at Rice University have found a new way to improve a key element of thermophotovoltaic (TPV) systems, which convert heat…