[floren]

I was thinking the other day about embedding keys in cameras, etc. but came up with the problem that you could just wire up a computer that BEHAVES like a CCD sensor and send whatever the hell you feel like in to the signing hardware, so you feed in your fake image and it gets signed by the camera as though it were real. I assume smarter people than me have put much more time into the problem, so I'd be interested to see any good resources on the subject.

[tshaddox]

I think you're essentially describing the hardware DRM supply chain.

For example, HDCP is a DRM scheme where Intel convinces (or legally requires) every manufacturer of HDMI output devices (e.g. set-top boxes, Blu-ray players) in the world to encrypt certain video streams.

Then, Intel requires manufacturers of HDMI input devices (e.g. TVs) to purchase a license key that can decrypt those video streams. This license agreement also requires the manufacturer to design their device such that the device key cannot be easily discovered and the video content cannot be easily copied.

Then, Intel gets media companies to include some extra metadata in video media like Blu-ray discs. This metadata can contain revoked device keys, so that if a TV manufacturer violates the terms of the license agreement (e.g. leaks their key, or sells a device that makes copies of video content), that manufacturer's TVs won't be able to play new content that starts including their key in the revocation list.

Of course, Intel's HDCP master key was either leaked or reverse-engineered, so anyone can generate their own valid device keys. Intel will probably sue you if you do this, I guess.

[charcircuit]

>Of course, Intel's HDCP master key was either leaked or reverse-engineered, so anyone can generate their own valid device keys

Of an older version of HDCP. New media can require a higher HDCP version where that bypass isn't possible.

[tshaddox]

That's certainly possible, but did that actually happen in practice? The downside is obviously that you essentially start selling new Blu-ray discs that don't work on any old Blu-ray players. I feel like I would have heard if that happened. Unless maybe the old players could issue firmware updates?

[charcircuit]

>That's certainly possible, but did that actually happen in practice?

Yes, see 4k blurays for requiring HDCP 2.2 requiring people to get a new bluray player.

[sebzim4500]

Interesting. I don't understand the revocation process though.

What stops the blu-ray reader from just ignoring the revocation list on the disk?

[tshaddox]

The revocation list is for the TV. Intel revokes a TV's key, distributes the updated revocation list on new Blu-ray discs, and when a compliant Blu-ray player is playing one of those new discs it will refuse to negotiate with a revoked TV.

Now that I think of it, I wonder if compliant Blu-ray players actually save the new revocation entries and then continue refusing to negotiate with revoked TVs even for old Blu-ray discs.

[galangalalgol]

If so, couldn't a malicious disc revoke all TVs?

[tshaddox]

Perhaps, although you’d presumably need Intel’s private keys in order to sign the revocation list.

[dylan604]

That's where the reversing comes in to switch the function call to check the revocation list to a NOP and just keep on going. At least, that's how I imagine HDMI equipment that ignores HDCP works

What stops them from being sold that way would probably be the licensing agreement and honest players. I'd imagine in China, there are lots of these types of devices available.

[blibble]

the blu-ray is encrypted and the player requires a key to decrypt it

if you want your blu-ray player to be able to read blu-ray disks you sign a contract that says you will respect the revocation list

if you change your mind later: your player key will be revoked and new blu-rays won't play on your device

(it's actually more sophisticated than this... they can block specific players too)

[tshaddox]

That doesn't quite sound right to me. I don't think a new Blu-ray disc could be released that continues to be readable by some old readers but is no longer readable by other old readers.

[blibble]

> I don't think a new Blu-ray disc could be released that continues to be readable by some old readers but is no longer readable by other old readers.

you can obviously think whatever you want, but you'd be completely wrong

DVD supported this 20 years ago, blu-ray's system is far more sophisticated and can even block individual players

    The approach of AACS provisions each individual player with a unique set of decryption keys which are used in a broadcast encryption scheme. This approach allows licensors to "revoke" individual players, or more specifically, the decryption keys associated with the player. Thus, if a given player's keys are compromised and published, the AACS LA can simply revoke those keys in future content, making the keys/player useless for decrypting new titles.

(from https://en.wikipedia.org/wiki/Advanced_Access_Content_System)

the spec also supports a persistent CRL so a new disk can also stop your old disks from working

[AnthonyMouse]

The problem, of course, being that some players will just read the raw bytes from the disc without even attempting to decrypt them, and then anyone can decrypt them in software using any other keys even if the player used to read the disc was revoked.

Then every time another player's keys are published it allows anyone to use the older player to read discs using the newer player's leaked keys. And some players are cracked but the keys aren't published, instead they use them to extract the disc key for every new disc and then publish all the disc keys, which can be used in the same way without revealing which player was cracked.

[tshaddox]

For CSS and AACS, yes. I was referring specifically to HDCP, which involves negotiation between source and sink devices and AFAIK has nothing like broadcast encryption.

[jacobr1]

I think you'd need device levels keys. You couldn't trust any particular image ... but you could perhaps know where it came from, which you gives you a better substrate upon which to infer trust.

[feralderyl]

Every time I hear about these watermarks that's what I think. There is nothing stopping someone from playing any video on a projector and simply recording the projected video on any device they want.

[mistrial9]

a very large number of consumer and high-end camera equipment does have unique ID of the device. Some metadata stores those device IDs along with other values like mfg or light settings. Its not signed into a binding chain, only marked at image creation time. The vast majority of people I expect would just copy the data files blindly.

[atestu]

What about adding other sensors like LIDAR to make it harder to fake what you’re filming? I think about it often too…

[gorlilla]

Harder only lasts temporarily until 'simple' can be commoditized. The fact we're discussing this implies there is a market for it since there is a need for any defense.

[blibble]

you'd have to do the signing inside the ccd silicon

(though if you have lots of time/effort/money you could still extract the key)

[AnthonyMouse]

Or attach the inputs on the CCD silicon to something other than the CCD array.