Introduction & Overview
Digital content has a wide variety of applications in our current society and has many benefits. Audio Compact Discs (CDs), movies on Digital Versatile Discs (DVDs), documents in electronic form (such as PDF) are all tremendously useful. One of these benefits, faithful reproduction of the original, is somewhat of a “double-edged sword.” Analog content is also reproducible (and to some degree, more easily so than digital), but typically is not so faithfully reproducible that the copy is of lower quality than the original. Digital copies, however, are (usually) complete, exact replicas of the original. This is a benefit for passing identical versions of a document through an e-mail system or making a backup copy of an original CD. It can also be a detriment because the barriers to copying and reproducing that content have been effectively removed (it’s trivial to copy a movie) which can, and has, led to unauthorized duplication of the material.
The content producers and rights holders are concerned about distributing their content in digital format when it can so easily be copied . As such, they’d like a system in place to control the use of that content. Digital Rights Management Systems (DRMS) attempt to do just that. There are many different definitions for DRM systems, often driven by a specific application domain or business model. Some even go so far as to require a payment mechanism be a part of the system . A more general definition, and a more useful one, is a system that controls the uses of content.
In the entertainment arena, controlling the use of the content consists primarily of ensuring that unauthorized copies cannot be made (this paper will not explore the legal aspects to DRM systems and whether copies are currently allowed to be made by the Copyright Act of 1976 but are prevented by most systems and not supported by the Supreme Court). For consumer electronics devices (CE), the goal is allow licensed players to play the content while preventing unlicensed ones from doing so. For consuming the content on a personal computer, the goal is essentially the same, but a wider variety of options are available for allowing the consumers to work with the digital content. Without effective DRM systems in place, the content producers and distributors simply will not distribute their content digitally . While there are many conflicting studies about the impact of illegal copying of CDs, the fact is that the movie studios and music studios learned their lesson and will not produce unprotected content in the future. Key (no pun intended) to these technologies is the ability for the content producers (generic term – could be distributors, etc.) to revoke the ability for a player to play the content.
This paper will explore three such systems: the Content Scramble System (CSS)  from the DVD Copy Control Association (DVDCCA), the Advanced Access Control System (AACS)  from the AACS licensing authority (LA) , and the Windows Media DRM system  from the Microsoft Corporation . It will only describe the systems in enough detail to understand key revocation. Some of the details of these systems are not public and a full description of these systems would exceed the length restriction of this paper by at least one order of magnitude. The description of CSS will motivate the need for both secure systems and effective key revocation.
Content Scramble System (CSS)
CSS is the content protection system that was developed by the Copy Protection Technical Working Group in 1996 for use on commercially-produced DVD-Video discs. Support for CSS was embedded in both DVD drives and players (either the host of the drive, a set-top box, or a hardware/software player on a computer). Licensed players receive a player key from the DVDCCA. The player key, used in conjunction with a series of keys both on-disc and generated through the CSS protocol, validates that the player should be allowed to access the encrypted content and also to decrypt the content. Because of export restrictions in effect at the time of creation and implementation, key length in the CSS encryption algorithm was limited to 40 bits. It is important to note that the DVD drives never decrypt the data; instead they participate in a key exchange protocol with the player that transfers the correct key to the player so that it can decrypt the data. Unencrypted data is never passed across the bus.
There are a series of keys involved in CSS:
Bus (or session) key: A key generated during the protocol to encrypt keys passed over the bus
Disc key: A key generated when the disc is created and unique to the disc
Key 1 and Key 2: Intermediate keys generated during the authentication process
Player key: A key given to a licensed player implementation by the DVDCCA
Title key: DVDs are made up of a series of titles. This is a unique key for a given title.
On each CSS-protected disc, in a protected area, exists a key block. The disc key, hashed with the CSS hashing function, is stored there. Also in that block is a table containing the disc key encrypted with each of 409 valid player keys. The player retrieves the encrypted disc key, decrypts it, hashes it, and then compares hash of the decrypted key against the hashed disc key read from the disc. If they match, the correct disc key has been retrieved.
After the disc key has been successfully decrypted, the title key can be retrieved and decrypted (with the disc key) and playback can proceed.
Playback of CSS-protected content happens in three stages:
Stage 1: Authentication
In this stage, the host and the DVD drive convince each other that they are both talking CSS and that they should be allowed to. In this phase, the player key is sent to the drive hashed using the CSS hashing algorithm. The player key is validated against the table of keys in the key block. Through the completion of the authentication protocol, a bus (session) key is generated.
Stage 2: Key Transfer
In this stage, the disc key and title keys are transferred from the drive to the player. These keys are encrypted with the session key.
Stage 3: Playback
In this stage, the encrypted video is transferred to the player where it is decrypted using the title key.
Key revocation consists of preventing the player from being able to decrypt the disc key. This is implemented by not storing the disc key, encrypted with the player key, in the key block. As discussed above, that disc key is necessary to continue the process of retrieving further keys necessary for successfully decrypting the content of the disc. While this does indeed allow for key revocation in theory, there are a number of issues that have rendered it (and the entire system) effectively useless. The export restriction on key length to 40 bits alone was (and certainly now is) enough allow it to be fairly easily broken through a brute force attack. There are several attacks on the cryptographic function itself as it uses two Linear Shift Feedback Registers with some weak properties . Additionally, there is an O25 on the disc key   .
Finally, the largest weakness in the system turned out to be an implementation issue. The Xing software player did not keep its player key encrypted and was recovered through disassembly . That key alone was enough to decrypt all existing discs. Additionally, the table of disc key encrypted with the player keys is susceptible to attack because with one known player key and known plaintext (the disc key); the remaining player keys can be retrieved through a brute-force offline attack . Thus, CSS has been completely broken. Due to this and unfortunate key choices, the remaining 400+ keys were recovered through some strategic guessing. Thus, revoking all comprised keys would have rendered useless all existing players for all newly produced DVDs. So, the ability to revoke keys isn’t as useful as it appears if generating and distributing new keys isn’t feasible.
Because of the limitations of CSS and the relative ease of breaking it even without a poor implementation, the need for a more robust cryptographic system along with stronger key revocation became obvious.
Windows Media DRM
The Windows Media DRM system is prominently in use today by a wide variety of online music stores   . This system allows for large scale distribution of protected content along with a reasonably flexible number of rights that the content producers and copyright owners can control.
Windows Media DRM licenses a player to work with protected content by issuing it a StubLib that is statically linked to the player application. The StubLib is essentially a public / private key and a certificate. Protected content is encrypted with a key generated by the content producer. A license is file containing the key necessary to decrypt the content, encrypted with the player’s key. Thus, the content is packaged separately from the information necessary to decrypt it. When a player attempts to play a protected file, it must first retrieve a license containing the key to decrypt that file. A request is made to a license server (specified in the content file) to acquire that license. The diagram below describes the process of producing an encrypted file:
This diagram describes the process of attempting to play an encrypted file and license acquisition.
Player revocation uses a certificate revocation list (CRL). CRLs are maintained by Microsoft and distributed to license servers. When preparing a license, the license server packages the most recent CRL into the license. It seems like the player software could simply ignore the CRL, but because the code to apply the license and decrypt the file is a sealed black box (Windows Media Format SDK), the player software cannot prevent the CRL from being applied and thus its certificate from being revoked.
Distributing new keys to players consists of generating and distributing a new StubLib to the company that produced the player software. That company must then update the executable and distribute it to the end users. In this system, because it involves software or at least devices running software, key revocation and distribution is much more feasible than CSS. Additionally, key management strategies can be much simpler because there are fewer hardware limitations on software-based systems (admittedly, mobile devices do have some) the software / devices using the Windows Media DRM system are able to be connected to the Internet and updated. It is much more difficult to update a set-top box and supply it new keys or an update to the decryption implementation.
Advanced Access Control System (AACS)
AACS is the content protection technology that is specified to be in use for the next-generation, blue laser DVD discs (Blu-Ray Disc and HD-DVD). The lessons of CSS have been applied and the various standards committees and working groups have arrived at a much stronger encryption technology than before. In place of fairly weak and secret cryptography technology, AACS relies heavily on the National Institute of Standards and Technology (NIST) standards for cryptographic protocols including AES (128 bit keys), SHA-1, SHA, and the CMAC.
Like CSS, AACS separates the physical drive from the player. Often the player will be software, either locked inside of a set-top box or on a PC. Additionally, a form of public/private key cryptography is used including certificates. While not X.509 certificates, they do model the Public Key Infrastructure and the AACSLA acts as the CA and has it’s “root” certificate “baked in” to the players and the drives. These certificates contain the public key of the device (either the drive or the player) and are signed with the AACSLA’s certificate.
As with CSS, AACS relies on a scheme where a device key is used to unlock the disc (media) key to start the process of decrypting the content. CSS had a fixed set of keys for the devices and devices shared keys. Thus it was difficult to revoke keys without affecting compliant devices. The AACS key structure uses NNL key management to resolve the problem . Ideally, each device would have a unique key. However, with the expected number of devices needing keys, this quickly becomes infeasible. Instead, each device has a set of keys and those keys are shared with other devices. However, no two devices have the identical key set. The set of keys given to a device can number in the millions. However, because this scheme allows devices to compute additional keys, only a small subset of those keys need to be stored in the device and the rest can be computed. Thus, there is a large set of keys to choose from.
Additionally, these device keys are organized into a binary tree. From a given node, the keys below can be computed via a one-way function.
The media key is then encrypted with the minimum number of device keys that covers the set of compliant devices and stored on the disc. Thus, if there are z compliant devices and the minimal intersection of the sets of their keys is of size s, there will be s unique encrypted copies of the media key stored on the disc. Because the keys are organized into a tree, to cover an entire subtree, the key from the root of the subtree can be used. Thus, when all possible keys are valid (before any have been revoked), only one copy of the media key is necessary.
Interestingly, AACS allow for content transfer from one device (a drive / disc) to another (a hard drive-based player) if all the devices involved are AACS compliant.
As with CSS, playback of AACS-protected content is handled in 3 phases. Authentication ensures that both the device and the player are valid, key transfer retrieves the keys necessary for playing the content, and playback plays and decrypts the content.
There are several aspects of player key revocation in AACS. The first is a conventional revocation list. This is stored in the media key block on every disc and used by the drive to determine whether the player application is valid. Drives are required to store the most recent revocation list found. In most revocation schemes, a player cannot access content that was produced after its key was revoked; in AACS, once a disc has been read that contains the revocation containing that player’s key, it is considered revoked and will not be able to player older content that was created prior to the revocation.
Secondly, there’s the subset-difference record in the player key tree. This prevents the player from being able to generate an accurate media key and access the content. This entails making sure there are no copies of the media key encrypted with any of the keys given assigned to the device being revoked. Again, because of the large number of device keys that each device stores or can compute, there will be a small set of keys that the non-compromised (non-revoked) devices know and the revoked devices do not. Combined with the tree structure for describing revocation, the list of media keys, encrypted with these valid device keys, is usually small. As more and more revocations happen, the list grows. The AACS specification  indicates there are, on average, 1.28 encryptions of the media key per revocation.
Thus, player key revocation is achieved both by attempting to block revoked players from continuing in the authentication process (via the CRL) and also from being able to correctly decrypt the contents of the disc (by the subset-difference tree).
Thirdly, there is the concept of drive key revocation. On every disc, in the media key block, there is also a revocation list for drive certificates. Thus, the drive in a host/drive configuration could be revoked rendering the system inoperable.
Additionally, in “open” systems (not a set-top box screwed shut without an Internet connection), the player certificates expire after one year and are revoked 6 months after that. So player software must have the ability to connect to the Internet and download a new certificate.
DRM systems, especially in the digital entertainment space, need some form of right revocation. Content producers simply will not allow their content to be distributed in digital form with very strong protection systems. Regardless of the realities associated with unauthorized duplication of the content, their concerns are very real and a roadblock to more flexible distribution mechanisms. Audio CDs and the ripping and unauthorized distribution of songs clearly show this need. Thus, the DRM system, and its corresponding revocation strategy, needs to be both very secure (using the best available open, published algorithms and standards) and well implemented. Strong cryptography, as implemented in both Windows Media DRM and AACS, is absolutely necessary. Fine-grained revocation, again as implemented in both Windows Media DRM and AACS, is also necessary. The content producers are pushing on both fronts. The collision of their right to protect their copyrighted works and the consumer’s rights under the Fair Use provisions of the Copyright Act also impacts the design and flexibility of the DRM systems, but unfortunately, is a topic for another paper.
 Adelsbach, Andre and Schwenk, Jorg. 2004. Key-assignment strategies for CPPM. In Proceedings of the 2004 workshop on Multimedia and security. Association for Computing Machinery, Magdeburg, Germany, 107-115
 Advanced Access Control System. http://www.aacsla.com/specifications/
 Advanced Access Control System Licensing Authority. http://www.aacsla.com.
 Bloom, Jeffrey A., Cox, Ingemar J., Kalker, Ton, Linnartz, Jean-Paul M. G., Miller, Matthew L., Brendan, C., and Traw, S. Copy Protection for DVD Video (1999) In Proceedings of the IEEE (USA)
 Content Scramble System. http://www.dvdcca.org/css.
 DVD Copy Control Assocation. http://www.dvdcca.org.
 Kesden, Gregory. Lecture notes. (2000) http://www.cs.cmu.edu/~dst/DeCSS/Kesden/
 Lotspiech. Advanced Access Content System. Available at: http://www.lotspiech.com/AACS/
 Microsoft Corporation. http://www.microsoft.com.
 Napster, Inc. http://www.napster.com
 Fetscherin, M. and Schmid, M. 2003. Comparing the usage of digital rights management systems in the music, film, and print industry. In Proceedings of the 5th international Conference on Electronic Commerce (Pittsburgh, Pennsylvania, September 30 - October 03, 2003). ICEC '03, vol. 50. ACM Press, New York, NY, 316-325.
 Stevenson, Frank A. Cryptanalysis of the Content Scrambling System. Available at
 Tayor, Jim, Johnson, Mark R., Crawford, Charles G. DVD Demystified, 3rd Edition. McGraw Hill, New York, New York, 2006.
 Walmart, Inc. http://downloads.walmart.com/swap/
 Windows Media DRM. http://www.microsoft.com/windows/windowsmedia/drm/default.mspx
 Yahoo, Inc. http://music.yahoo.com/unlimited/