Windows Vista content protection

Posted on February 8, 2007 by steve

A few weeks ago, A Cost Analysis of Windows Vista Content Protection was published by a software researcher from New Zealand. The paper went into deep discussion on what was, up to that point, completely uncovered topic related to the underlying Windows Vista code to comply with protected content playbacks for next-gen formats (Blu-ray and HD-DVD). Subsequent conversations about this topic flared up across the web, on Security Now! podcast as well as other various TWIT network related podcasts.

Part of me didn’t believe that even Microsoft would go as far as implementing a content protection system that would come at a such detriment to the consumer. So I waited for weeks to see if Microsoft had any sort of public statement and rebuttal against it. Microsoft did eventually comment on the content protection behind Vista, and really couldn’t say much more other than admitting, and putting a good spin on what has been done.

Short blurb about AACS
To understand Windows Vista content protection, we have to first understand the difference between DVD, Blu-ray and HD-DVD. Our good ol’ DVD format was made during the adolescence of the digital content era. At the time the movie studios were promised that this complex encryption algorithm would never be cracked. As it turns out, CSS (the method of encryption used on DVD) wasn’t as impervious as we thought. If I recall correctly, the key to decrypting CSS was discovered in one of the software that plays back DVD on the PC. Since there’s no way to revoke that key once discovered, CSS encryption was hence cracked forever.

Thus, with HD-DVD and Blu-ray, the studios sought out a much more effective method of protecting their content. What they arrived at is what’s known as AACS (Advanced Access Content System). The key differences between AACS and CSS are:

  • AACS seems to have a more modern public/private key encryption system, where there are many more keys assigned than there are in CSS encryption. The granularity of key distribution is unknown. Keys can be handed out on a per-player or per-model number basis, or perhaps even a per-company basis. This is unknown.What is for sure, is that there is a very complex & established backend that manages the distribution & licensing of all these keys.
  • AACS uses a revocable broadcast system, where the content providers can revoke keys that has been hacked & distributed illegally. So if they realize a certain key has been compromised, they could distribute future content where they no longer will play and decrypt by using that pirated key.
  • Manufacturers of players, either software or hardware based, has to pay licensing fee to AACS in order to use the keys. If a certain manufacturer say, goes out of business and then fails to pay the licensing fee, there are no guarantee that your player from that said manufacturer will continue to function. They could revoke the key and you would essentially be stuck with a brick (or useless bytes on your hard drive, if it’s a software player).
  • AACS is also “policy-based”. Meaning that each Blu-ray and HD-DVD has a list of configurable policy to act with the hardware/software system that it is playing on. The content provider can choose to enable & disable certain features. For example, a lot of first-generation players shipped with component output which does not support HDCP (the end-to-end encryption from your player to your TV set), and a lot of current content does not have the policy to disable or degrade playback at the lack of HDCP. However content providers can choose to enable this feature in the future and once again, render your current hardware/software potentially useless.

How doe this affect Windows Vista?
Microsoft has an obvious strategy on making Windows Vista the next “media center” for every home, which probably also led to the decision for them to comply with just about everything that content providers wanted, even above and beyond the normal amount of compliance that is expected from a hardware manufacturer of traditional players.

AACS on its own is much more resource intensive; which explains why very early first generation Blu-ray and HD-DVD players can take as long as a minute to just “load” the disc. Of course that has improved with better & cheaper processors in the players, and won’t be much of an issue on your PC. Other than this resource being taken up by decryption, there are still other issues.

Like the aforementioned flexible policy with AACS, Windows Vista is also designed to “degrade” video & sound playback quality if the policy of the content calls for it. Of course all players has to deal with this, but PC users has the worst of it, because there’s a severe lack of completely compliant hardware available. To have complete compliance with AACS, you need to have HDCP, the end-to-end data encryption protection from the disc all the way to your monitor/speakers. There are very few hardware available that has HDCP compliance. There are very few HDCP compliant video cards, I’m not aware of any HDCP compliant sound card at all (which means you can’t get a digital output, only analog), and there are next to none HDCP compliant computer monitor on the market.

Furthermore, complete HDCP compliance requires part of the video/sound driver to become a “black box”. Obviously if the driver source code is available completely, HDCP would be easily hacked or bypassed by some method. So those users who chooses to run alternative operating systems, such as Linux, may be completely out of luck when it comes to HD content on their computer. There would be no open-source driver development to support HDCP components.

However, like I said earlier, most content available now do not have the entire set of compliance rules enabled, simply because there are still plenty of HD components on the market that doesn’t have compliance, and will *never* be compliant. It’s hard to say whether the content provider will eventually enable these features, and essentially shut out all first generation HD adopters (players & TV without HDCP support are all going to be obsolete if they choose to do so). It remains a fact that they are the ones in control, the consumers are not.

Other than HDCP compliance checks, Microsoft also implemented a “tilt-bit”. This is where they go much further to ensure content provider’s happiness than even the stand-alone players. A “tilt-bit” is a term derived from pinball machines, where there’s a detection that if you tilt the machine too much, the machine would consider that you were cheating & stop your ability to continue play. There is a constant system check that runs in the background every 30ms (milliseconds) when you are playing HD content. It checks against all the drivers in the system, all the processes, to make sure that nothing “weird” is going on. Nothing out of “expectation” is going on.

The reality is that computers are rather fickle machines. When you have millions of microscopic circuits on a tiny little chip smaller than your nails, there are a lot of errors that happens on a very small scale at all times. Computer chip do deteriorate over time as well, resulting very small breakdowns in circuits. Most people don’t realize that their computer is very much like their car, where “wear & tear” over time eventually degrades performance and kills a computer (which answers a lot of the questions like, “Why did my computer break down? I’ve only had it for 5 years and only ran one software on it!”). A “tilt-bit” check essentially catches errors similar to what your computer will naturally produce, and then decides what is deemed “appropriate” and what might be “hostile” and then restarts your graphic subsystem if it detects any potentially “harmful” behavior.

This is done to ensure that there isn’t any memory resident hack that’s capturing the decrypted output somehow. It’s also a very wide-area check for any potential hack of any sort that the system just can’t even predict or even know about. It’s like catching brim shrimps with a fishnet.

Lastly, there is a 128-bit encryption for all data sent through the PCI bus to your video card during playback, to ensure that no one can use any sort of a hardware snoop to capture unencrypted data going from the disc to your video card. HD content already takes up much higher bandwidth than DVD, now imagine having to encrypt/decrypt that content over PCI bus in real time. That’s an incredible amount of resource being eaten up for no reason other to service the content providers.

Will other OS’s follow suit?
This kind of insanely taxing implementations of content protection, is what I believe to be the reason that we have yet to see any sort of next-gen content announcement from Apple.

As much as people criticize Apple’s FairPlay DRM for being a closed & proprietary system, people also forget how much Apple fought to reach the compromise that became FairPlay. FairPlay came at a time where record companies weren’t happy about distributing digital content, and even those who did, did not want to license more than one device at a time. They wanted to charge people money for every device that their music played on. Apple fought back, got the contract so people can play their music on up to 5 devices, and are able to disable licensing on devices that they no longer use.

Even before the iTunes Music Store (I’m also surprised at how many people forgot that iTunes existed without the music store at first, and the first iPods did not have downloadable content; it was just a MP3 player), iPod implemented a really screwy one-direction music download to the device, where the song names would be completely scrambled & referenced by a XML file to provide a “soft-protection”. This was part of the design that convinced the music industry that Apple were at least somewhat reasonable to work with. Apple didn’t do these things for no reason at all, they did it so they can negotiate some sort of a compromise that could appease both content provider and the consumers.

Microsoft had made absolutely no attempt at negotiating for a compromise of any sort. Even with their Zune player, they agreed to “pay” music labels for each Zune they sold, even if none of that label’s music would ever make it onto a Zune. Microsoft has certainly made a terrible example of how to deliver content protection to their consumer, and I hope other companies will not follow in their footsteps.

Share this on your favorite social website:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • email
  • LinkedIn
  • Live
  • MySpace
  • Tumblr
  • TwitThis
This entry was posted in Tech Gone Wild and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>