I gave a talk this morning at RSA 2008 on “Designing and Attacking DRM” (pdf of slides). It was pretty wide-ranging, covering everything from how to design good DRM to the latest comparison of Blu-ray protection, AACS vs. BD+. Those interested in the latter should see the last few slides, especially with news that AACS MKBv7 (appearing on retail discs later this month) has already been broken by Slysoft.
The timeline slide (page 25) is an attempt to capture the history of when discs were released into an unbroken environment or not. You want the line to be mostly green, with a few brief red segments here and there. AACS so far has had the inverse, where it is a long red line with a brief segment of green (a couple weeks in the past year and a half).
I also introduced two variables for characterizing the long-term success of a DRM system, L and T. That is, how long each update survives before being hacked (L), and how frequently updates appear (T).
In the case of AACS, L has been extremely short (if you discard the initial 8-month adoption period). Out of three updates, two have been broken before they were widely-available and one was broken a few weeks after release.
Additionally, T has been extremely long for AACS. Throwing out the initial year it took to get the first MKB update (v3), they’ve been following an approximate schedule of one every 6 months. That is much too long in a software player environment. I don’t know any vendor of a popular win32 game that would expect it to remain uncracked for 6 months, for example.
Of course, people in glass houses should not throw rocks. As someone who had a part in developing BD+, I am biased toward thinking a different approach than mere broadcast encryption is the only thing that has a chance of success in this rough world. The first BD+ discs were cracked in mid-March, and it remains to be seen how effective future updates will be. Unfortunately, I can’t comment on any details here. We’ll just have to watch and see how things work out the rest of this year.
2008 will prove whether a widely deployed scheme based on software protection is ultimately better or equivalent to the AACS approach. I have a high degree of confidence it will survive in the long run, both with longer L and shorter T than the alternative.
rdist 
Do you have any idea for how the time-to-crack is affected by the relatively slow adoption of Blu-ray? I’m curious whether there will be more effort once most of the desirable content is available in Blu-ray. Since it’s now the standard adoption will go up and more people will actually have content which they want to use in a way blocked by the DRM (e.g. copying movies onto a laptop / ipod for travel).
Chris, that’s a good question and one reason why I do not count the initial period (time of first release to first crack). There are many reasons why it may take a while to crack, including lack of familiarity with the platform or lack of interest or availability of the content (as you point out).
The relationship between interest and compromises is not a linear one. The doom9 crowd had a lot of success getting AACS keys before high-def formats were very popular. But once player security improved, they’ve failed to crack MKBv4 and beyond. There may be a couple free agents out there who might focus on it in the future, but it’s clear this battle has already moved beyond the doom9 regulars.
The end game for most DRM for systems that are widely popular is intense competition between custom protection and for-profit hackers. If you look at DVD, arguably the most popular protected video format ever, it has become this kind of conflict.
Protection like RipGuard continues to force DVD rippers to update their software. Some updates take a little while to crack. And all this is done with a really puny VM intended for animating menus. I think with a purpose-built system, we’re in for a long and interesting exchange.
I have to say, I find the ins and outs of all these protection schemes very interesting, so thanks for the informative posts.
However, I have some difficulty in getting a concrete grasp on BD+ and its mechanisms. I understood that each disc basically has some VM applet that’s responsible for integrity checking and descrambling. The mesh design pattern is also very nice. But my fundamental question is this, doesn’t it all stand or fall on how good the media binding is? Isn’t this where your mesh reverts back to a chain? Because, I would assume that anyone who can *exactly clone* a disc, exactly clones all the physical characteristics, the VM code that checks those characteristics, and the code that does the descrambling. Or am I missing something here?
If the media binding is a possible single point of failure, then the whole BD+ vs AACS debate assumes that the media can’t be *exactly cloned* so the pirate has to do some reverse-engineering to disable protection, doesn’t it? Because either scheme is broken if you can exactly copy, I would think. Under this argument, is there any reason to suspect the pirates won’t invest money in this angle, more than breaking the software protection in the future, if the cost of attacking a BD+ disc becomes too prohibitive for them. Anything suggest they won’t eventually be able to exactly clone?
Apologies if I have missed something here, I’ve never actually tried to attack any of these kind of protection schemes (never even ripped a DVD movie, for example) so my understanding and point of view is of course theoretical. Just tell me I’m being an idiot, and at least I’ll have learned something!
Byron, thanks for the thoughtful comment and for always coming up with a good response.
Perfect physical copies of a disc using, for example, commercial equipment, are a very tough attack to deal with. In the most extreme case, how can consumer equipment distinguish between two copies stamped from the same master? The answer is “it can’t”. But you can still do something about this.
Modern DVD and BD replication equipment can write a unique number on each disc (called burst cutting area on DVD, PMSN on Blu-ray). The entire disc is still the same but each one is slightly personalized.
When you write the BD+ code, you can put some “poison pill” logic in as well. For example, it might be “run SHA1(readPMSN(), secretValue) and if it equals magic value 87B2A058…, stop playback and ask user to enter unlock code.” Then, once your spies in the field see 50,000 copies of a disc with PMSN 1234, you calculate and store the appropriate magic value from the next disc you release.
The nice thing about this is it only affects the 49,999 people who bought the pirated disc and one person who probably was complicit in copying it. Because you provide an override menu, it means users will have a chance to call up the studio and buy a license to it if they were caught unaware.
Flexible schemes like this are only possible if you can write custom protection code for each disc.