A Security Analysis of Some Physical Content Distribution Systems

Content distribution systems are essentially content protection systems that protect premium multimedia content from being illegally distributed. Physical content distribution systems form a subset of content distribution systems with which the content is distributed via physical media such as CDs, Blu-ray discs, etc. This thesis studies physical content distribution systems. Specifically, we concentrate our study on the design and analysis of three key components of the system: broadcast encryption for stateless receivers, mutual authentication with key agreement, and traitor tracing. The context in which we study these components is the Advanced Access Content System (AACS). We identify weaknesses present in AACS, and we also propose improvements to make the original system more secure, flexible and efficient

Key-Assignment Strategies for CPPM

CSS, the first system to protect multimedia content on the new DVD medium failed badly, because both its encryption algorithm and its key management could easily be broken. A new industry initiative, the 4C Entity, LLC (founded by IBM, Intel, Matsushita and Toshiba), presents a more mature approach, called “Copy Protection for Prerecorded Media ” (CPPM), which has already been adopted in DVD-Audio. A key-feature of CPPM is its advanced key-management, which allows for system renewability by revoking compromised devices. Renewability means that content provider can encrypt the content, such that compromised devices cannot decrypt it, whereas noncompromised devices still can. In this paper, we review the basic concepts of CPPM and propose a framework to study its cryptographic strengths based on the published specifications. We will focus our assessment especially on CPPM’s key-management scheme, which, unfortunately, is not completely specified in the official publicly available specification. As a consequence, it is currently unknown, how the 4C Entity selects the device keys that are assigned to devices. As a main contribution we propose several suitable key-assignment strategies based on finite geometric structures and study their security