HDCP - Protecting the Goods?

HDCP (High-bandwidth Digital Content Protection) is a technology that protects “high-value digital motion pictures, television programs and audio against unauthorized interception and copying”. This copy protection system was developed by Intel, as a way to protect digital content as it travels from device to device. HDCP is used in a number for digital connection types, including those used in the home audio-video arena, DVI and HDMI.

Use of HDCP is not free; the technology must be licensed for use from Digital Content Protection, LLC, a subsidiary of Intel. With the licensing agreement comes with a long list of dos and don’ts. The list of do and don’ts is for the benefit the content creator, and Intel, but unfortunately not always good for the end user; that would be you!

Why you should care about HDCP? You probably shouldn’t, since it’s here to stay, and you can’t do anything about. However, when you’re scratching your head as to why your connected AV equipment (using HDMI or DVI) is having a problem passing the signal, HDCP is probably the culprit. So understanding how it works and what happens when it goes south could save you a lot of grief.

HDCP is essentially a computer protocol for authentication of devices that sends and receives high-bandwidth digital content. It functions using a process of digital certificates. The simplified Reader’s Digest explanation of how it works: device “A” sends a certificate to device “B”, and device “B” checks the certificate to see if it’s on the list of acceptable certificates. Kind of like a doorman at a night club checking to see if you’re on the guest list. Device “B” then sends its certificate back to device “A”, and device “A” checks to see if it’s on the guest list. If both devices have accepted each other’s certificate as authentic, they will do some cryptography, to secure the connection, and then they begin to exchange the high-bandwidth digital content. When there’s a failure in the authentication process with HDMI or DVI connections, you get either a blank screen on your HDTV, downgraded video resolution to 480i or 480P (which is DVD resolution), no sound, 2 channel audio, or CD quality audio at best!

Some early adopters of HDTV, who unknowingly purchased sets with non-HDCP compliant DVI or HDMI inputs, found themselves out in the cold. HDCP compliance became part of the DVI and HDMI landscape after the fact. These early adopters were not alone; a lot of computer users purchasing high-end video cards quickly found that their expensive but non-HDCP compliant displays couldn’t work with their new cards. So this group of people need a workaround, to circumvent this irritation. This gave rise to devices known as HDCP strippers, which can help get HDCP protected content forwarded non-HDCP compliant devices via HDMI and DVI connections. HDCP design does have a trump card that could be played to combat the HDCP strippers and other counter-measures devices. The certificates being used by HDCP strippers could be placed on a revocation list. A revocation list tells HDCP devices to not to exchange any data with a device that presents a particular certificate for authentication. The revocation list could be introduced into your home entertainment system, by your cable or satellite set-to-box, or by that Blu-ray movie you just rented. Your set-to-box or Blu-ray player can then spread the word to other HDCP devices in your system about the rogue certificate.

It is possible that a certificate used in one of your devices could make it on the list. Every manufacturer has to secure their own devices to make sure that it can stand up to attack and safeguard their certificates. If there is a breach and device certificates become compromised, Digital Content Protection, LLC, does have the right to put the certificate on the revocation list. HDCP version 1.0 was introduced late in 1999; by 2001, 2 cryptologists pointed out design flaws in the HDCP protocol. The cryptologists suggested that the protocol could be cracked, and it would be possible to make a fake device that was HDCP compliant; have the device avoid the revocation list issue; or simply eavesdrop on the data; any of which will provide unencrypted access to the high-bandwidth content. Someone else conjured a method called the “HDCP Conspiracy Attack”, that can generate a copy of the master certificate (called the “Private Key”), that would provide unlimited access to all content that uses HDCP as its authentication mechanism.

Since 2001, HDCP has been revised 4 times, and there will undoubtedly be more revisions going forward. May knowledgeable individual, consider HDCP nothing more than a continual live beta-test, with Joe Public as the tester, in the ongoing battle between the entertainment industry and entertainment piracy community. Don’t be surprised if one day something suddenly stops working in your home entertainment system. The most likely chain of events: for no apparent reason, that new movie that just got released on Blu-ray won’t deliver a picture to your HDTV, soon after that other connected devices that had worked before suddenly stop working. You should expect Hollywood to be aggressive with using HDCP improved security, and revocation lists, because of the large dollars in play for them. If past behaviour is the best predictor of future behaviour, Hollywood won’t hesitate to inconvenience you to protect their bottom line. Don’t forget that Sony, in an ill-conceived attempt to stop piracy, put a rootkit on music CD, which would automatically install itself on PC running versions of Microsoft’s Windows. The legitimate act of playing one of the CD’s on your PC, gave you a rootkit you didn’t bargain for. The software, punched all kinds of security holes in the user’s PC, making them susceptible to viruses, hacking and all kinds of problems.

So, protect yourself. If you buy any new components with HDMI or DVI connections, ensure that the device can have its firmware updated by the end user, so you can fix what may get broken. A firmware update is the method used to correct HDCP implementation issue, and it can also be used to provide devices with new acceptable digital certificates.