Cryptography Research Calls AACS Proposal a Significant Start to Next-Generation Disc Format Security

More is Needed to Protect High-Definition Video

SAN FRANCISCO, Calif., April 15, 2005 – Responding to yesterday’s public release of Advanced Access Content System (AACS) draft specifications, Cryptography Research, Inc. (CRI) said that the AACS proposal delivers some of the components necessary for securing high-definition disc formats.

“The release of the AACS specifications to public scrutiny is an important step that will help optical formats move forward and determine what combination of technologies will be required to provide an adequate level of security,” said CRI President and Chief Scientist Paul Kocher. “While AACS is not a complete security solution, it is one piece of the puzzle.”

The AACS documents describe proposed methods for encrypting high-definition movies distributed on high-definition formats. They also include a revocation system that can disable players which the AACS Licensing Authority determines have been compromised.

These capabilities complement Cryptography Research's Self-Protecting Digital Content (SPDC) technology, which provides renewable security to repair vulnerabilities after attacks occur. SPDC uses a simple interpreter built into players to run security code delivered with the content. The DVD Forum has formed a subcommittee to study how to integrate SPDC with the upcoming HD DVD format. SPDC is also being considered by members of the competing Blu-ray Disc Association.

Renewable security approaches are commonly used to manage threats such as computer viruses, financial fraud, and software defects, but were not included in the current DVD format. As a result, the DVD format has not been able to correct the flaws exploited by circumvention programs such as DeCSS.

“The only question is when, not if, pirates will find and exploit a security hole in a popular player model. Even if players include tamper-resistant hardware, formats can’t prevent every possible attack,” said Kit Rodgers, vice president of business development at CRI.

"SPDC complements AACS by providing ways to recover from class attacks without having to revoke an entire group of players,” said Kocher. “We’re pleased that AACS has finally released its specifications, and look forward to working with the format organizations to address the threat of piracy without adversely impacting end users.”

About CRI’s Self-Protecting Digital Content

Self-Protecting Digital Content (SPDC) is an architecture that protects high-definition video distributed on next-generation optical discs. SPDC brings programmability and true renewability to digital video formats, enabling studios to use risk management principles to secure their high-definition content portfolios and minimize piracy’s effect on their business.

With CRI’s Self-Protecting Digital Content architecture, each media disc carries encrypted content and its own decoding software. This software runs in a simple security interpreter embedded in each player, and can query the playback environment to detect and respond to pirate attacks. If a particular disc, device or product line is compromised, subsequent titles can carry fresh security code that can address the specific attack without affecting the end-user experience.

 

About Cryptography Research, Inc.

Cryptography Research, Inc. provides consulting services and technology to solve complex security problems. In addition to security evaluation and applied engineering work, CRI is actively involved in long-term research in areas including tamper resistance, content protection, network security and financial services. The company has a broad portfolio of patents covering countermeasures to differential power analysis and other vulnerabilities, and is committed to helping companies produce secure smart cards and other tamper resistant devices.

Security systems designed by Cryptography Research engineers annually protect more than $100 billion of commerce for wireless, telecommunications, financial, digital television and Internet industries. For additional information or to arrange a consultation with a member of the technical staff, please contact Jen Craft at 415-397-0123, ext. 329 or visit www.cryptography.com.

.