Search This Blog

Thursday, December 22, 2011

Must Read: Danny Lieberman on Digital Content Distribution Vulnerabilities #infdist

Media_httpswwwinfosec_zhjda

Excerpt from a much longer & very detailed analysis:

"HD content protection – fundamentally flawed....

”The AACS design prevents legitimate purchasers from playing legitimately purchased content on legitimately purchased machines, and fails to prevent people from ripping the content and sharing it through bittorrent. The DRM people wanted something that could not be done, so unsurprisingly they winded up buying something that does not do it." ~ James Donald.

Now you understand why BitTorrent is so popular.

A popular TV series like Heroes is available for download on BitTorrents worldwide in AVI format within a few hours after airing with the commercials edited out. OK – Heroes is SD, not premium content like ” The Bourne Ultimatum” but so far I reckon the quality of the AVI download is not deterring users from watching Heroes off BitTorrent.

In world of download-only distribution, studios have an opportunity for expanding business using the Internet and a huge digital asset protection challenge. From the perspective of piracy (protecting intellectual property of the studio) and revenue assurance; being able to download HD content to a PC or PVR disk is an ugly threat, especially considering how easy it has been to crack or bypass AACS content protection in Blu-Ray and HD DVD until now. Once the content is stored on a hard disk on a Windows PC, you’ve lost control for ever.

The software and algorithms for Premium HD content protection are fundamentally flawed as Peter Gutmann shows in his article: A Cost Analysis of Windows Vista Content Protection

Alternatives for a download world

As the consumer Internet moves towards a download-only distribution model, the motion picture industry needs to find answers to their digital asset protection challenge without biting the hand that feeds them.Network PVR may conceivably be the most effective method for protecting digital movie content from the perspective of both the studios and the consumer.

There is no such thing as a single silver-bullet, optimally-effective countermeasure to the vulnerabilities of flawed content protection schemes, flawed software implementations and vulnerable PC operating systems. That is the mistake of an over-reaching scheme like HDCP.

Gutmann’s analysis is outstanding in its breadth and depth but he doesn’t propose a system of countermeasures which would help the studios protect their intellectual property. In order to identify the most cost-effective set of countermeasures to the threat of piracy, we start off by examining risk profiles of different digital content distribution implementations.

Digital content distribution vulnerabilities...."

Posted via email from Siobhan O'Flynn's 1001 Tales

No comments: