Content Scramble System

From NotableMathWiki

Content Scramble System (CSS) is a Digital Rights Management (DRM) and encryption system employed on almost all commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 1996 and was first compromised in 1999.

The purpose of CSS is twofold:

1. CSS prevents byte-for-byte copies of an MPEG (digital video) stream from being playable since such copies do not include the keys that are hidden on the lead-in area of the restricted DVD.

2. CSS provides a reason for manufacturers to make their devices compliant with an industry-controlled standard, since CSS scrambled discs cannot in principle be played on noncompliant devices; anyone wishing to build compliant devices must obtain a license, which contains the requirement that the rest of the DRM system (region codes, Macrovision, and user operation prohibition) be implemented.

While most CSS-decrypting software is used to play DVD videos, other pieces of software (such as DVD Decrypter, AnyDVD, DVD43, Smartripper, and DVD Shrink) can copy a DVD to a hard drive and remove Macrovision, CSS encryption, region codes, and User operation prohibition. CSS has been superseded by newer DRM schemes such as Content Protection for Recordable Media (CPRM), or by Advanced Encryption Standard (AES) in the Advanced Access Content System (AACS) DRM scheme used by HD DVD and Blu-ray Disc, which have 56-bit and 128-bit key sizes, respectively, providing a much higher level of security than the 40-bit key size of CSS.

Digital rights management (DRM) is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that are not desired or intended by the content provider. Copy protection which can be circumvented without modifying the file or device, such as serial numbers or keyfiles are not generally considered to be DRM. DRM also includes specific instances of digital works or devices. Companies such as Amazon, AOL, Apple Inc., the BBC, Microsoft and Sony use digital rights management. In 1998 the Digital Millennium Copyright Act (DMCA) was passed in the United States to impose criminal penalties on those who make available technologies whose primary purpose and function is to circumvent content protection technologies.

The use of digital rights management is controversial. Content providers claim that DRM is necessary to fight copyright infringement online and that it can help the copyright holder maintain artistic control or ensure continued revenue streams. Those opposed to DRM contend there is no evidence that DRM helps prevent copyright infringement, arguing instead that it serves only to inconvenience legitimate customers, and that DRM helps big business stifle innovation and competition. Further, works can become permanently inaccessible if the DRM scheme changes or if the service is discontinued. Proponents argue that digital locks should be considered necessary to prevent intellectual property from being stolen, just as physical locks are needed to prevent personal property from being stolen.

Digital locks placed in accordance with DRM policies can also restrict users from doing something perfectly legal, such as making backup copies of CDs or DVDs, lending materials out through a library, accessing works in the public domain, or using copyrighted materials for research and education under fair use laws. Some opponents, such as the Free Software Foundation (FSF) through its Defective By Design campaign, maintain that the use of the word "rights" is misleading and suggest that people instead use the term "digital restrictions management". Their position is that copyright holders are restricting the use of material in ways that are beyond the scope of existing copyright laws, and should not be covered by future laws. To find an attorney please check the largest attorney directory online or to find an child support attorney please check the largest child support attorney directory online or to find an traffic attorney please check the largest traffic attorney directory online or to find an attorney for disability please check the largest attorney for disability directory online.

Method: The generic term CSS key may refer to an authentication key used in the CSS secure handshake with a descrambler, a disc key, a player key, a title key, a secured disk key set, or an encrypted title key. The CSS key sets are licensed by the DVD Copy Control Association to manufacturers who incorporate them into products such as DVD movie releases, drives, and players; most DVD players are equipped with a CSS Decryption module.

Disc keys are stored on the lead-in area of the disc, an area that a compliant drive is only supposed to read in a special way; the sectors of the DVD are encrypted, preventing the copying of VOB (Video Object) content, which can only be retrieved with authentication keys. Furthermore, the key area on a DVD-R disc is immutable, thus preventing the trivial copying of a CSS-encrypted DVD to a DVD-R. However, the key area on a DVD+R disc is mutable, but standard drives have refused to write to it (with the exception of the Book type field, which is used for bitsetting). Keys can be passed from a DVD drive to a descrambler over a data bus using a secure (but now compromised) handshake protocol.

Cryptanalysis: In October 1999, Jon Lech Johansen and two people who have remained anonymous reverse engineered CSS and created DeCSS to share the exploit with others, in a striking example of the trusted client problem. Not long after, CSS was further revealed to be easily susceptible to a brute force attack, which is implemented by the widely used libdvdcss; the brute-force attack works even if the keys cannot be retrieved from the lead-in area, as is the case when the DVD's region code is different from that of the drive. This allows region-free DVD player software to work with region-locked drives.

CSS's weakness is primarily due to the regulations placed on the export of cryptographic systems from the United States; at the time that CSS was introduced, it was forbidden to export systems that employ keys in excess of 40 bits, a key length that had already been proven to be wholly inadequate in the face of increasing computer processing power (see Data Encryption Standard). In addition, structural flaws in CSS reduce the effective key length to only around 16 bits, allowing for CSS to be compromised in less than a minute by brute-force with a 450 MHz processor;. A 450 MHz processor is the official minimum computational requirement for playing an unencrypted DVD-compliant MPEG-2 videostream, so this effectively means that any computer that can decode a DVD entirely in software can also crack a CSS-encrypted DVD.