A Cryptanalysis of the High-Bandwidth Digital Content Protection System

  • Scott Crosby
  • Ian Goldberg
  • Robert Johnson
  • Dawn Song
  • David Wagner
Conference paper

DOI: 10.1007/3-540-47870-1_12

Volume 2320 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Crosby S., Goldberg I., Johnson R., Song D., Wagner D. (2002) A Cryptanalysis of the High-Bandwidth Digital Content Protection System. In: Sander T. (eds) Security and Privacy in Digital Rights Management. DRM 2001. Lecture Notes in Computer Science, vol 2320. Springer, Berlin, Heidelberg

Abstract

We describe a weakness in the High Bandwidth Digital Content Protection (HDCP) scheme which may lead to practical attacks. HDCP is a proposed identity-based cryptosystem for use over the Digital Visual Interface bus, a consumer video bus used to connect personal computers and digital display devices. Public/private key pairs are assigned to devices by a trusted authority, which possesses a master secret. If an attacker can recover 40 public/private key pairs that span the module of public keys, then the authority’s master secret can be recovered in a few seconds. With the master secret, an attacker can eavesdrop on communications between any two devices and can spoof any device, both in real time. Additionally, the attacker can produce new key pairs not on any key revocation list. Thus the attacker can completely usurp the trusted authority’s power. Furthermore, the protocol is still insecure even if all devices’ keys are signed by the central authority.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Scott Crosby
    • 1
  • Ian Goldberg
    • 2
  • Robert Johnson
    • 3
  • Dawn Song
    • 3
  • David Wagner
    • 3
  1. 1.Carnegie-Mellon UniversityUSA
  2. 2.Zero Knowledge SystemsUSA
  3. 3.University of California at BerkeleyUSA