Content protection system architecture (CPSA) is the name given to the overall framework for security and access control across the entire DVD family.
Developed by the 4C Entity (Intel, IBM, Matsushita, and Toshiba) in cooperation with the Copy Protection Technical Working Group (CPTWG), CPSA covers encryption, watermarking, and the protection of analog and digital outputs. Many forms of content protection apply to DVD, as detailed in the following seven sections.
Analog CPS (Macrovision)
Copying to videotape (analog) can be prevented with a Macrovision 7.0 circuit in every DVD player. The general term is Analog Protection System (APS), also sometimes called copyguard. Computer video cards with composite or s-video (Y/C) output must also use APS.
Macrovision adds a rapidly modulated colorburst signal (Colorstripe) along with pulses in the vertical blanking signal (AGC) to the composite video and s-video outputs. This confuses the synchronization and automatic-recording-level circuitry in 95 percent of consumer VCRs.
Unfortunately, it can degrade the picture, especially with old or nonstandard equipment. Macrovision may show up as stripes of color, distortion, rolling, a black and white picture, and dark/light cycling. Macrovision creates problems for most TV/VCR combos and some high-end equipment such as line doublers and video projectors.
Macrovision was not present on the component output of early players, but it is required on component output of newer players (AGC only, because there is no burst in a component signal). DVDs contain trigger bits that tell the player whether or not to enable Macrovision AGC, with the optional addition of two-line or four-line Colorstripe.
The triggers occur about twice a second, which enables fine control over the video. The producer of the disc decides the amount of copy protection to enable and then pays Macrovision royalties accordingly (several cents per disc).
Just as with videotapes, some DVDs are Macrovision-protected and some aren’t. For a few Macrovision details, see STMicroelectronics’ NTSC/PAL video encoder datasheets at www.st.com/stonline/books/.
Inexpensive devices can defeat Macrovision, although only a few work against the new Colorstripe feature. These devices include products such as Video Clarifier, Image Stabilizer, Color Corrector, and CopyMaster (www. videoguys.com/sima.htm). You can also build your own (http://126.96.36.199/ Services/TECH_Notes/nineteen.html).
Some DVD players can be modified to turn off Macrovision output. Professional time-base correctors (TBCs) that regenerate line 21 also remove Macrovision. APS affects only video, not audio.
Copy Generation Management System (CGMS)
Each disc contains information specifying if the contents can be copied. This is a serial copy generation management system (SCMS) designed to prevent initial copies or generational copies (copies of copies). The CGMS information is embedded in the outgoing video signal.
For CGMS to work, the equipment making the copy must recognize and respect the CGMS information. The analog standard (CGMS-A) encodes the data on NTSC line 21 (in the extended data service [XDS]) or line 20.
CGMS-A is recognized by most digital camcorders and by some computer video capture cards (they will flash a message such as “recording inhibited”). Professional time-base correctors (TBCs) that regenerate lines 20 and 21 will remove CGMS-A information from an analog signal.
The digital standard (CGMS-D) is included in DTCP and HDMI for digital connections, such as IEEE 1394/FireWire (www.1394ta.org). See the “Digital Copy Protection System” and “High-Bandwidth Digital Content Protection” subsections.
Content Scrambling System (CSS)
Because of the potential for perfect digital copies, paranoid movie studios added a tougher copy protection requirement to the DVD standard. CSS is a data encryption and authentication scheme intended to prevent copying video files directly from DVD-Video discs.
It was developed primarily by Matsushita and Toshiba. Each CSS licensee is given a key from a master set of 400 keys stored on every CSS-encrypted disc, and a license can be revoked by removing its key from future discs.
The CSS decryption algorithm exchanges keys with the drive unit to generate an encryption key that is used to obfuscate the exchange of disc keys and title keys needed to decrypt data from the disc.
DVD players have CSS circuitry that decrypts the data before it’s decoded and displayed, and computer DVD decoder hardware and software must include a CSS decryption module. All DVD-ROM drives have extra firmware to exchange authentication and decryption keys with the CSS module in the computer.
Since 2000, new DVD-ROM drives are required to support regional management in conjunction with CSS (refer to “What Are Regional Codes, Country Codes, and Zone Locks?” and see Chapter 4’s “Can I Play DVDs on My Computer?”).
DVD-Video equipment manufacturers of drives, decoder chips, decoder software, and display adapters must license CSS. CSS licenses are free, but obtaining one is a lengthy process, so it’s recommended that interested parties apply early.
CSS is administered by the DVD Copy Control Association (DVD CCA). Near the end of May 1997, CSS licenses were finally granted for software decoding. The license is extremely restrictive in an attempt to keep the CSS algorithm and keys secret.
Of course, nothing that’s used on millions of players and drives worldwide could be kept secret for long. In October of 1999, the CSS algorithm was cracked and posted on the Internet, triggering endless controversies and legal battles.
Content Protection for Prerecorded Media (CPPM)
Content Protection for Prerecorded Media (CPPM) is used only for DVDAudio. It was developed to be an improvement of CSS. Keys are stored in the lead-in area, but unlike CSS no title keys are placed in the sector headers.
Each volume has a 56-bit album identifier, similar to a CSS disc key, stored in the control area. Each disc contains a media key block, stored in a file on the disc. The media key block data is logically ordered in rows and columns used during the authentication process to generate a decryption key from a specific set of player keys (device keys).
If the device key is revoked, the media-key-block-processing step results in an invalid key value. As with CSS, the media key block can be updated to revoke the use of compromised player keys.
The authentication mechanism is the same as CSS, so no changes are required for the existing drives. A disc may contain both CSS and CPPM content if it is a hybrid DVD-Video/DVDAudio disc.
Content Protection for Recordable Media (CPRM)
Content Protection for Recordable Media (CPRM) is a mechanism that ties a recording to the media on which it is recorded. CPRM is supported by some DVD recorders, but not by many DVD players. Each blank, recordable DVD has a unique 64-bit media ID etched in the BCA.
When protected content is recorded on the disc, it can be encrypted with a 56-bit C2 (Cryptomeria) cipher derived from the media ID. During playback, the ID is read from the BCA and used to generate a key to decrypt the contents of the disc. If the contents of the disc are copied to other media, the ID will be absent or wrong, and the data will not be decryptable.
Digital Copy Protection System (DCPS)
In order to provide digital connections between components without allowing perfect digital copies, five digital copy protection systems (DCPs) were proposed to the Consumer Electronics Association (CEA).
The frontrunner is Digital Transmission Content Protection (DTCP), which focuses on IEEE 1394/FireWire, but it can be applied to other protocols. The draft proposal (called 5C, for the five companies that developed it) was made by Intel, Sony, Hitachi, Matsushita, and Toshiba in February of 1998. Sony released a DTCP chip in mid-1999.
Under DTCP, devices that are digitally connected, such as a DVD player and a digital TV or a digital VCR, exchange keys and authentication certificates to establish a secure channel.
The DVD player encrypts the encoded audio-video signal as it sends it to the receiving device, which must decrypt it. This keeps other connected but unauthenticated devices from stealing the signal. No encryption is needed for content that is not copy protected.
Security can be “renewed” by new content (such as new discs or new broadcasts) and new devices that carry updated keys and revocation lists (to identify unauthorized or compromised devices).
A competing proposal, extended conditional access (XCA), from Zenith and Thomson, is similar to DTCP. However, it can work with one-way digital interfaces (such as the EIA-762 RF remodulator standard) and uses smart cards for renewable security. Other proposals have been made by MRJ Technology, NDS, and Philips.
In all five proposals, content is marked with CGMS-style flags of “copy freely,” “copy once,” “don’t copy,” and sometimes “no more copies.” Digital devices that do nothing more than reproduce audio and video will be able to receive all data (as long as they can authenticate that they are playback-only devices).
Digital recording devices can only receive data that is marked as copyable, and they must change the flag to “don’t copy” or “no more copies” if the source is marked “copy once.”
DCPS in general is designed for the next generation of digital TVs, receivers, and video recorders. It requires new DVD players with digital connectors (such as those on digital video equipment). These new products began to appear in 2003. Because the encryption is done by the player, no changes are needed to existing discs.
High-Bandwidth Digital Content Protection (HDCP) and HDMI
High-Bandwidth Digital Content Protection (HDCP) is similar to DTCP, but it has been designed for digital video monitor interfaces such as digital visual interface (DVI). In 1998, the Digital Display Working Group (DDWG) was formed to create a universal interface standard between computers and displays to replace the analog VGA connection standard.
The resulting DVI specification, released in April 1999, was based on Silicon Image’s PanelLink technology, which at 4.95 Gbps can support 16001200 UXGA resolution, covering all the HDTV resolutions.
Intel proposed a security component for DVI: HDCP. A new connection standard called HDMI now combines DVI and HDCP, and many new HDTV displays are likely to have both IEEE 1394 and HDMI connections. HDCP provides authentication, encryption, and revocation.
Specialized circuitry in the playback device and in the display monitor encrypts video data before it is sent over the link. When an HDMI output senses that the connected monitor does not support HDCP, it lowers the image quality of protected content.
The HDCP key exchange process verifies that a receiving device is authorized to display or record video. It uses an array of 40 56- bit secret device keys and a 40-bit key selection vector, all supplied by the HDCP licensing entity.
If the security of a display device is compromised, its key selection vector is placed on the revocation list. The host device has the responsibility of maintaining the revocation list, which is updated by system renewability messages (SRMs) carried by newer devices and by video content.
Once the authority of the receiving device has been established, the video is encrypted by an exclusive OR (XOR) operation with a stream cipher generated from keys exchanged during the authentication process.
If a display device with no decryption capability attempts to display encrypted content, it appears as random noise. The first four forms of copy protection are optional for disc producers.
Movie decryption is also optional for hardware and software playback manufacturers: A player or computer without decryption capabilities will only be able to play unencrypted movies. CPRM is handled automatically by DVD recorders, whereas DCPS and HDCP are performed by the DVD player, not by the disc developer.
These copy protection schemes are designed only to guard against casual copying (which the studios claim causes billions of dollars in lost revenue). The goal is to “keep the honest people honest.” The people who developed the copy protection standards are the first to admit they can’t stop well-equipped pirates.
Movie studios have promoted legislation making it illegal to defeat DVD copy protection. The result is the World Intellectual Property Organization (WIPO) Copyright Treaty, the WIPO Performances and Phonograms Treaty (December 1996), and the compliant U.S. Digital Millennium Copyright Act (DMCA), which was passed into law in October of 1998.
Software intended specifically to circumvent copy protection is now illegal in the United States as well as many other countries. A cochair of the legal group of the DVD copy protection committee stated, “in the video context, the contemplated legislation should also provide some specific assurances that certain reasonable and customary home recording practices will be permitted, in addition to providing penalties for circumvention.”
It’s not at all clear how this might be permitted by a player or by studios that routinely set the “don’t copy” flag on all their discs. DVD-ROM drives and computers, including DVD-ROM upgrade kits, are required to support Macrovision, CGMS, and CSS. PC video cards with TV outputs that don’t support Macrovision do not work with encrypted movies.
Computers with IEEE 1394/FireWire connections must support the final DCPS standard in order to work with other DCPS devices. Likewise, computers with HDMI (DVI) connections must support HDCP to output DVDVideo content.
Every DVD-ROM drive must include CSS circuitry to establish a secure connection to the decoder hardware or software in the computer, although CSS can only be used on DVD-Video content. Of course, because a DVD-ROM can hold any form of computer data, other encryption schemes can be implemented.
The Watermarking Review Panel (WaRP) of the CPTWG, the successor to the Data-Hiding Subgroup (DHSG), selected an audio watermarking system that has been accepted by the DVD Forum for DVD-Audio.
The original seven video watermarking proposals were merged into three: IBM/NEC, Hitachi/ Pioneer/Sony, and Macrovision/Digimarc/Philips. On February 17, 1999, the first two groups combined to form the Galaxy Group and merged their technologies into a single proposal.
The second group has dubbed their technology Millennium. Watermarking permanently marks each digital audio or video frame with noise that is supposedly undetectable by human ears or eyes.
Watermark signatures can be recognized by playback and recording equipment to prevent copying, even when the signal is transmitted via digital or analog connections or is subjected to video processing.
Watermarking is not an encryption system, but rather it is a way to identify whether a copy of a piece of video or audio can be played. New players and software are required to support watermarking, but the DVD Forum intends to make watermarked discs compatible with existing players.
Reports were made that the early watermarking technique used by Divx caused visible “raindrop” or “gunshot” patterns, but the problem was apparently solved for later releases.