The Content Scrambling System (CSS)

Carlos Garcia Jurado Suarez

03/10/2006

What is CSS?

• CSS is the mechanism for encrypting data on DVDs.

• Created and administered by the DVD Copy Protection Association around 1996.

• The need: DVDs contain digital and high quality versions of movies so perfect copies can be made if the data is not protected.

• CSS is not very effective.

CSS basics

• Each DVD has a main disk key, which is encrypted with 409 keys (the keys are owned by the CCA).

• DVD players have a subset of keys embedded in them (licensed from the CCA)

• The players use one of these keys to decrypt the disk key. The decryption is validated against a hash of the decrypted key that is included in the disk.

The CSS Cipher

Input data byte

Output data byte

Table-based substitution

Exclusive Or(XOR)

1 byte

1 byte

key

key

Optional bit-wise inverter

Output byte

8 ticks

8 ticks Optional bit-wise inverter

LFSR-17

LFSR-25

+ 8-bit add Carry-out

Carry-out from prior addition

Input data byte

Output data byte

Table-based substitution

Exclusive Or(XOR)

1 byte

1 byte

key

key

Optional bit-wise inverter

Output byte

8 ticks

8 ticks Optional bit-wise inverter

LFSR-17

LFSR-25

+ 8-bit add Carry-out

Carry-out from prior addition

Why did CSS fail?

• Weak cipher. The CSS encryption primitive uses a 40 bit key and is based on LFSRs (a 216 attack is possible).

• Software DVD players. These have to ship keys in software so they are easily obtainable. Decrypted data is present in memory at some point.

• No revocation mechanism.

DeCSS

• Software created by three Norwegian programmers than can rip most DVDs to a hard drive.

• Was created be reverse engineering the Xing player (by Real Networks).

• Widely available online.

What’s next?

• At this time all 409 keys are public.

• New standard being developed: AACS (Advanced Access Content System).– Based on AES.– Watermarking for detection of illegal copies– NNL/Media Key Blocks for key management

and revocation.