Content Scramble System
Encyclopedia
Content Scramble System (CSS) is a Digital Rights Management
(DRM) and encryption
system employed on almost all commercially produced DVD
-Video discs. CSS utilizes a proprietary 40-bit stream cipher
algorithm. The system was introduced around 1996 and was first compromised in 1999.
The purpose of CSS is twofold:
While most CSS-decrypting software is used to play DVD videos, other pieces of software (such as DVD Decrypter
, AnyDVD
, DVD43
, Smartripper, and DVD Shrink
) can copy a DVD to a hard drive and remove Macrovision
, CSS encryption, region codes
, and User operation prohibition
.
CSS has been superseded by newer DRM schemes such as Content Protection for Recordable Media
(CPRM), or by Advanced Encryption Standard
(AES) in the Advanced Access Content System
(AACS) DRM scheme used by HD DVD
and Blu-ray Disc
, which have 56-bit and 128-bit key size
s, respectively, providing a much higher level of security than the 40-bit key size of CSS.
is used for this purpose. Authentication can be bypassed with a brute-force attack (see below).
Title key: used for scrambling and descrambling DVD data known collectively as a title, which could be a complete motion picture, a trailer, or some similar self-contained unit.
Disc key: used for decrypting a title key on a DVD.
Player key: used for decrypting a disc key on a DVD; each DVD player manufacturer is allocated one of approximately 400 player keys to incorporate in its players.
The CSS key
sets are licensed by the DVD Copy Control Association
to manufacturers who incorporate them into products such as DVD movie releases, drives, and players; most DVD player
s are equipped with a CSS Decryption module.
Disc keys are stored on the lead-in area of the disc, an area that a compliant drive is only supposed to read in a special way; the sectors of the DVD are encrypted, preventing the copying of VOB (Video Object) content, which can only be retrieved with authentication keys. Furthermore, the key area on a DVD-R
disc is immutable, thus preventing the trivial copying of a CSS-encrypted DVD to a DVD-R. However, the key area on a DVD+R
disc is mutable, but standard drives have refused to write to it (with the exception of the Book type
field, which is used for bitsetting). Keys can be passed from a DVD drive to a descrambler over a data bus using a secure (but now compromised) handshake
protocol.
and two people who have remained anonymous reverse engineered
CSS and created DeCSS
to share the exploit with others, in a striking example of the trusted client
problem. Not long after, CSS was further revealed to be easily susceptible to a brute force attack
, which is implemented by the widely used libdvdcss
; the brute-force attack works even if the keys cannot be retrieved from the lead-in area, as is the case when the DVD's region code is different from that of the drive. This allows region-free DVD player software to work with region-locked drives.
CSS's weakness is primarily due to the regulations placed on the export of cryptographic systems from the United States; at the time that CSS was introduced, it was forbidden to export systems that employ keys in excess of 40 bits, a key length that had already been proven to be wholly inadequate in the face of increasing computer processing power (see Data Encryption Standard
). In addition, structural flaws in CSS reduce the effective key length to only around 16 bits, allowing for CSS to be compromised in less than a minute by brute-force with a 450 MHz processor;. A 450 MHz processor is the official minimum computational requirement for playing an unencrypted DVD-compliant MPEG-2 videostream, so this effectively means that any computer that can decode a DVD entirely in software can also crack a CSS-encrypted DVD.
In Geeks Bearing Gifts
, author Ted Nelson
states "DVD encryption was intentionally made light by the DVD encryption committee, based on arguments in a libertarian book Computer Lib
.", a claim cited as originating from personal communication with an anonymous source; Nelson also wrote Computer Lib.
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
(DRM) and encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
system employed on almost all commercially produced DVD
DVD
A DVD is an optical disc storage media format, invented and developed by Philips, Sony, Toshiba, and Panasonic in 1995. DVDs offer higher storage capacity than Compact Discs while having the same dimensions....
-Video discs. CSS utilizes a proprietary 40-bit stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
algorithm. The system was introduced around 1996 and was first compromised in 1999.
The purpose of CSS is twofold:
- CSS prevents byte-for-byte copies of an MPEG (digital video) stream from being playable since such copies do not include the keys that are hidden on the lead-in area of the restricted DVD.
- CSS provides a reason for manufacturers to make their devices compliant with an industry-controlled standard, since CSS scrambled discs cannot in principle be played on noncompliant devices; anyone wishing to build compliant devices must obtain a license, which contains the requirement that the rest of the DRM system (region codes, MacrovisionMacrovisionRovi Corporation is a globally operating, US-based company that provides guidance technology, entertainment data, copy protection, industry standard networking and media management technology for digital entertainment devices and services...
, and user operation prohibitionUser operation prohibitionThe user operation prohibition is a form of use restriction used on video DVD discs and Blu-ray discs. Most DVD players and Blu-ray players prohibit the viewer from performing a large majority of actions during sections of a DVD that are protected or restricted by this feature, and will display...
) be implemented.
While most CSS-decrypting software is used to play DVD videos, other pieces of software (such as DVD Decrypter
DVD Decrypter
DVD Decrypter is a software application for Microsoft Windows that can create backup disk images of the DVD-Video structure of DVDs. It can be used to image any DVD, but controversially it is especially useful for decrypting copy protected movies. The program can also record images to disc...
, AnyDVD
AnyDVD
AnyDVD is a Microsoft Windows driver allowing decryption of DVDs on-the-fly, as well as targeted removal of copy preventions and user operation prohibitions . With an upgrade, it will also do the same for HD DVD and Blu-ray. The AnyDVD program runs in the background, making discs unrestricted and...
, DVD43
DVD43
DVD43 is a free DVD driver for 32 bit versions of Windows. As the user guide states, "DVD43 stands for "DVD For Free". It acts as a driver for optical drives, disabling zone and copy protection information. It assists in the creation of backup copies of DVDs one legally owns and the use of DVDs...
, Smartripper, and DVD Shrink
DVD Shrink
DVD Shrink is a freeware DVD transcoder program for Microsoft Windows that uses a DVD ripper to back up DVD movies. The final versions are 3.2.0.15 and 3.2.0.16 ; all other versions, such as DVD Shrink 2010, are scams...
) can copy a DVD to a hard drive and remove Macrovision
Macrovision
Rovi Corporation is a globally operating, US-based company that provides guidance technology, entertainment data, copy protection, industry standard networking and media management technology for digital entertainment devices and services...
, CSS encryption, region codes
Regional lockout
Regional lockout is the programming practice, code, chip, or physical barrier used to prevent the playing of media designed for a device from the country where it is marketed on the version of the same device marketed in another country.-Video games:...
, and User operation prohibition
User operation prohibition
The user operation prohibition is a form of use restriction used on video DVD discs and Blu-ray discs. Most DVD players and Blu-ray players prohibit the viewer from performing a large majority of actions during sections of a DVD that are protected or restricted by this feature, and will display...
.
CSS has been superseded by newer DRM schemes such as Content Protection for Recordable Media
Content Protection for Recordable Media
Content Protection for Recordable Media and Pre-Recorded Media is a mechanism for controlling the copying, moving and deletion of digital media on a host device, such as a personal computer, or other digital player...
(CPRM), or by Advanced Encryption Standard
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
(AES) in the Advanced Access Content System
Advanced Access Content System
The Advanced Access Content System is a standard for content distribution and digital rights management, intended to restrict access to and copying of the "next generation" of optical discs and DVDs. The specification was publicly released in April 2005 and the standard has been adopted as the...
(AACS) DRM scheme used by HD DVD
HD DVD
HD DVD is a discontinued high-density optical disc format for storing data and high-definition video.Supported principally by Toshiba, HD DVD was envisioned to be the successor to the standard DVD format...
and Blu-ray Disc
Blu-ray Disc
Blu-ray Disc is an optical disc storage medium designed to supersede the DVD format. The plastic disc is 120 mm in diameter and 1.2 mm thick, the same size as DVDs and CDs. Blu-ray Discs contain 25 GB per layer, with dual layer discs being the norm for feature-length video discs...
, which have 56-bit and 128-bit key size
Key size
In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
s, respectively, providing a much higher level of security than the 40-bit key size of CSS.
Terminology
Authentication: a process for a DVD drive and CSS Decryption module to recognize (or authenticate) each other; this is normally necessary before reading data from a CSS-encrypted DVD, and an authentication keyKey (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
is used for this purpose. Authentication can be bypassed with a brute-force attack (see below).
Title key: used for scrambling and descrambling DVD data known collectively as a title, which could be a complete motion picture, a trailer, or some similar self-contained unit.
Disc key: used for decrypting a title key on a DVD.
Player key: used for decrypting a disc key on a DVD; each DVD player manufacturer is allocated one of approximately 400 player keys to incorporate in its players.
Method
The generic term CSS key may refer to an authentication key used in the CSS secure handshake with a descrambler, a disc key, a player key, a title key, a secured disk key set, or an encrypted title key.The CSS key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
sets are licensed by the DVD Copy Control Association
DVD Copy Control Association
The DVD Copy Control Association is an organization primarily responsible for the copy protection of Blu-ray Discs and DVDs. The Content Scramble System was devised for this purpose to make copyright infringement difficult, but also presents obstacles to some legitimate uses of the media...
to manufacturers who incorporate them into products such as DVD movie releases, drives, and players; most DVD player
DVD player
A DVD player is a device that plays discs produced under both the DVD-Video and DVD-Audio technical standards, two different and incompatible standards. These devices were invented in 1997 and continue to thrive...
s are equipped with a CSS Decryption module.
Disc keys are stored on the lead-in area of the disc, an area that a compliant drive is only supposed to read in a special way; the sectors of the DVD are encrypted, preventing the copying of VOB (Video Object) content, which can only be retrieved with authentication keys. Furthermore, the key area on a DVD-R
DVD-R
DVD-R is a DVD recordable format. A DVD-R typically has a storage capacity of 4.71 GB. Pioneer has also developed an 8.5 GB dual layer version, DVD-R DL, which appeared on the market in 2005....
disc is immutable, thus preventing the trivial copying of a CSS-encrypted DVD to a DVD-R. However, the key area on a DVD+R
DVD+R
DVD+R is part of optical disc recording technologies. It is a format for optical disc data storage that utilizes digital recording. It is similar to, but incompatible with, the older DVD-R standard...
disc is mutable, but standard drives have refused to write to it (with the exception of the Book type
Book type
The book type is a field of four bits at the start of every DVD that indicates what the physical format of the disc is...
field, which is used for bitsetting). Keys can be passed from a DVD drive to a descrambler over a data bus using a secure (but now compromised) handshake
Handshaking
In information technology, telecommunications, and related fields, handshaking is an automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins...
protocol.
Cryptanalysis
In October 1999, Jon Lech JohansenJon Lech Johansen
Jon Lech Johansen , also known as DVD Jon, is a Norwegian programmer famous for his work on reverse engineering data formats....
and two people who have remained anonymous reverse engineered
Reverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
CSS and created DeCSS
DeCSS
DeCSS is a computer program capable of decrypting content on a commercially produced DVD video disc. Before the release of DeCSS, there was no way for computers running a Linux-based operating system to play video DVDs....
to share the exploit with others, in a striking example of the trusted client
Trusted client
In computing, a trusted client is a device or program controlled by the user of a service, but with restrictions designed to prevent its use in ways not authorised by the provider of the service. That is, the client is a device that vendors trust and then sell to the consumers, whom they do not trust...
problem. Not long after, CSS was further revealed to be easily susceptible to a brute force attack
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
, which is implemented by the widely used libdvdcss
Libdvdcss
libdvdcss is a free software library for accessing and unscrambling DVDs encrypted with the Content Scramble System...
; the brute-force attack works even if the keys cannot be retrieved from the lead-in area, as is the case when the DVD's region code is different from that of the drive. This allows region-free DVD player software to work with region-locked drives.
CSS's weakness is primarily due to the regulations placed on the export of cryptographic systems from the United States; at the time that CSS was introduced, it was forbidden to export systems that employ keys in excess of 40 bits, a key length that had already been proven to be wholly inadequate in the face of increasing computer processing power (see Data Encryption Standard
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
). In addition, structural flaws in CSS reduce the effective key length to only around 16 bits, allowing for CSS to be compromised in less than a minute by brute-force with a 450 MHz processor;. A 450 MHz processor is the official minimum computational requirement for playing an unencrypted DVD-compliant MPEG-2 videostream, so this effectively means that any computer that can decode a DVD entirely in software can also crack a CSS-encrypted DVD.
In Geeks Bearing Gifts
Geeks Bearing Gifts
-Mentions of Wikipedia:Nelson states in the introduction that he used Wikipedia for a lot of research for the book itself. In Chapter 20 he provides some criticism and praise for the site. He critiques that owing to the strong peer-review nature of Wikipedia that editing is really a misnomer where...
, author Ted Nelson
Ted Nelson
Theodor Holm Nelson is an American sociologist, philosopher, and pioneer of information technology. He coined the terms "hypertext" and "hypermedia" in 1963 and published it in 1965...
states "DVD encryption was intentionally made light by the DVD encryption committee, based on arguments in a libertarian book Computer Lib
Computer Lib
Computer Lib is a book by Ted Nelson, originally published in 1974 by Nelson himself, and packaged with Dream Machines, another book by Nelson...
.", a claim cited as originating from personal communication with an anonymous source; Nelson also wrote Computer Lib.
See also
- Disc wobbleDisc wobbleDisc wobble, also called wobble groove, is a technology developed by Royal Philips Electronics NV. This technology together with digital watermarking could ensure that only authentic discs would be played on the next generation players that will respect these proposed forms of copy protection .This...
- DVD Copy Control AssociationDVD Copy Control AssociationThe DVD Copy Control Association is an organization primarily responsible for the copy protection of Blu-ray Discs and DVDs. The Content Scramble System was devised for this purpose to make copyright infringement difficult, but also presents obstacles to some legitimate uses of the media...
- Advanced Access Content SystemAdvanced Access Content SystemThe Advanced Access Content System is a standard for content distribution and digital rights management, intended to restrict access to and copying of the "next generation" of optical discs and DVDs. The specification was publicly released in April 2005 and the standard has been adopted as the...
- DVD ripperDVD ripperA DVD ripper is a software program that facilitates copying the content of a DVD to a hard disk drive. They are mainly used to transfer video on DVDs to different formats, to edit or back up DVD content, and to convert DVD video for playback on media players and mobile devices...
- AnyDVDAnyDVDAnyDVD is a Microsoft Windows driver allowing decryption of DVDs on-the-fly, as well as targeted removal of copy preventions and user operation prohibitions . With an upgrade, it will also do the same for HD DVD and Blu-ray. The AnyDVD program runs in the background, making discs unrestricted and...
, DVD43DVD43DVD43 is a free DVD driver for 32 bit versions of Windows. As the user guide states, "DVD43 stands for "DVD For Free". It acts as a driver for optical drives, disabling zone and copy protection information. It assists in the creation of backup copies of DVDs one legally owns and the use of DVDs...
, DeCSSDeCSSDeCSS is a computer program capable of decrypting content on a commercially produced DVD video disc. Before the release of DeCSS, there was no way for computers running a Linux-based operating system to play video DVDs....
, DVD DecrypterDVD DecrypterDVD Decrypter is a software application for Microsoft Windows that can create backup disk images of the DVD-Video structure of DVDs. It can be used to image any DVD, but controversially it is especially useful for decrypting copy protected movies. The program can also record images to disc...
, Smartripper - libdvdcssLibdvdcsslibdvdcss is a free software library for accessing and unscrambling DVDs encrypted with the Content Scramble System...
, a popular free software for enabling playback of discs on opensource players. - Content Protection for Prerecorded MediaContent Protection for Recordable MediaContent Protection for Recordable Media and Pre-Recorded Media is a mechanism for controlling the copying, moving and deletion of digital media on a host device, such as a personal computer, or other digital player...
(CPPM) - Fair useFair useFair use is a limitation and exception to the exclusive right granted by copyright law to the author of a creative work. In United States copyright law, fair use is a doctrine that permits limited use of copyrighted material without acquiring permission from the rights holders...
- ARccOS ProtectionARccOS ProtectionARccOS is a copy-protection system made by Sony that is used on some DVDs. Designed as an additional layer to be used in conjunction with Content Scramble System , the system deliberately creates corrupted sectors on the DVD, which cause copying software to produce errors .Despite being promoted...
, an additional form of DVD copy protection