# Encrypted Content And Cryptography Attacks Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Basically determining the content of encrypted message is said to be attack in cryptography. But in case of High Definition Content Protection the encrypted message content is known to the viewer. But the owners of the content prevent the viewer from not able to share, or record the digital content of the message.

So in HDCP either recovering the unencrypted message or sharing or reusing the content is called attack. Both attacks are possible with the HDCP. Since these kinds of attacks are simple because there is no involvement of physical integrity of any devices or cracking of cipher of the system.

Let us for an example, the transmitter be the device generating high digital content video signal such as set-top box or a computer and the receiver is the device which displays the high digital content video signal let it be monitor. And the repeater is the device which lies between the two. This acts as both transmitter and receiver which unencrypts and reencrypts the high digital content correspondingly.

Let us see some of the simple attacks on HDCP. And let's assume the digital stream can be tapped without the knowledge of both the transmitter and the receiver. Since encryption is unnecessary if this is impossible. And the transmitter is going to transmit a purely black or precisely known signal for an amount of time. And also assume the signal has been available to anyone with web access.

## Just Record:

This attack relies on authentication process between the transmitter and the receiver. This attack does not allow large consumers to implement nor mass production of compromised content. This is very simple attack. The transmitter generates the pseudo random number which is used to create the cipher responsible for authentication and encryption.

The receiver does not verify the validity or computational abilities of the transmitter and not going to contribute anything to the cryptographic function since it differs from session to session it accepts the pseudo random number and creates its own cipher. So the attacker can record the complete content of the message after some arbitrary time. The attacker may play it back on some other monitor which displays the content of the message send by the transmitter. The playback device may have a little bit of sophistication still there are times where transmitter must wait for a receiver response. This was a onetime issue which would allow one to compile a video completely. Since the attack work takes place between the transmitter and the repeater and there is no need for the receiver to check whether it was a repeater or not. Since it prevents the mass distribution of HDCP content this requires physical components exchange.

So the attacker can record the video and can display the recorded video along with the repeater in any monitor or the attacker can sell the recorded content to anyone. This attack scheme needs a playback device. And also can ship both the recorded information and the repeater together. This attack does not allow exchanging of video over the internet because it's difficult to compress the encrypted signal since the information is linked to a particular user.

## XOR with Black:

In HDCP the encryption means XORing the signal with the output of a cipher function. Since the cipher function is deterministic and there won't be a change in it till unique pair of devices is connected. This attack needs same An for both the sessions and the 24 bit pseudo random number (An) is also same for both the sessions. And also the inputs to the cipher will not change till the same pair of devices is connected. If the transmitter will generate the same An in two cases, then the attacker can get the same output as the XOR of two unencrypted bit streams by XOR the resultant bit encrypted bit streams.

## Session 1 (Unknown Content)

Unencrypted content 1 : 10011101

Cipher for An : 00100100

XORing-------------------------------------

Encrypted content 1 : 10111001

## Session 2 (Content is known)

Unencrypted content 1 : 10011101

Cipher for An : 00100100

XORing-------------------------------------

Encrypted content 1 : 10111001

Since we made a assumption that the transmitter will be sending a known signal for a particular amount of time, So as long as the transmitter can cause the same An generated, he can first record the bit stream associated with the known signal and then the one he wishes to decrypt and the two encrypted streams can be XORed which will give the unencrypted bit stream of desired program as a result. If the attacker knows the content of one unencrypted signal then XORing the known signal he can find the unknown signal. But the question how will know that same An was generated. The time between the transmitter to power on and the receiver request for authentication begins will calculate value of An.

Encrypted content 1 : 10011101

Encrypted content 2 : 11001010

XORing-----------------------------

Result : 01110011

Unencrypted content 1 : 10011101

Unencrypted content 2 : 11001010

XORing--------------------------------

Result : 01110011

We need to build a digital timer inside the device to control the timings of both connection of the transmitter power on and connection of the transmitter and the receiver. Then for the black signal the same An will be generated and the unencrypted stream will be attained easily.

Result : 01110011

Unencrypted content 2 : 11101110

XORing--------------------------------

Unencrypted content 1 : 10011101

## Offline Cracking:

The third attack is offline cracking. This relies on the assumption we made. Except the proprietary 56 bit key all the information to be transmitted between the two devices is to be decoded and sent to the pair of devices. It was done by tracking the video for few seconds and one can then set computers to compute all 2^56 possible keys by doing the same calculations.

This was a long process it has been demonstrated that the keys of 56 bits only can be cracked in the real world.

If once the key was cracked all communications between the devices can be easily traced or encoded. Although the standard contains the possibility of listing particular devices as no longer being secure, there is nothing to indicate the authority in any way to know when a device has been cracked in offline by compromising.

## The Fourth Attack:

This attack is similar to the above one. From the above attack we can say that if anyone can able to find the private key then he can find the private key for any key selection vector. To find 40 independent KSV's he goes on average number of devices. For 56 bit keys we need to do 820 brutal force attacks. This takes time but it is feasible in couple of years post HDCP adoption. This attack fudges the central authority fully and essentially renders HDCP useless.

Let's see how key part and HDCP works and how transmitter authenticate the receiver. Let's consider a connection between an HDMI compliant DVD player to an HDMI complaint TV, and trying to play a disc. Before sending the HDCP video, the player will do a handshake with the TV.

The purpose of handshake is to authenticate each other and to find the secret key known to both the devices, using the secret key we can encrypt the video and can sent across the HDMI cable

Each HDCP devices consist of a secret vector which was maintained secret not to be revealed and an addition rule which can be revealed to anyone and defines the way of adding the vectors to calculate the secret key to authenticate each other. Both secret vector and the additional rule are assigned by central authority.

With an example it will be clear, let us consider the HDCP device consist of four keys instead of forty keys for better understanding.

## SECRET VECTOR

## ADDITION RULE

A

(26, 19, 12, 7)

(1)+(2)

B

(13, 13, 22, 5)

(2)+(4)

C

(22, 16, 5, 19)

(1)+(3)

D

(10, 21, 11, ,14)

(2)+(3)

Suppose A and B wants to do handshake, A applies B's addition rule to his vector (2) + (4).A will take his second and fourth vector and add them so it will be 19+7 = 26. B will also do the same, that he applies A's addition rule (1) + (2) to his vector that is 13+13 = 26.But inn the real life the numbers are very big about 17 bits.

In this we can see that in order to do an handshake A should know B's secret vector and B should know A's secret vector. And from the above example we came to know that both the addition result was same, that's not a coincidence it was done by central authority in generating secret vector to ensure that both parties get the same answer by using special mathematical calculations.

So by knowing the secret vector, A and B gets authenticate each other and encrypt messages between each other.

This seems to be very cool but it has a very big problem. In this case if any four devices conspire they can easily break the security of the system. If A, B, C and D try to figure out the secret vector of some other person let's say E whose addition rule is (1) + (4).

Let's say that the E's secret vector be (a, b, c, d) all are unknown. In order to find those secret vectors, A starts doing imaginary handshake with E. By applying E's addition rule (1) + (4) to A's secret vector yields 33 (26+7). So A knows that in any handshake both the result will be same, which gives the following equation

a + b = 33.......... (i)

In the same way B, C and D do an imaginary handshake by applying E's addition rule to their own vectors will yields three more equations

b + d = 18........... (ii)

a + c = 41........... (iii)

b + c = 24............ (iv)

So by doing algebraic calculations with these four equations they can find the four secret vectors of E. In this case it will be

a = 25

b = 8

c = 16

d = 10

So they can break the security of E by knowing his secret vector. This can be done to any person and their security can be broken.

By using this method they can do anything that the central authority can do to break the security of the system but in the real world the secret vector has forty entries instead of four. So in order to find one's secret vector forty devices have to conspire with their known private vectors. But this will be possible and it's only a matter of time.

TMDS decoder

Valid KSV and device key select

HDMI Connector

Encrypted signal

HD source

HDCP Cipher

Receiver

Decrypted signal session key