Blu-ray Security: Is it Strong Enough?

By · Tuesday, January 6th, 2009

Blu-ray Security: Is It Strong Enough?By now, you’ve probably heard about what makes Blu-ray so great. It’s more than just the newest format for movie releases and PlayStation 3 games. It’s got better picture and sound quality than DVD. Last year, Blu-ray triumphed over its rival format HD-DVD which withdrew from the market in February. Also in 2008, sales of Blu-ray players topped the sale of DVD players for the first time.

It’s pretty clear that 2009 will be the year of the Blu-ray disc. And yet, there is a side of Blu-ray that hardly anyone is talking about. One of the format’s most underrated features is its incredible anti-piracy measures.

Not long ago, DVD videos were the standard for home movie distribution. To protect against illegal copies, DVDs contained a technology called Content Scramble System (CSS). The idea behind CSS was to create an industry standard disc format while also preventing users from creating illegal copies of movies.

The CSS protection system was defeated in 1999 by a Norwegian hacker about a year after the format became available worldwide. In many ways, this plus the introduction of consumer grade DVD recorders opened up the format to massive piracy.

The architects of the Blu-ray platform had to make sure Blu-ray discs could not be decrypted or circumvented like DVDs had been. What they did was develop a system of digital rights management (DRM) so complex that hackers are still grappling with it, more than two years after the introduction of Blu-ray products in the North American market.

One of the three new systems of content protection available for Blu-ray discs is called Advanced Access Content System, or AACS. Blu-ray discs may also contain other security and anti-piracy technologies such as BD+ or BD-ROM Mark.

The AACS system requires four unique codes to be read from the original disc before the movie can be decoded and played. These include the Media Key, the Volume ID, the Encrypted Title Key, and the Encrypted Content to be decoded. These keys are used to generate additional keys such as the Process Key and the Device Key, without which the movie will not work.

In 2006, hackers discovered a major Process Key used in HD-DVD and Blu-ray decryption. With this key, software could be written for quasi-legal purposes like the playback of HD content on Linux platforms. On the other hand, the key could be used in a program to decrypt and compress HD movies into an unprotected and more easily copied format.

This same situation was disastrous for DVD movies, and resulted in the development of countless programs for compressing and “ripping” DVD discs. And yet, the discovery of the Process Key for Blu-ray does not mean the floodgates have opened, exposing the format to massive piracy. With Blu-ray, content developers and hardware makers can simply switch to a new key. In fact, they did just that in 2007.

As a result, customers who watch Blu-ray movies on their home computers were required to update their player software to accommodate the new key. Therein lies the magic of AACS: if the key is discovered, it can be updated again and again. Unlike DVD, the discovery of one of the Process Keys will not spell the death of the format. To answer the question “Is Blu-ray security strong enough?” I would say yes it is…for now.

Comments are closed.