Key selection vector

Key selection vector

The Key Selection Vector means the numerical associated with a Device Key Set and distributed by Licensor or its designee to Adopters and used to support authentication of Licensed Products and Revocation. It is considered a confidential set of keys used in Restricted Authentication process of the HDCP. Restricted authentication is an AKE method for devices with limited computing resources. This method is used by copying devices of any kind (such as DV recorders or D-VHS recorders) and devicescommunicating with them for authenticating copy-one-generation and no-more-copies contents. The restricted authentication protocol employs asymmetric key management and common key cryptography and relies on the use of shared secrets and hash functions to respond to a random challenge.

Role of KSV in Restricted Authentication

This method is based on a device being able to prove that it holds a secret shared with other devices. One device authenticates another by issuing a random challenge that is responded to by modifying it with the shared secrets and multiple hashings.

During the authentication process, both parties exchange their KSVs. Then each device adds (without overflow) its own secret keys according to a KSV received from another device. If a particular bit in the vector is set to 1, then the corresponding secret key is used in the addition, otherwise it is ignored. For each set of keys a special key called a KSV (Key Selection Vector) is created. Each KSV has exactly 20 bits set to 0 and 20 bits set to 1. Keys and KSVs are generated in such a way that during this process both devices get the same 56 bit number as a result. That number is later used in the encryption process.

KSVs are unique to each device

Even valid keys can become compromised (hacked), so HDCP includes a mechanism to revoke keys. The KSV values are unique to each key set and, therefore, to each device. The system can then compare these values to a revocation list, and if either the transmitter or receiver appears on that list, authentication fails. Updates to the revocation list arrive with new media and are automatically integrated. So if a key set somehow does get exposed or copied, the damage can be limited.

This revocation process does not affect other devices, even if the devices are of the same make and model. In that sense, KSV values are like serial numbers.

Exemplification:

"Suppose that Sally and Bob buy the same kind of TV on the same day at the same store. Bob somehow hacks his set, gets caught, and has his KSV value revoked. Sally needn't worry. Her TV has a different KSV value and won't be affected in any way."

Apparent KSV weaknesses

If we can find 40 linearly independent sets of vectors (A_1) keys ... (A_{40})keys, say, through reverse-engineering hardware, then we can completely break the system. At that point, one can extract the secret key array for any Xksv that he wishes.

In other cases where the separate keys are not linearly independent, it is still possible to create Xkeys for any Xksv that is within the span of the (A_i)ksv's for which we have found the private keys. There will be, however, no guarantee of them satisfying the 20 one and 20 zero bits property.

How could this be broken?

First, it is rare to find Akeys's, Bkeys's, Aksv and Bksv that have the above property that when each device does the operation, they can both come up with the same shared secret. Therefore, this means it exists a mathematical model that creates such subsets.

Since the keys are generated linearly in the given system, it appears that if someone could determine the Akeys vector from any 40-50 different systems: A_1 .... A_n, and knew the Xksv from system X (this is public information from the protocol), then he could determine the Xkeys private key array.

What do we know?

If we assume that we have 40 (A_i)ksv's that are linearly independent, we’ll have a set of n linear equations on 40 unknown –

The Xkeys key vector array:

[Xkeys] * (A1)ksv = = [(A1)keys] * Xksv [Xkeys] * (A2)ksv = = [(A2)keys] * Xksv... [Xkeys] * (A40)ksv = = [(A40)keys] * Xksv

By having acknowledgment on all the ksv's, and assuming we know the secret key vectors (A_i)keys, we can repeat the above algorithm to generate a new Bkeys for any other device with an arbitrary Bksv. Last step will be to substitute Xksv = Bksv. If the space spanned by the (A_i)ksv's doesn't span the full 40 dimensional space, we're probably OK. Either, the ksv's were designed to not span the space, or we need to get the (A_i)keys from a few more devices to round out the space.

Each additional device has low odds of being linearly dependent with the existing set. (roughly 1/2^ [40-dimensionality-of-spanned-space] ). Otherwise, this linear dependence was done on purpose. Thus, we know that all other ksv's are in the space spanned by the one we're given.

Through a linear combination of any known ksv (with 20 one bits and 20 zero bits) and (A_i)key's we can construct a valid Xksv and Xkeys already know. The only trick is finding a Xksv in the subspace that has the required number of 0 & 1 bits. This is the only potentially difficult part, though given a concrete example, it would not be difficult to solve.

ee also

* HDCP
* Hash Functions

External links

* [http://wwwdi.ujaen.es/~mlucena/wiki/pmwiki.php?n=Main.LCripto Cryptography manual]
* [http://cryptome.sabotage.org/hdcp-4attacks.htm Apparent HDCP weaknesses]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Support vector machine — Support vector machines (SVMs) are a set of related supervised learning methods used for classification and regression. Viewing input data as two sets of vectors in an n dimensional space, an SVM will construct a separating hyperplane in that… …   Wikipedia

  • Cloning vector — The pGEX 3x plasmid is a popular cloning vector. A cloning vector is a small piece of DNA into which a foreign DNA fragment can be inserted. The insertion of the fragment into the cloning vector is carried out by treating the vehicle and the… …   Wikipedia

  • Plant transformation vector — Plant transformation vectorsPlant transformation vectors are plasmids that have been specifically designed to facilitate the generation of transgenic plants. The most commonly used plant transformation vectors are termed binary vectors because of …   Wikipedia

  • HDCP — Не следует путать с DHCP. У этого термина существуют и другие значения, см. HD. Работа с оптическими дисками Оптический диск Образ оптического диска, ISO образ Эмулятор оптических дисководов Программное обеспечение для работы с файловыми… …   Википедия

  • High-bandwidth Digital Content Protection — (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio and video content as it travels across DisplayPort, Digital Visual Interface (DVI), High Definition Multimedia Interface (HDMI),… …   Wikipedia

  • KSV — can refer to:*Karyakshama Seva Vibhushanaya, A military decoration Sri Lanka. *Key selection vector, The numerical associated with a Device Key Set and distributed by Licensor or its designee to Adopters and used to support authentication of… …   Wikipedia

  • Megatron (Beast Era) — Megatron Decepticon/Predacon/Vehicon Japanese name Beast Megatron Sub group Deluxe Beasts, Transmetal, Transmetal 2, Ultra Beasts Function …   Wikipedia

  • Scale-invariant feature transform — Feature detection Output of a typical corner detection algorithm …   Wikipedia

  • radiation — radiational, adj. /ray dee ay sheuhn/, n. 1. Physics. a. the process in which energy is emitted as particles or waves. b. the complete process in which energy is emitted by one body, transmitted through an intervening medium or space, and… …   Universalium

  • List of algorithms — The following is a list of the algorithms described in Wikipedia. See also the list of data structures, list of algorithm general topics and list of terms relating to algorithms and data structures.If you intend to describe a new algorithm,… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”