BSidesMCR 2019: Making A Subset Difference: The Crypto In AACS - Rael Sasiak-Rushby

thank you for there's a lot more than the three people that said their being here yesterday I only have to throw up waffles for 25 so I'll put them out here at the end making a set different so hopefully you came here she thought that sounded intriguing and you didn't think the crypto meant crypto currency this is all about cryptography here I'm gonna stop for the disclaimer this is based on my understanding of the a ACS specification I've never had to fully implement this I don't work for those kind of companies I've not even seen code for an implementation of it I'm sure it's under NDA's and stuff like that I'm presenting this because I didn't find information

when I was trying to look at this stuff so essentially this was something I thought was interesting I was looking into anti-piracy measures and there was no kind of material telling me what they had a subset difference wasn't one what does it do why is it useful how does it work if you see errors in these slides if you see error ism how I've interpreted things or if you know better because you've done this kind of stuff before let me know you can either shout out and everyone knows here or let me know I'll update slides and post Corrections everywhere don't worry about it what I gonna be covering let's say I already go into that much in the kind of

the description so a brief description of what a ACS is so if you're not aware what ACS is I'll be going to an explanation of this subset difference tree so that's the kind of meat of this subject what that is how this kind of tree structure in the key system allows you to revoke users stop people being able to access media and how it enables efficient revocation of non-contiguous sets so saying that you don't have to be within this particular contiguous set you can have this person revoked and this person and this person but everyone in between them is allowed to still access that media at the end I'll be sharing a link to a reference code base

I've been working on because I find it really easy to learn this kind of stuff by actually coding it testing out finding out that it works the way I think it should work there's a whole bunch of things I found out by implementing it that I did realize and if I talk really fast then I've also got some slides at the end that might help you if you start to look into the specification a couple of gotchas one thing that i think is wrong in the specification just some useful hints and tips essentially what is a ACS so the advanced access content system it's basically the the new new thing after we had CSS for DVDs so if you want those

people that like me as DVDs at home and you've ripped all of them onto our hard drive because you know DVD decrypter is a thing this is the new and improved version that was brought out to stop people ripping all the blu-ray discs and that's why you don't find blu-ray disc rips online but you do anti-piracy methods also HD DVDs if you even care about those things that don't exist it's a collaboration of a number of the big players basically they all got together form this AACL Licensing Authority and said this is how we're going to encrypt stuff from now on so what are the aims of it so for this is designed for mainly

disk media and so to protect the media from being accessed by unlicensed devices so you've got to have a device that has a specific license and you've got a keep they've got a key that they have obtained from the licensing authority that allows you to decrypt that media if they find that someone a manufacturer say Sony has implemented it wrong and you're you've you as an end-user have now got access to copy that media they want to be able to revoke that drive so that from then on that drive can never decrypt any media in the future thus you know preventing more blu-rays being ripped in the future a really important statement here really is that it's the revocation of stateless

receivers so what we mean by that is these receivers do not necessarily have an update function in fact you should assume that they don't have an update function because that will get around some strategies about people that just refuse to update things look for example at the ps3 where we had the Linux kernel vulnerability we used to be able to run a little sub system on it and then they kind of patch that out but there's a whole bunch of ps3's that still have the old version because people kept it and stopped patching it so they could keep these old versions of ps3s it should not is significantly impact this disk space so when we're looking at

digital disk media space is a premium if I can have an extra 100 megabytes that's more quality I can put into the content maybe I can put in some additional select like some additional scenes or some cutscenes or something like that so we really want it to take up minimal space on the disk while still providing that great security that we need and it should be coalition resistance so if I put two machines then that doesn't necessarily give me access to anything else and no matter how many machines I phone if I revoke all of those pwned machines then I still can't even with the sum of all that secret material somehow access the media so replication

of stateless receivers it gets mentioned in the specification and it's mainly based off of this paper the replication and tracing schemes to stateless receivers so this paper goes into how this gets implemented it goes into a previous version of it or the kind of academics behind the original but ases then takes a different slightly different approach and how it implements it and it's kind of like a more updated version but the basic assumption is we don't assume that anything can be updated remotely so we don't have the non pop strategies but a con of this is that we can't revoke access retro actively so if you know anything about DVD or blu-ray disk decrypting you'll

know that when a snoo revert revocation list gets like when a new revocation list comes out then you can no longer decrypt anything from then on but you can still decrypt any discs released before that new revocation came about because there's no way of them actually actively stopping you getting a disc that was two years old and a device that was two years old and that still works so yeah device can still to any media from before it was revoked but you know the idea is that from now on you can't get the next blockbuster film that comes out on blu-ray discs or you can't get the next cool media that comes out so quick little three point

rundown on how the actual media is encrypted it's a V a SCV seed so you just have a joint CPC of the entire media or splits of media each piece of media is a title all of the title keys are then encrypted with Lotz known as a media key and then to get a media key you go through the subsets different system so realistically you need to retrieve one key which then decrypt a whole bunch of keys which then give you your stream keys but this is the real this is the key we really care about usually and the media key could be derived the device can derive a media key by looking at its set of device keys

that it was given when it was manufactured and it can if it's not revoked figure out that media key enables it to decrypt the type of keys enables it to decrypt the media all right the meat of this presentation what is a subset difference tree what does it do how does it work why is it great it's really quite interesting I'm gonna start off if you know anything about kind of video decrypting the stuff you'll note recognize the form of Doom 9 and this is probably the only piece of informative blog forum post you'll find about AES the only one I could find and he was trying to describe or they were trying to describe how subset systems work and

they use the analogy of a truck so if you imagine each device is a truck with a trailer inside that trailer is a whole bunch of crates which are protected with keys of some sort you're on a very like weird system but you can know you cannot reverse and you cannot take corners of greater than 90 degrees right so these rules will be in the corner when I show you this image which hopefully makes this make a bit more sense so here we've got truck down here this truck can go up there it can make this corner cuz it's 90 degrees can make this comics is 90 degrees make that one but it can't get

to there it can't get to there it could go all the way here can't get to there can't get to there because that's less than 90 there there you can kind of see how it gets to certain places but there's certain places it can't get to and so you could imagine that if we have crazy supply crates to this and the keys for it or in these car parking spaces that truck cannot access any of the crates but if it can get to if we've got two crates that are in there but one crate that's in there it can drive around open that one crate it's got its media key so just for even more clarity on that

the truck is your device the crates are the encrypted media key data entries they are on the disk alongside the media the cup the codes of the car parking locations are what's called processing keys the price inside the crate is not obviously a media key and every Junction there I'm just going to time as a node so it's a it's a point in which we can make a decision on where we go next and we have a piece of information we can derive further information it's important to know that you don't ever actually go up the tree that's just for the use of this analogy you only go down from certain spots so I guess you could

say that so here's a kind of junction junction a junction B we could say there's a nodes that's the junction aids processing key and instead of going up we think with portals we just portal up to a certain location that we could have gone down and we start navigating down from it let's already get into the crypto on that so what do I mean by that well each nodes key is derived from a higher key in the tree all right so when we had a node you can figure out any of its sub nodes any note that comes down from it because you do basically three times and you get left processing key and right so if you have that key you

can get to the left right and the processing here if you have one of those keys you can get to any keys below it and that kind of funnels down and that allows you to get any key that's not one that any key that you've got a parent of you can get to how are we going to use this well when you are giving a device you have signed it somewhere on the tree and the bottom level of the tree is what known as device node numbers and each device is one place there as a device you get every key that is one different from your path to the root of the tree now that sounds really crazy and you

probably don't know what that means it's really hard to visualize it don't worry I'm gonna explain it say we've got this lovely looking tree here and these will be device node numbers and there's a tree going upwards if I'm this device down here I'm not allowed to know any of this information because if I could get this I could derive mine if I could get this I can derive mine I can never derive my processing key if I get one that's one different that means I can get this one I get that one over the left there and I get this one on the right here and those are the only three device keys I get in this system

but from that I can obviously derive the lower keys and you can see that I can get to any key here that's not in purple and hopefully that makes sense to them how I'm taking the original nodes as a as a device I get get given these and I can derive any of the lighter green ones here so what does that mean for replication in this system well replication is fairly easy we essentially just encrypt that media key with something that your device cannot access so something along your path essentially so if we go back to this diagram here it's helpfully already labeled the P here that's in red is any places that truck cannot get to so if

that truck is to be revoked we just encrypt the media key with one of those entries that truck can never get to it but hopefully you can see that if the truck was here and we use this one and it was here it could get to it every other truck can get to that location and so on so well let's say I wanted to revoke these two well I can encrypt it with that key because neither of these two trucks could get there but every other truck can phone or revoke these two as well in this contiguous set here she's gonna move that up and thus I can encrypt that and hopefully you can see

that none of those trucks could ever get to that car pong space again this whole side of it could get up there if they wanted to they can retrieve that key now the problem arises when we added a non-contiguous set so how could what if we want to revoke here there is no car parking space here that those flies can get to those fight can't get to that these three could still get to essentially if we revoked here somewhere that all of these are revoked so this is where the subsets different system actually comes into its own and that's where the more interesting part lies so it's a bit like ogres which are like onions so it has lots of layers and the

in order to do that non-contiguous revocation we have loads of layers so specification hit written here quite wordy essentially what it is for every level that we have within our master tree let's cool it if you go one level down there are two separate trees at that level on top of the existing tree so we have a three so we have a three level master tree at level one down there is two extra two level two trees a third level down from that there are four extra trees that are not as tall you take one level away each time essentially and what you say is that you can't go higher than the original tree again this all sounds very worthy and so

this is why this material is going to be available as slides and there's gonna be code and I'm gonna keep explaining it but how does this help so when we've got multiple trees what we end up doing actually is that we we can encrypt we can do one encryption per tree and that revokes all of those items underneath that encryption but then in the lower tree we can re-enable certain sections by having a tree that only certain people can access and we encrypt in there and then only bits of that get revoked and we kind of reenable revoke we enable revoke until we go down the tree and get the exact subset that we want and so hopefully this will be a bit

more if I display it visually so imagine this is our grand master tree right now everyone's unable to to access any media and then I want to revoke anything come to here so I've done a replication at this level and anyone in this triangle can no longer access this media but then in the lower tree somewhere down here again this is a different tree layer so there'll be a big tree here and a smaller tree ivory enable this set and then I might also revoke this set down here so as you can see I've now these users can get it these users these users and that those users on the end I've disabled discontiguous set here and when

we do that we have to define the pot down to this kind of sub tree here and we can actually move that across and say that this consists of two sub sets of users so we have the sub set locate rooted at level 0 so the root root tree at level 0 with a replication a depth of 2 a lot of a certain path let's say somewhere down here and then we move over and we re enable a sub set rooted at level 4 so for down the original and along this certain path of the original and then we can revoke again at a depth of 1 within that tree again I realize this might be confusing hopefully it'll

make a bit more sense now I just want to quickly say that some naming conventions generally left we could give it a 0 path when we give it what right would give it 1 and so we'd never really care about the absolute root node you're never going to give that out to anyone because they could drive the whole tree but we give you 0 0 0 0 0 0 essentially and that's how we kind of denote where different places on the tree are hopefully this will give you some examples and that might help you understand things this is something that's definitely missing from most media that was finding some some examples of how this might work so let's

say we want to revoke and - here I've laid out sorry a three depth system so the top-level route we've got a three deep tree below that we've got two two deep trees and below that we've got we've got four one deep trees essentially so this is the entire system and to say I won over folks zero zero zero over there the easiest way of doing that is to encrypt within the tree a encrypt with the zero zero zero key and hopefully you can realize that all of these devices would be able to get to that in our parking system and that is the only device that cannot get to that location yes that's a simple one we

could already do that what for what are there like zero zero zero zero one we've really seen how we do this this is simple layer 1 layer revocations contiguous sets if we go to a discontinuous set so we've got the zero zero zero and the zero one one what are we going to do so we revoke with the highest level the highest common factor in the highest tree so in this case zero is the common ancestor so we revoke with that so hopefully you realize that these can all access that but none of these can right but we still want these two to be able to access the media and at the moment they're revoked

so we're also on the lowest level we're going to encrypt with these two and again zero zero zero cannot access that and it cannot access that it also kind of access any of these because you can see there's a separate trees at this point also you can hopefully see that these revoked systems can still access the keys that they would they can access some key within the media key entry so we end up with three different encryptions in the media key data entry system and each device that's not revoked will be able to find one entry that it can decrypt thus getting the title keys thus being able to access the media and just another one for good luck

you can see here that we can actually revoke these two here and with that we have efficiently revoked the only the ones that we needed and we've only done it into two encryptions but we revoked three different systems at this point so if you're like me and you want to see the code for all of this I've been working on some implementations of it I originally started off and see because I like writing AES encryption and C I've done it too many times but I also write an implementation in JavaScript and that's the one that actually runs fully because I didn't bother implementing AES you can run an example of it I also include example the examples in these

slides so you can run code for them and see which bits can be encrypted decrypted you can run through the bit streams that happen you can see when revocations are occurring and I'll stop quickly and ask if there's any queries now or we can go on to like the three slides of bonus material because I've got four minutes okay so yeah so the replication is how does it get used so what happens is I forget the version number of mkb were on so you get an MK B version on blu-ray disk medium and so every so often the licensing agency releases the latest mkb that they're going to use which includes the latest set of replications right from then on

anything that they've revoked can no longer access media of blu-ray discs are being created that prevents piracy in those regards it kind of prevents forward privacy in that regards until you crack into another device now it's up to the device manufacturers to store these secret material in a way that should not be reverse engineered we've already seen cracks of it there's a reason why you can crack blu-ray discs online and I'm not gonna get into this presentation I have another presentation when I talk about piracy and anti piracy this is kind of like to provide some technical stuff behind it about how pirates are keeping their secret secret and how licensing ages agency is attempting to revoke as many

it can so hopefully that answers your question yep how big is the tree I actually happen in the bonus questions bonus material so we actually have a 32-bit system in a later bonus slide I'll show you there's one bit if that is not used so there's actually only 31 possible the 31 tree depth so this 31 trees 31 layers sorry a device gets an amount of keys from a tree depth of n we have more trees for every layer so there's 31 layers they get n from each you end up with 496 different device keys each device key is just a EES encryption key so it's only 16 bytes it's about 6 about 8 kilobytes of data to put on the device

is secret material and so that's that's an important thing here we're really limiting the space here the device it only has to have 8 kilobytes of secret material stored and on the actual disk you're looking at so a common mkb record might only be 64 bytes long something like that like you need the encrypted key and a bit of information encrypted key in a bit of information so 32 64 bytes well you get longer as you do more of occations I'll see every encryption takes about 22 bytes in an mkb record but that you as you can see we can let huge Suede's of thing can be revoked in one encryption it's cool and other

questions I'll just quickly run through the slides before you cheer cheer and shout if you're reading a specification this is how nodes are defined we define them with a u mask and a V mask you must defines which tree down it's in so the absolute root master tree at level 0 has a u mask of absolutely zero the whole thing is valid and then as you can see this one would be 3d and all the paths of 1 0 0 compared to master tree I hope for that makes it a sense the master says that we're how far up in the node is so anything below it we don't care about so this node is there and then this is

just extra space confusing storage how do we store these kind of things we add a bit on the end just to signify where the end of the path is so if you have a reading the specification there's a difference between a device number and a device node number hopefully this slide explains that for you if you need to Eva Reimer on a specification is wrong this function does not do what it says it does so I added an extra check in my code but the maths doesn't quite work out I think how they expected it to there there's like basically there's an edge case here that was annoying me and I thought that I completely

misunderstood the specification about two days ago before this presentation right I know is everything hopefully you've enjoyed the talk about cryptography the github is already up there the slides I haven't put up anyway yet but I will put them up they'll be available my github and wherever else needs to be posted thank you [Applause]