The DVD Content Scrambling System Explained (Part 1)
This next series of posts will explain the DVD Content Scrambling System (CSS), beginning with an overview of what CSS was designed for and how the details of the secret algorithm became to be known. Part 2 will give a functional overview of how DVD movie data can be decrypted only after disk and title keys have first been decrypted. Finally, Parts 3 and 4 will finish by explaining the actual decryption algorithms used for decrypting the two keys and the movie data. I originally wrote all four parts for a university course in which I implemented DeCSS (the CSS decryption procedure) in hardware.
What Is the Content Scrambling System?
Most commercial DVD movies discs are protected by the access control scheme known as Content Scrambling System (CSS). This system was designed to restrict the viewing of a movie to only authorized playback devices. It does this by way of encrypting the movie data and charging manufacturers of DVD playback devices licensing fees for the use of a decryption key, called a player key. In addition to paying for a license, manufacturers must agree to implement several restrictions within in their player to obtain they key. Such restrictions include limiting where in the world the movie can be viewed, preventing the movie from being recorded onto a VHS video cassette by using Macrovision technology, ensuring that certain movie sections cannot be fast forwarded past, etc.
The content scrambling system was also designed to help prevent simple forms of piracy. This is accomplished by storing the movie in an encrypted format. Thus copies of a DVD movie file made to a hard drive or to a writable DVD would not be playable. However it must be stressed that this encryption only prevents casual piracy from taking place. Using professional duplication facilities, one could copy an entire CSS protected DVD disc, including the encrypted movie as well the decryption keys. Commercial DVD burners are in fact restricted, in that they do not allow burning of the decryption keys needed to watch a movie.
Though CSS was initially a closely guarded trade secret, a reverse engineered software implementation of the CSS decryption algorithm was anonymously published on the Internet in 1999 as part of a Linux DVD player project. The Motion Picture Association of America (MPAA) used litigation to try to try to contain the algorithm, filing hundreds of lawsuits including famous cases against a 15 year old Norwegian, a magazine publisher, and a CMU university professor. The action backfired, causing the source code to be widely spread and the algorithm to be well studied. (More history of DeCSS is given in the series A Brief History of DVD Copying)
|< Prev.||Jump to Part 1, Part 2, Part 3, Part 4.||Next >|