Salt Mines, Key Chains and Media: Three Things AV Should Know About HDCP

It’s dark, cramped and dry.  A single elevator slides more than 600 feet underground creaking to a stop to deliver a solitary visitor and their payload ⁠— a locked case carrying an original 35 mm print.

What’s in that case?

The original celluloid print of Star Wars? Something more modern like Christopher Nolan’s 35 mm cut of The Dark Knight Rises?

Whatever it is, it’s destined for storage in a secure facility, locked into an abandoned salt mine below the Kansas plains.

The facility is responsible for storing media in its physical form. Access is tracked and logged, no copies can be made or exit the mine, and when it comes time to distribute a film, each reel is tracked and hand-delivered to theatres under lock and key.

It’s been a while since delivery trucks were used to hand deliver cooled metal cases of media to movie theatres.  Instead, they now receive a “digital content package” (DCP) on what amounts to a shipping container with a set of drives that are plugged into a digital cinema projector. Importantly, the DCP contains a set of security mechanisms that allow the reconstruction of the film content at a particular time, at a particular theatre, etc.

Fast forward to to the early 2000s.  Intel, and the computing industry, now know that digital media distribution won’t be limited to expensive, licensed cinema projectors ⁠— instead, users want to buy, watch and store content on their own device.  This means a security algorithm needs to be developed that can ensure content, when decoded and played on a device ⁠— isn’t simply being recorded and redistributed. (Read more on analog-to-digital transition).

Their motive ⁠— become a valid distribution platform that keeps Hollywood happy. After all, outside of gaming and enterprise productivity, isn’t media and entertainment a massive market?

Intel then decides it’s in their best interest to act both as keymaster and enforcer for modern digital content protection.

Enter HDCP.

If you are an AV integrator, consultant or simply have to deal with AV room systems ⁠— you’ve probably run into the problems that HDCP creates.  When you plug your OSX laptop into a wall plate so you can look at your device on the room display and all you see is black ⁠— that could be HDCP.  So what is it?  How does it work?  Well ⁠— there is no locked salt mine, instead HDCP, a protocol that operates over the cable, is the vault.

At a high-level, it’s pretty straightforward. The protocol operates over a video cable between a source and receiver pair (e.g., a DVD player and a television) and is intended to ensure that only authorized receivers can receive and display HDCP protected content. When HDCP content needs to be transmitted, the source initiates a request for authentication.

The cool mathematics are out of scope for this article, but in general, the transmitter sends a unique identifier (called a key-selection-vector, KSV) along with a random number to the receiver. The receiver, in turn, sends its own KSV to the transmitter. Both then use each other unique identifiers and their own secret encryption key to generate a secret session key.  Because all of the unique HDCP identifiers are mathematically related, the computation results in both devices holding an identical secret value.

What’s cool about this is that secret value will be used to feed the encryption algorithm that will be used to transmit the protected content ⁠— but ⁠— it’s never been transmitted between the sender and receiver.  This means, even if I was listening in, I never get hold of the session key. From there on out, the content is encrypted by the sender and decrypted by the receiver before display.

If I’m not a valid receiver (e.g., someone who cooks up an HDMI capture/store device in their maker space) my session secret will be different than the one generated by the transmitter and I can no longer view the content. Even more simply, if my display simply doesn’t hold a unique KSV because it’s not licensed to display-protected content, the sender can just stop sending, resulting in a black display.

Where could this go wrong?

Oh, so many places. If you’re designing a room that, for example, allows users to plug into the HDMI on the table, but that table port runs into a video switch ⁠— that switch needs to negotiate a special form of HDCP that includes the repeater. If your video switch is a simple two-port switcher you picked up at Best Buy ⁠— then it probably won’t implement HDCP and no protected content makes it to the display.

As promised, here are three things to remember when thinking about HDCP:

  1. The transmitter decides when and when not to enforce HDCP. I use a MacBook and OSX decides when to implement HDCP based on the devices it is connected to. If you connect a MacBook to a device that supports HDCP, your MacBook will discover that and then enforce it. Why is that a problem? Consider the case where you plug your MacBook into a video switch that has HDCP “on,” which then goes to a display that does not have HDCP. The switch will cause your MacBook to enable HDCP, but by the time that encrypted stream reaches the display, it’s unable to show content ⁠— back to the black screen. Keep this in mind ⁠— look at ways to modify devices in the signal path to only support HDCP when the transmitted explicitly needs it.
  2. HDCP is not always secure. In fact, earlier versions of HDCP have already been compromised (leave it to smart mathematicians to uncover any vulnerabilities). Intel admitted that even the 2.0 algorithm has been compromised and has released updates to the approach. Rumor has it that a Chinese company is building workaround devices to force HDCP back into 2.0 mode so it can continue to be vulnerable.
  3. HDCP is not always on.  This is implied in the first point.  But keep in mind that HDCP is enabled when the transmitter decides to enable it. For example, watching a purchased video in fullscreen from iTunes will certainly entail HDCP on your video outputs. Watching that same video in a window on the desktop may not. These decisions are based on the operating system/hardware that manages the media and are often related to “fair use” law.

What’s the punchline here?

Much like the days of manual distribution, no system is secure and no system is without inconvenience.

AV integrators and installers should at least understand the media distribution issues related to protected content and be able to make informed decisions about how to design rooms that will allow users to do what they need in the space to be productive.

You should understand HDCP so your customers don’t have to even know it exists.

This column was reprinted with permission and originally appeared here.