Intel investigates how anti-piracy HDCP protocol was exposed

News

Intel investigates how anti-piracy HDCP protocol was exposed

Warwick Ashford

Intel is investigating how a master key for its High-Bandwidth Digital Content Protection (HDCP) anti-piracy protocol was published online.

The protocol is used to protect video and audio content as it is transmitted between devices by encryption and to verify the devices are licensed to share content.

Intel confirmed last week that the master key published online was genuine and is now investigating if the key was leaked or cracked, according to US reports.

The key step in HDCP is the "handshake", which establishes a shared secret key using the devices' public and private keys, that will be used to encrypt communications between the two devices.

But anyone who knows the master key and can see the initial handshake can crack the encryption key, according to Ed Felten, director of the Center for Information Technology Policy at Princeton University.

"HDCP no longer guarantees that participating devices are licensed, because a maker of unlicensed devices can use keygen to create mathematically correct public/private key pairs," he wrote in a blog post.

"In short, HDCP is now a dead letter as far as security is concerned," he said.

Almost a decade ago, Dutch cryptographer Niels Ferguson claimed to have found a way to bypass HDCP.

"If this master key is ever published, HDCP will provide no protection whatsoever. The flaws in HDCP are not hard to find," he said.

At the time, Ferguson said he had no intention of publishing his finding because of fears of legal action against him.

Intel claims it will not be easy for anyone to put the keys to any practical use, but said it will pursue legal action if necessary to protect its intellectual property.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy