1 Introduction
Although I have been working on security, it is not doing very well, but I have recently come into contact with something new. So go around Baidu, haha, here is learning and recording, thank you for your excellent blog.
Did you know what HDCP is before? Did you think of anything based on the name? hdmi
HDCP (High -bandwidth Digital Content Protection): High-bandwidth digital content protection technology . The era of HDTV (high-definition television) is coming. In order to adapt to the high bandwidth of high-definition television, HDMI appeared.
HDMI is a high-definition digital interface standard that can provide high bandwidth and losslessly transmit digital video and audio signals . In order to ensure that the high-definition signals transmitted by HDMI or DVI will not be illegally recorded, HDCP technology appears . The HDCP technical specification is led by Intel. When users make illegal copies, this technology will interfere and reduce the quality of the copied images, thereby protecting the content.
Let's take a look in detail
2-HDCP
HDCP technology (referred to as DP) on the computer platform
The protected data content will be driven by COPP (Certified Output Protection Protocol) in the operating system to first verify the graphics card when it is output . Only legal graphics cards can output the content, and then the key of the display device must be authenticated . Only devices that meet HDCP requirements can be verified. Can finally display the content sent by the graphics card.
Generally speaking, HDCP is an encryption technology, similar to a lock, used to ensure the transmission and playback of digital content. HDCP specifications are protected by a number of patent rights, and anyone who wants to implement HDCP must apply for authorization. For example, if you want to play HDCP-protected audio-visual content such as Blu-rayDisc, PlayStation games (when outputting through HDMI), both the signal source (player or computer graphics card) and the display (TV or projector) must have a built-in HDCP key chip. Play normally . If any part of the system is not equipped with this key chip, the image quality may be reduced, and even the image cannot be played.
3-HDCP technical principle
1
The main goal of HDCP is to prevent unencrypted high-definition video content from being illegally copied and transmitted. For this reason, three systems are designed in HDCP to achieve this goal:
1. Verify protocol. An authentication process to prevent unauthorized devices from receiving high-definition content.
2. Pixel encryption. Encrypt data transmitted through HDMI, DVI and other interfaces to prevent data from being stolen or cracked.
3. Renewability. A key revocation mechanism ensures that any device violating the HDCP protocol can be ruled out relatively easily.
During HDCP transmission, both the sending end and the receiving end store an available key set. These keys are stored secretly, and both the sending end and the receiving end perform encryption and decryption operations based on the key, and a special key is added to this operation. Value KSV (Video Encryption Key).
At the same time, each device of HDCP will have a unique KSV serial number , and the cryptographic processing units of the sending end and the receiving end will check each other's KSV value to ensure that the connection is legal. The HDCP encryption process will process each pixel, making the picture irregular and unrecognizable. Only the sending end and receiving end after confirming synchronization can perform reverse processing and complete data restoration.
The KSV value of the key set of each device is unique. After receiving the KSV value, the HDCP system will compare and search it in the revocation list . The KSV that appears in the list will be considered illegal, resulting in the failure of the authentication process. The revocation key list here will be included in the multimedia data corresponding to HDCP and will be updated automatically.
Generally speaking, during the HDCP transmission process, both the sending end and the receiving end store an available key set. These keys are stored secretly, and both the sending end and the receiving end perform encryption and decryption operations based on the key. Such operations also include A special value KSV (Video Encryption Key). At the same time, each device of HDCP will have a unique KSV serial number, and the cryptographic processing units of the sending end and the receiving end will check each other's KSV value to ensure that the connection is legal.
2
①Each HDCP device has its own ID card, first check who the other party is
② Check the output terminal and the receiving terminal, send the number and you guess, (calculate) if you guess right, you will go to the next step / if you guess wrong, you will get a black screen
③ After checking, randomly generate a 128bit secret key...Video encryption transmission (AES), the paired receiving end can decrypt it (symmetric encryption technology)
④The output screen after decryption
⑤The most terrifying thing is that the verification is done every 2 seconds, and it is recalculated every 128 frames to ensure synchronization...
And it needs software/hardware support at the same time to take effect. For example, there are OPM (Protected Content Output Management Protocol) and COPP drivers (Authenticated Output Protection Protocol) in Windows.
3
Each HDCP-supporting device must have a unique HDCP key (Secret Device Keys) , which consists of 40 groups of 56-bit array passwords. HDCP keys can be placed in a separate memory chip, or inside other chips. For example, ATl and Nvdia (the world's two major graphics card main chip suppliers) can put them in the display chip.
Each device with an HDCP chip will have a set of private keys (Device Private Key) , and a set of private keys will form a KSV (Key Selection Vector). KSV is equivalent to the ID number of the device with HDCP chip.
Before the HDCP transmitter sends a signal, it will check whether the two parties transmitting and receiving the data are HDCP devices. It uses the HDCP key to let the transmitter and the receiving end exchange. At this time, the two parties will obtain a set of KSV and start the calculation. The result of the calculation will be compared by the two parties. If the calculated values match, the transmitter can confirm that the receiving end is the legitimate party.
The transmitter confirms that the receiving end meets the requirements, and the transmitter will start to transmit the signal, but at this time, the transmitter will add a set of passwords to the signal, and the receiving end must decrypt it in real time to display the image correctly. In other words, HDCP doesn’t leave it alone after confirming that both parties are legal. HDCP also adds a password during transmission to prevent the device from being secretly changed during transmission. The specific implementation method is that the HDCP system will confirm every 2 seconds, and at the same time, the sending end and the receiving end calculate the RI value every 128 frames, and compare the two RI values to confirm whether the connection is synchronized.
Leakage of passwords and algorithms is the most troublesome thing for manufacturers. In order to deal with this problem, HDCP has specially established a "revocation key" mechanism. The KSV value of the key set of each device is unique. After receiving the KSV value, the HDCP system will compare and search it in the revocation list. The KSV appearing in the list will be considered illegal, resulting in the failure of the authentication process. The revocation key list here will be included in the multimedia data corresponding to HDCP and will be updated automatically. Simply put, KSV has a unique serial number for each device, and the more natural available number is the SN number of each device . In this way, even if a certain device is cracked, it will not affect the overall encryption effect. Generally speaking, the HDCP specification is quite strict. In addition to the encryption of the content itself, the transmission process is also considered very finely. Both devices must have built-in HDCP to achieve playback. However, the last thing to point out is that there is no necessary connection between HDCP and HDMI or DVI (DVI interface generally refers to DVI. The full name of DVI in English is Digital Visual Interface, and it is called "Digital Video Interface" in Chinese.) At the beginning of the formulation of the HDMI standard, the support for HDCP has been considered in detail, and the HDCP encoding engine is built in the main control chip. Therefore, in terms of copyright protection, it is much ahead of the DVI technology. [4]
4
1. Authentication Protocol (Authentication Protocol) Every device (sending end and receiving end) that supports HDCP technology has a set of globally unique device key set (Device Key Set) uniformly distributed by Digital Content Protection LLC, which consists of A set of device private keys (Device Private Keys, DPKs) and a matching Key Selection Vector (Key Selection Vector, KSV) are composed. The former consists of 40 different 56bit binary numbers (strictly confidential), and the latter is a 40bit binary number.
Before the two HDCP devices transmit data, according to the authorization and authentication protocol, the transmitter and the receiver first read each other's KSV value. Then according to the KSV value of the other party, select a part of the key from its own DPKs value, and calculate the respective shared secret value (Shared Secret Value) through a specific algorithm. According to the design of HDCP, if both parties submit the authorized KSV value, The calculated shared secret values should be equal, otherwise the connection to the device is illegal.
- Data encryption/decryption
When the device legitimacy verification is successful, the data is transmitted between the devices. The HDCP password module (HDCP Cipher) calculates a 24bit pseudo-random encrypted data through a specific algorithm according to the shared secret value generated during the authorization authentication process. The data is XORed with the 24bit content data transmitted by three TMDS (Transition Minimized Differential Signal) channels of HDMI (High Definition Multimedia Interface, high-definition multimedia interface), and the result is sent to the TMDS encoder to generate The TMDS signal is then sent out. At the receiving end, the corresponding 24-bit pseudo-random decryption data is generated by the same mechanism and shared secret value to restore the content data.
In order to deal with key leakage, HDCP has specially established a "revocation key" mechanism. As mentioned above, before the HDCP system works, it will first check the KSV value of the sending device (this value is actually the serial number of the device, which is unique). After the HDCP system receives the KSV value, it will compare the KSV value contained in the video The revocation list in the data. If the KSV value appears in the revocation list, the HDCP system will judge the transmission device as an illegal device and refuse to connect. It is worth mentioning that, in order to prevent the DPKs of authorized devices from being leaked and used to manufacture illegal devices and steal data, the revocation list in HDCP will be updated with the update of video programs. Such a design can guarantee the reliability of the whole HDCP system. Even if a HDCP transmitter or receiver is cracked, it will not affect the entire HDCP system. And once the device is cracked, it will not be able to play normally when playing the subsequently updated movie content because KSV is added to the revocation list.
HDCP completes the encryption/decryption of signals through a special TMDS coder/decoder. [5]
Software and hardware equipment
As mentioned earlier, HDCP needs the support of software and hardware, and all devices involved in content transmission are indispensable. Microsoft will integrate the protective content output management protocol (OPM) in the new generation operating system Vista to confirm the performance of the display device and HDCP support before outputting content . At the same time, as the main carrier of high-definition video, Blu-ray and HD-DVD The HDCP standard will also be implemented.
The video source playback and display terminal equipment will realize the secondary encoding/decoding of signals through the built-in conversion chip, and the products involved include display cards, DVD players, TVs, monitors, projectors, etc.
HDCP is realized through the digital interface DVI-D or the new HDMI, and the latter is more commonly used and has both audio/video transmission, which almost becomes a symbol of supporting HDCP. However, HDMI+HDCP seems to have a high reputation only in the field of home appliances, and has almost become the standard configuration of new products, which is far ahead of the actual application. However, due to future compatibility and pressure from upstream protocol makers, equipment manufacturers dare not neglect.
In the PC field, although Microsoft has been "warning" that Vista can only support HDCP protocol display cards and corresponding drivers, the repeated ticket bounces have given accessory manufacturers more reasons. The HDCP protocol is used to prevent video content from being completely copied during transmission . This technology does not prevent digital signals from being illegally recorded, but encrypts digital signals so that illegal recording methods cannot achieve the original high-resolution image quality . To support the HDCP protocol, digital video interfaces such as DVI and HDMI must be used. Traditional analog signal interfaces such as VGA cannot support the HDCP protocol. However, not all LCD monitors with DVI interface support the HDCP protocol, and must pass through a certified monitor with a corresponding hardware chip.
https://blog.csdn.net/liangxiaozhang/article/details/20637223
https://www.docin.com/p-2143784720.html
https://baike.baidu.com/item/HDCP/2654587?fr=aladdin#4
https://www.yywwg.com/6088.html
https://product.pconline.com.cn/itbk/diy/graphics/1107/2475791.html