[Infowarrior] - HDMI and Output Control

[Richard Forno]

HDMI and Output Control
Thursday April 13, 2006 by Ed Felten
http://www.freedom-to-tinker.com/?p=1004

Tim Lee at Tech Liberation Front points out an interesting aspect of the new
MovieBeam device ‹ it offers its highest-resolution output only to video
displays that use the HDMI format.

(MovieBeam is a $200 box you buy that lets you buy 24-hour access to recent
movies. There is a rotating menu of movies. Currently video content is
trickled out to MovieBeam boxes via unused broadcast bandwidth rented from
PBS stations. Eventually they¹ll use the Internet to distribute movies to
the devices.)

This is a common tactic these days ‹ transmitting the highest-res content
only via HDMI. And it seems like a mistake for Hollywood to insist on this.
The biggest problem is that some HDTVs have HDMI inputs and some don¹t, and
most consumers don¹t know the difference. Do you know whether your TV has an
HDMI input? If you do, you either (a) don¹t have a high-def TV, or (b) are a
serious video geek.

Consider a (hypothetical) consumer, Fred, who bought an early high-def set
because he wanted to watch movies. Fred buys MovieBeam, or a next-gen DVD
player, only to discover that his TV can¹t display the movies he wants in
full definition, because his TV doesn¹t do HDMI.

Fred will be especially angry to learn that his MovieBeam box or high-def
DVD player is perfectly capable of sending content at higher definition to
the inputs that his TV does have, but because of a bunch of legal
mumbo-jumbo that Hollywood insists upon, his set-top box deliberately
down-rezzes the video before sending it to his TV. Just imagine what Fred
will think when he sees news stories about how pirated content is available
in portable, high-def formats that will work with his TV.

The official story is that HDMI is a security measure, designed to stop
infringers. It¹s been known for years that HDMI has serious security flaws;
even Wikipedia discusses them. HDMI¹s security woes make a pretty
interesting story, which I¹ll explore over several posts. First I¹ll talk
about what HDMI is trying to do. Then I¹ll go under the hood and talk about
how the critical part of HDMI works and its well-known security flaws. (This
part is already in the academic literature; I¹ll give a more accessible
description.) Finally, I¹ll get to what is probably the most interesting
part: what the history of HDMI security tells us about the industry¹s goals
and practices.

Officially, the security portion of HDMI is known as High-bandwidth Digital
Content Protection, or HDCP. The core of this security design is the HDCP
handshake, which takes place whenever two devices communicate over an HDMI
cable. The handshake has two goals. First, it lets each device confirm that
the other device is an authorized HDCP device. Second, it lets the two
devices agree on a secret encryption key which only those two devices know.
Subsequent communication over the cable is encrypted using that key, so that
eavesdroppers can¹t get their hands on any content that is distributed.

In theory, this is supposed to stop would-be infringers. If an infringer
tries to plug an authorized video source (like a MovieBeam box) into a
device that can capture and redistribute video content, this won¹t work,
because the capture device won¹t be able to do the handshake ‹ the
authorized video source will recognize that it is unauthorized and so will
refuse to sent it content. Alternatively, if an infringer tries to capture
content off the wire, between an authorized source and an authorized TV set,
this will be foiled by encryption. That¹s the theory at least. The practice
is quite different, as I¹ll describe next time.