Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

When Authentication Keys Go Missing - Two Recent Examples

Implementations of public key cryptography have taken a hit in the last week, with confirmation that the HDCP Master Key has been publicly leaked. HDCP (High Definition Content Protection) is used as a means to protect content as it transfers from media player to display, so it doesn't really affect the ability of people to rip their digital media directly.

The impact of the leak is that it opens the way for cheap knock-off devices to be created to intercept the high definition output from media players and allow for re-recording or display in the format of choice. Using Blu-Ray as an example, the disks are encrypted with AACS and possibly BD+. This encrypted media is then decrypted by the Blu-Ray player before being re-encrypted for transmission across HDMI using HDCP for the display unit to finally decrypt and display. It is possible to rip the disks directly to other media formats, and has been for some time. This gives another means to do so, and if the AACS master key was ever leaked, it would be similar in effect to the development of DeCSS and its effect on the ability of users to rip their DVDs to hard disk.

With the compromised master key, a simple device can be built to authenticate as a valid HDCP product and have the ability to record the full output from the Blu-Ray player, or from any other form of protected stream passing across the HDMI cable (other media player output, Set-top box output, consoles, etc). Where it is probably going to see more immediate use is in the development of devices that take HDMI input and generate component output for display on older devices.

The other significant news regarding the use of authenticated keys was an acknowledgement from Microsoft that the recent Stuxnet worm was running executable files that were signed with valid Authenticode certificates. This makes it appear that the malware files have been issued by a legitimate developer and that the code is not tampered with in the meantime.

It isn't the only case of malware authors using legitimate keys to sign their malware, with Microsoft citing a case where a US credit union's keys were being used to sign malware.

In addition to making it harder to determine that the malware is actually malicious, it works towards the secondary goal of diminishing trust in the code signing system.

18 September 2010

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.