An FPGA development board was used in a man-in-the-middle attack in obtaining and transmitting an encrypted signal from an HDMI port.
Researchers from the Ruhr University of Bochum's Secure Hardware Group in Germany have cracked the copy protection system used by HDMI ports: Intel's HDCP, or High-bandwidth Digital Content Protection. In addition to HDMI, HDCP is used to encrypt video signals transferred via DVI, DisplayPort and other connectors.
"In 2010, an HDCP master key, which is intended to form the secret core element of the encryption system, appeared briefly on a website," reads the official press release. "In response, the manufacturer Intel announced that HDCP still represented an effective protection component for digital entertainment, as the production of an HDCP-compatible chip using this master key would be highly complex and expensive."
Seemingly taking that as a challenge, the team accomplished the "inexpensive" man-in-the-middle attack by using Digilent's Atlys Spartan-6 FPGA development board. It features a Xilinx Spartan-6 LX45 FPGA (field programmable gate array) in a 324-pin BGA package, two HDMI video input ports, two HDMI video output ports, a 10/100/1000 Ethernet jack, a RS232 serial port and more.
"Our intention was rather to investigate the fundamental security of HDCP systems and to measure the actual financial outlay for a complete knockout," said team leader Prof. Dr.-Ing Tim Güneysu. "The fact that we were able to achieve this in the context of a PhD thesis and using materials costing just €200 is not a ringing endorsement of the security of the current HDCP system."
The $349 USD ($199 Academic price) board serves as the "middleman" by modifying all communications between a Blu-ray player and a flat-screen HDTV without being detected. The team was able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.
Yet as the team points out, this man-in-the-middle attack could allow the end-user to burn films from Blu-ray discs, but recording directly from an HDMI port results in a large amount of data. That said, this method is "of no great practical use for pirates." But Güneysu envisions a real threat to security-critical systems used by law enforcement agencies and the military.
"Although Intel is already offering a new security system, HDCP 2.0, due to the backward compatibility, the weak point will also remain a problem in coming years," he concluded.
Intel and Digilent have yet to comment on the report.