• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer

mkpeReport

top analysis covering digital cinema, 3-D, HFR, and laser illumination

  • Reports
  • About
  • mkpe.com
  • cinepedia.com

DCI and NIST: A Boondoggle-in-Waiting

February 2010 by Michael Karagosian

The value of the DCI specification is the agreement among studios on distribution packaging and security. Distribution packaging is homegrown: the concept was developed in SMPTE before DCI was even formed, with the result that the industry has a lot of control over changes in the packaging format. But not so for DCI’s security concepts, most of which rely on specifications by the National Institute of Standards and Technology, known as NIST. Although NIST once hosted an event in Maryland around 2002 to discuss digital cinema, NIST’s primary role in security matters is to ensure that government agencies have well-defined and well-regulated security technologies. NIST has no connection to the entertainment industry. But the entertainment industry now relies on NIST, and therein lies the rub: a rub that likely cannot be fixed.

It has been known since 2005 that NIST planned to update its core security specification, FIPS 140-2, to a revised FIPS 140-3. But in January 2010, NIST released a revision to Annex A of FIPS 140-2, which requires compliance to the new FIPS 180-3 Secure Hash Standard, updated from FIPS 180-2, and FIPS 186-3 Digital Signature Standard, updated from FIPS 186-2. The new standards call for changes in the use of the SHA-1 and SHA-256 algorithms, used in digital signatures. SHA-1 is also used in content packaging. In particular, NIST FIPS 186-3 imposes a new requirement to not reuse digital signature key pairs for other purposes. Further, NIST SP800-57 Part 3 says that a “server’s TLS keys should not be sued to support other applications.” These requirements will impact media block designs, which use the same public key to decrypt KDMs, sign security logs, and conduct TLS sessions. Manufacturers are told that equipment tested after December of this year must follow the new rules. But NIST also makes it clear that it will review existing certifications and will remove references to no-longer-valid algorithms.

The full impact on existing digital cinema equipment remains to be determined. While the core algorithms and key lengths used in digital cinema appear to be consistent with those in the new FIPS 180-3, the new rule restricting reuse of keys will likely impact the design of equipment to be approved after 2010. Possibly more worrisome is a statement on the NIST site that says: “Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010.” SHA-1 is the algorithm used for digital signatures in digital cinema equipment, and is used in content packaging with the “message integrity code”. While not made obsolete by FIPS 180-3, the algorithm will likely be made obsolete by a future version of the standard, which could be incorporated in the final FIPS 140-3.

To manage the obsolescence process, NIST explained in its January recommendation regarding the end-of-year transition that equipment operation in a “FIPS-approved” or a “non-FIPS-approved” mode is possible. At first, this appears intriguing. It may be possible to simply freeze digital cinema in the use of its current security algorithms, while newly approved equipment must add the new FIPS-approved algorithms to become FIPS-compliant. But this would create a situation where the algorithms used in digital cinema would no longer be tested in the FIPS-compliance process. The NIST document released in January had this to say: “For practical purposes, it may be necessary to extend the use of some algorithms, key sizes and protocols to allow a non-interruptive transition as agencies procure and replace legacy solutions.” In other words, NIST recognizes the problem, and relies on your tax dollars to fix it all up.

But tax dollars won’t fix up digital cinema. JP Morgan and its syndicate banks behind DCIP do not want to hear about early equipment obsolescence. DCI has yet to take steps to learn the probable impacts to its specification by current and future changes by NIST. In February, DCI simply asked SMPTE to investigate and fix digital cinema standards per the new NIST standards. But can changes really take place if they cause the obsolescence of existing equipment? Is DCI evaluating this from a business-impact perspective?

Even if early obsolescence doesn’t occur through NIST’s current actions, it will likely occur in the future. The elegant way to prevent early obsolescence is for the industry to decouple from NIST and “roll its own” security specification. That, in fact, was the response given your author by Peter Kim, when asked how other industries do it. Mr. Kim is the NIST expert responsible for much of the security-related “errata” in the DCI spec. Of course, the last thing to happen will be for the major studios to quickly agree on spending money to underwrite a new industry security specification. However, DCI may have no choice but to eventually decouple from the FIPS 140 standard.

In a nutshell: the studios created a specification they cannot control, the manufacturing industry has spent millions trying to comply, uncontrollable changes are starting to occur, there is no one to complain to (that will listen), and it may require a fix that the industry isn’t prepared to pay for. Long live DCI compliance.

For reference, a list of links to FIPS-related documents, including the January 2010 transition recommendation, are posted at http://www.mkpe.com/isdcf/. (Scroll to bottom of page.)

Filed Under: Distributors Tagged With: DCI, NIST

Primary Sidebar

Search

Topics

  • 3-D
  • Accessibility
  • Alt Content & Advertising
  • Anti-Piracy
  • Color
  • Communications
  • Deployment Entities
  • Distributors
  • Exhibitors
  • Fulfillment
  • High Dynamic Range
  • Higher Frame Rates
  • Installations
  • Patents
  • Projectors
  • Servers and IMBs
  • Sound
  • Technical Bodies
  • Theatre Management Systems
  • Trade Organizations and Shows

Full Archives

a publication of
MKPE Consulting LLC

Footer

Important Stuff

  • About
  • Privacy Policy

Archives

  • Category & Monthly Archives
Archives date back to 2008.

MKPE

mkpeReport is a publication of MKPE, a world-class consultancy building business at the crossroads of cinema and technology.
Learn more about MKPE.

copyright © 2008 - 2023 mkpe consulting llc

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo