• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer

mkpeReport

top analysis covering digital cinema, 3-D, HFR, and laser illumination

  • Reports
  • About
  • mkpe.com
  • cinepedia.com

DCI and NIST: Why This Relationship Can’t Continue

March 2010 by Michael Karagosian

Last month it was pointed out that the storm long brewing over the Federal Information Processing Standard (FIPS) security requirement in the DCI specification was coming to a head. It has been known for a few years that National Institute of Standards and Technology, known as NIST, planned to obsolete the FIPS 140-2 specification, for which compliance is required by the DCI specification. The new specification, predictably called FIPS 140-3, is to go into effect 1 Jan, 2011.

No one has been noticeably panicked about this, although there are plenty of reasons to do so. Consider Moore’s Law, which predicts that available computation power will double every 18 months. Accordingly, security standards must also advance, since an increase in computational power means it takes less time to crack the safe.

However, this is a problem for digital cinema, both long term and short term. NIST is doing the right thing and evolving its standards to stay ahead of Moore’s Law. But the industry is not going to retire all of those shiny new digital cinema systems because NIST says it’s now time to up the security ante. In the long term, Moore’s Law will win, older security systems will be phased out, and newer security systems phased in. (Shhh…if exhibitors were smart, they’d start planning for this now, and figure out how they’re going to get the studios to pay for it.) In the short term, DCI needs to decouple from NIST and preserve investment by keeping the status quo for digital cinema. But this is easier said than done.

First, it’s not possible to continue to specify FIPS 140-2. Being the clever agency it is, NIST revised FIPS 140-2 in January to bring it closer to 140-3. Compliance with either the revised 140-2 or 140-3 would create havoc in digital cinema. But NIST also removes the links to older documents from its web site, complicating other work, such as that of DCI and SMPTE, when attempting to reference older NIST documents. One of the few sites with such links can be found at http://www.mkpe.com/isdcf#nist.

Under the hood, there are several reasons why the change by NIST will create havoc. More than one set of procedures in digital cinema will be impacted. The obvious problems have to do with a new rule requiring ‘one key, one use.’ The DCI specification requires multiple use of the media blocks public key: it must encrypt the AES symmetrical key in the KDM, it must be used to verify the digital signature of security logs, and it must be used to conduct TLS sessions. This multi use of the one key is, at least in regards to digital signatures, forbidden in the revised NIST standards. To do this properly under new rules requires the use of more than one certificate in the media block. The additional keys would have to be tracked in addition to the public key used for KDM encryption. (And to think that one key-pair already causes the industry more trouble than it can deal with.)

In addition, NIST plans to discontinue use of weaker security algorithms, and require use of stronger ones. The potential impact of this has not yet been quantified.

Digital cinema was not designed to support the ‘one key, one use’ rule, and if a change in algorithms is due, it would further impact interoperability. Clearly, implementation of the updated NIST standards in digital cinema is simply not feasible.

Unfortunately, the path forward is not clear cut. NIST complicates the ability of other organizations such as DCI and SMPTE to reference its older work. FIPS 140 testing agencies will no longer honor the older documents in their tests. It is possible for newer equipment to meet the new FIPS standards, but this isn’t a very good solution, either. If equipment were to pass the revised FIPS 140 standards, it would have to be operated in “non-NIST mode” to be compatible with the digital cinema standards. In short, equipment manufacturers would have to jump over expensive, high hurdles to obtain FIPS compliance under new rules, but would have to dumb it down to non-FIPS-compliant operation for digital cinema use. As ridiculous as this idea sounds, it is sadly a plausible one.

Oracles on high say that the studios, the people who got us into this mess, have an elegant answer. It has the ring of an oxymoron. But given the ridiculous alternative, there is certainly no harm in waiting to learn the proposal. Much good would take place if the oracles speak the truth. But the long term problem will likely persist. Be prepared for the industry to revisit this problem again and again.

Filed Under: Technical Bodies, Trade Organizations and Shows Tagged With: DCI, NIST, SMPTE

Primary Sidebar

Search

Topics

  • 3-D
  • Accessibility
  • Alt Content & Advertising
  • Anti-Piracy
  • Color
  • Communications
  • Deployment Entities
  • Distributors
  • Exhibitors
  • Fulfillment
  • High Dynamic Range
  • Higher Frame Rates
  • Installations
  • Patents
  • Projectors
  • Servers and IMBs
  • Sound
  • Technical Bodies
  • Theatre Management Systems
  • Trade Organizations and Shows

Full Archives

a publication of
MKPE Consulting LLC

Footer

Important Stuff

  • About
  • Privacy Policy

Archives

  • Category & Monthly Archives
Archives date back to 2008.

MKPE

mkpeReport is a publication of MKPE, a world-class consultancy building business at the crossroads of cinema and technology.
Learn more about MKPE.

copyright © 2008 - 2023 mkpe consulting llc

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo