• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer

mkpeReport

top analysis covering digital cinema, 3-D, HFR, and laser illumination

  • Reports
  • About
  • mkpe.com
  • cinepedia.com

SMPTE FIPS Revisions Study Group Concludes

March 2012 by Michael Karagosian

The SMPTE FIPS Revisions Study Group was formed several years ago by Tony Wechselberger, DCI’s security consultant. At the time, NIST had just revised its FIPS 140-2 specification, introducing changes of sufficient scope that even DCI stepped out of the shadows and wrote NIST with its concerns. This month, the group concluded its work, issuing an excellent summary that will serve to guide future efforts of similar nature.

Several events took place that greatly helped the group with its work, underscoring the power of organizing such efforts through SMPTE. First, it received expert assistance from around the world. In particular, Mr. Taehyun Kim of DRMinside, South Korean maker of DCP and KDM creation tools, provided expert analysis of every SMPTE standard possibly affected by the changes. Taehyun’s contribution became a significant resource as the group navigated its way forward. Second, while studio execs blustered by making public statements that they had it all under control, Tony knew they were stumped and had the wisdom to reach out to the community for solutions. One of the more potentially damaging of changes was a new requirement that would no longer allow a single digital certificate to be used to decrypt content and enable link encryption. This potentially challenged the very structure of the digital cinema Key Delivery Message (KDM), at worst requiring two different types of KDMs to be used in the field. Fortunately, a clever solution was proposed by Bill Elswick of Entertainment Technology Associates, which would not disrupt the structure of the KDM. Bill’s solution was incorporated in an “errata” of the DCI specification.

A problem of equal significance existed in the intent to obsolete SHA-1 digital signature hash algorithm. FIPS experts stepped in to provide guidance for interpreting the intent of NIST and the actual applications of SHA-1 in digital cinema, eventually leading to the revelation that there would be no impact at this time.

NIST’s last impact to be dealt with was that of random number generation (RNG). Digital cinema encryption allows an optional message integrity check (MIC), in which a key generation process is employed during the decryption process. The key generation process must duplicate that at the point of encryption, thus identical RNGs must be used, with the decryption RNG seeded by a secret value supplied with the encrypted content. A MIC algorithm is then applied using the keys generated by the RNG, from which it can be determined if the encrypted data is intact. To pass FIPS testing, the RNG must be FIPS-approved. The problem is that the RNG must change in new media blocks approved after 2015, causing a MIC failure when the legacy RNG is used in the encryption process.

Fortunately, the change of RNG is a manageable problem. FIPS will allow the legacy RNG to continue to be supported, but some means must be provided in the content to indicate which RNG is used, requiring a change in the standards. But as it is only new media blocks (post 2015) that must incorporate the change, and since the encryption software itself is not FIPS-approved, it’s unlikely that anything but the legacy RNG will ever be used. As it stands today, two standards require updating to accommodate the new RNG: SMPTE ST0429-6 DCP MXF Essence Track File Encryption, and ST0430-5 D-Cinema Packaging – Security Log Event Class and Constraints. The Study Group proposes that no work on changes occur for another year, as there is no rush and it is possible that more changes may be needed.

The great irony of the several changes being made in response to those in the FIPS specification is that none of them will matter to anyone but the bureaucrats. NIST may periodically change the FIPS specification to improve security in the face of ever-increasing computational power. But in practice, the solutions to NIST’s changes that are most acceptable in digital cinema are those that preserve the status quo. It’s our nature. The dual key accommodation in the media block, other than impacting real product designs, will not be monitored as it requires studios to collect security logs, and no exhibitor is sharing security logs today. In addition, the new RNG may impact the design of real products, but, in practice, it too will be ignored in favor of the legacy RNG. This entire exercise has uncovered the real security policy for digital cinema: “do as we say, but watch what we do.”

Filed Under: Servers and IMBs Tagged With: DCI, NIST, SMPTE

Primary Sidebar

Search

Topics

  • 3-D
  • Accessibility
  • Alt Content & Advertising
  • Anti-Piracy
  • Color
  • Communications
  • Deployment Entities
  • Distributors
  • Exhibitors
  • Fulfillment
  • High Dynamic Range
  • Higher Frame Rates
  • Installations
  • Patents
  • Projectors
  • Servers and IMBs
  • Sound
  • Technical Bodies
  • Theatre Management Systems
  • Trade Organizations and Shows

Full Archives

a publication of
MKPE Consulting LLC

Footer

Important Stuff

  • About
  • Privacy Policy

Archives

  • Category & Monthly Archives
Archives date back to 2008.

MKPE

mkpeReport is a publication of MKPE, a world-class consultancy building business at the crossroads of cinema and technology.
Learn more about MKPE.

copyright © 2008 - 2023 mkpe consulting llc

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo