DCI has a serious problem on hand, the most serious it has encountered since the discussion of implementing 6 different security systems took place prior to 2004. Just as DCI members were uneducated then as to how sophisticated digital security actually works, it remains uneducated today as to the shortcoming of FIPS 140-2. This was demonstrated this past month when a well-known studio executive asked that a letter be sent to his in-house technical expert on the FIPS dilemma they are now facing. The technical expert, a member of DCI, had previously assured this executive that no such problems with FIPS exist. Your author complied and sent a detailed description of the problem to the studio expert.
Such is the challenge posed by having a decision body that holds itself above reproach and does not readily accept input from outside its very small circle. Fortunately, Bob Kisor, Director of the Engineering Services group at Paramount, and also chair of DCI’s Technology Committee, recognizes the problem. Wade Hannibal, Director of Content Technology at Universal, and also a DCI member, also recognizes the problem. But it’s worrisome that this knowledge is not understood by other members of DCI.
The proposal put forward by your author was for DCI to formally document and publish the older version of FIPS 140-2 by making it a Registered Disclosure Document (RDD) within SMPTE. The RDD process requires that the document under consideration pass approval by a body of experts within SMPTE, in this case, the 21DC Technology Committee for Digital Cinema. Approval is a sure bet. The approval process allows a veto only if the document appears as marketing and advertising literature.
However, an RDD cannot be used as a normative reference. Because of this, the disposition of other FIPS documents that are normatively referenced in SMPTE documents must be considered. This is a sizable list, and includes:
- FIPS 180-2 Secure Hash Standard (SHAH-1 and SHAH-256 are used in digital cinema signatures)
- FIPS 186-3 Digital Signature Standard pre-June 2009 (an older version must be standardized as the 2009 version breaks current implementation in digital cinema)
- FIPS-197 Advanced Encryption Standard (AES is used in the KDM)
- FIPS-198 Keyed Hash Message Authentication Code (HMAC) (used in the SMPTE KDM and DCP)
- FIPS SP-800-38A Block Cipher Modes of Operation Methods and Techniques
The FIPS dilemma is the most contentious issue DCI has had to deal with since the development of its specification. This report will continue to review DCI’s efforts, or lack of it.