If the FBI had the patience, it could wait for quantum computers to emerge that likely will make a walk in the park of present-day encryption. The good news is that the crypto community doesn’t expect such computers to emerge until around 2030. The bad news is that your iPhone will be long dismantled and recycled by that time, encouraging the FBI to find faster means to break into your top secret encrypted iMessages to family and friends. For digital cinema manufacturers who can afford to wait, encryption obsolescence is your friend, as it’s going to drive a lot of sales. But for those making media blocks, change will come sooner than you think. The KDM you know is doomed.
The US National Institute of Standards and Technology (NIST) establishes the security policies employed by digital cinema. Security is an ongoing process, and over time, security standards must get tougher to keep up with advances in technology. The KDM employs a “public” key-driven asymmetric encryption on the content keys and other secrets that it carries, in a manner that allows the media block to decrypt it with a “private” key. The nature of the encryption method used will be disallowed in new designs after December 2017. (Unless, of course, NIST moves the deadline.) The engineering changes required are likely to be tedious, but probably less onerous than the process of deciding and documenting the changes in DCI and SMPTE.
In practice, a revised KDM means that there will be dual KDM types in the field. But unlike the DCP, which is one-to-many in nature, KDMs are one-to-one. That is, a KDM will only work with one media block. If a media block is designed to accept the new KDM-type, then the KDM generation process must accommodate it. Accurate information will be needed at the time of KDM generation to insure that the right type is generated, but, fortunately, duplicate versions of KDMs, old and new, will not be needed.
DCI’s security consultant, Tony Wechselberger, has diligently waved the flag to warn that the deadline is on the horizon. But it appears this is one of those areas where nothing will get done until an emergency occurs. The reason is simple. The engineers needed to develop new products are likely the same engineers that will be charged with the formation of revisions to current specifications. With small exceptions, media block specifications have not changed so significantly as to cause an outburst of new designs. But the deadline almost assures that there will be a rush to get new product tested before the end of 2017. Pity the one who misses the deadline, as that’s the person who’ll shoulder the burden of pushing revisions through the committees.