Trusted End

End-to-end security has become the norm, at least as far as the common requirements go. it all makes sense of course, as no one wants to be vulnerable to any unwanted / untrusted man-in-the middle. The end-to-end security concept removes that man-in-the-middle risk. But the real question then comes up - who is the other end and how can it be trusted? This is where the concept starts becoming tricky.

One example I brought up a few weeks ago was HDMI, and more precisely HDCP (the copy protection scheme). Digital content providers consider the end-to-end concept as their core requirements. Up until recently online services such as Netflix, Amazon Prime and similar were not available on Raspberry Pi for example, as this platform was not considered a trusted "end". Apple TV and other "locked" media boxes were considered trusted ends. The worry was - of course - that someone would come up with a piece of code for Raspberry Pi which could grab the protected content and dump it to a video file, which in turn would be uploaded to a file sharing service. This changed recently with the official availability of Widevine DRM for the Raspberry platform.

This actually does not change much. At least for the bad guys, as this whole concept of HDCP is flawed. It does not protect against anything and only results in unnecessary frustration when it does not work for legitimate users. The reason is, while it is designed to be end-to-end secure (and thus extending the end-to-end security of cloud-to-the-box security over to the other end of the HDMI cable), it has no concept of identifying what is "the other end". The assumption is the other end is a TV screen, where the end-to-end encrypted content is decrypted. But the way a very simple HDMI matrix switch works is it looks to the signal source as the screen (while it is just a distribution box). So whatever comes out of the matrix switch on the other end (or multiple ends) is unencrypted. So "bad guys" can connect their stream grabbing devices there and still dump the content.

And this problem is - I think - unsolvable. It is like the analog copy - at some point the video stream must be decrypted for your eyes to see it and your brain to understand it. Actually the subscriber's brain would be the ultimate end, such that it would be decrypting the authorized content, but we are not there yet. Anything else (as far as the secured distribution of protected content is considered) does not make much sense.

A similar problem is when the "end" is a personal computer. An application (like a web browser) may be considered the trusted end, but even then it "talks" to a display device over a subsystem of graphic drivers, video chips, video signal cables end so on. At any of these points a malicious code or a device may be intercepting the content. End-to-end makes sense for entirely trusted environments. Such as a laptop (with an integrated display) which runs only genuine operating system from a trusted vendor (Microsoft, Apple...). And only because the end-to-end trust is extended (implicitly) to the hardware / operating system vendor. Anytime a 3rd party piece of software is installed or an external 3rd party device is plugged in, this end-to-end trust is technically broken.