Is it possible to derive AACS host certificates from the USB data stream?

maetel99 · 4th October 2018, 07:16

I was curious if anyone had considered using a USB packet sniffer (software or hardware) to try to obtain new valid host certificates and private keys. If you look at the AACS drive authentication procedure in section 4.3 of the AACS common spec, the host sends the host certificate in plain text to the drive. Later, the host sends a data block signed with its host private key comprising a session key point (not sent by USB) and the drive nonce (sent earlier over USB).

The question is whether it is possible to derive the corresponding host private key for the host certificate given these values pulled from the USB stream.

4th October 2018, 07:16	#1 \| Link
maetel99 Registered User Join Date: Apr 2018 Posts: 21	Is it possible to derive AACS host certificates from the USB data stream? I was curious if anyone had considered using a USB packet sniffer (software or hardware) to try to obtain new valid host certificates and private keys. If you look at the AACS drive authentication procedure in section 4.3 of the AACS common spec, the host sends the host certificate in plain text to the drive. Later, the host sends a data block signed with its host private key comprising a session key point (not sent by USB) and the drive nonce (sent earlier over USB). The question is whether it is possible to derive the corresponding host private key for the host certificate given these values pulled from the USB stream.