Professional Documents
Culture Documents
7 Conditional Access
and MHP
Cryptography DTV Conditional Access Multimedia Home Platform Future TV
Cryptography
Cryptography: The art and science of ensuring the secrecy and/or authenticity of messages Plaintext: Original message Ciphertext: Encrypted message Encryption (scrambler): Processes to hide the substance of a message. (Often, a key is involved)
Plaintext Scrambler Ciphertext Descrambler Plaintext
Key
hmhang/CommLab, EE, NCTU
Key
April 2002 2
Ciphertext (C)
Plaintext (P)
DES Algorithm
Data Encryption Standard (DES) adapted by US National Bureau of Standards in 1977. It was developed by IBM in 1971. Basic version: 64-bit plaintext and 56-bit keys N-DES: N encryption stages with N keys to increase its strength Triple DES is the scrambling algorithm of ATSC (Doc. A/70)
Key A
Plaintext
DES Ecrypt
Ciphertext
4
April 2002
April 2002
Plaintext (P)
RSA Algorithm
The concept of asymmetric-key (public-key) system Diffie and Hellman (1976) Problem: find a good trap-door one-way function First (published) public-key algorithm Rivest, Shamir, Adleman (RSA, 1978) Plaintext: M; Ciphertext: C; Public-key: {e,n}; Private-key: {d,n}; M < n Encryption: C = M e (mod n ) Decryption: M = C d (mod n )
hmhang/CommLab, EE, NCTU April 2002 8
RSA Example
Select two prime numbers p=7 and q=17 Calculate n = p q = 119 Calculate ( n ) = ( p 1) ( q 1) = 96 Select integer e=5 which is relative prime to (n ) = 96 Choose d=77: 5 77 = 385 = 4 96 + 1 Let message M=19, (Stallings, p. 175)
Conditional Access
Conditional Access (CA): System to control subscriber access to services, programs and events. (cf. Free Access) DTV CA system all use MPEG-2 System protocol Three Keys: -- Control_word: used for scrambling audio/video -- Service_key: used to scramble control_word for a group of users -- User_key: used to scramble service_key EMM: Entitlement management message, function of control_key and service_key ECM: Entitlement control message, function of user_key and service_key
hmhang/CommLab, EE, NCTU April 2002 11
Some Terminology
Authentification: Process used to verify the integrity of transmitted data (e.g., prove it is the original copy) Entitlement: Permit and capability to access data Scrambling: (EBU definition) A method of continuously changing the form of a data signal so that, without suitable access right and electronic descrambling key, the signal is unintelligible. Encryption: (EBU definition) Method of processing keys for descrambling, so that they can be conveyed to authorized users.
hmhang/CommLab, EE, NCTU April 2002 12
ECM
EMM
April 2002
13
EMM
CA System Structure
Satellite Cable or Terrestrial
April 2002
15
CA System Components
SMS (Subscriber management system): Manages basic customer information, customer subscribe records, and customer subscribe and billing information SAS (Subscriber authorization system): Translate the requests from SMS into EMMs. It contains customer profiles, EPG, and smart card IDs, etc. EMS (Encryption management system): Generates subscribe control message ECM and EMM Data scrambler: Scramble the data according to the setting of encryption management system
hmhang/CommLab, EE, NCTU April 2002 16
CA System Operation
Head End The SAS authorizes STB for subscribed services The data scrambler encrypts the video/audio/ data signals Encryption management system generates subscriber control message (EMM and ECM) and broadcast the message to the users User end The STB receives the scrambled signal and subscriber control messages. According to the subscriber control information message, STB decodes the scrambled signal
hmhang/CommLab, EE, NCTU April 2002 17
April 2002
18
CA Standard Issues
Simulcrypt: A technique allows access to a service (program) by multiple CA systems at transmitter. This typically requires a common scrambling algorithm. (DVB: TS 101 197-1, Technical
specification of SimulCrypt in DVB systems; ETR289, Scrambler; TS 103 197, Head-end Implementation.)
Multicrypt: Receiver can equip multiple CA systems. This typically requires that all CA functions (including descrambling) are contained in a detachable module. This is done by means of a standardized interface such as Common Interface in DVB. (DVB-CI, EN50221; Extension,TS 101
699; Guide, R 206 001)
hmhang/CommLab, EE, NCTU April 2002 19
Simulcrypt Architecture
Video/Audio/Data CW Generator Scrambler CW Scrambled bitstream
ECM 2/EMM 2
20
Common Interface
Common Interface is a standardized interface between a detachable CA module and the STB.
April 2002
21
CA Standards
DVB
DVB-CSA (Common Scrambling Algorithm) DVB-SIM (SimulCrypt) DVB-CI (Common Interface)
ATSC
Triple DES NRSS-A, NRSS-B (~DVB-CI)
OpenCable
POD (Point of Deployment)
hmhang/CommLab, EE, NCTU April 2002 22
Future TV -- Interactive TV
Better TV
User controlled content firm selection, trick play/pause, viewing angle, Program information EPG, background,
E-commerce
Home shopping, home banking,
Communications
Email, web, data service,
hmhang/CommLab, EE, NCTU April 2002 26
More Channel Choice HDTV Quality audio EPG for navigation Local Contents Weather Sports Traffic info. Entertainment guides
hmhang/CommLab, EE, NCTU
April 2002
27
Scope of MHP
Independent developers Different service providers
Applications
MHP Terminals
Independent implementations Different hardware Different software All kind of terminals (low-end STB / high-end PC) PC
April 2002 29
MHP Elements
In addition to APIs
Security operation content, user data, transactions etc. Local Cluster Copy Management & Protection levels, signalling operational model Conformance & Interoperability Testing Migration
hmhang/CommLab, EE, NCTU April 2002 31
Windows CE
Convergence
JavaTV
Start Line
1999
2000
April 2002 32
ZDF.vision EPG
April 2002
34
MHP Architecture
Appl. 1 e.g. EPG Appl. 2 e.g. Game Appl. 3 e.g. Homeshopping Appl. n
Applications
API Middleware L O A D E R
CA
Operating System Drivers
Hardware
hmhang/CommLab, EE, NCTU April 2002 36
38
Security Framework
Broadcast
Certification Authority
Interactive
Certificates
Server
? !
Encrypted Communication
Manufacturer
MHP
April 2002
40
TV Anytime elements Further steps in bridging broadcasting and Internet Implementation of licensing and testing schemes / mechanisms
hmhang/CommLab, EE, NCTU April 2002 41
References
S. Singh, The Codebook, 1999 (,,) W. Stallings, Cryptography and Network Security, 2nd ed., Prentice Hall, 1999. B. Schneier, Applied Cryptography, John Wiley & Sons, 1996 EN 50221, Common Interface Specification for Conditional Access and other Digital Video Broadcasting Decoder Applications,1997 ETR 289, The Common Scrambling System Description, 1997 G. ODriscoll, The Essential Guide to Digital Set-top Boxes and Interactive TV, Prentice Hall, 2000. TS 101 197.1, Technical Specification of SimulCrypt in DVB Systems, 1997. TS 103 197, Head-End Implementation of DVB SimulCrypt, 1998. G. Luetteke, Multimedia Home Platform, DVB Seminar, Taipei, Feb. 2001. (http://www.mhp.org)
hmhang/CommLab, EE, NCTU April 2002 44