Chap.

7 Conditional Access
and MHP
Cryptography DTV Conditional Access Multimedia Home Platform Future TV

Cryptography
Cryptography: The art and science of ensuring the secrecy and/or authenticity of messages Plaintext: Original message Ciphertext: Encrypted message Encryption (scrambler): Processes to hide the substance of a message. (Often, a key is involved)
Plaintext Scrambler Ciphertext Descrambler Plaintext

Key
hmhang/CommLab, EE, NCTU

Key
April 2002 2

Secrete Key System

A conventional encryption requires the same secrete key for encryption and decryption. The encryption process can be public. Encryption: C=E(P;K); Decryption: P=D(C;K) Example: Substitution, DES
Plaintext Scrambler (P) (E) Key (K) Same Key
hmhang/CommLab, EE, NCTU April 2002 3

Ciphertext (C)

Descrambler (D) Key (K)

Plaintext (P)

DES Algorithm
Data Encryption Standard (DES) adapted by US National Bureau of Standards in 1977. It was developed by IBM in 1971. Basic version: 64-bit plaintext and 56-bit keys N-DES: N encryption stages with N keys to increase its strength Triple DES is the scrambling algorithm of ATSC (Doc. A/70)
Key A
Plaintext

Key B DES Ecrypt

Key C DES Ecrypt

April 2002

DES Ecrypt

Ciphertext
4

hmhang/CommLab, EE, NCTU

One DES Unit

Basic operations: shifts, permutation, and substitution The 56-bit key produces subkeys used in round.
(Stallings, p.67)

hmhang/CommLab, EE, NCTU

April 2002

One DES Round

S-box performs substitution (table look up): 6-bit in and 4-bit out.
(Stallings, p.69)

hmhang/CommLab, EE, NCTU

April 2002

Public Key System

A pair of keys are used: one for encryption and the other for decryption. To be useful, it is difficult to guess the other key from the given key (and the ciphertext and scrambler). Encryption: C=E(P;K1); Decryption: P=D(C;K2) Example: RSA
Plaintext Scrambler (P) (E) 1st Key (K1) Ciphertext (C) Descrambler (D) 2nd Key (K2) Different Keys, one thus can be public
hmhang/CommLab, EE, NCTU April 2002 7

Plaintext (P)

RSA Algorithm
The concept of asymmetric-key (public-key) system Diffie and Hellman (1976) Problem: find a good trap-door one-way function First (published) public-key algorithm Rivest, Shamir, Adleman (RSA, 1978) Plaintext: M; Ciphertext: C; Public-key: {e,n}; Private-key: {d,n}; M < n Encryption: C = M e (mod n ) Decryption: M = C d (mod n )
hmhang/CommLab, EE, NCTU April 2002 8

RSA Key Generation

Select two prime numbers p and q Calculate n = p q Calculate ( n ) = ( p 1) ( q 1) Select integer e such that e is relative prime to ( n ) (e < (n ) ) Determine d such that 1 = e d mod ( n ) In this case, ed = k ( n ) + 1, k = some integer
(Stallings, p. 174)
hmhang/CommLab, EE, NCTU April 2002 9

M ed = M k ( n ) +1 = M mod n ( Euler' s Theorem)

RSA Example
Select two prime numbers p=7 and q=17 Calculate n = p q = 119 Calculate ( n ) = ( p 1) ( q 1) = 96 Select integer e=5 which is relative prime to (n ) = 96 Choose d=77: 5 77 = 385 = 4 96 + 1 Let message M=19, (Stallings, p. 175)

C = 195 = 2476099 2476099 mod 119 = 66 6677 mod 119 = 19

hmhang/CommLab, EE, NCTU April 2002 10

Conditional Access
Conditional Access (CA): System to control subscriber access to services, programs and events. (cf. Free Access) DTV CA system all use MPEG-2 System protocol Three Keys: -- Control_word: used for scrambling audio/video -- Service_key: used to scramble control_word for a group of users -- User_key: used to scramble service_key EMM: Entitlement management message, function of control_key and service_key ECM: Entitlement control message, function of user_key and service_key
hmhang/CommLab, EE, NCTU April 2002 11

Some Terminology
Authentification: Process used to verify the integrity of transmitted data (e.g., prove it is the original copy) Entitlement: Permit and capability to access data Scrambling: (EBU definition) A method of continuously changing the form of a data signal so that, without suitable access right and electronic descrambling key, the signal is unintelligible. Encryption: (EBU definition) Method of processing keys for descrambling, so that they can be conveyed to authorized users.
hmhang/CommLab, EE, NCTU April 2002 12

MPEG-2 Encryption Principles

Video/Audio/Data CW Generator Scrambler Control Word (CW) ECM Generator (ECMG) Encipherment of CW Service Key (SK) Scrambled bitstream

ECM

EMM Generator (EMMG) Encipherment of SK Users Key (UK)

EMM

hmhang/CommLab, EE, NCTU

April 2002

13

MPEG-2 Decryption Principles

Scrambled bitstream Descrambler Control Word (CW) ECM Video/Audio/ Data

Decipherment of CW Service Key (SK)

EMM

Decipherment of SK Users Key (UK)

hmhang/CommLab, EE, NCTU April 2002 14

CA System Structure
Satellite Cable or Terrestrial

Subscriber Subscriber Management Management System (SMS) System (SMS)

Subscriber Subscriber Authorization Authorization System (SAS) System (SAS)

Encryption Encryption Management Management System (EMS) System (EMS)

Data Data Scrambler Scrambler

Set Top Box Set Top Box (STB) (STB)

hmhang/CommLab, EE, NCTU

April 2002

15

CA System Components
SMS (Subscriber management system): Manages basic customer information, customer subscribe records, and customer subscribe and billing information SAS (Subscriber authorization system): Translate the requests from SMS into EMMs. It contains customer profiles, EPG, and smart card IDs, etc. EMS (Encryption management system): Generates subscribe control message ECM and EMM Data scrambler: Scramble the data according to the setting of encryption management system
hmhang/CommLab, EE, NCTU April 2002 16

CA System Operation
Head End The SAS authorizes STB for subscribed services The data scrambler encrypts the video/audio/ data signals Encryption management system generates subscriber control message (EMM and ECM) and broadcast the message to the users User end The STB receives the scrambled signal and subscriber control messages. According to the subscriber control information message, STB decodes the scrambled signal
hmhang/CommLab, EE, NCTU April 2002 17

CA User Terminal Example

DVB CI (EN50221 Fig.1)

hmhang/CommLab, EE, NCTU

April 2002

18

CA Standard Issues
Simulcrypt: A technique allows access to a service (program) by multiple CA systems at transmitter. This typically requires a common scrambling algorithm. (DVB: TS 101 197-1, Technical
specification of SimulCrypt in DVB systems; ETR289, Scrambler; TS 103 197, Head-end Implementation.)

Multicrypt: Receiver can equip multiple CA systems. This typically requires that all CA functions (including descrambling) are contained in a detachable module. This is done by means of a standardized interface such as Common Interface in DVB. (DVB-CI, EN50221; Extension,TS 101
699; Guide, R 206 001)
hmhang/CommLab, EE, NCTU April 2002 19

Simulcrypt Architecture
Video/Audio/Data CW Generator Scrambler CW Scrambled bitstream

Simulcrypt Synchronizer (SCS) CA1 ECM 1/EMM 1 CA2

hmhang/CommLab, EE, NCTU April 2002

ECM 2/EMM 2
20

Common Interface
Common Interface is a standardized interface between a detachable CA module and the STB.

hmhang/CommLab, EE, NCTU

April 2002

21

CA Standards
DVB
DVB-CSA (Common Scrambling Algorithm) DVB-SIM (SimulCrypt) DVB-CI (Common Interface)

ATSC
Triple DES NRSS-A, NRSS-B (~DVB-CI)

OpenCable
POD (Point of Deployment)
hmhang/CommLab, EE, NCTU April 2002 22

Future TV -- Interactive TV
Better TV
User controlled content firm selection, trick play/pause, viewing angle, Program information EPG, background,

E-commerce
Home shopping, home banking,

Communications
Email, web, data service,
hmhang/CommLab, EE, NCTU April 2002 26

What Customers Want?

(Survey by Gallup Org, 1999)

More Channel Choice HDTV Quality audio EPG for navigation Local Contents Weather Sports Traffic info. Entertainment guides
hmhang/CommLab, EE, NCTU

Incremental Services Internet browsing Email E-commerce Games

April 2002

27

DVB: Multimedia Home Platform

MHP is designed to provide a write once run anywhere environment for content developer It enables manufacturers to avoid developing expensive individual software stacks for each customer Service providers have a wider source of content better suited to interactive multimedia services
Remark: The MHP portion viewgraphs are mostly based on G. Luetteke, Multimedia Home Platform, DVB Seminar, Taipei, Feb. 2001. (http://www.mhp.org)
hmhang/CommLab, EE, NCTU April 2002 28

Scope of MHP
Independent developers Different service providers
Applications

Various application areas

Generic SW Interface (API)

MHP Terminals

Independent implementations Different hardware Different software All kind of terminals (low-end STB / high-end PC) PC
April 2002 29

hmhang/CommLab, EE, NCTU

MHP System Definition

Equipment (hardware, software) home terminal / receiver set top box, integrated TV set, multimedia PC local cluster peripherals, in-home digital network Services / applications (content) enhanced broadcasting with local interactivity interactive services using a return channel internet access
hmhang/CommLab, EE, NCTU April 2002 30

MHP Elements
In addition to APIs
Security operation content, user data, transactions etc. Local Cluster Copy Management & Protection levels, signalling operational model Conformance & Interoperability Testing Migration
hmhang/CommLab, EE, NCTU April 2002 31

Rationale behind MHP

Windows CE MHEG HAVi

Windows CE

Convergence

DVB DVB MHP MHP

The DVB Multimedia Home Platform

JavaTV

Over 250 companies supporting MHP

Start Line

1999

2000
April 2002 32

hmhang/CommLab, EE, NCTU

Typical MHP Applications

Electronic program guides Super Teletext Applications synchronised to TV content Games E- commerce Interactive advertising Internet access
hmhang/CommLab, EE, NCTU April 2002 33

ZDF.vision EPG

hmhang/CommLab, EE, NCTU

April 2002

34

MHP Architecture
Appl. 1 e.g. EPG Appl. 2 e.g. Game Appl. 3 e.g. Homeshopping Appl. n

Applications

Cond. Access separated rom API

API Middleware L O A D E R

CA
Operating System Drivers

Hardware
hmhang/CommLab, EE, NCTU April 2002 36

Specification Elements (1)

MHP architecture Detailed profile definition enhanced and interactive broadcasting Content formats including PNG, JPEG, MPEG-2 Video/Audio, subtitles and resident and downloadable fonts Mandatory transport protocols including DSM-CC object carousel (broadcast) and IP (return channel),
hmhang/CommLab, EE, NCTU April 2002 37

Specification Elements (2)

Application model and signalling Hooks for HTML content formats DVB-J platform DVB defined APIs and selected parts from existing Java APIs, JavaTV, HAVi and DAVIC Security framework broadcast application or data authentication return channel encryption (TLS) Graphics reference model Annexes DSM-CC OC profile, text presentation, minimum platform capabilities, various APIs
April 2002

hmhang/CommLab, EE, NCTU

38

Security Framework
Broadcast
Certification Authority

Interactive

Certificates

Server

Publish Root Certificate

Broadcaster Authenticated Applications Store Root Certificate MHP

? !
Encrypted Communication

Manufacturer

MHP

hmhang/CommLab, EE, NCTU

April 2002

40

MHP Next Steps

Development of common downloading mechanism Copyright protection
Requirements done Technical work started

TV Anytime elements Further steps in bridging broadcasting and Internet Implementation of licensing and testing schemes / mechanisms
hmhang/CommLab, EE, NCTU April 2002 41

References
S. Singh, The Codebook, 1999 (,,) W. Stallings, Cryptography and Network Security, 2nd ed., Prentice Hall, 1999. B. Schneier, Applied Cryptography, John Wiley & Sons, 1996 EN 50221, Common Interface Specification for Conditional Access and other Digital Video Broadcasting Decoder Applications,1997 ETR 289, The Common Scrambling System Description, 1997 G. ODriscoll, The Essential Guide to Digital Set-top Boxes and Interactive TV, Prentice Hall, 2000. TS 101 197.1, Technical Specification of SimulCrypt in DVB Systems, 1997. TS 103 197, Head-End Implementation of DVB SimulCrypt, 1998. G. Luetteke, Multimedia Home Platform, DVB Seminar, Taipei, Feb. 2001. (http://www.mhp.org)
hmhang/CommLab, EE, NCTU April 2002 44