Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

NXP PowerPoint template Guidelines for presentations

advertisement 
Audio/Video compression
Security
Alain Bouffioux
December, 20, 2006
Agenda
What is cryptography
Symmetric & public-key cryptography
Why cryptography for DVB ?
Conditional access information in MPEG/DVB
Conditional access mechanism
Conditional access interfaces
2
AV Compression / Alain Bouffioux
December, 20, 2006
What is cryptography (1/2)
Why cryptography ?
ALC
IE
BO B
M ESS AG E
–
–
–
–
CONFIDENTIALITY - The message is not listened
INTEGRITY - The message is not modified
AUTHENTICITY - The message has been sent by Alice
NON-REPUDIATION - Alice cannot falsely deny she has sent the
message
3
AV Compression / Alain Bouffioux
December, 20, 2006
What is cryptography (2/2)
Basic terminology
E n c ry p toi n
P al ni te x t
or
c el a r te x t
D e c ryp toi n
C pi h e r te x t
K ey
O r gi ni a l
p al ni te x t
c ry p to g ra ph ci a gl o r ithm
o r c pi he r
K ey
4
AV Compression / Alain Bouffioux
December, 20, 2006
Symmetric & public-key cryptography(1)
E n c ryp toi n
P al ni te x t
or
c el a r te x t
D e c ryp toi n
C yp he r te x t
O r gi ni a l
p al ni te x t
K ey 1
Symmetric cryptography
Key1 = Key2
K ey 2
Public-key cryptography
Key 1  Key 2
Public-key cryptography
One Public-key (known by everybody) : PK
One Private-key or Secret-key (kept secret) : SK
C = EKey1(M)
 M = DKey2(C) = DKey2(EKey1(M))
In public-key cryptography, key1 may be PK or SK and key2 is the other
key.
5
AV Compression / Alain Bouffioux
December, 20, 2006
Symmetric & public-key cryptography(2)
Example of symmetric cryptography
P al ni et x t
C pi he r et x t
O rgi ni a lp al ni te x t
+
+
P seudo -random
num be r gene ra ot r
K ey
S e cu re
channe l
P seudo -random
num be r gene ra ot r
K ey
– Key stream as long as message
– Key stream = pseudo-random sequence (easy to break)
– Low security should be compensated by frequent change of keys 
necessity of secure channel
 2 channels : one for the message & one for the key
6
AV Compression / Alain Bouffioux
December, 20, 2006
Symmetric & public-key cryptography(3)
Example of public-key cryptography
P ub lci K e ys
P ub lci ke y o fB ob
E n c ryp tedm e ssage
A lci e en c ryp tsm e ssage
u s ni g B ob s' pub lci ke y
B ob de c ryp tsm e ssage
u s ni g h si se c re t ke y
7
AV Compression / Alain Bouffioux
December, 20, 2006
Symmetric & public-key cryptography(4)
Symmetric cryptography example : DES
Public-key cryptography example : RSA (1977)
Symmetric versus public-key cryptography
– Symmetric cryptography is faster (about 1000 times).
– Low security of symmetric cryptography (due to the necessity of key transport) is
improved by a frequent change of the key.
– In Public-key cryptography the secret-key may be kept secret. It is never
transported  High security.
– Different usage : In DVB, symmetric key algorithm for encrypting data, public-key
algorithm for key management (secure channel).
Hybrid cryptosystem
Example : DES for message and RSA for key encryption
8
AV Compression / Alain Bouffioux
December, 20, 2006
Cryptography and DVB (1/2)
Cryptography may prevent unauthorised receiver from decoding the
program.
DVB compared with banking or military secret
– high information rate
– low information value
– decryption must be cheap
Cost of cracking the system should be higher than the benefits gained
from the cracking
Cryptography in DVB is a trade-off between cost/complexity versus
piracy-proof.
CA (Conditional Access) = very sensitive subject. Some service
providers want their own CA system.
9
AV Compression / Alain Bouffioux
December, 20, 2006
Cryptography and DVB (2/2)
MPEG does not specify a conditional access (CA) system but defines a frame
to support CA.
DVB characterises some aspect left undefined by MPEG,
It defines a CA interface.
The broadcaster develops its CA system using a CA interface.
DVB is based on
– symmetric cryptography for audio-visual transmission
– frequent key change to increase security
– Public-key cryptography for key-exchange
DVB relies on
– stream of ECM’s (Entitlement Control Message)
– stream of EMM’s (Entitlement Management Message)
10
AV Compression / Alain Bouffioux
December, 20, 2006
CA information in MPEG TS (1/2)
U n coded v di eo
S am p lni g
COM PR ESS O
IN
LAYER
V di eo
E n code r
S am p lni g
V di eo e elm en ta ry
s tream (E S
. .)
P TS
S TC
U n coded aud oi
P a cke t si ni g
P TS
A ud oi
E n code r
A ud oi e elm en ta ry
s tream (E S
. .)
E LEM EN TAR Y
S TR EAM
P a cke t si ni g
PES S ub al ye r
T ran spo rtS ub al ye r
EM M s'
PES
ECM s'
PES
C om pu te
PCR
V di eo
PES
P rog ram S pe c if ci
In fo m
r a toi n P
( S IS
, I)
A ud oi
PES
PAC KE T S
I ED
E LEM EN TAR Y
S TR EAM
M u ltpi el x ni g
SYS TEM
LAYER
TR AN SPO R T
S TR EAM
M PEG 2 T ran spo r tS tream
11
AV Compression / Alain Bouffioux
December, 20, 2006
CA information in MPEG TS (2/2)
P rog ram A sso c ai toi n T ab el (PA T ) (P D
I =0 )
P rog ram N um be r
1
2
......
PM T -P D
I
x
y
......
H eade r
4 b y te s
M PEG TS
M u ltpi el x
P a y ol ad
184 b y te s
A ud oi
PD
I
V di eo
P rog ram M ap T ab el (PM T ) (P D
I =x)
S tream - type
A ud oi
V di eo
PC R s'
ECM s'
S tream P
- D
I
aa
bb
cc
dd
PC R
ECM s'
C ond itoi na lA cce ss T ab el C
( A T ) (P D
I =1 )
EMM s'
EMM s'
mm
T ab el
S om e po ss bi el a
t b el s
12
AV Compression / Alain Bouffioux
December, 20, 2006
The CA mechanism : illustration
Encrypted AV data
Clear AV Data
Decryption
CW’s
SMARTCARD
Access control parameters
ECM’s
Decryption
(Program related)
SK
Entitlement
SK
EMM’s
Decryption
PDK
(CA system
related)
PDK1
PDK2
IK
13
AV Compression / Alain Bouffioux
December, 20, 2006
The CA mechanism (1/2)
MPEG TS
(cela r)
Sc arm bel r
CW C( on tor W
l o dr )
Enc ryp toin
AV s tream s
AV s tream s
ECM s'
ECM s'
MPEG TS
MPEG TS
Desc arm bel r (cela r)
CW
Dec ryp toin
ACP
SK
SK S( e rv cieKey )
BaseKey
Enc ryp toin
EMM s'
EMM s'
ACP =AccessCon tor l
Pa arm e et rs .
Dec ryp toin
KI (Issue rKey )
En titem
l en t,
P
D
K
,
SK
En titem
l en t
PDK S, K
PDK P( or g armm e r
D si trbiu toinKey )
AV streams are scrambled with Control Words (CW) using symmetric
cryptography
CW are encrypted using Service Keys (SK), are placed in ECM’s and
are securely transmitted to the receiver
14
AV Compression / Alain Bouffioux
December, 20, 2006
The CA mechanism (2/2)
SK are encrypted using public-key cryptography Keys are IK (unique key internal to the smartcard) or PDK (transmitted via
EMM’s in order to define user’s group)
ECM’s carries (informations related to a single program  PID of ECM’s in
PMT)
– enciphered CW
– access parameters
ECM’s are decoded to CW if the receiver contains the required entitlements
EMM’s carries (information related to a conditional access system  PID of
EMM’s in CAT)
– New entitlements, SK’s (Service Keys)
– Programmer distribution key
15
AV Compression / Alain Bouffioux
December, 20, 2006
About DVB scrambling
Encryption occurs after compression (at the location in the stream
where the redundancy is at its lowest value) in order to have a robust
encryption system.
Encryption may occur at PES level or at TS level.
DVB scrambling is transparent (a valid TS remains valid after
scrambling)  facilitates transport and manipulation.
Synchronisation based on PCR’s  constant time required for
scrambling/descrambling.
Security device should authenticate EMM’s origin.
CA is only one aspects of cryptography usage in DVB. An other may
be copy protection by (watermarking) and authentication (by
signature).
16
AV Compression / Alain Bouffioux
December, 20, 2006
17
AV Compression / Alain Bouffioux
December, 20, 2006
Related documents
plaintext version
plaintext version
Course outline Data security and Cryptography
Course outline Data security and Cryptography
Tutorial 3 - Prince Sultan University
Tutorial 3 - Prince Sultan University
- projectgenie
- projectgenie
Preface
Preface
Syllabus - החוג למדעי המחשב
Syllabus - החוג למדעי המחשב
Download
advertisement