cas ppt

Conditional Access System: Basic Principles and Design

Concepts

Pramote Srisuksant, Rachaporn Kienprasit, Seksun Sartsatit, Jatuporn Chinrungrueng, Charuwalee Huadmai,

Witsarawat Chantaweesomboon and Saowaluck Kaewkamnerd

NECTEC-ACE 2009, 23 September 2009, 13.15 pm. Room: CC 306

Conditional Access System: Basic Principles and Design Concepts 2

Outline● Overview● Functional Model of CAS● Requirements for Design● Conclusion


Overview

Payments

TSMUX Scrambler MOD De-

MODDe-

scramblerTS De-MUX

Video Encoder

Audio Encoder

Data PES Packet

Video PES Packet

Audio PES Packet

Video Encoder

Audio Encoder

Data PES Packet

Video PES Packet

Audio PES Packet

Encrypter Encrypter

Subscriber Authorization System (SAS)

CWgenerator

Subscriber Management

System (SMS)

Subscriber

Decrypter Decrypter

Securityprocessor

(secret keys)

SMART cardsupplier

Tx Rx

Service Key

Bills

EMMs ECMs CWCW

EMMsECMs

Transport System

Conditional Access System


Overview● Transport system is operated by a network

operator while Conditional Access System (CAS) is developed by a CA vendor.

● Transport systems and CA systems can be shared by several content providers.

● Transport systems can be shared by several CA systems: Multicrypt and Simulcrypt.


Overviews● Transport System components

– MPEG2-encoder, decoder– multiplexer, demultiplexer– scrambler, decrambler– modulator, demodulator

● CA system components– encrypter, decrypter (e.g. smart card)– Subscriber Authorisation System (SAS)– Subscriber Management System (SMS)


Standards● ETSI TS 103 197, Digital Video Broadcasting (DVB); Head-end

implementation of DVB SimulCrypt.

● ETR 289, Digital Video Broadcasting (DVB); Support for use of scrambling and Conditional Access (CA) within digital broadcasting systems

● EN 50211, Common Interface Specification for Conditional Access and Other Digital Video Broadcasting Decoder Application

● ISO/IEC 13818-1, Information technology-Generic coding of moving pictures and associated audio information: Systems

● ETSI TR 101 211, Digital Video Broadcasting (DVB); Guidelines on implementation and usage of Service Information (SI).

● ETSI TS 101 154, Digital Video Broadcasting (DVB); Implementation guidelines for the use of Video and Audio Coding in Broadcasting Applications based on the MPEG-2 Transport Stream.

● ETSI EN 300 468, Digital Video Broadcasting (DVB); Specification for Service Information (SI) in DVB System.


Functional Model of CAS● Scrambling and Descrambling● Encryption and Decryption● Entitlement Control Message (ECM)● Entitlement Management Message (EMM)● Subscriber Authorization System (SAS)● Subscriber Management System (SMS)


Common Scrambling● CSA is used to scramble stream of contents in the

DVB system.● CSA was specified by European

Telecommunications Standards Institute (ETSI)● CSA operates on the payload of Transport Stream

or PES packets.● ETR 289 specifies the scrambling_control_field as 00 No scrambling of TS/PES packet payload

01 Reserved for future DVB use

10 TS/PES packet scrambles with Even Key

11 TS/PES packet scrambles with Odd Key


Encryption and Decryption

● Control words used for scrambling are encrypted and transmitted in ECMs.

● The decryption is performed on ECMs to obtain the CWs.

● The keys are transmitted to the receivers in EMM.

● There are two types of encryption algorithms: symmetric-key and asymmetric-key algorithms.


ECM and EMM● ETR 289 specified section of Conditional

Access information.● CA_message section() is a Private section

defined in MPEG-2.

table_id '0' reserved CA_sectionlength N CA_data_bytes

Table Id Description0x80 CA_message_section (ECM)0x81 CA_message_section (ECM)

0x82-0x8F CA_message_section (CA_system private EMM)


SAS and SMS● SAS is a system responsible for the generation,

encryption and transmission of necessary keys to authorized subscribers

● SMS is a system responsible fro the management of billing and collection of subscriber payments.

● SMS maintains the subscriber database and communicates with SAS to generate appropriate EMMs

● The implementations of the SAS and SMS are not standardized


Design: General Requirements● Subscriber Management● System Sharing● Security● Return Path


Subscriber Management

SMS should be able to provide these functionalities.

● Maintenance of databases at the head-end.● Transmission of positive and negative

entitlements.● Transmission of necessary keys for

decrypting control words and other necessary information.

● History of subscriber entitlement modification.


System Sharing

DVB Project envisions in a series of its standards that

● Multiple service providers should be able to share a transmission system and CA system.

● Transmission operators should have freedom to choose CA systems.

● Transmission operators should be able to deploy multiple CA systems.


SimulCrypt● SimulCrypt is defined in ETSI TS 103 197● CA systems share a common scrambler in

the head-end implementing the CSA.● Only the scrambling algorithm is shared

and the rest of the CA system remain proprietary.

● Only one scrambled stream is transmitted for each programme.


Multicrypt● Each CA system scramblers its

programmes and services separately and in parallel with other CA system residing in the same head-end.

● For the same programme contents, multiple scrambled streams are generated each of which is for a single CA system.

● The scrambling algorithms implemented by the CA systems need not be the same and often proprietary.


Security


Return Path

Why return path is useful:● Receiver device can transmit an

acknowledgment of the communication with the head-end.

● Minimize bandwidth of ECM and EMM.● It is possible to record viewing history of a

subscriber.


Design: Optional Requirements● Bandwidth● Address and Addressing mode● EMM Management● Receiver Equipment● Piracy attacks and security


Bandwidth● Without return path, broadcasters must

rebroadcast same messages several times.

● Message prioritizing is necessary to optimize the uses of bandwidth.


Address and Addressing Mode● Addressing makes an efficient uses of

bandwidth.● Four types of addressing mode can be

used.– Global Addressing– Group Addressing– Unique Addressing– Vector Addressing


EMM Management● Messages are managed properly based on

their priorities.● There is content update mechanisms.● Checking life cycle of messages.


Receiver Equipment● Integrated receiver/decoder (IRD) is used to collect a radio-frequency signal, extract the digital information transmitted in it and convert that information into video, audio, and/or data streams● Consumer IRDs are commonly known as set-top boxes.


Receiver Equipment● Part of the CAS residing with an end-user

is often called a conditional access subsystem (CASS).

● CASS is implemented in the receiver or in a separate device called a conditional access module (CAM) attached into an IRD or can be implemented partly in an IRD and another part in a smart card.

● Key components of receiver are the descrambler and the security processor.


Piracy Attacks and Security● Security of the encryption algorithm.● Security of the key distribution system.● Security of the key in receiver equipment.● Security of the key in the smart card.


Conclusion● All mentioned requirements are crucial for

CAS efficiency.● The most important one is security.● Secure key distribution helps limit the

scope of the key accesses by intruders.● Continuous Developing of encryption

algorithm is still required

cas ppt

Documents

dvb system

conditional access system

system responsible

conditional access ca

design concepts design

basic principles

overview transport system

system sharingdvb project