cas ppt
TRANSCRIPT
Conditional Access System: Basic Principles and Design
Concepts
Pramote Srisuksant, Rachaporn Kienprasit, Seksun Sartsatit, Jatuporn Chinrungrueng, Charuwalee Huadmai,
Witsarawat Chantaweesomboon and Saowaluck Kaewkamnerd
NECTEC-ACE 2009, 23 September 2009, 13.15 pm. Room: CC 306
Conditional Access System: Basic Principles and Design Concepts 2
Outline● Overview● Functional Model of CAS● Requirements for Design● Conclusion
Conditional Access System: Basic Principles and Design Concepts 3
Overview
Payments
TSMUX Scrambler MOD De-
MODDe-
scramblerTS De-MUX
Video Encoder
Audio Encoder
Data PES Packet
Video PES Packet
Audio PES Packet
Video Encoder
Audio Encoder
Data PES Packet
Video PES Packet
Audio PES Packet
Encrypter Encrypter
Subscriber Authorization System (SAS)
CWgenerator
Subscriber Management
System (SMS)
Subscriber
Decrypter Decrypter
Securityprocessor
(secret keys)
SMART cardsupplier
Tx Rx
Service Key
Bills
EMMs ECMs CWCW
EMMsECMs
Transport System
Conditional Access System
Conditional Access System: Basic Principles and Design Concepts 4
Overview● Transport system is operated by a network
operator while Conditional Access System (CAS) is developed by a CA vendor.
● Transport systems and CA systems can be shared by several content providers.
● Transport systems can be shared by several CA systems: Multicrypt and Simulcrypt.
Conditional Access System: Basic Principles and Design Concepts 5
Overviews● Transport System components
– MPEG2-encoder, decoder– multiplexer, demultiplexer– scrambler, decrambler– modulator, demodulator
● CA system components– encrypter, decrypter (e.g. smart card)– Subscriber Authorisation System (SAS)– Subscriber Management System (SMS)
Conditional Access System: Basic Principles and Design Concepts 6
Standards● ETSI TS 103 197, Digital Video Broadcasting (DVB); Head-end
implementation of DVB SimulCrypt.
● ETR 289, Digital Video Broadcasting (DVB); Support for use of scrambling and Conditional Access (CA) within digital broadcasting systems
● EN 50211, Common Interface Specification for Conditional Access and Other Digital Video Broadcasting Decoder Application
● ISO/IEC 13818-1, Information technology-Generic coding of moving pictures and associated audio information: Systems
● ETSI TR 101 211, Digital Video Broadcasting (DVB); Guidelines on implementation and usage of Service Information (SI).
● ETSI TS 101 154, Digital Video Broadcasting (DVB); Implementation guidelines for the use of Video and Audio Coding in Broadcasting Applications based on the MPEG-2 Transport Stream.
● ETSI EN 300 468, Digital Video Broadcasting (DVB); Specification for Service Information (SI) in DVB System.
Conditional Access System: Basic Principles and Design Concepts 7
Functional Model of CAS● Scrambling and Descrambling● Encryption and Decryption● Entitlement Control Message (ECM)● Entitlement Management Message (EMM)● Subscriber Authorization System (SAS)● Subscriber Management System (SMS)
Conditional Access System: Basic Principles and Design Concepts 8
Common Scrambling● CSA is used to scramble stream of contents in the
DVB system.● CSA was specified by European
Telecommunications Standards Institute (ETSI)● CSA operates on the payload of Transport Stream
or PES packets.● ETR 289 specifies the scrambling_control_field as 00 No scrambling of TS/PES packet payload
01 Reserved for future DVB use
10 TS/PES packet scrambles with Even Key
11 TS/PES packet scrambles with Odd Key
Conditional Access System: Basic Principles and Design Concepts 9
Encryption and Decryption
● Control words used for scrambling are encrypted and transmitted in ECMs.
● The decryption is performed on ECMs to obtain the CWs.
● The keys are transmitted to the receivers in EMM.
● There are two types of encryption algorithms: symmetric-key and asymmetric-key algorithms.
Conditional Access System: Basic Principles and Design Concepts 10
ECM and EMM● ETR 289 specified section of Conditional
Access information.● CA_message section() is a Private section
defined in MPEG-2.
table_id '0' reserved CA_sectionlength N CA_data_bytes
Table Id Description0x80 CA_message_section (ECM)0x81 CA_message_section (ECM)
0x82-0x8F CA_message_section (CA_system private EMM)
Conditional Access System: Basic Principles and Design Concepts 11
SAS and SMS● SAS is a system responsible for the generation,
encryption and transmission of necessary keys to authorized subscribers
● SMS is a system responsible fro the management of billing and collection of subscriber payments.
● SMS maintains the subscriber database and communicates with SAS to generate appropriate EMMs
● The implementations of the SAS and SMS are not standardized
Conditional Access System: Basic Principles and Design Concepts 12
Design: General Requirements● Subscriber Management● System Sharing● Security● Return Path
Conditional Access System: Basic Principles and Design Concepts 13
Subscriber Management
SMS should be able to provide these functionalities.
● Maintenance of databases at the head-end.● Transmission of positive and negative
entitlements.● Transmission of necessary keys for
decrypting control words and other necessary information.
● History of subscriber entitlement modification.
Conditional Access System: Basic Principles and Design Concepts 14
System Sharing
DVB Project envisions in a series of its standards that
● Multiple service providers should be able to share a transmission system and CA system.
● Transmission operators should have freedom to choose CA systems.
● Transmission operators should be able to deploy multiple CA systems.
Conditional Access System: Basic Principles and Design Concepts 15
SimulCrypt● SimulCrypt is defined in ETSI TS 103 197● CA systems share a common scrambler in
the head-end implementing the CSA.● Only the scrambling algorithm is shared
and the rest of the CA system remain proprietary.
● Only one scrambled stream is transmitted for each programme.
Conditional Access System: Basic Principles and Design Concepts 16
Multicrypt● Each CA system scramblers its
programmes and services separately and in parallel with other CA system residing in the same head-end.
● For the same programme contents, multiple scrambled streams are generated each of which is for a single CA system.
● The scrambling algorithms implemented by the CA systems need not be the same and often proprietary.
Conditional Access System: Basic Principles and Design Concepts 17
Security
Conditional Access System: Basic Principles and Design Concepts 18
Return Path
Why return path is useful:● Receiver device can transmit an
acknowledgment of the communication with the head-end.
● Minimize bandwidth of ECM and EMM.● It is possible to record viewing history of a
subscriber.
Conditional Access System: Basic Principles and Design Concepts 19
Design: Optional Requirements● Bandwidth● Address and Addressing mode● EMM Management● Receiver Equipment● Piracy attacks and security
Conditional Access System: Basic Principles and Design Concepts 20
Bandwidth● Without return path, broadcasters must
rebroadcast same messages several times.
● Message prioritizing is necessary to optimize the uses of bandwidth.
Conditional Access System: Basic Principles and Design Concepts 21
Address and Addressing Mode● Addressing makes an efficient uses of
bandwidth.● Four types of addressing mode can be
used.– Global Addressing– Group Addressing– Unique Addressing– Vector Addressing
Conditional Access System: Basic Principles and Design Concepts 22
EMM Management● Messages are managed properly based on
their priorities.● There is content update mechanisms.● Checking life cycle of messages.
Conditional Access System: Basic Principles and Design Concepts 23
Receiver Equipment● Integrated receiver/decoder (IRD) is used to collect a radio-frequency signal, extract the digital information transmitted in it and convert that information into video, audio, and/or data streams● Consumer IRDs are commonly known as set-top boxes.
Conditional Access System: Basic Principles and Design Concepts 24
Receiver Equipment● Part of the CAS residing with an end-user
is often called a conditional access subsystem (CASS).
● CASS is implemented in the receiver or in a separate device called a conditional access module (CAM) attached into an IRD or can be implemented partly in an IRD and another part in a smart card.
● Key components of receiver are the descrambler and the security processor.
Conditional Access System: Basic Principles and Design Concepts 25
Piracy Attacks and Security● Security of the encryption algorithm.● Security of the key distribution system.● Security of the key in receiver equipment.● Security of the key in the smart card.
Conditional Access System: Basic Principles and Design Concepts 26
Conclusion● All mentioned requirements are crucial for
CAS efficiency.● The most important one is security.● Secure key distribution helps limit the
scope of the key accesses by intruders.● Continuous Developing of encryption
algorithm is still required