audio/video compression security alain bouffioux december, 20, 2006
TRANSCRIPT
Audio/Video compressionSecurity
Alain Bouffioux
December, 20, 2006
December, 20, 2006AV Compression / Alain Bouffioux
2
Agenda
What is cryptography
Symmetric & public-key cryptography
Why cryptography for DVB ?
Conditional access information in MPEG/DVB
Conditional access mechanism
Conditional access interfaces
December, 20, 2006AV Compression / Alain Bouffioux
3
Why cryptography ?
– CONFIDENTIALITY - The message is not listened– INTEGRITY - The message is not modified– AUTHENTICITY - The message has been sent by Alice– NON-REPUDIATION - Alice cannot falsely deny she has sent the
message
What is cryptography (1/2)
ALICE
MESSAGE
BOB
December, 20, 2006AV Compression / Alain Bouffioux
4
What is cryptography (2/2)
Basic terminology
cryptographic algorithm or cipher
CiphertextEncryption
Plaintextor cleartext
Key Key
DecryptionOriginalplaintext
December, 20, 2006AV Compression / Alain Bouffioux
5
Symmetric cryptography Public-key cryptography Key1 = Key2 Key 1 Key 2
Public-key cryptographyOne Public-key (known by everybody) : PKOne Private-key or Secret-key (kept secret) : SK
C = EKey1(M) M = DKey2(C) = DKey2(EKey1(M))
In public-key cryptography, key1 may be PK or SK and key2 is the other key.
Symmetric & public-key cryptography(1)
Key 1
EncryptionPlaintextor cleartext
Cyphertext
Key 2
DecryptionOriginalplaintext
December, 20, 2006AV Compression / Alain Bouffioux
6
Symmetric & public-key cryptography(2)
Example of symmetric cryptography
– Key stream as long as message– Key stream = pseudo-random sequence (easy to break)– Low security should be compensated by frequent change of keys
necessity of secure channel 2 channels : one for the message & one for the key
Pseudo-randomnumber generator Secure
channelKey
+Plaintext Ciphertext
Pseudo-randomnumber generator
Key
Original plaintext+
December, 20, 2006AV Compression / Alain Bouffioux
7
Symmetric & public-key cryptography(3)
Example of public-key cryptography
Alice encrypts messageusing Bob's public key
Public key of Bob
Encrypted message
Public Keys
Bob decrypts messageusing his secret key
December, 20, 2006AV Compression / Alain Bouffioux
8
Symmetric & public-key cryptography(4)
Symmetric cryptography example : DES
Public-key cryptography example : RSA (1977)
Symmetric versus public-key cryptography– Symmetric cryptography is faster (about 1000 times).– Low security of symmetric cryptography (due to the necessity of key transport) is
improved by a frequent change of the key.– In Public-key cryptography the secret-key may be kept secret. It is never
transported High security.– Different usage : In DVB, symmetric key algorithm for encrypting data, public-key
algorithm for key management (secure channel).
Hybrid cryptosystemExample : DES for message and RSA for key encryption
December, 20, 2006AV Compression / Alain Bouffioux
9
Cryptography and DVB (1/2)
Cryptography may prevent unauthorised receiver from decoding the program.
DVB compared with banking or military secret– high information rate– low information value– decryption must be cheap
Cost of cracking the system should be higher than the benefits gained from the cracking
Cryptography in DVB is a trade-off between cost/complexity versus piracy-proof.
CA (Conditional Access) = very sensitive subject. Some service providers want their own CA system.
December, 20, 2006AV Compression / Alain Bouffioux
10
Cryptography and DVB (2/2)
MPEG does not specify a conditional access (CA) system but defines a frame to support CA.
DVB characterises some aspect left undefined by MPEG,It defines a CA interface.
The broadcaster develops its CA system using a CA interface.
DVB is based on– symmetric cryptography for audio-visual transmission– frequent key change to increase security– Public-key cryptography for key-exchange
DVB relies on – stream of ECM’s (Entitlement Control Message)– stream of EMM’s (Entitlement Management Message)
December, 20, 2006AV Compression / Alain Bouffioux
11
CA information in MPEG TS (1/2)
Multiplexing
VideoEncoder
ECM'sPES
STC
EMM'sPES
SYSTEMLAYER
COMPRESSIONLAYER
Transport Sublayer
PES Sublayer
ComputePCR
VideoPES
Packetising
PTS
Sampling
Video elementarystream (E.S.)
Audio elementarystream (E.S.)
Program SpecificInformation (PSI,SI)
MPEG2 Transport Stream
Packetising
PTS
AudioPES
TRANSPORTSTREAM
PACKETISEDELEMENTARYSTREAM
ELEMENTARYSTREAM
AudioEncoder
Uncoded video
Sampling
Uncoded audio
December, 20, 2006AV Compression / Alain Bouffioux
12
CA information in MPEG TS (2/2)
Table
MPEG TSMultiplex
Program Association Table (PAT) (PID=0)
Program Map Table (PMT) (PID=x)
Conditional Access Table (CAT) (PID=1)
Some possible tables
Program Number 1 2 ......
Stream-type Audio Video PCR's ECM's
Stream-PID aa bb cc dd
EMM's mm
PMT-PID x y......
EMM's
PCR
ECM's
Payload184 bytes
Header4 bytes
PID
Video
Audio
December, 20, 2006AV Compression / Alain Bouffioux
13
The CA mechanism : illustration
DecryptionEncrypted AV data Clear AV Data
SMARTCARD
Decryption
Decryption
ECM’s
(Program related)
EMM’s
(CA system related)
IK
EntitlementSK
Access control parameters
SK
CW’s
PDK1 PDK2PDK
December, 20, 2006AV Compression / Alain Bouffioux
14
The CA mechanism (1/2)
AV streams are scrambled with Control Words (CW) using symmetric cryptography
CW are encrypted using Service Keys (SK), are placed in ECM’s and are securely transmitted to the receiver
ACP = Access ControlParameters.
EncryptionCW (Control Word)
SK (Service Key)
Base Key
MPEG TS(clear) Scrambler
ECM's
Encryption EMM's
AV streams
Decryption
Decryption
ECM'sMPEG TS
EMM's
IK (Issuer Key)
AV streams
ACP
PDK (Programmer Distribution Key)
SK
EntitlementPDK,SK
Entitlement,PDK, SK
Descrambler
MPEG TS(clear)
CW
December, 20, 2006AV Compression / Alain Bouffioux
15
The CA mechanism (2/2)
SK are encrypted using public-key cryptography -Keys are IK (unique key internal to the smartcard) or PDK (transmitted via EMM’s in order to define user’s group)
ECM’s carries (informations related to a single program PID of ECM’s in PMT)
– enciphered CW– access parameters
ECM’s are decoded to CW if the receiver contains the required entitlements
EMM’s carries (information related to a conditional access system PID of EMM’s in CAT)
– New entitlements, SK’s (Service Keys)– Programmer distribution key
December, 20, 2006AV Compression / Alain Bouffioux
16
About DVB scrambling
Encryption occurs after compression (at the location in the stream where the redundancy is at its lowest value) in order to have a robust encryption system.
Encryption may occur at PES level or at TS level.
DVB scrambling is transparent (a valid TS remains valid after scrambling) facilitates transport and manipulation.
Synchronisation based on PCR’s constant time required for scrambling/descrambling.
Security device should authenticate EMM’s origin.
CA is only one aspects of cryptography usage in DVB. An other may be copy protection by (watermarking) and authentication (by signature).
December, 20, 2006AV Compression / Alain Bouffioux
17