Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security of Broadcast Networks 1. Overview r Broadcast networks are used mostly for TV r Historical development r Commercial models r One-way or Two-way.

Published byCarol Poole Modified over 7 years ago

Similar presentations

Presentation on theme: "Security of Broadcast Networks 1. Overview r Broadcast networks are used mostly for TV r Historical development r Commercial models r One-way or Two-way."— Presentation transcript:

1 Security of Broadcast Networks 1

2 Overview r Broadcast networks are used mostly for TV r Historical development r Commercial models r One-way or Two-way networks r Threats and security goals  Content  Prevent unauthorized access to content  Identify pirates 2

3 Initial Attempts r Attempt 1  Unique key for every user r Attempt 2  Single broadcasting key r Attempt 3  Multiple keys, broadcast directly over keys 3

4 DVB Architecture r Variants: satellite, cable, terrestrial r Broadcaster r Set-Top Box r PID r Sets of PIDs for viewing – e.g. video, audio, subtitles r Encapsulated MPEG-2, MPEG-4 etc. r DVR 4

5 DVB Security Architecture r Content encrypted by Control Word  CW per PID or per set of PIDs r Single source end to end architecture  Conditional Access provider r Various encryption algorithms – e.g. CSA2 r Access rights  Entitlement Management Message (EMM) r Encrypted Control Word  Entitlement Control Message (ECM) r Set-Top Box and Smart Card  Decryption of Control Word 5

6 DVB key management r EMM sent to each user encrypting key k with user’s key r Broadcast cycle of EMMs r General ECMs encrypting CW with k r Key derivation – one secret key and multiple public values provide multiple secret keys r Key ladder r Control Word rollover  Even / odd keys 6

7 Additional issues r STB-SC pairing  Defines whether SC can be used with multiple STB r Securing PVR content r DRM 7

8 Problems r Keys  Card sharing  Control Word sharing r Content  Digital hole HDMI problems  Analog hole  Content on the Internet  More difficult for HD, 3-D 8

9 Mitigations r High physical security  Smart cards  Advanced chips  Cloning is difficult  Hardware eavesdropping, MITM, side-cannel, fault attacks are all difficult r Content sharing is expensive r Legal action 9

10 Different Model r Client hardware is not trusted  Low physical security  Device security driven by device vendor, not broadcaster r Remote revocation r Traitor tracing r Watermarking 10

11 Remote Revocation r Assumption: one-way channel r Stateless vs. stateful r Encryption of content key, not content r Parameters:  Number of users – n  Number of revoked users – r r Measure: message length, receiver storage, receiver processing r Example: basic broadcast encryption system  Message length – O(n-r), storage O(1), processing O(1) 11

12 Complete sub-tree r Subset cover:  Collection of subsets of all users (U)  Each subset is assigned key. User has keys of all subsets in which it is a member  Revocation of R – cover U\R exactly with subsets. Encrypt message with all keys from cover r Complete sub-tree  Users arranged in complete tree with n leaves  n-1 internal nodes r Key for root of each sub-tree r Cover of U\R – sub-trees hanging of paths to R r Message length – easy to see r(log n) keys 12

13 Complete sub-tree (cont.) r Message length – r (log n/r) r Storage – O(log n) keys r Processing –  Search is O(log n) in broadcast and O(log log n) if all keys are given  One decryption r Adding users is a problem – tree is static  Can keys and tree nodes be recycled?  Partial solution – large initial tree 13

14 Traitor Tracing r Goal: trace keys used for illegal decryption r Can be part of a trace-and-revoke mechanism r Assumption:  Broadcaster controls key management  DVD style assumption – tracer has pirate box (which can be reset)  Broadcasting assumption - tracer has agents that receive keys from pirate r Assumption: pirate can “sense” tracing and react r If pirate doesn’t produce CW then pirate loses r Black-box tracing – no access to pirate’s algorithm 14

15 Examples r Example: pirate has single decryption key  Send two PIDs – each revoking half the users, extract a single bit. Iterate for other bits r Example: adversary controls two keys with ID 1 and ID 2 such that ID 1  ID 2 =1…1  Adversary easily defeats binary search traitor tracing r In general – pirate has t keys 15

16 Subset tracing r Approach  Partition users to subsets U 1,…,U m  Encrypt different CW for every subset  Trace pirate’s CW to subset r Problem – pirate with multiple keys can switch between CWs r Algorithm  Initialize partition to U  Encrypt different CW to each set in partition  If pirate returns CW j assigned to U j partition U j into two subsets of similar size U j =U j1  U j2  Iterate until a subset includes only one user. Revoke user 16

17 Subset tracing (cont.) r Number of iterations / keys – t*log n/t r Base of log depends on ration of U j partition r Practical problem – head-end broadcast systems are often limited in number of different CWs per PID r In DVD style revocation, subset tracing can work with two keys or key and random string r Trace and revoke – complete sub-tree revocation method + subset traitor tracing 17

18 Watermarking r Idea r Uses r Visible vs. not visible r Historical analog methods r Method secrecy  Example – changing lower bits in picture pixels 18

Download ppt "Security of Broadcast Networks 1. Overview r Broadcast networks are used mostly for TV r Historical development r Commercial models r One-way or Two-way."

Similar presentations

IPTV Technology Kelum Vithana 25 May 2010.

IPTV Technology Kelum Vithana 25 May 2010.
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Steganography and Watermarks Trust and Reputation.

Steganography and Watermarks Trust and Reputation.
Broadcast Encryption – an overview Niv Gilboa – BGU 1.

Broadcast Encryption – an overview Niv Gilboa – BGU 1.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Audio/Video compression Security Alain Bouffioux December, 20, 2006.

Audio/Video compression Security Alain Bouffioux December, 20, 2006.
Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.

Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.
Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim.

Broadcast Encryption and Traitor Tracing Jin Kim.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.

Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Chapter 12 Communication Controls. IS Auditor Role Collect evidence to ascertain an entities ability to: –Safeguard assets –Provide data integrity –Efficiency.

Chapter 12 Communication Controls. IS Auditor Role Collect evidence to ascertain an entities ability to: –Safeguard assets –Provide data integrity –Efficiency.
C opyright Protection and Digital Rights Management 1.

C opyright Protection and Digital Rights Management 1.

Similar presentations

Ads by Google