Security of Broadcast Networks 1. Overview r Broadcast networks are used mostly for TV r Historical development r Commercial models r One-way or Two-way.

Slides:



Advertisements
Similar presentations
IPTV Technology Kelum Vithana 25 May 2010.
Advertisements

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Steganography and Watermarks Trust and Reputation.
Broadcast Encryption – an overview Niv Gilboa – BGU 1.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Audio/Video compression Security Alain Bouffioux December, 20, 2006.
Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.
Broadcast Encryption and Traitor Tracing Jin Kim.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Chapter 12 Communication Controls. IS Auditor Role Collect evidence to ascertain an entities ability to: –Safeguard assets –Provide data integrity –Efficiency.
C opyright Protection and Digital Rights Management 1.
IPTV Internet Protocol Television Chris Hall. Two Major Providers Of IPTV.
Lecture 9 Modems and Access Devices. Overview Computers are connected to telephone lines through the use of modems –modems: are connecting devices between.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Dr. Nikos Desypris Feb Postgraduate course University of Athens.
"Managing and Protecting Digital Broadcast Audio, Video and Data on Personal Computers” Dewey Weaver President January 15, 2002.
ENHANCED CONTENT PROTECTION OVERVIEW. Security Solution Characteristics Comprehensive security ecosystem All devices meet the same standard – No assumption.
Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups David Insel John Stephens Shawn Smith Shaun Jamieson.
Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk.
Technical Implication and Aspects of DAS Regulatory Framework and Dispute Resolution in Telecom, Broadcasting and Cable Services Sector” in Nainital, Uttrakhand.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Dong Hoon Lee CIST Korea University Efficient Communication-Storage Tradeoffs for Broadcast Encryption Schemes ( will be published.
Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for Scalable Broadcast Encryption Schemes.
Network Security David Lazăr.
Yu-Li Lin and Chien-Lung Hsu Department of Information Management, Chang-Gung University Information Science(SCI) Reporter: Tzer-Long Chen.
1 Network Administration Module 3 ARP/RARP. 2 Address Resolution The problem Physical networks use physical addresses, not IP addresses Need the physical.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
Chapter 7 – Confidentiality Using Symmetric Encryption.
Multicast Security: A Taxonomy and Some Efficient Constructions By Cannetti et al, appeared in INFOCOMM 99. Presenter: Ankur Gupta.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.
Self-Healing Group-Wise Key Distribution Schemes with Time-Limited Node Revocation for Wireless Sensor Networks Minghui Shi, Xuemin Shen, Yixin Jiang,
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class.
Weichao Wang, Bharat Bhargava Youngjoo, Shin
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Chair for Network- and Data-Security
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Digital Rights Management Zach Milko. Overview Definition Why it exists DRM Today  Fairplay Opponents of DRM  DefectiveByDesign.org Future Conclusion.
UNAISE E.K ROLL NO:56.  Introduction  IPTV Services  IPTV Requirements  Network Architecture  IPTV Components  IPTV Security  Advantages  Limitation.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Key management issues in PGP
chownIoT Secure Handling of Smart Home IoT Devices Ownership Change
Power Point presentation on DTH
Assignment #5 – Solutions
Content protection for 4k
4K Content protection overview
The Medium Access Control Sublayer
4K Content protection overview
Efficient State Update for Key Management
4K Content protection overview
International Data Encryption Algorithm
Combinatorial Optimization of Multicast Key Management
Presentation transcript:

Security of Broadcast Networks 1

Overview r Broadcast networks are used mostly for TV r Historical development r Commercial models r One-way or Two-way networks r Threats and security goals  Content  Prevent unauthorized access to content  Identify pirates 2

Initial Attempts r Attempt 1  Unique key for every user r Attempt 2  Single broadcasting key r Attempt 3  Multiple keys, broadcast directly over keys 3

DVB Architecture r Variants: satellite, cable, terrestrial r Broadcaster r Set-Top Box r PID r Sets of PIDs for viewing – e.g. video, audio, subtitles r Encapsulated MPEG-2, MPEG-4 etc. r DVR 4

DVB Security Architecture r Content encrypted by Control Word  CW per PID or per set of PIDs r Single source end to end architecture  Conditional Access provider r Various encryption algorithms – e.g. CSA2 r Access rights  Entitlement Management Message (EMM) r Encrypted Control Word  Entitlement Control Message (ECM) r Set-Top Box and Smart Card  Decryption of Control Word 5

DVB key management r EMM sent to each user encrypting key k with user’s key r Broadcast cycle of EMMs r General ECMs encrypting CW with k r Key derivation – one secret key and multiple public values provide multiple secret keys r Key ladder r Control Word rollover  Even / odd keys 6

Additional issues r STB-SC pairing  Defines whether SC can be used with multiple STB r Securing PVR content r DRM 7

Problems r Keys  Card sharing  Control Word sharing r Content  Digital hole HDMI problems  Analog hole  Content on the Internet  More difficult for HD, 3-D 8

Mitigations r High physical security  Smart cards  Advanced chips  Cloning is difficult  Hardware eavesdropping, MITM, side-cannel, fault attacks are all difficult r Content sharing is expensive r Legal action 9

Different Model r Client hardware is not trusted  Low physical security  Device security driven by device vendor, not broadcaster r Remote revocation r Traitor tracing r Watermarking 10

Remote Revocation r Assumption: one-way channel r Stateless vs. stateful r Encryption of content key, not content r Parameters:  Number of users – n  Number of revoked users – r r Measure: message length, receiver storage, receiver processing r Example: basic broadcast encryption system  Message length – O(n-r), storage O(1), processing O(1) 11

Complete sub-tree r Subset cover:  Collection of subsets of all users (U)  Each subset is assigned key. User has keys of all subsets in which it is a member  Revocation of R – cover U\R exactly with subsets. Encrypt message with all keys from cover r Complete sub-tree  Users arranged in complete tree with n leaves  n-1 internal nodes r Key for root of each sub-tree r Cover of U\R – sub-trees hanging of paths to R r Message length – easy to see r(log n) keys 12

Complete sub-tree (cont.) r Message length – r (log n/r) r Storage – O(log n) keys r Processing –  Search is O(log n) in broadcast and O(log log n) if all keys are given  One decryption r Adding users is a problem – tree is static  Can keys and tree nodes be recycled?  Partial solution – large initial tree 13

Traitor Tracing r Goal: trace keys used for illegal decryption r Can be part of a trace-and-revoke mechanism r Assumption:  Broadcaster controls key management  DVD style assumption – tracer has pirate box (which can be reset)  Broadcasting assumption - tracer has agents that receive keys from pirate r Assumption: pirate can “sense” tracing and react r If pirate doesn’t produce CW then pirate loses r Black-box tracing – no access to pirate’s algorithm 14

Examples r Example: pirate has single decryption key  Send two PIDs – each revoking half the users, extract a single bit. Iterate for other bits r Example: adversary controls two keys with ID 1 and ID 2 such that ID 1  ID 2 =1…1  Adversary easily defeats binary search traitor tracing r In general – pirate has t keys 15

Subset tracing r Approach  Partition users to subsets U 1,…,U m  Encrypt different CW for every subset  Trace pirate’s CW to subset r Problem – pirate with multiple keys can switch between CWs r Algorithm  Initialize partition to U  Encrypt different CW to each set in partition  If pirate returns CW j assigned to U j partition U j into two subsets of similar size U j =U j1  U j2  Iterate until a subset includes only one user. Revoke user 16

Subset tracing (cont.) r Number of iterations / keys – t*log n/t r Base of log depends on ration of U j partition r Practical problem – head-end broadcast systems are often limited in number of different CWs per PID r In DVD style revocation, subset tracing can work with two keys or key and random string r Trace and revoke – complete sub-tree revocation method + subset traitor tracing 17

Watermarking r Idea r Uses r Visible vs. not visible r Historical analog methods r Method secrecy  Example – changing lower bits in picture pixels 18

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.