Audio/Video compression Security Alain Bouffioux December, 20, 2006

Audio/Video compressionSecurity

Alain Bouffioux

December, 20, 2006

December, 20, 2006AV Compression / Alain Bouffioux

2

Agenda

What is cryptography

Symmetric & public-key cryptography

Why cryptography for DVB ?

Conditional access information in MPEG/DVB

Conditional access mechanism

Conditional access interfaces


3

Why cryptography ?

– CONFIDENTIALITY - The message is not listened– INTEGRITY - The message is not modified– AUTHENTICITY - The message has been sent by Alice– NON-REPUDIATION - Alice cannot falsely deny she has sent the

message

What is cryptography (1/2)

ALICE

MESSAGE

BOB


4

What is cryptography (2/2)

Basic terminology

cryptographic algorithm or cipher

CiphertextEncryption

Plaintextor cleartext

Key Key

DecryptionOriginalplaintext


5

Symmetric cryptography Public-key cryptography Key1 = Key2 Key 1 Key 2

Public-key cryptographyOne Public-key (known by everybody) : PKOne Private-key or Secret-key (kept secret) : SK

C = EKey1(M) M = DKey2(C) = DKey2(EKey1(M))

In public-key cryptography, key1 may be PK or SK and key2 is the other key.

Symmetric & public-key cryptography(1)

Key 1

EncryptionPlaintextor cleartext

Cyphertext

Key 2

DecryptionOriginalplaintext


6


Example of symmetric cryptography

– Key stream as long as message– Key stream = pseudo-random sequence (easy to break)– Low security should be compensated by frequent change of keys

necessity of secure channel 2 channels : one for the message & one for the key

Pseudo-randomnumber generator Secure

channelKey

+Plaintext Ciphertext

Pseudo-randomnumber generator

Key

Original plaintext+


7


Example of public-key cryptography

Alice encrypts messageusing Bob's public key

Public key of Bob

Encrypted message

Public Keys

Bob decrypts messageusing his secret key


8


Symmetric cryptography example : DES

Public-key cryptography example : RSA (1977)

Symmetric versus public-key cryptography– Symmetric cryptography is faster (about 1000 times).– Low security of symmetric cryptography (due to the necessity of key transport) is

improved by a frequent change of the key.– In Public-key cryptography the secret-key may be kept secret. It is never

transported High security.– Different usage : In DVB, symmetric key algorithm for encrypting data, public-key

algorithm for key management (secure channel).

Hybrid cryptosystemExample : DES for message and RSA for key encryption


9

Cryptography and DVB (1/2)

Cryptography may prevent unauthorised receiver from decoding the program.

DVB compared with banking or military secret– high information rate– low information value– decryption must be cheap

Cost of cracking the system should be higher than the benefits gained from the cracking

Cryptography in DVB is a trade-off between cost/complexity versus piracy-proof.

CA (Conditional Access) = very sensitive subject. Some service providers want their own CA system.


10

Cryptography and DVB (2/2)

MPEG does not specify a conditional access (CA) system but defines a frame to support CA.

DVB characterises some aspect left undefined by MPEG,It defines a CA interface.

The broadcaster develops its CA system using a CA interface.

DVB is based on– symmetric cryptography for audio-visual transmission– frequent key change to increase security– Public-key cryptography for key-exchange

DVB relies on – stream of ECM’s (Entitlement Control Message)– stream of EMM’s (Entitlement Management Message)


11

CA information in MPEG TS (1/2)

Multiplexing

VideoEncoder

ECM'sPES

STC

EMM'sPES

SYSTEMLAYER

COMPRESSIONLAYER

Transport Sublayer

PES Sublayer

ComputePCR

VideoPES

Packetising

PTS

Sampling

Video elementarystream (E.S.)

Audio elementarystream (E.S.)

Program SpecificInformation (PSI,SI)

MPEG2 Transport Stream

Packetising

PTS

AudioPES

TRANSPORTSTREAM

PACKETISEDELEMENTARYSTREAM

ELEMENTARYSTREAM

AudioEncoder

Uncoded video

Sampling

Uncoded audio


12

CA information in MPEG TS (2/2)

Table

MPEG TSMultiplex

Program Association Table (PAT) (PID=0)

Program Map Table (PMT) (PID=x)

Conditional Access Table (CAT) (PID=1)

Some possible tables

Program Number 1 2 ......

Stream-type Audio Video PCR's ECM's

Stream-PID aa bb cc dd

EMM's mm

PMT-PID x y......

EMM's

PCR

ECM's

Payload184 bytes

Header4 bytes

PID

Video

Audio


13

The CA mechanism : illustration

DecryptionEncrypted AV data Clear AV Data

SMARTCARD

Decryption

Decryption

ECM’s

(Program related)

EMM’s

(CA system related)

IK

EntitlementSK

Access control parameters

SK

CW’s

PDK1 PDK2PDK


14

The CA mechanism (1/2)

AV streams are scrambled with Control Words (CW) using symmetric cryptography

CW are encrypted using Service Keys (SK), are placed in ECM’s and are securely transmitted to the receiver

ACP = Access ControlParameters.

EncryptionCW (Control Word)

SK (Service Key)

Base Key

MPEG TS(clear) Scrambler

ECM's

Encryption EMM's

AV streams

Decryption

Decryption

ECM'sMPEG TS

EMM's

IK (Issuer Key)

AV streams

ACP

PDK (Programmer Distribution Key)

SK

EntitlementPDK,SK

Entitlement,PDK, SK

Descrambler

MPEG TS(clear)

CW


15

The CA mechanism (2/2)

SK are encrypted using public-key cryptography -Keys are IK (unique key internal to the smartcard) or PDK (transmitted via EMM’s in order to define user’s group)

ECM’s carries (informations related to a single program PID of ECM’s in PMT)

– enciphered CW– access parameters

ECM’s are decoded to CW if the receiver contains the required entitlements

EMM’s carries (information related to a conditional access system PID of EMM’s in CAT)

– New entitlements, SK’s (Service Keys)– Programmer distribution key


16

About DVB scrambling

Encryption occurs after compression (at the location in the stream where the redundancy is at its lowest value) in order to have a robust encryption system.

Encryption may occur at PES level or at TS level.

DVB scrambling is transparent (a valid TS remains valid after scrambling) facilitates transport and manipulation.

Synchronisation based on PCR’s constant time required for scrambling/descrambling.

Security device should authenticate EMM’s origin.

CA is only one aspects of cryptography usage in DVB. An other may be copy protection by (watermarking) and authentication (by signature).


17

Documents

Audio/Video compression Security Alain Bouffioux December, 20, 2006