Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Introduction to
Conditional Access Systems
Namith CM
What is CAS?
 A Conditional Access System is the collection of security
components in the end-to-end pipeline of broadcas...
Types of CAS in PayTV systems
 Smartcard based solution
 Smartcard contains proprietary security logic for decryption.
...
CAS for Broadcast Networks
 The next few slides explain the end-to-end
management of secure content.
 This is a very gen...
Scrambling and Descrambling
Free-to-air
service
Scrambled
service
Scrambler
Control
Word (CW)
Random key, from
a Random Nu...
Why is CW shared?
ESPN
(free-to-air)
ESPN (user-1)
Scrambler
CW-1 CW-2 CW-3 CW-4
ESPN (user-2)
ESPN (user-3)
ESPN (user-4)...
Why is ECM shared?
Encryptor
Key-1 Key-2 Key-3 Key-4
CW
ECM (user-1)
ECM (user-2)
ECM (user-3)
ECM (user-4)
Multiple ECM
i...
End-to-end Key Handling (Headend)
CW
Kser1
CWenc
CWenc
ECM
Kusr1
K-ser1enc
K-ser1enc
EMM
KserN
K-serNenc
K-serNenc
Kusr1
K...
K-usr1
End-to-end Key Handling (STB Client)
K-usr1enc
AUTH
K-ser1enc
EMM
K-serNenc
…
CWenc
ECM
Khw
from SoC or smartcard
K...
Simulcrypt
MUX
Scrambler
CW-
generator &
Simulcrypt
Synchronizer
(SCG)
PID/Tables
generator &
multiplexer
Free-to-air serv...
Thank You!
http://linkedin.com/in/namithcm
Próxima SlideShare
Cargando en…5
×

Conditional Access Systems

Introduction to CAS technology in PayTV industry, with focus on end-to-end key management for broadcast networks.

  • Sé el primero en comentar

Conditional Access Systems

  1. 1. Introduction to Conditional Access Systems Namith CM
  2. 2. What is CAS?  A Conditional Access System is the collection of security components in the end-to-end pipeline of broadcast media, from source headend equipments to client devices.  PayTV systems generate revenue by enabling media content rights exclusively to viewers who pay for it.  “Paid channels” or channels with premium content, which are not available free-to-air.  Video-on-demand and movie-on-demand services.  In simple terms, in general, all devices in the network can theoretically get access to all the available (free-to-air and encrypted) media contents/streams. But only those devices with some specific keys can view the encrypted/protected contents. The secure management of these keys in the open network, is the prime responsibility of a CAS vendor.
  3. 3. Types of CAS in PayTV systems  Smartcard based solution  Smartcard contains proprietary security logic for decryption.  Proven and tested, and most widely accepted solution.  Recovery time after hacking is high, since cards need to be replaced.  CAM-based solution  Similar to smartcard based, but the device is just provided with a slot for CAM module, and any smartcard (meeting CAM requirements) should be able to work.  More open standard, but poor adoption by market leaders.  Cardless or full-software solution  SoC level security features are used by software modules.  Relatively newer technology, cheaper and growing in popularity.  Recovery time after hacking is very low, hence discouraging hackers.
  4. 4. CAS for Broadcast Networks  The next few slides explain the end-to-end management of secure content.  This is a very generalized and simplistic explanation (intended for engineers with DVB background), and not specific to any particular CAS vendor.  The basic concept would be similar for all Broadcast CAS systems, with slight variations in the number of levels for key encryption, key ladder logic, encryption/scrambling algorithms used, etc.
  5. 5. Scrambling and Descrambling Free-to-air service Scrambled service Scrambler Control Word (CW) Random key, from a Random Number Generator Can this key be sent to STB clients without encryption? Think about ECM! Should it same for all users? Think about bandwidth! Scrambled service Descrambler Free-to-air service @ Headend Mux @ STB Client How frequently should this key be changed? Think about brute-force attacks!
  6. 6. Why is CW shared? ESPN (free-to-air) ESPN (user-1) Scrambler CW-1 CW-2 CW-3 CW-4 ESPN (user-2) ESPN (user-3) ESPN (user-4) Bandwidth wastage. Millions of users. Impractical! Multiple CW impractical, so use common CW per service
  7. 7. Why is ECM shared? Encryptor Key-1 Key-2 Key-3 Key-4 CW ECM (user-1) ECM (user-2) ECM (user-3) ECM (user-4) Multiple ECM impractical, so use common ECM per service Bandwidth wastage. Millions of users. Will run short of PIDs. Even if sent on same PID, the overhead to encrypt & send so many million ECMs so frequently is too high. Thus impractical!
  8. 8. End-to-end Key Handling (Headend) CW Kser1 CWenc CWenc ECM Kusr1 K-ser1enc K-ser1enc EMM KserN K-serNenc K-serNenc Kusr1 Khw from SoC/smartcard db K-usr1enc K-usr1enc AUTH Common to all User-specific or group-specific, common PID User-specific, common PID … … Free-to-air service Scrambled serviceScrambler Common to all CW
  9. 9. K-usr1 End-to-end Key Handling (STB Client) K-usr1enc AUTH K-ser1enc EMM K-serNenc … CWenc ECM Khw from SoC or smartcard K-usr1K-usr1enc K-ser1enc K-ser1 CWenc CW Free-to-air serviceScrambled service Descrambler CW K-serNenc K-serN …
  10. 10. Simulcrypt MUX Scrambler CW- generator & Simulcrypt Synchronizer (SCG) PID/Tables generator & multiplexer Free-to-air service Scrambled service CAS-1 EMM g ECMg CAS-2 EMM g ECMg ECM-1 EMM-1 ECM-2 EMM-2 CW CAT CA descriptors EMM-1 PID (CAS- 1) EMM-2 PID (CAS- 2) PMT CA descriptors ECM-1 PID (CAS- 1) ECM-2 PID (CAS- 2) EMM-1 EMM-2 ECM-1 ECM-2 Enables coexistence of multiple CA systems operating simultaneously in the same network.
  11. 11. Thank You! http://linkedin.com/in/namithcm

×