Cryptography Reference
In-Depth Information
broadcast providers. In such cases we will choose to regard the 'content access
device' as the hardware and the smart card, unless otherwise specified. Note that
this generic network infrastructure is independent of the business model being
used to sell the broadcast content.
In the subsequent discussion we will consider a generic broadcast video
application, rather than a specific provider's system.Wewill assume, however, that
the broadcast provider is using the Common Scrambling Algorithm (CSA), which
is a standard proprietary encryption algorithm around which many providers
base their security (see Section 12.5.3).
12.5.2 Video broadcasting security requirements
In order to appreciate the security requirements for digital video broadcasting, it is
first necessary to appreciate two important constraints on the broadcast network
environment:
One-way channel . The broadcast communication channel only operates in one
direction: from broadcast source to broadcast receiver. There is no means by
which a consumer can send information back to the broadcast source on this
communication channel.
Uncontrolled access . Just as for analogue broadcasts, digital video broadcast
content can be received by anyone with the right broadcast receiver technology
(a satellite dish in our example in Figure 12.9).
The security requirement for digital video broadcast is thus, simply:
Confidentiality of the broadcast content . In order to control the revenue stream
the broadcast provider must make the broadcast content essentially 'worthless'
to anyone who has not purchased the necessary content access device. In
other words, confidentiality is required on the broadcast channel, with only
authorised consumers having access to the necessary decryption keys. It is
important to note that this requirement for confidentiality does not arise due
to the sensitivity of the broadcast content. On the contrary, the broadcast
provider wants people to view this content, so long as they have paid to do so.
This requirement is sometimes referred to as conditional access .
It is worth briefly considering why this is the only security service requirement.
Entity authentication . Most of our previous applications required some level of
entity authentication, which would be one way of controlling which consumers
get access to broadcast video content. However, this requires the consumer
to be able to communicate with the broadcast source, which in this case is
not possible. Entity authentication of the broadcast source is possible, but
unnecessary, since the threat of an attacker posing as a broadcast source and
sending false video broadcasts is not particularly relevant to most commercial
broadcast environments.
 
Search WWH ::




Custom Search