Cryptography Reference
In-Depth Information
Data integrity
. There is no doubt that data integrity is important, since a video
broadcast channel is potentially prone to errors in the transmission channel.
However, the threat against data integrity is more likely to be accidental errors
rather than deliberate ones introduced by a malicious attacker. Hence the
solutions lie in the area of error-correcting codes (see Section 1.4.4) and not
cryptographic mechanisms.
There are several other operational constraints that influence the design of
the key management for digital video broadcasting. We will discuss these in
Section 12.5.4.
12.5.3
Cryptography used in video broadcasting
Since confidentiality is required, we need to determine which encryption
algorithm to use. The cryptographic design decisions behind this are almost
identical to those for GSM encryption (see Section 12.3.3), namely:
A fully symmetric cryptographic architecture
. Video broadcast networks are
closed systems.
Stream ciphers for data encryption
. Video broadcasts involve streaming data in
real time over potentially noisy communication channels.
Fixing the encryption algorithm
. Agreeing on use of a fixed encryption algorithm
allows this algorithm to be implemented in all broadcast receivers, aiding
interoperability.
Proprietary encryption algorithm
. Choosing to design a proprietary encryption
algorithm was justifiable for the same reasons as for GSM. In this case the
expertise lay with members of the
Digital Video Group
(DVB), which is
a consortium of broadcasters, manufacturers, network operators, software
developers, and regulatory bodies with interests in digital video broadcasting.
As for GSM, one of the influences behind the design was to make decryption
as efficient as possible, since content access devices are less powerful than
broadcast sources.
The proprietary encryption algorithm that was designed was CSA. While CSAwas
standardised by ETSI (see Section 12.3), it was only available for scrutiny under
a non-disclosure agreement. However, in 2002, the CSA was implemented in a
software application and subsequently reverse-engineered.
The CSA is essentially a double stream cipher encryption. The first encryption
is based on a proprietary block cipher deployed in CBC mode, which means that
it operates as a stream cipher (see Section 4.6.3). The second layer of encryption
uses a dedicated stream cipher to encrypt the ciphertext produced during the first
encryption (this is a slight simplification). The key length is 64 (only 48 of the bits
are actually used for encryption) and the same encryption key is used for both
encryption processes. It is not clear why this 'double encryption' layered design
