Cryptography Reference
In-Depth Information
was adopted, but the natural reason would be as a form of insurance against one
of the layers of encryption being broken.
12.5.4
Key management for video broadcasting
The primary keymanagement task for digital video broadcasting is simple to state:
the keys required to recover broadcast content should be available only to those
consumers who are authorised to view the broadcast content. However, there are
several complications that combine to make this a challenging task:
The number of potential consumers
. A digital video broadcast network is likely
to have a large number of consumers (in some cases this could be several
million), hence the keymanagement systemdesignmust be sufficiently scalable
that it works in practice.
Dynamic groups of authorised consumers
. The groups of consumers who
are authorised to view digital broadcast content is extremely dynamic. Pay-
per-view services provide the extreme example of this, where the group of
authorised consumers is likely to be different for every content broadcast.
Constant service provision
. In many applications a broadcast source will be
constantly streaming digital video content that needs to be protected. There
are no break periods inwhich keymanagement operations could be conducted.
Most key management must therefore be conducted on the fly.
Precision of synchronisation
. As we know from Section 4.2.4, stream ciphers
require the keys at each end of the communication channel to be synchronised.
In digital video broadcasting this synchronisation has to happen between the
broadcast source and
all
(and as we have just pointed out, this could be 'millions
of ') authorised consumers. This synchronisationmust be close to being perfect,
otherwise some consumers may incur a temporary loss of service.
Instant access
. Consumers normally want instant access to broadcast content and
will not tolerate delays imposed by key management tasks. A good example of
the extreme nature of this problem arises in the case of subscription services,
where consumers often choose to select a series of different broadcast channels,
each for a very short period of time, in order to make a selection (often referred
to as 'channel surfing'). Since these different channels need to be encrypted
using different encryption keys, the content access device needs to have instant
access to all the relevant decryption keys.
We will now look at how digital video broadcasting systems typically address these
challenges.
VIDEO BROADCAST KEY MANAGEMENT SYSTEM DESIGN
As we indicated in Section 12.5.2, all video broadcast content must be encrypted
during transmission. In Section 12.5.3 we identified that this must be using a
symmetric key, which we will refer to as the
content encryption key
(CEK).
