|
|
|
|
|
|
|
| |
| A Survey of Existing Broadband Security Standards and Specifications - Part III |
|
The DVB Multimedia Home Platform
The DVB Multimedia Home Platform (MHP) defines a programming interface between interactive applications and their execution environment (Digital Video Broadcasting Project, 2001). This interface abstracts the details of the underlying
hardware and operating system on which the applications run. This abstraction allows software developers to create non-platform-specific applications that run without modification on a wide variety of end-user devices. MHP is intended to
extend the interactive functionality of DVB to all transmission networks, including cable, wireless, and satellite. MHP security authenticates the source of application code and other files downloaded to set-top boxes, televisions with
integrated DVB receivers, and multimedia PCs. It also secures the return channel used to communicate subscriber information back to the service provider. The characteristics of the DVB Multimedia Home Platform are outlined in Table 5-5. DVB MHP Security is discussed in further detail in Chapter 11.
NOTE:
All DVB applications run within an execution environment known as DVB-J. DVB-J includes a Java virtual machine for executing Java applications, and supports the use of many popular Java classes from Sun Microsystems.
The OpenCable Copy Protection System
OpenCable defines standards for the hardware and software platforms required to support interactive television services over cable networks. In the OpenCable environment, the subscriber purchases the host device of his or her choice (an OpenCable-compliant set-top box or television, for instance). The cable provider supplies a point-of-deployment (POD) module that the subscriber attaches to the host device. The POD allows the host device to decrypt scrambled
MPEG video and audio signals coming from a cable television head end. Before sending copy-protected content to the host device, the POD is responsible for re-encrypting the signal. The OpenCable Copy Protection System (CPS)
defines the process for encrypting and decrypting the MPEG video and audio flowing across the POD-to-host device interface (CableLabs, 2001b). Its purpose is to protect “high-value” content from attackers tapping into the circuitry
of the device.
The characteristics of the OpenCable Copy Protection System are outlined in below
Name
DVB Multimedia Home Platform (MHP)
Organization
The Digital Video Broadcasting Project of ETSI
Description
MHP security authenticates the source and verifies the integrityof interactive digital video applications downloaded to and executed on DVB-compliant subscriber devices; it implements security within the Transport and Application layers.
Applications
MHP supports a wide range of interactive applications, including electronic program guides, information services,
synchronized application and TV content, e-commerce (for example, home shopping and online banking), online gaming, and other applications requiring security (DVB, 2001).
QoS requirements
Performance is important because it affects the load time of an application. Hash codes and signatures must be checked each time an application is loaded.
Security services and mechanisms
Each MHP-enabled terminal authenticates applications using a combination of three message types:
Hash code Ensures integrity by summarizing data contained within a directory (files and subdirectories).
Signature Resides in the root of the application “tree”; associates all hash code files with a single application, ensures
integrity of the application as a whole, and authenticates the source of the application.
Certificate Contains a list of certificates required to verify the signature files.
Allows multiple signers of an application.
Provides the following types of access control using signed permission files
Local resource and file access (including storage)
Interapplication communication
Service selection
Return channel access
Remote host access
Application lifecycle control (for example, pause, stop, and resume functions)
Smart card access
Implements data privacy on the return channel from the subscriber to the service provider.
Network security protocols
TLS secures user data on the return channel.
Public-key encryption algorithms
Uses the RSA algorithm for
Generation and verification of digital certificates and digital signatures
Authentication and key exchanges in conjunction with TLS
Symmetric-key encryption algorithms
TLS uses the following algorithms to encrypt user data on the return channel:
40-bit and 56-bit DES (CBC mode)
2-key 3DES (in EDE-CBC mode)
3-key 3DES (in EDE-CBC mode)
Message integrity algorithms
Uses MD5 and SHA-1 message digests
To create and verify hash code and signature files
To create and verify signatures contained within digital certificates
In conjunction with TLS on the return channel for message integrity
Use of digital certificates and PKI
Uses X.509v3 digital certificates for key exchanges and processing of digital signatures; MHP-compliant devices must
support certificates with up to 4096-bit key lengths.
Uses a TTP certification authority to provide trust between MHP terminals and application providers.
Allows an arbitrary-level PKI hierarchy with a common trusted Root CA.
Specifies formats for certificates and certificate files, but not for the PKI hierarchy.
Specifies policies for the management, distribution, and processing of CRLs and root certificates.
Special characteristics
The DVB-J runtime environment includes support for the java.security package from Sun Microsystems.
Characteristics of the OpenCable Copy Protection System
Name
OpenCable Copy Protection System (CPS)
Organization
Cable Television Laboratories
Description
The OpenCable CPS secures the transfer of copy-protected content, such as pay-per-view or video-on-demand, between a POD and an end-user host device; this prevents unauthorized reproduction.
Applications
The OpenCable system supports interactive television (iTV) services, including interactive program guides, sports, and games shows; online games; impulse pay-per-view; video-on-demand; Internet access; and e-commerce (CableLabs, 2001a).
QoS requirements
MPEG audio and video is real-time, rate-adaptive content, requiring high-performance cryptographic operations. However, large receive buffers greatly reduce the effects of signal latency and jitter on streaming multimedia content.
Security services and mechanisms
A POD authenticates a host device via an X.509v3 digital certificate and shared long-term authentication keys; the
POD will not descramble copy-protected content unless the host device contains a valid certificate.
Supports DH key agreement for the exchange of keying material.
POD modules report any (detected) non-OpenCablecompliant or compromised host devices to the service
provider.
Host devices use a special-purpose “authenticated tunneling protocol” to verify the delivery of valid control
messages from POD modules.
Does not specify built-in integrity checking for MPEG signals flowing across the POD-to-host device interface.
Network security protocols
N/A
Public-key encryption algorithms
Uses 1024-bit DH key agreement to generate a shared secret key, which is then used to generate long-term authentication and copy-protection keys.
Symmetric-key encryption algorithms
Uses DES17 in ECB mode for encryption of MPEG content.
Message integrity algorithms
Uses SHA-1
In conjunction with proprietary DFAST algorithm to generate copy-protection keys
For generating and verifying certificate signatures
Use of digital certificates and PKI
Each host device and POD contains an RSA X.509v3 digital certificate for authentication and initial key
exchange.
Each head end maintains a CRL containing the certificates of revoked or compromised hosts.
To be Continued
Taken with permission from the book Broadband network & device security by Benjamin M Lail
published by Osborne Publishing
|
|
|
|
|
|
|
|
