Open Conditional Access System By Menno de Jong A DISSERTATION Submitted to The University of Liverpool in partial fulfillment of the requirements for.

Slides:

Advertisements

Similar presentations

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Advertisements

Installation & User Guide

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.

Categories of I/O Devices

Digital Certificate Installation & User Guide For Class-2 Certificates.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

FIT3105 Smart card based authentication and identity management Lecture 4.

Chapter 14 Requirements and Specifications. Copyright © 2005 Pearson Addison-Wesley. All rights reserved Software Engineering The implementation.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,

Introduction to HASP ® Software DRM Solutions, Products, Benefits All Rights Reserved © Aladdin Knowledge Systems.

CSCI 6962: Server-side Design and Programming

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.

Masud Hasan Secue VS Hushmail Project 2.

MAHI Research Database Data Validation System Software Prototype Demonstration September 18, 2001

Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.

“ACT” Audio Conference over ATM Network with TRM Technion - Israel Institute of Technology Electrical Engineering Faculty Computer Networks Laboratory.

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Introduction to HP Availability Manager.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Outline Overview Video Format Conversion Connection with An authentication Streaming media Transferring media.

PGP ENCRYPTION Prepared by Noel Kigaraba. Introduction This presentation explains the basic information about PGP encryption software. It discusses the.

Module 9: Fundamentals of Securing Network Communication.

Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

Potential vulnerabilities of IPsec-based VPN

Security fundamentals Topic 5 Using a Public Key Infrastructure.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.

Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015CS526: Information Security1.

Unit 17: SDLC. Systems Development Life Cycle Five Major Phases Plus Documentation throughout Plus Evaluation…

1 Overview of Microsoft Windows 2000 Multipurpose OS Reduces total cost of ownership (TCO)

Sem 2v2 Chapter 5 Router Startup and Setup. A router initializes by loading the bootstrap, the operating system, and a configuration file. If the router.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Network Security: Lab#2 J. H. Wang Oct. 9, Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

2: Operating Systems Networking for Home & Small Business.

PGP Desktop (Client only) By: Courtney Wirtz & Vincent Verner.

Whatsapp Security Ahmad Hijazi Systèmes de Télécommunications & Réseaux Informatiques (STRI) 20 April 2016.

IPEmotion License Management PM (V1.2).

There are many leading online sources that are providing reliable encryption solution for your online as well as offline file security through smart software.

Guided by : VIPUL GAJJAR Prepared by: JIGAR KAKADIYA.

Applying Cryptography to Physical Security

Module 8: Securing Network Traffic by Using IPSec and Certificates

Module 8: Securing Network Traffic by Using IPSec and Certificates

Presentation transcript:

Open Conditional Access System By Menno de Jong A DISSERTATION Submitted to The University of Liverpool in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE 6 March 2004 OCAS

Sponsor EchoStar Communication Corporation with DISH Networks (10 mil. Customers). Delivering Direct Broadcast Satellite. The manager of the European Engineering team Peter Hillen, sponsor of the project with the request: define a design of the next generation conditional access system.

Requirements Broadcaster Secure Low cost Easy updates Killer application Fair competition Customer Trustworthy Low cost No CI module or smart card Easy exchangeable Goal Open Conditional Access System that is downloaded and activated like a plug in and no dedicated hardware is needed

Objectives Analyze standards, existing CA and DRM systems to learn their advantage and weakness. Identify/analyze existing encryption technique's and protocols to find their advantages to be used for OCAS. Design an secure environment based on use of a VM and back path to a server. Find an Open Source implementation for selected encryption technique and VM environment. Implement a prototype running on a satellite receiver and PC.

Research Standards DVB is the most used world wide standard. The DVB-CI interface creates exchangeable CA systems using a module. All cards can be hacked and become to expensive. Return channel is integrated in security model. Market is dominated by large actors. Future CA systems can be download like a plug-in.

Research Encryption ECC creates the best ratio key size and level of security ECC creates less computation (time) for the same security. ECC supports public key encryption and signature checking Many different ECC security schema's are standardized ECC Elliptic Curve Cryptography

Analysis OpenSSL for EC + BN functionality Apache-style license Christophe Devine's AES + SHA-1 GNU General Public License There are no patents on use of elliptic curves, AES and SHA-1. Open-source licensed code can be used commercial purpose when this is explicit mentioned. Different patent exists for ECC schema's and standards. Patents on software implementation working reversed in relation to adoption of standards.

Key Challenges DSDM, iterative and (prototype) incremental. Design a DVB compliant CA system cope with all constrains. Port OpenSSL on satellite receiver. Replace BN assembler code. Find fast AES and SHA-1 source code. Select the best ECC algorithms. Research on IP. Create the final prototype supporting generating a public key, encrypt, decrypt, signature generate and verify.

Implementation OCAS Elliptic Curve Encryption Public Key generation (EC_CreatePubKey)EC_CreatePubKey Elliptic Curve Authentication Encryption Scheme (ECAES) Encrypt (EC_Encrypt_File) Decrypt (EC_Decrypt_File)EC_Encrypt_FileEC_Decrypt_File Elliptic Curve Key Establishment Protocol (ECKEP) Generation (EC_SignatureGeneration) Validation (EC_SignatureVerify)EC_SignatureGenerationEC_SignatureVerify Windows prototype (ECC)ECC The total project (BN lib excluded) is analyzed using Understand for C++. Project Metrics (Index).Index

ECC Examples ECC ECC p 512 my512 ECC g my512 file ECC e my512 file ECC d my512 file.ecc ECC v my512 file Test performance: Same commands but with “-t”: ECC p -t 512 my512 display usage enter password 2X enter password Signature OK? The Windows prototype EXE (ecc.exe) Download the ecc.exe and open a command box to start ecc.ecc.exe

Conclusions ECC and AES encryption can support all CA functionalities and satisfy all constrains inflicted by use of a satellite receiver as operating system. ECC algorithms provides a secure exchange of data and together with key management design it replace the need for extra hardware and/or a smart card. High security; (requirement) All of the security elements are exchangeable and exists only in RAM. low cost; (requirement) Smart card and or expensive CI connectors are not required. Interchange;(requirement) The entire CA/security system can be exchanged/add and so alternate CA supplier can be introduced by only a new download of Byte Code

Recommendations ECC, although in development, can already support high level of encryption security. Care must be taken adopting a standard because not all standards are royalty free. When decide about using public source evaluate also the supported documentation. Improve security of DVB CA systems for broadcast content by balance timing, synchronize and create a method to insert and skip fake Control Words.

Downloads (on-line) OCAS DISSERTATION OCAS_dissertation.pdf OCAS_dissertation.pdf OCAS Source code (ecc_103.zip) Windows based LCC-win32 Windows based LCC-win32 OCAS executable Windows version 1.03 ecc.exe + ecc.exe.sig ecc.exeecc.exe.sig This presentation OCAS_presentation /.pdf /.sxi /.ppt.pdf.sxi.ppt My public key