Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Conditional Access System By Menno de Jong A DISSERTATION Submitted to The University of Liverpool in partial fulfillment of the requirements for.

Published byNelson Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "Open Conditional Access System By Menno de Jong A DISSERTATION Submitted to The University of Liverpool in partial fulfillment of the requirements for."— Presentation transcript:

1 Open Conditional Access System By Menno de Jong A DISSERTATION Submitted to The University of Liverpool in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE 6 March 2004 OCAS

2 Sponsor EchoStar Communication Corporation with DISH Networks (10 mil. Customers). Delivering Direct Broadcast Satellite. The manager of the European Engineering team Peter Hillen, sponsor of the project with the request: define a design of the next generation conditional access system.

3 Requirements Broadcaster Secure Low cost Easy updates Killer application Fair competition Customer Trustworthy Low cost No CI module or smart card Easy exchangeable Goal Open Conditional Access System that is downloaded and activated like a plug in and no dedicated hardware is needed

4 Objectives Analyze standards, existing CA and DRM systems to learn their advantage and weakness. Identify/analyze existing encryption technique's and protocols to find their advantages to be used for OCAS. Design an secure environment based on use of a VM and back path to a server. Find an Open Source implementation for selected encryption technique and VM environment. Implement a prototype running on a satellite receiver and PC.

5 Research Standards DVB is the most used world wide standard. The DVB-CI interface creates exchangeable CA systems using a module. All cards can be hacked and become to expensive. Return channel is integrated in security model. Market is dominated by large actors. Future CA systems can be download like a plug-in.

6 Research Encryption ECC creates the best ratio key size and level of security ECC creates less computation (time) for the same security. ECC supports public key encryption and signature checking Many different ECC security schema's are standardized ECC Elliptic Curve Cryptography

7 Analysis OpenSSL for EC + BN functionality Apache-style license http://www.openssl.org/http://www.openssl.org/ Christophe Devine's AES + SHA-1 GNU General Public License http://www.cr0.net:8040/code/crypto/ http://www.cr0.net:8040/code/crypto/ There are no patents on use of elliptic curves, AES and SHA-1. Open-source licensed code can be used commercial purpose when this is explicit mentioned. Different patent exists for ECC schema's and standards. Patents on software implementation working reversed in relation to adoption of standards.

8 Key Challenges DSDM, iterative and (prototype) incremental. Design a DVB compliant CA system cope with all constrains. Port OpenSSL on satellite receiver. Replace BN assembler code. Find fast AES and SHA-1 source code. Select the best ECC algorithms. Research on IP. Create the final prototype supporting generating a public key, encrypt, decrypt, signature generate and verify.

9 Implementation OCAS Elliptic Curve Encryption Public Key generation (EC_CreatePubKey)EC_CreatePubKey Elliptic Curve Authentication Encryption Scheme (ECAES) Encrypt (EC_Encrypt_File) Decrypt (EC_Decrypt_File)EC_Encrypt_FileEC_Decrypt_File Elliptic Curve Key Establishment Protocol (ECKEP) Generation (EC_SignatureGeneration) Validation (EC_SignatureVerify)EC_SignatureGenerationEC_SignatureVerify Windows prototype (ECC)ECC The total project (BN lib excluded) is analyzed using Understand for C++. Project Metrics (Index).Index

10 ECC Examples ECC ECC p 512 my512 ECC g my512 file ECC e my512 file ECC d my512 file.ecc ECC v my512 file Test performance: Same commands but with “-t”: ECC p -t 512 my512 display usage enter password 2X enter password Signature OK? The Windows prototype EXE (ecc.exe) Download the ecc.exe and open a command box to start ecc.ecc.exe

11 Conclusions ECC and AES encryption can support all CA functionalities and satisfy all constrains inflicted by use of a satellite receiver as operating system. ECC algorithms provides a secure exchange of data and together with key management design it replace the need for extra hardware and/or a smart card. High security; (requirement) All of the security elements are exchangeable and exists only in RAM. low cost; (requirement) Smart card and or expensive CI connectors are not required. Interchange;(requirement) The entire CA/security system can be exchanged/add and so alternate CA supplier can be introduced by only a new download of Byte Code

12 Recommendations ECC, although in development, can already support high level of encryption security. Care must be taken adopting a standard because not all standards are royalty free. When decide about using public source evaluate also the supported documentation. Improve security of DVB CA systems for broadcast content by balance timing, synchronize and create a method to insert and skip fake Control Words.

13 Downloads (on-line) OCAS DISSERTATION OCAS_dissertation.pdf OCAS_dissertation.pdf OCAS Source code (ecc_103.zip) Windows based LCC-win32 Windows based LCC-win32 OCAS executable Windows version 1.03 ecc.exe + ecc.exe.sig ecc.exeecc.exe.sig This presentation OCAS_presentation /.pdf /.sxi /.ppt.pdf.sxi.ppt My public key

Download ppt "Open Conditional Access System By Menno de Jong A DISSERTATION Submitted to The University of Liverpool in partial fulfillment of the requirements for."

Similar presentations

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Installation & User Guide

Installation & User Guide
Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA www.in-arg.com MESH VOIP.

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.
Categories of I/O Devices

Categories of I/O Devices
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.

SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Chapter 14 Requirements and Specifications. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 14-2 Software Engineering The implementation.

Chapter 14 Requirements and Specifications. Copyright © 2005 Pearson Addison-Wesley. All rights reserved Software Engineering The implementation.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Similar presentations

Ads by Google