Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Key Distribution Scheme in Digital Pay-TV Systems Adviser: Min-Shiang Hwang Reporter: Chun-Ta Li ( 李俊達 ) Date: 2006/06/13.

Published byPearl Allen Modified over 9 years ago

Similar presentations

Presentation on theme: "Group Key Distribution Scheme in Digital Pay-TV Systems Adviser: Min-Shiang Hwang Reporter: Chun-Ta Li ( 李俊達 ) Date: 2006/06/13."— Presentation transcript:

1 Group Key Distribution Scheme in Digital Pay-TV Systems Adviser: Min-Shiang Hwang Reporter: Chun-Ta Li ( 李俊達 ) Date: 2006/06/13

2 2 Outline  Introduction  Requirements  Huang et al. ’ s scheme[1]  Sun et al. ’ s scheme[2]  Comparisons  Comments  References

3 3 Introduction  Pay-TV system  Conditional Access System (CAS)  Two classes of pay-TV system The subscription (pay-per-channel, PPC) channels  Pay for a period of time, e.g. weekly or monthly  Disadvantage: not allowed to unsubscribe the channels The pay-per-view (PPV) channels  Pay for each single program  Disadvantage: can only be applied on small scale

4 4 Introduction (cont.)  Group key distribution Four-level key hierarchy [3]  Control Word: CW  scrambling of video programs  Authorization Key: AK  encrypt the CW  Distribution Key: DK  consists of a Private Key (PK) and a Group Key (GK)  Master Private Key: MPK  encrypt the entitlement management message and DK and is stored in a smart card-based device uniquely for each subscriber used as a group key for each group of channels C1C1 C2C2 C3C3 C1C1 C2C2 C3C3 C1C1 C2C2 C1C1 C3C3 C2C2 C3C3 C1C1 C2C2 C3C3 m=3 # of groups = 2 m -1

5 5 Requirements  Functionality Subscribers can freely choose the channels and Pay-TV modes Suitable for large scale environment with lots of subscribers and channels (scalability) Group key distribution: groups of subscribed channels and groups of subscribed channels of subscribers (subscriber leaves) Computation load and transmission cost (efficiency) Storage requirement

6 6 Requirements (cont.)  Security Only the authorized subscribers can receive the program (unsubscribed users can ’ t watch the Pay-TV programs) The conspiracy of subscribers should not compromise the system

7 7 Huang et al. ’ s scheme  Notations in group-oriented scheme  Four-level key hierarchy CW : scramble/descramble programs on channels (updated frequently, e.g., 5-20 s) AK : encrypt/decrypt CW (updated periodically, e.g., daily) DK : used to derive AK (updated monthly) SK : secret key held by the subscriber, is used to encrypt and decrypt the DK (stored in smart card)

8 8 Huang et al. ’ s scheme (cont.)  Group-Oriented Key Distribution Scheme [Initial Phase] For service provider (SP): 1) SP randomly generate, where = [dk 1,dk 2,…,dk m ] 2) SP derive new by the following procedures:  ak 1 = D ⊕ dk 1, where D is a random number. (A.1)  ak j = ak j-1 ⊕ dk j, 2 < j < m. (A.2) [Initial Phase] For each subscriber (S i ): 1) SP generate the vector, for each subscriber S i,  dk i j is randomly generated, for G j SG i.  dk i j = (dk 1 ⊕ … ⊕ dk j ) ⊕ (dk i j ⊕ … ⊕ dk i j-1 ), for G j SG i (A.3) 2) SP encrypts using the secret key Sk i of S i. 3) SP transmits {, D} sk i to S i 4) Si derives new by following procedures:  ak i j = D ⊕ dk i j (A.4)  ak i j = ak i j-1 ⊕ dk i j, 2 < j < m. (A.5)

9 9 Huang et al. ’ s scheme (cont.)  Group-Oriented Key Distribution Scheme Example of the initial phase of group-oriented key distribution scheme:  Four groups: G 1, G 2, G 3, and G 4  Subscriber S 1 subscribes subscription channel groups, G 1, G 3, and G 4 //

10 10 Huang et al. ’ s scheme (cont.)  Group-Oriented Key Distribution Scheme [Update Phase] For service provider (SP): 1) SP generates a random number R 2) SP derives new by the following procedures:  ak 1 = R ⊕ dk 1, where D is a random number. (A.6)  ak j = ak j-1 ⊕ dk j, 2 < j < m. (A.7) SP broadcasts (R, h(R)) to all subscribers. [Update Phase] For each subscriber (S i ): 1) After receiving (R, h(R)), S i checks h(R) 2) S i derives new by following procedures:  ak i 1 = R ⊕ dk i 1. (A.8)  ak i j = ak i j-1 ⊕ dk i j, 2 < j < m. (A.9)

11 11 Huang et al. ’ s scheme (cont.)  Rating-Oriented Key Distribution Scheme interdiction permission

12 12 Huang et al. ’ s scheme (cont.)  Rating-Oriented Key Distribution Scheme [Initial Phase] For service provider (SP): 1) SP generate = [dk 1,dk 2,…,dk m ], where dk 1 is randomly generated. (B.1) dk j = f(dk j-1 ), where 2 < j < m and m is the lowest rating (B.2)  SP then derives the authorization keys by performing the formula (A.1) and (A.2) [Initial Phase] For subscriber (S i ): 1) SP transmits { } Sk i to subscriber S i, where = [dk k ], for SR i = R K (B.3) 2) S i derives [dk k+1,…,dk m ], where dk j = f(dk j-1 ), k+1 < j < m (B.4) AK ?

13 13 Huang et al. ’ s scheme (cont.)  Rating-Oriented Key Distribution Scheme [Update Phase] For service provider (SP): 1) ak 1 is randomly generated. (B.5) 2) ak j = {dk j-1 } dk j-1, 2 < j < m. (B.6) 3) SP broadcasts the only one message which is the encrypted AK of the lower rating channel, is broadcast to all subscriber S i  SP broadcasts (M, h(M)) to all subscribers [Update Phase] For subscriber (S i ): 1) After receiving message, S i uses his vector to derive the new vector 2) S i derives new = [ak k,ak k+1,…,ak m ], where  ak m = {M} -1 dk m. (B.7)  ak j = {ak j+1 } -1 dk j+1, k < j < m. (B.8)

14 14 Huang et al. ’ s scheme (cont.)  Example of rating-oriented key distribution scheme: Four ratings: R 1, R 2, R 3, and R 4 Subscriber S 1 subscribes channel rating, R 2 [Initial Phase][Update Phase]

15 15 Huang et al. ’ s scheme (cont.)  Key distribution scheme for PPV channel protection Three-level key hierarchy: CW, AK and SK [Join][Leave] protect channel

16 16 Huang et al. ’ s scheme (cont.)  Example of key distribution scheme for PPV channel protection 1. S 1 join 2. S 2,S 3 join 3. S 4 join SP (GP 1 ) SP (GP 1 ) SP (GP 1, GP 2 ) S1S1 S1S1 S2S2 S3S3 S1S1 S2S2 S3S3 S4S4 UG 1 UG 2 {ak current }sk1{ak current }sk2{ak current }sk3 {GP 2 } ak current {GP 1,ak current }sk3 4. S 5,S 6,S 7 join SP (GP 1, GP 2,GP 3 ) S1S1 S2S2 S3S3 S4S4 UG 1 UG 2 {GP 3 } ak current {GP 3,ak current }sk5 S5S5 S6S6 {GP 3,ak current }sk6 UG 3 S7S7 5. S 4 leave SP (GP 1, GP 2,GP 3 ) S1S1 S2S2 S3S3 S4S4 UG 1 UG 2 {S i in UG 2 leaves} {ak new }sk5 S5S5 S6S6 {ak new }sk6 UG 3 S7S7 {GP 1,GP 2,ak current }sk7 {S i in UG 2 leaves} GP 2 GP 1 GP 2,GP 3 GP 1,GP 3 GP 1,GP 2 GP 2,GP 3 GP 1,GP 3 GP 1,GP 2 //{ak new }=H(ak current,GP 2 ) 1.Max # subscribers in a UG: 3 2.GP i : group secret of UG i GP 1

17 17 Sun et al. ’ s scheme  Key management scheme for user revocation [3][4] Notations . Member m 3 (R m i is utilize to update the group key K) . Member m 3 leave the group: Server broadcasts a message {LEAVE, m 3 } then the server and all members but m 3 calculate the new group key K ’ Group key K K I m6 ({R v1, R v3, R v4, R v6, R m1, R m2, R m3, R m4, R m5, R m7, R m8 }) K’K’

18 18 Sun et al. ’ s scheme (cont.)  Key management scheme for user revocation[3][4] Storage problem The required storage for I mi is |I mi | = 2M – logM – 2, where M is members in the system Solution: HL(R v i ) and HR(R v i ) m3:m3: Rv0Rv0 Rv4Rv4 Rv5Rv5 R v 6 = HR(R v 2 ) R v 1 = HL(R v 0 ) m3:m3:

19 19 Sun et al. ’ s scheme (cont.)  Key management scheme for user revocation [3][4] Extension process (n-level tree)  If M is less than 2 n  assign the new member to a vacant leave directly  If M is equals to 2 n  the server should perform an extension process n=2

20 20 Sun et al. ’ s scheme  System overview (PPC) Roles: One service provider and many subscribers Four-level hierarchy: CW, AK, RGK and MPK Notations every channel every group secret key of subscriber

21 21 Sun et al. ’ s scheme (cont.)  Motivation  To distribute AK securely and updated AK when any subscriber leaves  Initial phase: Server  AK i  T ch i (generate a tree T ch i ) Server  RGK j  G j (generate a key tree T G j )  User registration phase: Service provider  assign u k a unique MPK k (secure channel) stored in u k ’ s register card

22 22 Sun et al. ’ s scheme (cont.)  Subscribing phase: when u k subscribes some channels Service provider transmits four secret information:  RGK j   All AKs of CH G j   All I ch i,G j for each ch i CH G j   I G j,u k to u k   RGK updating phase: when u k leave G j Service provider broadcasts the message {LEAVE, u k } All subscribers but u k in G j can obtain the new receiving group key RGK j ’ = RGK j ⊕ R G j,u k E(MPK k ) E(RGK j )

23 23 Sun et al. ’ s scheme (cont.)  AK updating phase: u k is suspended from the system  (Step1) Service provider broadcasts the {LEAVE, G j, u k }  (Step2) Subscribers who subscribe ch i and are not classified into G j calculate the new AK i ’ =AK i ⊕ R ch i,G j  (Step3) Subscribers classified into G j first perform RGK updating phase to obtain new RGK j ’. Since they don’t know R ch i,G j, the service provider broadcasts the AK i ’ encrypted by RGK j ’ to obtain new AK i ’

24 24 Sun et al. ’ s scheme (cont.)  AK updating phase: u k changes subscribed channels and it must be re-classified into an appropriate G l from original G j  The RGK j of G j sould be updated through RGK updating phase  All the channels in CH G j ∪ CH G l can be categorized into following cases: Case1: CH G j – CH G l : The channels in this case are un-subscribed by u k. The AK i of these channels must be updated through AK updating phase Case2: CH G l – CH G j : The channels in this case are impending subscribed by u k. System will perform the subscribing phase to assign u k all the necessary information of each channel Case3: CH G j ∩CH G l : The channels chi in this case are both belong to G j and G l, so G j and G l are two leaves in T ch i

25 25 Sun et al. ’ s scheme (cont.)  The problem of the update of one single secret number causes the update of whole T ch i For every node v n in T ch i  public counter C ch i,n v0v0 T ch i R ch i,v 0 v1v1 v2v2 G5G5 G2G2 G6G6 G4G4 R ch i,v 1 = HL(R ch i,v parent_n,C ch i,n ) R ch i,v 2 = HR(R ch i,v parent_n,C ch i,n ) R ch i,G 5 = HL(R ch i,v 1,C ch i,G 5 ) R ch i,G 4 = HR(R ch i,v 2,C ch i,G 4 ) // If a node v n is on the path from G l to the root and already known by u k  C ch i,n becomes C ch i,n +1 and R ch i,v n is re-calculated with the same method

26  Example of changing subscribed channels RGK 2 update: all users in G 2 but u 3 know R G 2,u 3 ch 3 : SP transmits four kinds of messages to u 3 ch 2 : AK 2 must be updated through the AK updating phase ◙ ◙ ◙ ◙ ◙ ◙ ◙

27  Example of changing subscribed channels ch 5 : ◙ ◙ ◙ ◙ ◙ (counter +1)

28 28 Comparisons The number of transmitted messagesExtra storage SubscriptionUn-subscription Sun2+log(s j )+log(n i )2log(n i ) Huang m  (n i )k  (s j ) n i -1 SThe number of subscribers sjsj The number of subscribers in group j nini The number of groups which contain ch i sn i The number of subscribers subscribing ch i

29 29 Comments  Huang et al. ’ s scheme collusion problem update phase in group-oriented key distribution scheme  encrypted (R, h(R)) How to compute AK for subscriber in initial phase of rating- oriented key distribution scheme leak of DK update phase in both two proposed schemes  Sun et al. ’ s scheme collusion problem barter time for space omit the two hashing functions in space requirement leak of reduction process in the tree

30 30 References  [1] Yu-Lun Huang, Shiuhpying Shieh, Fu-Shen Ho, and Jian-Chyuan Wang, “ Efficient Key Distribution Schemes for Secure Media Delivery in Pay-TV Systems ” IEEE Transactions on Multimedia, 6(5), pp. 760-769, 2004.  [2] Hung-Min Sun, Cheng-Zong Shieh, and Chien-Ming Chen, “ An Efficient and Flexible Key Distribution Scheme for Conditional Access System in Pay-TV Systems ” in 16th Information Security Conference, Taichung, Taiwan, June 2006.  [3] A. Fiat and M. Naor, “ Broadcast Encryption, ” Advances in Cryptology – CRYPTO ’ 93, Lecture Notes in Computer Science 733, Springer, pp. 480- 491, 1994.  [4] D. Naor, M. Naor and J. Lotspiech, “ Revocation and Tracing Schemes for Stateless Receivers, ” In Proc. Crypto 2001, Lecture Notes in Computer Science, pp. 41-62, 2001.

31 31 References (cont.)  Motion Picture Association of America (MPAA) 普遍級 (G ; GENERAL AUDIENCES) : 任何年齡階段的觀眾皆可觀賞。 該電影片不含過份的色情、犯罪、殘暴、恐怖、血腥、暴力與打鬥等鏡頭,列為「普」級電影片。 保護級 (PG ; PARENTAL GUIDANCE SUGGESTED) : 未滿六歲之兒童不得觀賞,六歲以上十二歲未滿之兒童須父母、師長或成年親友陪伴輔導觀賞。 電影片涉及性問題、恐怖情節或混淆道德秩序觀,須父母、師長或成年親友陪同予以輔導,以免對兒童 心理產生不良影響者,列為「護」級。 輔導級 (PG-13 ; PARENTS STRONGLY CAUTONED) : 未滿十三歲之兒童不得觀賞,十三歲以上十八歲未滿之少年需父母或師長注意輔導觀賞。 「輔」級電影片不含有性之問題,犯罪、暴力、打鬥事件,離奇怪異或反映社會。也不涉及畸型現象、 不涉及褻瀆字眼或對白有不良引喻者對於兒童心理有不良影響之虞者。 約束級 (R ; RESTRICTED) : 未滿十七歲之少年需父母或師長約束和陪伴輔導觀賞。 該電影片含有不良成份的意識,如色情、犯罪、暴力、打鬥,涉及褻瀆字眼或對白有不良引喻者對於少 年心理有不良影響,未滿十七歲之少年需要父母、師長或成年親友約束或陪伴輔導觀賞。 限制級 (NC-17 ; NO ONE 17 AND UNDER ADMITTED) : 未滿十八歲之人不得觀賞。 「限」級電影片描述賭技、吸毒、過份的色情、狎妓、搶劫、綁架、竊盜、走私、幫派或其他犯罪行為 情節細密,有誘發擬作用者。 「限」級電影片也包含了恐怖、血腥、殘暴、變態,淫穢等鏡頭。  參考資料 http://www.chinesepyp.com/infohome/link/usafilm.htm

Download ppt "Group Key Distribution Scheme in Digital Pay-TV Systems Adviser: Min-Shiang Hwang Reporter: Chun-Ta Li ( 李俊達 ) Date: 2006/06/13."

Similar presentations

資料蒐集的方法(三):實驗法(實驗設計) (第七章)

資料蒐集的方法(三):實驗法(實驗設計) (第七章)
第 七 章 開放式問句與探究.

第 七 章 開放式問句與探究.
Today’s To-Do  分組 (10 組 ) 主動分組 → 不得不分組 → 終於分到組 請給小老師分組名單 組序 ( 請參閱課程大綱的日期 )  上課 : 兒童如何解讀電視內容 5 (10/18)Seminar-1&2 第 1 、 2 組專題研討 加分 8 (11/08)Seminar-3&4.

Today’s To-Do  分組 (10 組 ) 主動分組 → 不得不分組 → 終於分到組 請給小老師分組名單 組序 ( 請參閱課程大綱的日期 )  上課 : 兒童如何解讀電視內容 5 (10/18)Seminar-1&2 第 1 、 2 組專題研討 加分 8 (11/08)Seminar-3&4.
HSR 課程介紹. 指定用書 Health Services Research Method Leiyu Shi 2008.

HSR 課程介紹. 指定用書 Health Services Research Method Leiyu Shi 2008.
Event Sampling 事件取樣法. 關心重點為「事件」本身明確的焦點 行為 清楚掌握主題 - 當「事件」出現時才開 始記錄 記錄程序 等待目標事件的發生 開始記錄 事件結束,停止記錄.

Event Sampling 事件取樣法. 關心重點為「事件」本身明確的焦點 行為 清楚掌握主題 - 當「事件」出現時才開 始記錄 記錄程序 等待目標事件的發生 開始記錄 事件結束,停止記錄.
Advanced Chemical Engineering Thermodynamics

Advanced Chemical Engineering Thermodynamics
指導教授:應鳴雄 老師 組長: B09610022 鄧光宏 組員: B09610002 莊禮仲 B09610040 陳品諺 B09610048 林于迪 古弗瑞德交友網站系統 中華大學資訊管理學系九十九學年專題報告 1.

指導教授:應鳴雄 老師 組長: B 鄧光宏 組員: B 莊禮仲 B 陳品諺 B 林于迪 古弗瑞德交友網站系統 中華大學資訊管理學系九十九學年專題報告 1.
倫理準則:機密性. Confidentiality By: Angela Lo. 倫理準則:機密性. Confidentiality 醫護人員有更多的機會接觸病患的隱私。 隱私包括兩方面︰一是病患的身體,另一 是有關病患的機密的訊息。 醫護人員有更多的機會接觸病患的隱私。 隱私包括兩方面︰一是病患的身體,另一.

倫理準則:機密性. Confidentiality By: Angela Lo. 倫理準則:機密性. Confidentiality 醫護人員有更多的機會接觸病患的隱私。 隱私包括兩方面︰一是病患的身體,另一 是有關病患的機密的訊息。 醫護人員有更多的機會接觸病患的隱私。 隱私包括兩方面︰一是病患的身體,另一.
進入實習機構(一): 實習過程中之關係建立

進入實習機構(一): 實習過程中之關係建立
第 7 章 Cognitive development: Information processing perspective.

第 7 章 Cognitive development: Information processing perspective.
Last modified 2004/02 An Introduction to SQL (Structured Query Language )

Last modified 2004/02 An Introduction to SQL (Structured Query Language )
青少年情書事件探討. 事件緣由: 事件面向:  情書:青少年的親密發展  沒收情書:青少年的自主  放火燒學校:青少年的問題.

青少年情書事件探討. 事件緣由: 事件面向:  情書:青少年的親密發展  沒收情書:青少年的自主  放火燒學校:青少年的問題.
STAT0_sampling1 10.1 Random Sampling  母體: Finite population & Infinity population  由一大小為 N 的有限母體中抽出一樣本數為 n 的樣 本,若每一樣本被抽出的機率是一樣的,這樣本稱 為隨機樣本 (random sample)

STAT0_sampling Random Sampling  母體: Finite population & Infinity population  由一大小為 N 的有限母體中抽出一樣本數為 n 的樣 本,若每一樣本被抽出的機率是一樣的,這樣本稱 為隨機樣本 (random sample)
基本法的修改 基本法第 八 章 -- 第一五九條 本 法 的 修 改 權 屬 於 全 國 人 民 代 表 大 會 。 提 案 權 屬 於 全 國 人 民 代 表 大 會 常 務 委 員 會 , 國 務 院 和 香 港 特 別 行 政 區 須 經 香 港 特 別 行 政 區 的 全 國 人 民 代 表.

基本法的修改 基本法第 八 章 -- 第一五九條 本 法 的 修 改 權 屬 於 全 國 人 民 代 表 大 會 。 提 案 權 屬 於 全 國 人 民 代 表 大 會 常 務 委 員 會 , 國 務 院 和 香 港 特 別 行 政 區 須 經 香 港 特 別 行 政 區 的 全 國 人 民 代 表.
 Prentice Hall Chapter 111 創造與維持組織的文化.  Prentice Hall Chapter 112 學習目標 定義組織文化 描述組織文化的主要特質 定義強勢文化的品質要素 解釋組織文化的來源.

 Prentice Hall Chapter 111 創造與維持組織的文化.  Prentice Hall Chapter 112 學習目標 定義組織文化 描述組織文化的主要特質 定義強勢文化的品質要素 解釋組織文化的來源.
真理大學航空運輸管理學系 實務實習說明. 實務實習部份 實務實習 校內實習 校外實習 實習時數必須在 300 小時 ( 含 ) 以上才承認 校內實習時數及實習成績。 二個寒假 各一個月 暑假兩個月.

真理大學航空運輸管理學系 實務實習說明. 實務實習部份 實務實習 校內實習 校外實習 實習時數必須在 300 小時 ( 含 ) 以上才承認 校內實習時數及實習成績。 二個寒假 各一個月 暑假兩個月.
請問 : 科技融入教學再你的心目中只是一 個不同於其他教學法的選擇 (optional choice) ? 或是一個必要的需要 (demanding needs)?

請問 : 科技融入教學再你的心目中只是一 個不同於其他教學法的選擇 (optional choice) ? 或是一個必要的需要 (demanding needs)?
17-1. 17-2 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc.,All Rights Reserved. 肆 資料分析與表達.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc.,All Rights Reserved. 肆 資料分析與表達.
第七章 認知發展(二): 訊息處理觀點.

第七章 認知發展(二): 訊息處理觀點.
2009fallStat_samplec.i.1 Chap10 Sampling distribution (review) 樣本必須是隨機樣本 (random sample) ,才能代表母體 Sample mean 是一隨機變數,隨著每一次抽出來的 樣本值不同,它的值也不同,但會有規律性 為了要知道估計的精確性,必需要知道樣本平均數.

2009fallStat_samplec.i.1 Chap10 Sampling distribution (review) 樣本必須是隨機樣本 (random sample) ,才能代表母體 Sample mean 是一隨機變數,隨著每一次抽出來的 樣本值不同,它的值也不同,但會有規律性 為了要知道估計的精確性,必需要知道樣本平均數.

Similar presentations

Ads by Google