Technical Interpretation: Security of Digital Television Conditional Access System

At present, the digital television (DTV) conditional access system (CAS) launched in China basically uses smart cards of "one machine, one card, machine-card pairing" for management at the receiving end. The server side cannot timely understand the situation of the user side. If the smart card of the user side is cracked, the whole system will be useless, causing huge economic losses to the service provider. With the popularization of digital television, the solution to this problem has become more and more urgent.

1 Security Analysis of Current Conditional Access Systems

The current conditional access system uses a three-layer encryption system to scramble the signal so that unauthorized users cannot receive it. Authorized users use the same CW control descrambler at the receiving end to descramble the signal and recover a receivable signal.

Encryption: Because CW must be transmitted to the receiving end through the public network, it must be encrypted for protection. First, the CW is encrypted with the service key (SK) to form the authorization control message (ECM); then, the SK is encrypted with the personal distribution key PDK to form the authorization management message (EMM). During decryption, the upper-layer key is gradually decrypted through the local key in the smart card, and finally the CW is obtained.

The currently popular CAS system seems to be very safe, with three layers of encryption, and some even have more layers of encryption. However, the system is composed of multiple links after all, and hackers can use different attack methods according to the characteristics of different systems.

(1) Attack the CW. The CW is the foundation of the entire system and the core of the conditional access system. If the CW is cracked, all other encryption measures will become meaningless. The CW is generally long and changes frequently. It is very difficult to decipher the CW. Even if a CW is deciphered, it is often out of validity. However, if the entire cycle sequence of the CW is cracked, it will be catastrophic to the entire system.

(2) Attack ECM and EMM. During the system transmission process, the ECM and EMM keys and data are intercepted and cracked, and fake messages and pirated cards are created to achieve the purpose of decryption.

(3) Attacks on user smart cards. User smart cards are distributed to TV viewers as encryption control keys. Hackers can also purchase legitimate user cards, so user smart cards are prone to attacks. Hackers can use standard smart card development and testing tools to try to read internal key data, authorization data, and application programs to create pirated cards or simulated cards. Hackers use advanced technology to test the structure and electrical signals of the hardware in the card, decipher the structure and data of the card, and create pirated cards.

2 Safety precautions

2.1 To prevent CW attacks, use a more secure CW generator

The CW generator is implemented inside the chip: it is mutually prime with a preset linear anti-Ray number requirement, and the feedback polynomial of each LFSR is required to be primitive, so that the pseudo-random sequence generated has a maximum period. The bus is the selector control code generated by the control code generator (a pseudo-random sequence generator), with 8 taps in parallel output, and every two bits correspond to the selection end of a selector. The output of each selector is one of the selected 4 LFSR feedbacks, which serves as the clock of the LFSR connected to it. This is an improved version of the Gollmann cascade, which eliminates the disadvantage of the Gollmann cascade being vulnerable to lock-in attacks through data selection. The XOR of the 4 LSFR outputs (when an odd number of 1s is input, the output is 1), removes the linear influence of the LFSR, and selects one of these XOR outputs through the digital selector as the output of the CW generator serial sequence, which is converted and output as CW through serial conversion. The digital selector filters out the algebraic characteristics of the CW generator to avoid correlation (linear algebra) attacks. The CW generated in this way has a long periodicity, low correlation, and high security.

The selection code generator is a pseudo-random sequence generator, which controls the selection input of the selector through the sequence code it generates. Because user management information needs to be managed by a computer, a sequence code can be generated in the computer as the initial value of the selection code generator and the initial value of the LFSR. The software in the computer is easy to modify, and the initial value can be changed at any time. If a hacker cracks the CW sequence at the time, a new CW sequence will be generated due to the change of the initial value, avoiding a devastating blow to the entire system.

2.2 Strategy for smart card and ECM, EMM attack: adopt a "device-card separation" solution

Whether it is an attack on smart cards or ECM and EMM, the purpose is to create pirated cards and cause losses to service providers. Since the management method of machine-card pairing has such a big security risk, why is this method popular at present? This is because as of now, digital TV has not been popularized in China, and the standard of digital TV conditional reception system has not been determined. This method is simple to manage and has low cost. In addition, for hackers, it may not be worth the cost for them to spend so much money to crack the system, because the current digital TV is just starting out and there are few users. By the time they crack the system, the service provider may have adopted a new system due to the formulation of standards. Therefore, this management system is relatively safe at present.

However, with the popularization of digital television and the formulation of conditional access system standards, the possibility of being attacked will greatly increase if the management method of one machine and one card and machine and card pairing is used. Therefore, this management method is only a transitional product from analog TV conditional access system to digital TV conditional access system. With the vigorous development of the digital TV industry, the mainstream of future conditional access systems will inevitably be the "machine and card separation" method, which will completely solve the disadvantage of one machine and one card being vulnerable to attacks.

The method adopted is to learn from the network card technology in the current international interconnection network. Each user's user ID is different. PDK is a function of user ID and other information. The difference is that it adopts a piracy protection mechanism. Even if hackers use high technology to create identical pirated copies, they can still be discovered through the return binding mechanism. The specific method is as follows: the user ID is encrypted and stored in ROM, the user's viewing times are encrypted and stored in EEPROM (if the circuit has an optional return line), and other decryption, descrambling circuits and algorithms are stored in the main chip at the user end. The IC card is completely different from the currently popular "one machine, one card, machine-card pairing" smart card with a decryption circuit. It only stores the IC card number and IC card password (if there is no return line, there is a balance in it), etc., just like the current telephone IC card. Users can buy the card anywhere, as long as it is a card issued by the service provider that broadcasts this program, and the machine and card are separated.

[page]

After the user buys the IC card, he first notifies the server through the return system or phone call to bind the IC card number and the receiver user ID. Generally speaking, in order to avoid buying counterfeit cards, users buy cards just like recharging mobile phones. After receiving the card, they immediately call the server for authentication and binding. The balance of the user's old card is also transferred to the newly bound card (with a return path). After binding, the server uses the IC card number and the user ID function to generate PDK, and encrypts SK through such PDK. Through IC card binding, counterfeit receiving circuits can also be discovered, because when different IC cards are bound to the same user ID, they will be discovered. The authenticity of the receiving circuit can be immediately identified through user information. In addition, even if the receiving circuit is counterfeited, you still have to buy a receiving card, which cannot achieve the purpose of free reception. Hackers will not spend time making counterfeit circuits.

When receiving, the user must insert the IC card, and the security processor first identifies the authenticity of the IC card. After identification, if it is a system without a return line, the security processor reads the balance of the IC card. If the balance is large, read the card number of the IC card and the user ID in the ROM to decrypt the SK; if the balance is insufficient, notify the user to change the card in time. After changing the card, the TV will encrypt according to the serial number of the new card. The user end can be designed with a memory to save the balance, and the balance of the old card saved in it is added to the new card. For such systems without a return line, the attacks faced by hackers are mainly attacks on the reading of the balance of the IC card. For this type of attack, when reading the balance, it is compared with the last balance. If the card has not been changed and the balance on the card is greater than the balance after the last viewing saved in the memory, the IC is invalid. The circuit and algorithm for reading the balance are in the main chip, and it is generally difficult to crack the main chip. Even so, it cannot be said to be completely safe. The method of using IC cards with a certain period of use reduces the risk of attacks on balance reading.

In a system with a return line, there is no risk of balance reading attacks.

Because the user's balance is stored on the server, the user's IC card only has the card number and password. Every time the user turns on and off the machine, the user ID and the user's IC card number are encrypted (the encryption method is different from the encryption method of the ID stored in the ROM) and then transmitted to the server. The server calculates the receiving fee and the balance on the card according to the user's power on and off. When the balance is insufficient, a message will appear on the user's screen to notify the user to recharge in time. For hacker attacks, the possibility of simultaneously copying the receiving circuit and the receiving IC card is very small. Even if there is a possibility, after a period of time, the balance of the IC card will be used up, and the impact on the entire system is very small. If higher security is required, the number of user receptions can be encrypted and transmitted to the server at the same time. The server can compare it with the last reception number to find out whether it is an illegal user. PDK can use the functions of the last reception number, user ID and IC card number to increase confidentiality.

After the above processing, the security of the entire system mainly depends on the encryption strength of SK and CW, and the length and volatility of the periodic sequence of CW. The periodic length of CW is ensured by the CW generator. A relatively secure implementation method has been introduced above. As for the encryption methods for SK and CW, they are relatively mature at present. Since CW changes relatively quickly, algorithms such as DES and IDEA with higher encryption strength and faster encryption can be selected; SK changes relatively slowly, and methods such as RSA with higher encryption strength and slower encryption can be selected. At present, these encryption algorithms are still relatively safe and can resist hacker attacks when used in conditional access systems.

3 Feasibility Analysis

The management method of separating the machine and the card is more secure than the currently popular management method of "one machine, one card, machine and card pairing", and it is not complicated to implement. In particular, with the development of digital TV, users pursue personalized services, which will inevitably realize the communication between the server and the user, such as realizing program reservation, knowing the TV ratings through feedback, improving service quality, etc. Therefore, the management of the machine and the card through feedback does not increase the cost of users.

For the current single-channel digital TV system, adding a channel will increase the cost a lot. The method of binding user ID and IC card serial number without a return path can be used to replace the current smart card with an internal decryption system. Its cost is not much higher than the smart card management cost, and the loss of the IC card separated from the machine and the card is much smaller than the smart card with an internal decryption system. If the IC card separated from the machine and the card is lost, the user can buy a new card and transfer the balance to the new card, so there is no loss to the user.

4 Conclusion

From the above analysis, we can see that the current popular machine-card pairing management mode has a very big security risk, while the machine-card separation management mode is much safer, and the machine-card separation mode is not very costly to implement, which is convenient for users to pay. With the popularization of digital TV, the machine-card separation management mode will inevitably become the main management mode for digital TV conditional reception.