Upload
gretchen-hell
View
225
Download
1
Tags:
Embed Size (px)
Citation preview
www.mobilevce.com
© 2004 Mobile VCE
3G 20042
19th October 2004
Regional Blackouts: Protection of Broadcast Content on 3G Networks
Alexander W. Dent Allan Tomlinson, Information Security Group, Royal Holloway, University of London
www.mobilevce.com
© 2004 Mobile VCE
3G 20043
Introduction
Motivation
Collaboration between broadcast and mobile networks
Potential to deliver broadcast content over 3G networks
Potential issues with content protectionDigital Rights Management (DRM)Ownership of ContentDistribution RightsLicensing
www.mobilevce.com
© 2004 Mobile VCE
3G 20044
Background
Regional Blackouts
Broadcast Content subject to restrictions
GeographicalIn the region around a stadium where a live event
is taking place
TimeDuring the time when a live event takes placeImmediately after the event
www.mobilevce.com
© 2004 Mobile VCE
3G 20045
Background
Current Solutions
Conditional Access systemsScrambled content
Regional codesEmbedded in receivers
Entitlement managementDescrambling authorised according to regional
codesBroadcast time controlled by broadcaster
www.mobilevce.com
© 2004 Mobile VCE
3G 20046
Background
Blackout Region
STB
TelevisionStadium
STB
STB
STB
STBTelevision
Stadium
www.mobilevce.com
© 2004 Mobile VCE
3G 20047
Background
Mobile Receivers
Current solutions assumeRelatively static receiversBroadcaster controls play-out and billing
Mobile receiversNo longer staticContent forwarding
www.mobilevce.com
© 2004 Mobile VCE
3G 20048
Blackout Region
Stadium
ModemSTB
Television
Video Source
Content Provider(s)
DVB-S DVB-T
DVB-C
Broadcaster(s)
Initial Receiver Intermediary Network End Device
End Device
untrusted
Broadcast Network
Background
www.mobilevce.com
© 2004 Mobile VCE
3G 20049
New Problem
Content Provider may trust broadcaster to control distribution to initial receiver
Content Provider cannot trust initial receiver to control further distribution
Further distribution is controlled by the userEnd Device can be any IP enabled deviceEnd Device may be completely controlled by user
Impact on future mobile services
www.mobilevce.com
© 2004 Mobile VCE
3G 200410
Potential Solutions
Trusted Hardware Insist on trusted hardware on End Device Install GPS on end device Expensive
Trusted Network Network provides time and location data End Device must be connected directly to network
Secure Protocols
www.mobilevce.com
© 2004 Mobile VCE
3G 200411
Blackout Region
Stadium
Trusted Network
ModemSTB
Television
Video Source
Content Provider(s)
DVB-S DVB-T
DVB-C
Broadcaster(s)
Initial Receiver Intermediary Network End Device
End Device
Server
untrusted
Broadcast Network
Network Model
www.mobilevce.com
© 2004 Mobile VCE
3G 200412
Assumptions
STB and ED have a secure execution environment and a tamper-proof data storage area
All cryptographic processing on STB and ED is carried out in the secure execution environment
Only applications running in the secure execution environment have access to the tamper-proof data storage areas in the STB and the ED
At least one authenticated key, K, is shared by STB and ED and is stored in the tamper-proof data storage areas
www.mobilevce.com
© 2004 Mobile VCE
3G 200413
Assumptions
At least one of the ED or STB possesses a public verification transform, VCA, for a certification authority CA, stored in its tamper-proof data storage area
At least one of the ED or STB possesses a DRM application stored in its tamper-proof data storage area
At least one of the ED or STB has knowledge of the usage criteria for each service received
www.mobilevce.com
© 2004 Mobile VCE
3G 200414
Protocol 1
Trusted Network
ModemSTBEnd Device
Server
nonce ti
signed(nonce,time,loc) tjdt
EK(service)
www.mobilevce.com
© 2004 Mobile VCE
3G 200415
Protocol 1
Advantages Simple
Disadvantages Heavy computational load on the intermediary
network.
Heavy computational load on the end device (which may have limited computational power)
Trust in DRM application on the end device
www.mobilevce.com
© 2004 Mobile VCE
3G 200416
MACK(nonce)
nonce
tj
dtsigned(MACK(nonce),time,loc)
Protocol 2
Trusted Network
ModemSTBEnd Device
Server
ti nonce
EK(service)
www.mobilevce.com
© 2004 Mobile VCE
3G 200417
Protocol 2
Advantages Simple Low computational load for the end device Good source of nonces from scrambled broadcasts Most DRM performed on STB, less trust in ED
Disadvantages Still heavy computational load on the intermediary
network
www.mobilevce.com
© 2004 Mobile VCE
3G 200418
Conclusions
Protocols deliver secure time and location information from mobile devices to DRM applications.
Computational load on intermediary network.
Potential for Denial of Service attacks
www.mobilevce.com
© 2004 Mobile VCE
3G 200419
Thank you !
For further information please contact:
Dr. Allan TomlinsonE-mail: [email protected]: +44 (1784) 414346WWW: www.mobilevce.com