A Signature-like Primitive for Broadcast-encryption-based Systems - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

A Signature-like Primitive for Broadcast-encryption-based Systems

Description:

Download of a movie onto a recordable DVD ... Only authorized servers can make widely playable EST downloads ... at player for pre-recorded versus EST download. ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 11
Provided by: IBMU355
Category:

less

Transcript and Presenter's Notes

Title: A Signature-like Primitive for Broadcast-encryption-based Systems


1
A Signature-like Primitive for Broadcast-encryptio
n-based Systems
  • Jeffrey Lotspiech
  • IBM Almaden Research Center

2
Overview
  • Motivation
  • Broadcast encryption basics
  • The scheme
  • Attacks/defenses
  • Conclusion

3
Motivation Broadcast Encryption
  • A term describing a class of key management
    schemes
  • One-way cryptographic flow
  • Essential for protection of physical media (e.g.,
    DVDs)
  • Over one billion CPRM devices licensed so far
    (e.g., SD cards, DVD RAM/R/RW)
  • Used for AACS (new generation of DVDs)
  • Not based on identity
  • Great for high-privacy applications
  • Not so great for forensics
  • Very friendly to consumer electronic devices

4
Motivation Electronic Sell-through
  • Download of a movie onto a recordable DVD
  • Richer format compared to broadcast recording,
    therefore only for server/client download, not
    recorders
  • Possible attack Garage replicator
  • There would be additional security if there were
    a server blessing
  • E.g., a server-signed token for the individual
    disc
  • Easily accomplished by a public key
    infrastructure
  • But, high overhead calculation

5
How Does Broadcast Encryption Work?
  • Devices organized into overlapping subsets each
    subset associated with a key
  • Each device in many different subsets
  • Each device knows the key for every subset it is
    a member of

Devices
6
Media Key Block
Identify subsets
Encrypt Media Key for each
Media key block
7
EST Binding Table Produced by Server
Binding Table
Type 6 MKB (associated w/Movie)





E
E
E
. . .
k1
k2
k3
kn



Km
E
Media ID
(Associated w/disc)
8
Hierarchy of Binding Tables Possible










Km
Ks
,e
,e


. . .
k1
k2
k3
kn
hash1
hash2
9
Attacks
  • A set of device keys helps very little
  • Binding table is valid for only one entry (e.g.,
    1/1000th of the market, under control of content
    owners)
  • Licensing agency can respond effectively by
    subdividing new MKBs
  • E.g., doubling size of binding table reduces
    attack to 1/1,000,000th of the market
  • Makes Garage Replicator attack uneconomic
  • Other uses of stolen devices keys are more
    effective

10
Conclusions
  • Only authorized servers can make widely playable
    EST downloads
  • By using broadcast encryption instead of public
    key signatures
  • Transactions per second at the server greatly
    increased (for a given server cost)
  • No difference in disc insertion time at player
    for pre-recorded versus EST download.
Write a Comment
User Comments (0)
About PowerShow.com