1、 ETSI TS 102 825-5 V1.2.1 (2011-02)Technical Specification Digital Video Broadcasting (DVB);Content Protection and Copy Management (DVB-CPCM);Part 5: CPCM Security ToolboxETSI ETSI TS 102 825-5 V1.2.1 (2011-02)2Reference RTS/JTC-DVB-252-5 Keywords broadcast, DVB ETSI 650 Route des Lucioles F-06921 S
2、ophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org
3、 The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI
4、 printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.
5、org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing
6、 restriction extend to reproduction in all media. European Telecommunications Standards Institute 2011. European Broadcasting Union 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3
7、GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by
8、 the GSM Association. ETSI ETSI TS 102 825-5 V1.2.1 (2011-02)3Contents Intellectual Property Rights 4g3Foreword . 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 6g33 Definitions, abbreviations and notation 6g33.1 Definitions 6g33.2 Abbreviations . 6g33.3 Notat
9、ion 6g34 Cryptographic Algorithms 6g34.1 Hash function . 6g34.2 Message Authentication Code 7g34.3 Symmetric cipher . 7g34.4 Revocation Lists Digital Signature . 7g34.5 Local Scrambler Algorithm (LSA) . 7g34.5.1 Control signals and parameters . 8g34.5.1.1 IV for encryption payload preparation and Sh
10、ort Solitary Block Handling 9g34.5.2 CBC Chaining Mode 10g34.5.3 RCBC Chaining Mode 11g34.5.4 Summary of CBC and RCBC scrambling/descrambling process . 13g34.5.5 LSA - Normative Specification 13g34.5.6 MPEG-2 Transport Stream adaptation 15g34.6 Certificate verification 15g34.7 Certificate keys and d
11、igest generation 16g34.8 Revocation List verification . 17g34.9 Secure time management 18g35 Cryptographic Protocols . 18g35.1 Authenticated Key Exchange (AKE) . 18g35.2 Trust Management 20g36 Formats and definitions 21g36.1 Certificate format . 21g36.2 Revocation List hierarchy 22g36.3 Cryptography
12、 Toolbox parameters . 23g3History 26g3ETSI ETSI TS 102 825-5 V1.2.1 (2011-02)4Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI member
13、s and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi
14、.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, esse
15、ntial to the present document. Foreword This Technical Specification (TS) has been produced by Joint Technical Committee (JTC) Broadcast of the European Broadcasting Union (EBU), Comit Europen de Normalisation ELECtrotechnique (CENELEC) and the European Telecommunications Standards Institute (ETSI).
16、 NOTE: The EBU/ETSI JTC Broadcast was established in 1990 to co-ordinate the drafting of standards in the specific field of broadcasting and related fields. Since 1995 the JTC Broadcast became a tripartite body by including in the Memorandum of Understanding also CENELEC, which is responsible for th
17、e standardization of radio and television receivers. The EBU is a professional association of broadcasting organizations whose work includes the co-ordination of its members activities in the technical, legal, programme-making and programme-exchange domains. The EBU has active members in about 60 co
18、untries in the European broadcasting area; its headquarters is in Geneva. European Broadcasting Union CH-1218 GRAND SACONNEX (Geneva) Switzerland Tel: +41 22 717 21 11 Fax: +41 22 717 24 81 The Digital Video Broadcasting Project (DVB) is an industry-led consortium of broadcasters, manufacturers, net
19、work operators, software developers, regulatory bodies, content owners and others committed to designing global standards for the delivery of digital television and data services. DVB fosters market driven solutions that meet the needs and economic circumstances of broadcast industry stakeholders an
20、d consumers. DVB standards cover all aspects of digital television from transmission through interfacing, conditional access and interactivity for digital video, audio and data. The consortium came together in 1993 to provide global standardisation, interoperability and future proof specifications.
21、The present document is part 5 of a multi-part deliverable. Full details of the entire series can be found in part 1 4. Introduction CPCM is a system for Content Protection and Copy Management of commercial digital content delivered to consumer products. CPCM manages content usage from acquisition i
22、nto the CPCM system until final consumption, or export from the CPCM system, in accordance with the particular usage rules of that content. Possible sources for commercial digital content include broadcast (e.g. cable, satellite, and terrestrial), Internet-based services, packaged media, and mobile
23、services, among others. CPCM is intended for use in protecting all types of content - audio, video and associated applications and data. CPCM specifications facilitate interoperability of such content after acquisition into CPCM by networked consumer devices for both home networking and remote acces
24、s. This first phase of the specification addresses CPCM for digital Content encoded and transported by linear transport systems in accordance with TS 101 154 2. A later second phase will address CPCM for Content encoded and transported by systems that are based upon Internet Protocols in accordance
25、with TS 102 005 1. ETSI ETSI TS 102 825-5 V1.2.1 (2011-02)51 Scope The present document specifies the Security Specification for the Digital Video Broadcasting (DVB) Content Protection and Copy Management (CPCM) system. 2 References References are either specific (identified by date of publication a
26、nd/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the exp
27、ected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of
28、the present document. 1 ETSI TS 102 005: Guidelines for the use of compression formats over IPDigital Video Broadcasting (DVB); Specification for the use of Video and Audio Coding in DVB services delivered directly over IP protocols“Digital Video Broadcasting (DVB); Specification for the use of Vide
29、o and Audio Coding in DVB services delivered directly over IP protocols“. 2 ETSI TS 101 154: “Digital Video Broadcasting (DVB); Specification for the use of Video and Audio Coding in Broadcasting Applications based on the MPEG-2 Transport Stream“. 3 FIPS Publication 180-1: “Secure Hash Standard, Nat
30、ional Institute of Standards and Technology, 1994. NOTE: Available at http:/www.itl.nist.gov/fipspubs/fip180-1.htm. 4 ETSI TS 102 825-1: “Digital Video Broadcasting (DVB); Content Protection and Copy Management (DVB-CPCM); Part 1: CPCM Abbreviations, Definitions and Terms“. 5 ETSI TS 102 825-4: “Dig
31、ital Video Broadcasting (DVB); Content Protection and Copy Management (DVB-CPCM); Part 4: CPCM System Specification“. 6 FIPS Publication 198 (2001): “The Keyed-Hash Message Authentication Code (HMAC), National Institute of Standards and Technology“. NOTE: Available at http:/csrc.nist.gov/publication
32、s/fips/fips198/fips-198a.pdf. 7 FIPS Publication 197: Advanced Encryption Standard, National Institute of Standards and Technology, 2001. NOTE: Available at http:/csrc.nist.gov/publications/fips/fips197/fips-197.pdf. 8 FIPS Special Publication 800-38A (2001): “Recommendation for Block Cipher Modes o
33、f Operation“. NOTE: Available at http:/csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf. 9 ISO/IEC 13818-1: “Information technology - Generic coding of moving pictures and associated audio information: Systems“. 10 PKCS #1 (v2.1) (2002): “RSA Cryptography Standard“ RSA Laboratories. NOTE: A
34、vailable at ftp:/ ETSI ETSI TS 102 825-5 V1.2.1 (2011-02)62.2 Informative references The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. Not applicable. 3 Definitions, abbreviations and no
35、tation 3.1 Definitions For the purposes of the present document, the terms and definitions given in TS 102 825-1 4 apply. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in TS 102 825-1 4 apply. 3.3 Notation The present document uses the following notation through
36、out: Table 1: Notation Scope Notation Meaning Hashes H(M) The Hash of message M. H(X,Y) The Hash of the concatenation of messages X and Y, X being first. MAC MACK(M) The MAC of message M using key K. Encryption EK(M) Encryption of message M using key K. Decryption DK(C) Decryption of cipher text C u
37、sing key K. LSA XOR, or Bitwise XOR operation on two blocks of 16 bytes. AND Bitwise AND. Padding The LSA works on blocks of 16 bytes. If an input block contains less than 16 bytes it is padded with zeroes at the high end, i.e. the highest byte(s) of the resulting basic block will be zero, before fu
38、rther usage. A box containing two zeroes on the right side of a partial block indicates this. | Concatenation of two partial blocks to form a full block of 16 bytes, e.g. Cn|00. MSCx The xthMSC data block of 16 bytes, or possibly less for the last block. Px The xthplaintext block of 16 bytes, or pos
39、sibly less for the last block. Cx The xthciphertext block of 16 bytes, or possibly less for the last block. 00aA string of a bytes with value 0. General Values Abs(x) Absolute value of x. Array All Array indices start at 0. Arraya Indexing: the (a + 1)thelement in an array. i = ab This represents a
40、range of numbers from i = a to i = b inclusive, a,b Z. 4 Cryptographic Algorithms 4.1 Hash function CPCM compliant implementations shall use the SHA-1 hash algorithm described in 3. ETSI ETSI TS 102 825-5 V1.2.1 (2011-02)74.2 Message Authentication Code CPCM compliant implementations shall use the H
41、MAC Message Authentication Code generation and verification algorithm described in 6. NOTE: Message Authentication Code are sometimes also named signature when the key is AD Secret or SAC Session key. 4.3 Symmetric cipher CPCM compliant implementations shall use the symmetric cipher algorithm Advanc
42、ed Encryption Standard (AES) with 128-bit key length as described in 7. For SAC protection, cipher is used in Cipher Block Chaining (CBC) mode as described in 8 with a fixed Initialization Vector (IV) value for both Licence Protection and as a Secure Authenticated Channel (SAC) cipher. If message le
43、ngth is not dividable by 16, the last message block shall be padded with sufficient bytes of value 0x00 to get a full block. Upon decryption, padding shall be removed using the message length. For protection of Content Licence with AD Secret, cipher is used in Electronic Code Book (ECB). 4.4 Revocat
44、ion Lists Digital Signature Revocation Lists are signed using RSASSA-PKCS1-V1_5-SIGN described in PKCS #1 v2.1 10. CPCM compliant implementations do not need to implement RSASSA-PKCS1-V1_5-SIGN. Revocation Lists signatures are verified using RSASSA-PKCS1-V1_5-VERIFY described in PKCS #1 v2.1,10. The
45、 public exponent used in the signature process is constant (see clause 6.3). 4.5 Local Scrambler Algorithm (LSA) The LSA described in this clause shall be used to protect Content within compliant CPCM systems. The LSA uses the AES cipher described in 7 as its basic building block, with 128-bit keys,
46、 called Control Words (CWs). The basic unit of scrambling (or descrambling) is called a packet. Each packet is scrambled independently from all others, allowing random access. A packet consists of a part that must not be scrambled, called the Must Stay Clear (MSC) data, (aka MSC Data or MSC Part), a
47、nd a part that must be scrambled, called the payload. The MSC Part consists of 0 or more bytes. The LSA has two so-called MSC modes for handling the MSC data: “MSC Data Dependent“ (MDD): MSC Data contributes to the scrambling of the rest of the packet. A change of the data in the MSC Part (PID, PCR,
48、 etc. contained in the header or Adaptation Field) of the scrambled packet will adversely impact de-scrambling. The MSC Part may contain bits that must be masked, i.e. set to 0, prior to processing of the MSC Part in this mode, for instance an error bit which may be set in transit from a scrambling
49、source to a descrambling sink. Processing of the MSC part in this mode is explained later in this clause. “MSC Data Independent“ (MDI): the MSC Data does not contribute to the scrambling of the rest of the packet. A change of the data in the MSC part (e.g. for re-multiplexing) may be done without descrambling and re-scrambling. A third possibility is to encrypt/decrypt the complete packet, i.e. including the MSC data. This is controlled by the MSC Over
