1、 International Telecommunication Union ITU-T X.1191TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (02/2009) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services IPTV security Functional requirements and architecture for IPTV security aspects Recommendati
2、on ITU-T X.1191 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPEC
3、TS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPL
4、ICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cyberse
5、curity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1191 (02/2009)
6、 i Recommendation ITU-T X.1191 Functional requirements and architecture for IPTV security aspects Summary Recommendation ITU-T X.1191 addresses the functional requirements, architecture, and mechanisms dealing with the security aspects of IPTV content, services, networks, terminal devices, and subsc
7、ribers (end users). Source Recommendation ITU-T X.1191 was approved on 20 February 2009 by ITU-T Study Group 17 (2009-2012) under the WTSA Resolution 1 procedure. Keywords Authentication, authorization, encryption, IPTV, privacy protection, security, security architecture, scrambling, service and co
8、ntent protection. ii Rec. ITU-T X.1191 (02/2009) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a perm
9、anent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establi
10、shes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary stand
11、ards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Reco
12、mmendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents ar
13、e used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Int
14、ellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not rece
15、ived notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ip
16、r/. ITU 2009 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1191 (02/2009) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Terms and definitions . 1 3.1 Terms defined elsewhere 1 3.2 Terms defined i
17、n this Recommendation. 2 4 Abbreviations and acronyms 4 5 Conventions 5 6 Security requirements . 6 6.1 General security requirements 6 6.2 Content security requirements 6 6.3 Service security requirements. 8 6.4 Network security requirements. 10 6.5 Terminal security requirements 11 6.6 Subscriber
18、security requirements . 12 7 Security architecture . 12 7.1 General security architecture 13 7.2 Content protection architecture 14 7.3 Service protection architecture. 17 7.4 Description of functions and functional blocks in IPTV security architectures 19 8 Security mechanisms 21 8.1 Security mecha
19、nisms dealing with content protection . 21 8.2 Security mechanisms dealing with service protection 23 8.3 Security mechanisms dealing with networks protection 23 8.4 Security mechanisms dealing with terminal device protection 23 8.5 Security mechanisms dealing with subscribers or end users 23 Annex
20、A Subscriber security protection . 25 A.1 User data protection 25 A.2 Parental control, protection of legal minors, access control. 26 Appendix I Security threats. 27 I.1 Security threats model 27 Appendix II Interoperability of SCP. 30 II.1 Overview of interoperability of SCP 30 II.2 Interoperable
21、SCP scenarios. 30 II.3 Technical areas of SCP interoperability. 31 II.4 SCP interoperable architectures . 32 II.5 Scenarios of SCP-B or SCP-IX deployed in TD 33 iv Rec. ITU-T X.1191 (02/2009) Page Appendix III Example of IPTV content protection process . 35 Appendix IV DVB content protection and cop
22、y management . 36 IV.1 Introduction 36 IV.2 Definitions 36 IV.3 Abbreviations and acronyms 37 IV.4 CPCM architecture . 38 IV.5 CPCM reference model and functional entities 39 IV.6 CPCM-authorized domain. 39 IV.7 CPCM content usage rules 40 IV.8 Usage state information metadata 40 IV.9 CPCM content 4
23、0 IV.10 CPCM device 40 IV.11 Usage rule and usage state information 40 Appendix V Secure transcodable scheme. 41 V.1 Overview of the secure transcodable scheme. 41 Bibliography. 42 Rec. ITU-T X.1191 (02/2009) v Introduction IPTV services, content delivered through such services, terminal devices use
24、d in processing, and provision of such services require taking into account many security aspects. This Recommendation draws up the requirements, architectural models, functional entities, interfaces, mechanisms, and additional informative background material that describe and address these security
25、 aspects. Rec. ITU-T X.1191 (02/2009) 1 Recommendation ITU-T X.1191 Functional requirements and architecture for IPTV security aspects 1 Scope This Recommendation addresses the functional requirements, architecture, and mechanisms dealing with the security and protection aspects of IPTV content, ser
26、vices, networks, terminal devices, and subscribers. It is anticipated that requirements and relevant functions identified in this Recommendation can be applied appropriately according to the IPTV service and business models which could request different level of security capabilities. 2 References T
27、he following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of th
28、is Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation d
29、oes not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.509 Recommendation ITU-T X.509 (2008) | ISO/IEC 9594-8:2008, Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks. ITU-T Y.1910 Recommendation ITU-T Y.191
30、0 (2008), IPTV functional architecture. 3 Terms and definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 access control b-ITU-T X.800: The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauth
31、orized manner. 3.1.2 application b-ITU-T Y.101: A structured set of capabilities, which provide value-added functionality supported by one or more services. 3.1.3 authentication b-ITU-T X.800: See data origin authentication and peer-entity authentication. 3.1.4 authorization b-ITU-T X.800: The grant
32、ing of rights, which includes the granting of access based on access rights. 3.1.5 availability b-ITU-T X.800: The property of being accessible and useable upon demand by an authorized entity. 3.1.6 confidentiality b-ITU-T X.800: The property that information is not made available or disclosed to un
33、authorized individuals, entities, or processes. 3.1.7 data origin authentication b-ITU-T X.800: The corroboration that the source of data received is as claimed. 3.1.8 denial of service (DoS) b-ITU-T X.800: The prevention of authorized access to resources or the delaying of time-critical operations.
34、 2 Rec. ITU-T X.1191 (02/2009) 3.1.9 digital signature b-ITU-T X.800: Data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient. 3
35、.1.10 elementary stream b-ITU-T H.222.0: A generic term for one of the coded video, coded audio or other coded bit stream in PES packet. NOTE PES means a packetized elementary stream. 3.1.11 functional architecture b-ITU-T Y.2012: A set of functional entities and the reference points between them us
36、ed to describe the structure of an NGN. These functional entities are separated by reference points, and thus, they define the distribution of functions. 3.1.12 functional entity b-ITU-T Y.2012: An entity that comprises an indivisible set of specific functions. Functional entities are logical concep
37、ts, while groupings of functional entities are used to describe practical, physical implementations. 3.1.13 integrity b-ITU-T X.800: The property that data has not been altered or destroyed in an unauthorized manner. 3.1.14 key b-ITU-T X.800: A sequence of symbols that controls the operations of enc
38、ipherment and decipherment. 3.1.15 key management b-ITU-T X.800: The generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy. 3.1.16 masquerade b-ITU-T X.800: The pretence by an entity to be a different entity. 3.1.17 network provider b-ITU
39、-T Q.1290: The organization that maintains and operates the network components required for IPTV functionality. NOTE 1 A network provider can optionally also act as service provider. NOTE 2 Although considered as two separate entities, the service provider and the network provider can optionally be
40、one organizational entity. 3.1.18 peer-entity authentication b-ITU-T X.800: The corroboration that a peer entity in an association is the one claimed. 3.1.19 privacy b-ITU-T X.800: The right of individuals to control or influence what information related to them may be collected and stored and by wh
41、om and to whom that information may be disclosed. 3.1.20 repudiation b-ITU-T X.800: Denial by one of the entities involved in a communication of having participated in all or part of the communication. 3.1.21 security label b-ITU-T X.800: The marking bound to a resource (which may be a data unit) th
42、at names or designates the security attributes of that resource. NOTE The marking and/or binding may be explicit or implicit. 3.1.22 security policy b-ITU-T X.800: The set of criteria for the provision of security services. 3.1.23 service provider b-ITU-T M.1400: A general reference to an operator t
43、hat provides telecommunication services to customers and other users either on a tariff or contract basis. A service provider can optionally operate a network. A service provider can optionally be a customer of another service provider. 3.1.24 threat b-ITU-T X.800: A potential violation of security.
44、 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 acquisition: Process of obtaining content by the end-user. Rec. ITU-T X.1191 (02/2009) 3 3.2.2 content export: Process of exporting securely the IPTV content from the IPTV terminal to another terminal ow
45、ned by the user entitled to use it. 3.2.3 content protection: Ensuring that an end user can only use the content that he/she already acquired in accordance with the rights granted to him/her by the rights holder; content protection involves protecting contents from illegal copying and distribution,
46、interception, tampering, unauthorized use, etc. 3.2.4 content tracing: Process that enables the identification of the (arbitrary) origin of content and/or responsible party (e.g., end user) to facilitate the subsequent investigation in case of unauthorized use of content, e.g., content copying or re
47、distribution. NOTE Content-tracing information may be attached to content as either metadata or forensic watermark. 3.2.5 entitlements: Referring to the authorization level(s) including conditional access information that can be used by a subscriber to access certain IPTV services in his/her IPTV TD
48、. 3.2.6 IPTV terminal device (TD) protection: Ensuring that the TD employed by an end user in the reception of a service can reliably and securely use content, while enforcing the rights of use as granted for such content and in the course of physically and electronically protecting the integrity of
49、 TD and confidentiality of the content and critical security parameters (e.g., saved keys) that are not protected. 3.2.7 linear TV: A broadcast TV service similar to the classic form of television services provided by cable, terrestrial, and direct-to-the-home satellite operators; here, the program content is transmitted according to a defined schedule and intended for real-time consumption by the end user. 3.2.8 metadata for watermarking facilitation: Metadata created to aid subseque
