h a l f b a k e r y
A dish best served not.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
or get an account
When a group of receivers share a common message reception crypto key, such as for broadcast services, if one of the receivers becomes unauthorized, such as for failing to pay a subscription fee, here is a way to securely remove that receiver from the group. Broadcast a new messaging key to the entire
group, including the unauthorized receiver, but break apart the new message reception key into a series of sub-keys, all necessary to make the full key. Then encrypt the series of sub-keys using a series of membership keys.
Each member of the group gets a set of membership keys, but each set is unique. For example, one member of the group might have keys A, B, and C, while another might have B, D, and F. No two members would have identical sets nor subsets, meaning nobody could have A and B and nobody else could have A-B-C, etc.
For a set of membership keys of size n, then there would be at most n-select-half-n members in a group. This is important. It allows each member to be uniquely addressable and therefore subject to missing a necessary sub-key.
Assuming that currently all members of a group are authorized receivers, here is an example for twenty members. There need to be at least 6 total membership keys and each authorized receiver is given exactly 3 of these, yielding 6-select-3 = (6!)/(3!)(3!) or 20 members. Let's say the first member (who has ABC membership keys) fails to pay his bill and is to be cut of from further common message reception. Nineteen members, having all other combinations of 3 membership keys have paid their bill and need the new common message reception key. We take the common message reception key and send it encrypted first on membership key D, then E, and finally on membership key F. Now every member who has D, E or F can get the new common message reception key. Only one member does not have any of these keys, the first one who has ABC. Therefore he is cut off by virtue of the fact he cannot receive the new key on any of the membership keys it is sent under.
Yes, we have to send the new key 3 times to make sure everybody gets it, but we do not have to send it 19 times! Imagine the problem of cutting off 1 subscriber out of 40,000,000 DirecTV subscribers. The number of membership keys needed for satellite TV, like DirecTV is only 28 total, each receiver having only 14 membership keys. Much better to send 14 copies of the new monthly key than to send 39,999,999 copies just to cut of 1 subscriber.
||pipe down - people are trying to steal cable, here!
||Killing a DirecTV sub is already easier than even this fancy scheme. Since a viewer has to have their smartcard in the IRD (integrated receiver/decoder) to view the transmission, one need only transmit one command (repeatedly over a longish period to make sure that the command is received when the IRD is on and card is in): invalidate card number xxxxxx. Pow! The IRD writes to the smartcard, ending the sub. Someone with a valid sub could still use that IRD, and the invalid card is invalid everywhere.
||Sure, managing subs through cards has its risks, but word on the street is that Hughes updates the software on the IRDs remotely via satellite broadcast, so a scheme such as this or others could be put into place at will if smart card interpolation/cracking becomes a credible revenue threat.
||I haven't logged on in quite a while, but belatedly in reply to jplummer's comments I would have to agree that it is easy to disable a particular smartcard. In the backs of several popular magazines and in the newsgroups we can find several offerors of modified smartcards that, first, allow access to any 'program' even if the subscriber is not authorized, and, second, ignore commands from the "wheel" to destroy themselves.
As a result, programming broadcasters have to take what they call 'counter-measures' to trick boxes and trick people, or both.
A cute story is making the rounds wherein a broadcaster told all legitimate boxes to tune to a different channel. Pirate boxes (like those with modified access cards) were told similarly to go somewhere else but they continued to decode a sports broadcast. A "commercial ad" in the broadcast offered free T-shirts to the first 500 callers.
When the owners of pirate boxes called in, the security officers would tell them they had won and ask what name and address to ship the prize to. Clever! Needless to say, tons of boxes were confiscated by the police and lots of people settled out of court, rather than risk prison.
B-sky-B cards are openly advertised in non-UK areas so that "those out of the jurisdiction" can watch. The cards are supposedly never imported back into the UK. Right! Most broadcast systems have $100 to $400 pirate work-arounds. NDS' conditional access system depends on trusted boxes and countermeasures to assure compliance. They all do.
By their own estimate, piracy is only a 10% problem, but when your profit is only 10%, that's like throwing away half your money.
One last rumor: GI's videocipher box was manufactured some years ago. Total production exceeded 3 Million units. The highest number of paying subscribers was only 300 thousand. What were the other 2.7M boxes used for? Anchors?
||This described 'solution' for broadcast encryption, in search of a problem, will probably not be adopted by the likes of Echostar, even though set-top boxes can be re-programmed. Instead, when Internet broadcasts become more widespread, a solution to the acute loss of Sony revenue, will probably prompt someone to propose a scheme along these lines, preferably written by a hacker. Other hackers will publish broken keys and the programs will evolve.