Digital TV is an end-to-end system that collects programs, programs, and programs until the client processes the signals digitally. Broadcast and "interactive" digital television based on DVB technology standards. Using advanced user management technology can make the quality and quantity of program content perfect and bring more program selection and better program quality effect to users. Compared with analog TV, digital TV has high image quality and large program capacity. (It is more than 10 times of the program capacity of the analog TV transmission channel) and the sound effect is good.

This article refers to the address: http://

At present, the domestic digital TV (DTV) conditional access system (CAS) is basically managed by a smart card with "one machine, one card, and machine card pairing" on the receiving end. The server side cannot know the user's situation in time, if the user side The smart card is cracked, and the whole system is ineffective, causing huge economic losses for service providers.

1 Security analysis of current conditional access systems

The disturbance is performed so that the unauthorized user cannot receive the signal; and the authorized user descrambles the signal through the same CW control descrambler at the receiving end to recover the signal that can be received.

Encryption: Because the CW must be transmitted to the receiving end over the public network, it must be cryptographically protected. Encryption control information (ECM) is first formed by encrypting the CW by a service key (SK); then, the SK is encrypted by the personal distribution key PDK to form authorization management information (EMM). When decrypting, the upper layer key is gradually solved by the local key in the smart card, and finally the CW is obtained.

(1) Attack on CW. CW is the foundation of the entire system and the core of the conditional access system. If CW is cracked, all other encryption measures will lose their meaning. CW is generally long, and the frequency of change is relatively fast. It is very difficult to decipher CW. Even if a CW is deciphered, it is often valid.

(2) Attack on ECM, EMM. During the system transmission process, the ECM, EMM key and data are intercepted, and counterfeit messages and pirated cards are created to achieve the purpose of deciphering.

(3) Attack the user's smart card. The user smart card is distributed to the TV viewer as an encryption control key, and the hacker can also purchase a legitimate user card, so the user smart card is subject to a lot of attacks. Hackers can use standard smart card development test tools to test internal key data, authorization data and applications, and make pirated cards or emulation cards. Hackers use advanced technology to test the structure and electrical signals of the hardware inside the card, and decipher the card. Structure and data, making pirated cards.

2 Safety precautions

2.1 For CW attacks, use a more secure CW generator

CW is the abbreviation of Continue Wave. It does not refer to the signal continuously transmitted but refers to the fixed frequency and the fixed vibration. It is different from the frequency of FM and the vibration of AM changes with time. Since there is no modulation, the signal can only be transmitted by the presence or absence of the signal. Of course, it is encoded in the globally known way of using Morse Code, which is a communication method that accommodates the most group of signals in a finite bandwidth.

The CW generator is implemented inside the chip: it is mutually primed with a preset linear anti-throttle number requirement, and the feedback polynomial requirement of each LFSR is primitive, so that the generated pseudo-random sequence has the largest period. The bus is a selector control code generated by the control code generator. There are 8 taps in parallel output, and each two bits correspond to the selector of one selector. The output of each selector is one of the four selected LFSR feedbacks as the LFSR clock connected to it. The XOR of the four LSFR outputs, in addition to the linear effect of the LFSR, one of these XOR outputs is selected by the digital selector as the output of the CW generator serial sequence, which is serially converted and output as CW.

The selection code generator is a pseudo-random generation sequence through which the sequence code generated is used to control the selection input of the selector. Since the user management information requires computer management, the serial code can be generated in the computer as the initial value of the selection code generator and the initial value of the LFSR. The software in the computer is easy to modify, and the initial value can be changed at any time. If the hacker cracks the CW sequence at that time, a new CW sequence is generated due to the change of the initial value.

2.2 For smart cards and ECM, the EMM attack strategy uses a “machine card separation” scheme.

Whether it is for smart cards or for ECM, EMM attacks, the purpose is to create pirated cards. Since the management method of machine card pairing has such a large security risk, domestic digital TV has not been popularized, and the standard of digital TV conditional access system has not been determined. This kind of management is simple. For hackers, they may not be able to pay for the cost of cracking because the digital TV is just getting started and there are fewer users.

With the popularity of digital TV and conditional access system standards, and the use of one machine, one card, and machine card pairing management, the possibility of attack is greatly increased. Therefore, this management method is only a transition product from an analog TV conditional access system to a digital television conditional access system. With the vigorous development of the digital TV industry, the mainstream of the conditional access system in the future must be the "machine card separation" method, completely solving the shortcomings of one machine and one card vulnerable.

The user ID of each user is different. The PDK is a function of the user ID and other information. The difference is that it uses the piracy protection mechanism. The specific method is as follows: the user ID is encrypted and stored in the ROM, and the user views are encrypted. Stored in the EEPROM, other decryption, descrambling circuits and algorithms are stored in the main chip of the client. The IC card is completely different from the currently popular "one machine, one card, machine card pairing" smart card with a decryption circuit. In it, only the IC card number and the IC card password are saved.

After the user buys the IC card, first notify the server through the backhaul system or the phone, and bind the IC card number and the receiver user ID. In general, in order to avoid buying fake cards, users buy cards as if they were recharged. Once they get the card, they immediately call and authenticate and bind through the server. The balance of the user's old card is also transferred to the newly bound card. After binding, the server uses the function of the IC card number and the user ID to generate the PDK. The PDK encrypts the SK, and the IC card is bound, and the forged receiving circuit can also be found.

The user must insert an IC card when receiving, and the security processor first recognizes the authenticity of the IC card. After the identification, if there is no system for returning the line, the security processor reads the balance of the IC card. If the balance is large, the card number of the IC card and the user ID in the ROM are decrypted. After the card is changed, the TV is encrypted according to the new card serial number. The client can design a memory to save the balance, and add the old card balance saved in the new card. When the balance is read, it is compared with the last balance. If there is no card exchange and the balance on the card is greater than the balance after the last viewing saved in the memory, the IC is invalid.

In a system with a return line, there is no attack on the read balance. Because the user's balance is saved on the server, the user's IC card only has the card number and password. Each time the user turns on the machine and turns off the machine, the user ID and the user IC card number are encrypted and transmitted to the server. The server calculates the receiving fee and the balance on the card according to the user's on/off status. When the balance is insufficient, the user will be notified on the screen of the user to recharge in time. For higher security, the number of user receptions can be encrypted and transmitted to the server. The server compares with the number of previous receptions. The PDK can use the functions of the last reception number, user ID and IC card number to increase confidentiality.

After the above processing, the security of the whole system mainly depends on the encryption strength of SK and CW, and the periodic sequence length and variability of CW. The cycle length of the CW is guaranteed by the CW generator, and the encryption methods for SK and CW are now mature. Because CW changes faster, you can choose DES, IDEA and other algorithms with higher encryption strength and faster encryption. SK changes slowly. You can choose RSA with higher encryption strength and slower encryption. These encryption algorithms are still safer. .

3 Feasibility analysis

Separation of the card means that the card of the digital TV is separated, and the set-top box is no longer needed to integrate the digital receiving, decoding and display.

The security of the management method of the card separation is higher than that of the popular "one machine, one card, and machine card pairing" management method, and the implementation is not complicated. In particular, with the development of digital TV, users pursuing personalized services will inevitably realize the communication between the server and the user, and the management of the user through the return-based machine card does not increase the cost.

For the current single-channel digital TV system, adding a channel will increase the cost. The user ID without the return path and the IC card serial number binding can be used instead of the current smart card with the decryption system inside, which costs more than the smart card. The cost of management has not increased a lot, and the IC card that is separated by the card is damaged or lost much less than the internal smart card with the decryption system. The IC card with the card separation is lost. The user can buy a new card and transfer the balance to the new one. The card does not use any loss to the user.

4 Conclusion

Nowadays, the popular card matching management mode has a great security risk, and the security of the separation of the machine card is much higher, and the implementation cost of the card separation method is not very high, which is convenient for users to pay. Such cheap, convenient and reliable products have been loved by users, and the extensiveization of digital TV has also been well reflected, reflecting the development of science and technology and the progress of society.


LED Downlights Driver,Private mould Round IP20 plastic housing series round types,look perfect with the round downlights,CE/ROHS/SAA/ETL/TUV/EMC,Input voltage can be both 110V and 220V,Wattage can be 1-80W, DALI/TRIAC/0-10V/PUSH/WIRELESS dimmable and non dimmable, flicker free,noise free,load free, Perfect dimming curve, PF>0.95,constant current 350mA 700mA 900mA 1200mA,constant voltage 12V 24V 36V, parameters can be customization,OEM/ODM is supported,Same appearances but different sizes, forming a perfect product line,Use for led panel light,led strip light and other indoor led lights

LED Downlights Driver

LED Downlights Driver,High Brightness LED Downlights Driver,12W LED Downlights Driver,LED Downlight Integral Driver

HAURUI LIGHTING CO.,LTD , http://www.huaruileddriver.com