基于RSA的数字电视终端接口内容保护技术的研究-智能与分布计算实验室

基于RSA的数字电视终端接口内容保护技术的研究

姓名	朱茂清
论文答辩日期	2008.06.05
论文提交日期	2008.06.10
论文级别	硕士
中文题名	基于RSA的数字电视终端接口内容保护技术的研究
英文题名	The Research of Content Protection Technology for Digital TV Terminal Interface Based on RSA
导师1	卢正鼎
导师2
中文关键词	数字电视终端接口;内容保护;RSA;设备认证
英文关键词	DTV Terminal Interface;Content Protection;RSA;Device Verfying
中文文摘	在保证内容传输的安全方面，目前大多数运营商采用条件接收(Content Access，CA)或数字版权管理(Digital Rigthts Management，DRM)技术来实现，但是根据国际知识产权联盟(IIPA)2006年的统计数据显示，90%以上的盗版是通过对终端接口解密以后的数据进行拷贝和录制实现的。因此，终端设备的数字接口输出内容保护成为迫切需要解决的问题。针对数字电视终端接口特点，提出了不同于高带宽数字内容保护技术(High-bandwidth Definition Content Protection，HDCP)的内容保护方案。首先，通过对HDCP数字视频终端接口保护方案以及HDCP终端设备接口验证所采用的协议分析，基于当前证书认证系统(Certificate Authority，CA)的认证方式，提出了接口保护中两个主要模块发送器和接收器之间进行实时合法性认证的方案，并实现了认证中所需的设备证书生成、发放、撤销。通过对现有RSA公钥算法分析，研究了安全大素数产生、模幂、模逆运算算法，重点分析了采用RSA加密算法设计系统的安全性、密钥空间和可扩展性即当用户数增加时，新增加的密钥会不会对原有密钥产生影响，同时也分析了加解密运算量大小问题。设计了如何只对组内用户产生一个组密钥(Group Key，GPK)，而单个用户设备只需要利用自己的私钥就能解析出用于加密电视节目数据的密钥的算法。为了进一步增强视频数据的安全性能，设计一个随机数产生器，每隔几秒产生一个的64bit会话密钥(Session Key，SK)，利用SK对视频数据加扰；再利用合法证书公钥信息生成的组密钥GPK对SK加密得到SK’，SK’以安全会话的方式传送给接收器。实验结果表明，该终端接口内容保护方案具有较好的实时性和安全性，认证过程简单高效，能够确保非法设备无法解扰视频，而合法设备可以实时播放视频。
英文文摘	In ensuring the safety of content delivery, at present, the majority of operators use CA or DRM technology to achieve this object. But, according to International Intellectual Property Alliance (IIPA)’s data of 2006, more than 90 percent’s pirated achieve this through copying or recording by the terminal interface. So, the protection of users’ terminal digital-interface is an urgent problem. This subject is mainly directed against terminal interface’s features of DTV and proposes a content protection scheme which is unlike HDCP. Firstly, through analyzing the content protection of HDCP and the used protocols for validation, based on the current CA (Certificate Authority) system, we advances a certificating scheme for two main modules: transmitter and receiver, and realize making, distributing and revocating of certificate. We study the algorithm about the generation of large primes, modular power and mode inverse operation and mainly analyze the security, keys’ space and scalability. The paper also discusses the complexity of encryption and decryption operation. Based on the principle of RSA encryption an decryption algorithm, proposing an algorithm which can parse devices’ certificate belonging to a group simultaneity, and generates GPK(Group Key).But single-user device only need their private key to resolve the key which is embedded into the media data. In order to ensure the security of video data, designing a random number generator which can produce a random data of SK (Session Key) used to scramble the video data. Using GPK to encrypt SK and getting SK’, SK’ is sent to the client through secure session link. The results show that the proposed scheme is real-time and safe. The process of verifying is simple and efficient. The programme ensures that illegal can’t descramble video, but legal devices can broadcast real-time video.