A White-Box-Cryptography-Based Scheme for the Secure Chip of DCAS Terminal
-
摘要: 在国家广电总局2012年发布的可下载条件接收系统(downloadable conditional access system, DCAS)技术规范中,终端的密码操作都被置于安全芯片内,用安全硬件技术加以保护.然而安全芯片中过多的黑盒内容降低了芯片的通用性,增加了研发成本.因此提出一种基于白盒密码的DCAS安全芯片改进方案,利用芯片外的白盒解密软件模块和芯片内的外部编码,替换原方案中的层级密钥模块,并给出了一种在安全芯片内根据参数生成外部编码的算法,重新设计了DCAS终端的解密和握手验证过程.改进后的方案不但弥补了技术规范中原方案的缺点,还增加了如下优点:解密算法与业务密钥都包含在白盒密码模块内,可以同时通过网络下载更新;握手验证过程不仅对DCAS终端设备进行可用性验证,还能够进行唯一性验证.Abstract: In the technical specification of downloadable conditional access system (DCAS) issued by the State Administration of Radio, Film and Television of China (SARFT) in 2012, all cryptographic operations in a terminal are built into a secure chip and protected with hardware-based security technologies. Too much protected black-box contents in the secure chip, however, will lower the universality and flexibility of the chip, and add the cost of research and development. Thus, an improved scheme for the secure chip of DCAS terminal is proposed, which is based on white-box cryptography. The main idea is to replace the key ladder inside the chip by a software-based white-box decryption module outside the chip and an external encoding inside the chip. An algorithm of generating external encoding is put forward, which is executed in the secure chip and based on the protected secret key and the external input parameters. The decryption and authentication processes in the terminal are redesigned. Compared with the original scheme in the DCAS technical specification, the improved scheme not only overcomes the aforementioned deficiencies, but also provides two extra benefits: the decryption algorithm can be renewed while the service key is being downloaded from the network; the new authentication process can verify the legitimacy as well as the uniqueness of a DCAS terminal.
-
-
期刊类型引用(10)
1. 杨秀璋,彭国军,刘思德,田杨,李晨光,傅建明. 面向APT攻击的溯源和推理研究综述. 软件学报. 2025(01): 203-252 . 百度学术
2. 申国霞,常鑫. 基于可信密码模块的网络信道潜在攻击挖掘. 信息技术. 2023(10): 152-156+162 . 百度学术
3. 谢峥,路广平,付安民. 一种可扩展的实时多步攻击场景重构方法. 信息安全研究. 2023(12): 1173-1179 . 百度学术
4. 黄维贵,孙怡峰,欧旺,王玉宾. 基于不确定攻击图的违规外联风险分析. 信息工程大学学报. 2022(05): 570-577 . 百度学术
5. 王文娟,杜学绘,单棣斌. 基于动态概率攻击图的云环境攻击场景构建方法. 通信学报. 2021(01): 1-17 . 百度学术
6. 潘亚峰,朱俊虎,周天阳. APT攻击场景重构方法综述. 信息工程大学学报. 2021(01): 55-60+80 . 百度学术
7. 罗智勇,杨旭,刘嘉辉,许瑞. 基于贝叶斯攻击图的网络入侵意图分析模型. 通信学报. 2020(09): 160-169 . 百度学术
8. 王硕,王建华,汤光明,裴庆祺,张玉臣,刘小虎. 一种智能高效的最优渗透路径生成方法. 计算机研究与发展. 2019(05): 929-941 . 本站查看
9. 吴东,郭春,申国伟. 一种基于多因素的告警关联方法. 计算机与现代化. 2019(06): 30-37 . 百度学术
10. 韩宜轩,秦元庆. 基于因果关联的电力工控系统攻击场景还原. 信息技术. 2019(08): 41-44+48 . 百度学术
其他类型引用(12)
计量
- 文章访问数: 1192
- HTML全文浏览量: 5
- PDF下载量: 417
- 被引次数: 22