ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (11): 2465-2474.doi: 10.7544/issn1000-1239.2016.20150546

• 信息安全 • 上一篇    下一篇

基于白盒密码的DCAS终端安全芯片方案

许涛1,2,武传坤1,张卫明3   

  1. 1(信息安全国家重点实验室(中国科学院信息工程研究所) 北京 100093); 2(中国科学院大学 北京 100049); 3(中国科学技术大学信息科学技术学院 合肥 230026) (xutao@iie.ac.cn)
  • 出版日期: 2016-11-01
  • 基金资助: 
    中国科学院战略性先导科技专项(XDA06010701);国家自然科学基金项目(61170234);国家“八六三”高技术研究发展计划基金项目(2013AA014002) This work was supported by the State Priority Research Program of the Chinese Academy of Sciences (XDA06010701), the National Natural Science Foundation of China (61170234), and the National High Technology Research and Development Program of China (863 Program) (2013AA014002).

A White-Box-Cryptography-Based Scheme for the Secure Chip of DCAS Terminal

Xu Tao1,2, Wu Chuankun1, Zhang Weiming3   

  1. 1(State Key Laboratory of Information Security(Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093); 2(University of Chinese Academy of Sciences, Beijing 100049); 3(School of Information Science and Technology, University of Science and Technology of China, Hefei 230026)
  • Online: 2016-11-01

摘要: 在国家广电总局2012年发布的可下载条件接收系统(downloadable conditional access system, DCAS)技术规范中,终端的密码操作都被置于安全芯片内,用安全硬件技术加以保护.然而安全芯片中过多的黑盒内容降低了芯片的通用性,增加了研发成本.因此提出一种基于白盒密码的DCAS安全芯片改进方案,利用芯片外的白盒解密软件模块和芯片内的外部编码,替换原方案中的层级密钥模块,并给出了一种在安全芯片内根据参数生成外部编码的算法,重新设计了DCAS终端的解密和握手验证过程.改进后的方案不但弥补了技术规范中原方案的缺点,还增加了如下优点:解密算法与业务密钥都包含在白盒密码模块内,可以同时通过网络下载更新;握手验证过程不仅对DCAS终端设备进行可用性验证,还能够进行唯一性验证.

关键词: 条件接收系统, 可下载条件接收系统, 安全芯片, 白盒密码, 外部编码

Abstract: In the technical specification of downloadable conditional access system (DCAS) issued by the State Administration of Radio, Film and Television of China (SARFT) in 2012, all cryptographic operations in a terminal are built into a secure chip and protected with hardware-based security technologies. Too much protected black-box contents in the secure chip, however, will lower the universality and flexibility of the chip, and add the cost of research and development. Thus, an improved scheme for the secure chip of DCAS terminal is proposed, which is based on white-box cryptography. The main idea is to replace the key ladder inside the chip by a software-based white-box decryption module outside the chip and an external encoding inside the chip. An algorithm of generating external encoding is put forward, which is executed in the secure chip and based on the protected secret key and the external input parameters. The decryption and authentication processes in the terminal are redesigned. Compared with the original scheme in the DCAS technical specification, the improved scheme not only overcomes the aforementioned deficiencies, but also provides two extra benefits: the decryption algorithm can be renewed while the service key is being downloaded from the network; the new authentication process can verify the legitimacy as well as the uniqueness of a DCAS terminal.

Key words: conditional access system (CAS), downloadable conditional access system (DCAS), secure chip, white-box cryptography, external encoding

中图分类号: