ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (11): 2465-2474.doi: 10.7544/issn1000-1239.2016.20150546

Previous Articles     Next Articles

A White-Box-Cryptography-Based Scheme for the Secure Chip of DCAS Terminal

Xu Tao1,2, Wu Chuankun1, Zhang Weiming3   

  1. 1(State Key Laboratory of Information Security(Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093); 2(University of Chinese Academy of Sciences, Beijing 100049); 3(School of Information Science and Technology, University of Science and Technology of China, Hefei 230026)
  • Online:2016-11-01

Abstract: In the technical specification of downloadable conditional access system (DCAS) issued by the State Administration of Radio, Film and Television of China (SARFT) in 2012, all cryptographic operations in a terminal are built into a secure chip and protected with hardware-based security technologies. Too much protected black-box contents in the secure chip, however, will lower the universality and flexibility of the chip, and add the cost of research and development. Thus, an improved scheme for the secure chip of DCAS terminal is proposed, which is based on white-box cryptography. The main idea is to replace the key ladder inside the chip by a software-based white-box decryption module outside the chip and an external encoding inside the chip. An algorithm of generating external encoding is put forward, which is executed in the secure chip and based on the protected secret key and the external input parameters. The decryption and authentication processes in the terminal are redesigned. Compared with the original scheme in the DCAS technical specification, the improved scheme not only overcomes the aforementioned deficiencies, but also provides two extra benefits: the decryption algorithm can be renewed while the service key is being downloaded from the network; the new authentication process can verify the legitimacy as well as the uniqueness of a DCAS terminal.

Key words: conditional access system (CAS), downloadable conditional access system (DCAS), secure chip, white-box cryptography, external encoding

CLC Number: