基于TrustZone技术的DCAS终端设计

DCAS Terminal Design based on Trust Zone

传统的条件接收系统(CA)的终端认证依赖硬件,当CA终端需要更换系统或者增加新的服务的时候,就必须更换硬件,这需要巨大的资源消耗。可下载的条件接收系统(DCAS)是一种在开放环境的认证授权体系,CA算法和密钥可以动态下载,使得软硬件分离,DCAS终端可以适配不同的DCAS系统,降低了CA的私有性也解除了相应的潜在风险。DCAS终端为DCAS系统的客户端,它可以在不改变硬件的条件下通过下载CA应用来更新自身的CA系统。ARM TrustZ one技术是ARM架构的安全扩展,本文提出了基于TrustZ one技术的DCAS终端设计,介绍了系统的硬件软件结构,分析了其安全认证机制和安全启动流程,综合给出了一个DCAS终端设计方案。

Terminal authentication of traditional CA （Access System） relies on hardware, and when CA terminal tries to replace a system or add new services, the hardware must be replaced, this would result in requires huge consumption of resources. DCAS （Downloadable Conditional Access System）is a kind of authorization system in open environment, in which CA algorithm and the key could be dynamically download, and the software be from the separated hardware, so that DCAS terminal could be adaptable to differ- ent DCAS system, thus reducing the private property of CA and relieving the potential risks. DCAS terminal, as the client of DCAS sys- tem, it could download the CA application and update the CA system itself without any change of the hardware. ARM TrustZone tech- nology is the security extension of ARM architecture. This paper describes, the design of DCAS terminal based on TrustZone technolo- gy,including, the design of hardware and software structure, discusses, its secure authentication mechanisms and secure boot process, and gives a comprehensive design scheme of DCAS terminal is also given.