基于白盒密码的DCAS终端安全芯片方案

A White-Box-Cryptography-Based Scheme for the Secure Chip of DCAS Terminal

在国家广电总局2012年发布的可下载条件接收系统(downloadable conditional access system,DCAS)技术规范中,终端的密码操作都被置于安全芯片内,用安全硬件技术加以保护.然而安全芯片中过多的黑盒内容降低了芯片的通用性,增加了研发成本.因此提出一种基于白盒密码的DCAS安全芯片改进方案,利用芯片外的白盒解密软件模块和芯片内的外部编码,替换原方案中的层级密钥模块,并给出了一种在安全芯片内根据参数生成外部编码的算法,重新设计了DCAS终端的解密和握手验证过程.改进后的方案不但弥补了技术规范中原方案的缺点,还增加了如下优点:解密算法与业务密钥都包含在白盒密码模块内,可以同时通过网络下载更新;握手验证过程不仅对DCAS终端设备进行可用性验证,还能够进行唯一性验证.

In the technical specification of downloadable conditional access system（DCAS）issued by the State Administration of Radio,Film and Television of China（SARFT）in 2012,all cryptographic operations in a terminal are built into a secure chip and protected with hardware-based security technologies.Too much protected black-box contents in the secure chip,however,will lower the universality and flexibility of the chip,and add the cost of research and development.Thus,an improved scheme for the secure chip of DCAS terminal is proposed,which is based on white-box cryptography.The main idea is to replace the key ladder inside the chip by a software-based white-box decryption module outside the chip and an external encoding inside the chip.An algorithm of generating external encoding is put forward,which is executed in the secure chip and based on the protected secret key and the external input parameters.The decryption and authentication processes in the terminal are redesigned.Compared with the original scheme in the DCAS technical specification,the improved scheme not only overcomes the aforementioned deficiencies,but also provides two extra benefits：the decryption algorithm can be renewed while the service key is being downloaded from the network;the new authentication process can verify the legitimacy as well as the uniqueness of a DCAS terminal.