ETSI GS ECI 001-5-2 V1.1.1 (2017-07)

ETSI GS ECI 001-5-2 V1.1.1 (2017-07)






GROUP SPECIFICATION
Embedded Common Interface (ECI)
for exchangeable CA/DRM solutions;
Part 5: The Advanced Security System;
Sub-part 2: Key Ladder Block
Disclaimer
The present document has been produced and approved by the Embedded Common Interface (ECI) for exchangeable CA/DRM
solutions ETSI Industry Specification Group (ISG) and represents the views of those members who participated in this ISG.
It does not necessarily represent the views of the entire ETSI membership.

---------------------- Page: 1 ----------------------
2 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)



Reference
DGS/ECI-001-5-2
Keywords
CA, DRM, swapping

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2017.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
Contents
Intellectual Property Rights . 6
Foreword . 6
Modal verbs terminology . 6
Introduction . 7
1 Scope . 8
2 References . 8
2.1 Normative references . 8
2.2 Informative references . 8
3 Definitions and abbreviations . 9
3.1 Definitions . 9
3.2 Abbreviations . 10
4 Chipset-ID and chipset master key pair. 11
5 Key ladder . 12
5.1 Overview . 12
5.2 Key ladder computations . 13
5.3 Usage Rules Information . 14
5.3.1 CW-URI . 14
5.3.2 SPK-URI . 15
5.4 Additional key layers . 16
5.4.1 Overview . 16
5.4.2 Key ladder computations . 16
5.5 Associated Data 2 . 17
6 Authentication mechanism . 18
6.1 Overview . 18
6.2 Authentication mechanism computations . 19
7 Data conversion primitives . 20
7.1 BS2OSP . 20
7.2 OS2BSP . 20
7.3 I2BSP . 20
8 Cryptographic operations . 20
8.1 Symmetric encryption scheme . 20
8.2 Public-key encryption scheme . 21
8.3 Digital signature scheme . 21
8.4 Function h . 22
8.5 Message authentication code algorithm . 22
History . 23

ETSI

---------------------- Page: 3 ----------------------
4 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
List of Figures
Figure 5.1-1: Key ladder .12
Figure 5.4.1-1: Additional key layers .16
Figure 5.5-1: Associated Data 2 .17
Figure 6.1-1: Authentication mechanism .18


ETSI

---------------------- Page: 4 ----------------------
5 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
List of Tables
Table 5.3.1-1: Definition of CW-URI .15
Table 5.3.2-1: Definition of SPK-URI .16


ETSI

---------------------- Page: 5 ----------------------
6 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) Embedded Common
Interface (ECI) for exchangeable CA/DRM solutions.
The present document is part 5, sub-part 2 of a multi-part deliverable covering the ECI specific functionalities of an
advanced security system, as identified below:
Part 1: "Architecture, Definitions and Overview";
Part 2: "Use cases and requirements";
Part 3: "CA/DRM Container, Loader, Interfaces, Revocation";
Part 4: "The Virtual Machine";
Part 5: "The Advanced Security System:
Sub-part 1: "ECI specific functionalities";
Sub-part 2: "Key Ladder Block".
Part 6: "Trust Environment".
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI

---------------------- Page: 6 ----------------------
7 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
Introduction
A content provider encrypts their digital content and uses a content protection system in order to protect the content
against unauthorized access. A consumer uses a content receiver to access protected content. To this end, the content
receiver contains a chipset that implements one or more content decryption operations. A cryptographic key
establishment protocol is used to secure the transport of content decryption keys from the content protection system to
the chipset. The steps of the protocol that are implemented within the chipset are referred to as a key ladder in the
present document. The present document specifies a key ladder for the key establishment protocol presented in [i.1].
The key ladder and the protocol may also be used to secure the transport of content encryption keys to the chipset. Such
keys are required for use cases in which the chipset re-encrypts content. The chipset may implement one or more
content encryption operations for this purpose. Personal video recording and exporting protected content to a different
content protection system are typical examples of content re-encryption use cases. Content decryption keys and
content encryption keys are both referred to as control words throughout the present document.
The present document also specifies an authentication mechanism. This mechanism is closely related to the key ladder
and may be used for entity authentication; in other words, this mechanism may be used to authenticate the chipset.
The key ladder and authentication mechanism specified in the present document are agnostic to both the content
protection system and the content provider. This enables a content provider to use any compliant content
protection system, and it enables a consumer to use the content receiver for accessing content of any content
provider that uses a compliant content protection system.
A certification authority manages a public-key certificate of each chipset in the mechanisms specified in the present
document. In particular, the certification authority distributes such certificates and certificate revocation information
to content providers that want to make use of the key ladder and/or the authentication mechanism. Next, the content
providers use the certificates and certificate revocation information as input to their compliant content protection
system; as detailed later, the knowledge of the public key in the certificate of a chipset enables the content protection
system to generate suitable input messages for the chipset's key ladder and authentication mechanism.

ETSI

---------------------- Page: 7 ----------------------
8 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
1 Scope
The present document specifies a key ladder block for implementation in a content receiver's chipset. The key ladder
block comprises a key ladder for securing the transport of control words to the chipset and an authentication
mechanism. The present document also specifies aspects of the personalization of a compliant chipset.
The present document is intended for use by chipset manufacturers.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
TM
[1] IEEE Standards Association : "Guidelines for Use Organizationally Unique Identifier (OUI) and
Company ID (CID)".
NOTE: Available at https://standards.ieee.org/develop/regauth/tut/eui.pdf.
[2] RSA Laboratories: "PKCS #1 v2.2: RSA Cryptography Standard".
[3] NIST FIPS PUB 197: "Specification for the Advanced Encryption Standard (AES)".
[4] NIST FIPS PUB 180-4: "Secure Hash Standard (SHS)".
[5] NIST SP 800-107 Revision 1: "Recommendation for Applications Using Approved Hash
Algorithms".
[6] ISO/IEC 9797-1:2011: "Information technology -- Security techniques -- Message Authentication
Codes (MACs) -- Part 1: Mechanisms using a block cipher".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] P. Roelse: "A new key establishment protocol and its application in pay-TV systems".
[i.2] ETSI TS 100 289: "Digital Video Broadcasting (DVB); Support for use of the DVB Scrambling
Algorithm version 3 within digital broadcasting systems".
[i.3] ETSI TS 103 127: "Digital Video Broadcasting (DVB); Content Scrambling Algorithms for
DVB-IPTV Services using MPEG2 Transport Streams".
ETSI

---------------------- Page: 8 ----------------------
9 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
[i.4] ATSC Standard A/70 Part 1:2010: "Conditional Access System for Terrestrial Broadcast".
[i.5] ISO/IEC 23001-7:2016: "Information technology -- MPEG systems technologies --
Part 7: Common encryption in ISO base media file format files".
[i.6] Radio, Film and Television Industrial Standard of the People's Republic of China GY/T 277 -
2014: "Technical Specification of Digital Rights Management for Internet Television".
NOTE: This reference is only available in Chinese.
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
certification authority: party that is responsible for managing public-key certificates
NOTE: A certification authority is trusted by all other parties in the system to perform operations associated
with certificates.
chipset-ID: non-secret number that is used to identify a chipset
content protection system: system that uses cryptographic techniques to manage access to digital content
NOTE: Typically, a content protection system is either a conditional access system or a digital rights
management system.
content provider: party that distributes digital content to a content receiver
content receiver: device that is used to access digital content
NOTE: A content receiver contains a chipset with a content descrambler.
content descrambler: component in the chipset that is capable of decrypting content
NOTE: A content descrambler may also be capable of encrypting content (for the purpose of content
re-encryption). In the present document, content encryption/decryption uses a symmetric encryption
scheme. For MPEG-2 content, content encryption and decryption are also referred to as scrambling and
descrambling, respectively.
control word: secret key used to encrypt and decrypt content
NOTE: In digital rights management systems, a control word is typically referred to as a content key.
cryptographic hash function: unkeyed cryptographic function that takes data of arbitrary size, referred to as the
message, as input and produces an output data block of fixed size, referred to as the message digest
NOTE: Assumed properties of the cryptographic hash function in the present document are:
1) the cryptographic hash function behaves as a random function; and
2) the cryptographic hash function is second preimage resistant.
digital signature scheme: keyed asymmetric cryptographic scheme that is used to protect the authenticity of data
NOTE: A digital signature scheme consists of a key generation algorithm, a signature generation operation and
a signature verification operation. Keys are generated as (secret/private key, public key) pairs. The data is
signed using a secret/private key and the corresponding public key is used to verify the signature. The
digital signature scheme specified in the present document is used to protect the authenticity of
messages as defined in [i.1]; in particular, the scheme is not used to provide non-repudiation or source
authentication in the present document.
ETSI

---------------------- Page: 9 ----------------------
10 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
message authentication code algorithm: keyed symmetric cryptographic algorithm that is used to protect the
authenticity of data
NOTE: A message authentication code algorithm takes a message and a secret key as inputs, and produces an
output data block referred to as the MAC. The message authentication code algorithm as specified in
the present document is used to cryptographically bind a ciphertext message to its associated data; in
particular, the algorithm is not used to provide source authentication in the present document.
public-key encryption scheme: keyed asymmetric cryptographic scheme that is used to protect the confidentiality of
data
NOTE: A public-key encryption scheme consists of a key generation algorithm, an encryption operation and a
decryption operation. Keys are generated as (public key, secret/private key) pairs. Data is encrypted using
a public key and the data is recovered from the ciphertext using the corresponding secret/private key.
symmetric encryption scheme: keyed symmetric cryptographic scheme that is used to protect the confidentiality of
data
NOTE: A symmetric encryption scheme consists of a key generation algorithm, an encryption operation and a
decryption operation. The encryption and decryption operations of a symmetric encryption scheme use
the same secret key as input.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AES Advanced Encryption Standard
AD1 Associated Data 1
AD2 Associated Data 2
AK Authentication Key
ATSC Advanced Television Systems Committee
CA/DRM Conditional Access/Digital Rights Management
CID Company IDentifier
CISSA Common IPTV Software-oriented Scrambling Algorithm
CPU Central Processing Unit
CSA Common Scrambling Algorithm
CPK Chipset Public Key
CSK Chipset Secret/private Key
CW Control Word
DVB Digital Video Broadcasting
ECB Electronic Code Book
ID IDentity
Len Length
LK Link Key
MAC Message Authentication Code
MK MAC Key
MPEG Moving Pictures Expert Group
OUI Organizationally Unique Identifier
RSA Rivest Shamir Adleman
SHA Secure Hash Algorithm
SIM Signed Input Message
SPK Sender Public Key
SSK Sender Secret/private Key
T Tag
URI Usage Rules Information
ETSI

---------------------- Page: 10 ----------------------
11 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
4 Chipset-ID and chipset master key pair
This clause specifies aspects of the personalization of a compliant chipset. Each compliant chipset is associated with a
bit string that is used to identify the chipset, referred to as chipset-ID, and a chipset master key pair.
A globally unique 64-bit chipset-ID shall be allocated to every compliant chipset. If the bits of chipset-ID are
th
numbered 0 to 63 from left to right and if the i bit (0 ≤ i ≤ 63) is denoted by b , then (b , b , b , b ) shall contain a
i 0 1 2 3
registration authority identifier. Each value of the registration authority identifier shall be associated with at most one
registration authority. The chipset-ID shall also contain a chipset manufacturer identifier. The value of the registration
authority identifier and the chipset manufacturer identifier of a compliant chipset's chipset-ID shall uniquely identify
the chipset manufacturer that produced the chipset. In addition, the registration authority identified by the value of (b ,
0
b , b , b ) shall administer the assignment of chipset manufacturer identifiers that can be used in combination with this
1 2 3
value.
If (b , b , b , b ) = (0, 0, 0, 0), then the IEEE Registration Authority (https://standards.ieee.org/develop/regauth/) shall
0 1 2 3
be the registration authority and the 24-bit OUI (http://standards.ieee.org/develop/regauth/oui/) or the 24-bit CID
(http://standards.ieee.org/develop/regauth/cid/) shall be used to identify chipset manufacturers. In addition, if (b0, b1, b2,
b ) = (0, 0, 0, 0), then (b , b , …, b ) shall contain the OUI/CID, b being the most significant bit of Octet 0 of the
3 4 5 27 4
OUI/CID (see also [1]) and b being the least significant bit of Octet 2 of the OUI/CID.
27
All other values of the registration authority identifier are reserved for future use.
The chipset master key pair is associated with a public-key encryption scheme, and consists of a chipset secret/private
key CSK and a chipset public key CPK. As detailed later in clauses 5 and 6, (CSK, CPK) is the master key pair of both
the key ladder and the authentication mechanism. The public-key encryption scheme and the representations of CSK
and CPK are specified in clause 8.2.
A compliant chipset should generate its own key pair (CSK, CPK) to prevent that the value of CSK is known to any
party in the system. In this case only chipset-ID needs to be distributed to the chipset during its personalization, and the
authenticity of chipset-ID shall be protected during this distribution. If the chipset does not generate its own key pair,
then the authenticity of the triple (chipset-ID, CSK, CPK) and the confidentiality of CSK shall be protected during the
distribution of (chipset-ID, CSK, CPK) to the chipset.
The random number used as input to the (CSK, CPK) key pair generation algorithm shall have at least 128 bits of
entropy.
A compliant chipset shall permanently store its triple (chipset-ID, CSK, CPK), and a compliant chipset shall implement
measures to protect the confidentiality of the stored CSK and the integrity of the stored chipset-ID, CSK and CPK.
The CPU of the content receiver shall have read access to the stored chipset-ID and the stored chipset public key CPK.
This enables a certification authority to use the exported information as input to create a public-key certificate for the
chipset. In addition, the exported chipset-ID enables a content provider to identify the chipset and its certificate.
A certification authority shall maintain the pair (chipset-ID, CPK) for every chipset it manages. The present
document does not exclude the presence of more than one certification authority in the system. The authenticity of the
pair (chipset-ID, CPK) shall be protected during its distribution to the associated certification authority or authorities.
ETSI

---------------------- Page: 11 ----------------------
12 ETSI GS ECI 001-5-2 V1.1.1 (2017-07)
5 Key ladder
5.1 Overview
Key ladder block
CW-URI
CW-URI
τ
b
AD1
SPK-URI
SPK
1
SPK
2
r
o
s
s
e
c
CW
h
SPK
o
m
r
P
SPK
2
CSK
(chipset-ID || E(CPK, LK) ||
S(SSK , chipset-ID || E(CPK, LK))) E(CPK, LK)
2
V D
LK
chipset- ID
chipset-ID
e(LK, r) r
d

Figure 5.1-1: Key ladder
This clause presents the functional design of the key ladder. The block in the chipset that implements the key ladder is
referred to as the key ladder block throughout the present document. The key ladder is depicted in Figure 5.1-1. As
specified in clause 4 and as shown in the figure, the chipset is personalized with a chipset-ID and with a chipset
secret/private key CSK.
One of the outputs of the key ladder block is a control word denoted by CW. CW is used for either content decryption
or content encryption. A second output of the key ladder block is a bit string denoted by CW-URI. CW-URI defines
usage rules information for CW (refer to clause 5.3.1 for the specification of CW-URI and the associated usage rule).
CW and CW-URI are inputs to the content descrambler (the content descrambler is not depicted in Figure 5.1-1).
• The key ladder block and the content descrambler shall be implemented in a single silicon chip.
• If the content descrambler offers an interface to a processor in the content receiver that allows the processor
to pass plaintext control words to the content descrambler (i.e. by-passing the key ladder block), then it shall
be possible to permanently disable this functionality.
• If the key ladder computes a CW, then only the key ladder block and the content descrambler shall have
access to this CW.
• The authenticity of the pair (CW, CW-URI) and the confidentiality of CW shall be protected during their
distribution from the key ladder block to the content descrambler.
The key ladder block shall interface with a processor of the content receiver. For example, the processor may be a
security processor or the CPU of the content receiver. As specified in clause 4 and as shown in Figure 5.1-1, this
processor has read access to the chipset-ID. This enables a content provider to identify the chipset and obtain the
corresponding public-key certificate containing CPK from the certification authority. The value of CPK needs to be
known to c
...