ETSI TS 103 162 V1.1.1 (2010-10)

Technical Specification
Access, Terminals, Transmission and Multiplexing (ATTM);
Integrated Broadband Cable and Television Networks;
K-LAD Functional Specification

2 ETSI TS 103 162 V1.1.1 (2010-10)

Reference
DTS/ATTM-003012
Keywords
CA, cable
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2010.
All rights reserved.
TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI TS 103 162 V1.1.1 (2010-10)
Contents
Intellectual Property Rights . 4
Foreword . 4
1 Scope . 5
2 References . 5
2.1 Normative references . 5
2.2 Informative references . 5
3 Definitions and abbreviations . 6
3.1 Definitions . 6
3.2 Abbreviations . 6
4 Introduction . 7
4.1 Overview . 7
4.2 Descrambling Algorithm Requirements . 7
5 Functional Diagram . 8
6 Functional Requirements . 10
6.1 Key Ladder Functions . 10
6.1.1 CA Key Ladder . 10
6.1.2 Challenge Response . 10
6.1.3 Key Ladder Ciphers . 11
6.1.4 CW Alignment . 11
6.2 Time Constraints . 11
6.3 Driver API . 11
6.4 Secret Chipset Key Obfuscation . 11
7 Root Key Derivations . 11
7.1 Introduction . 11
7.2 Functional Requirements . 12
8 Extensions . 13
8.1 Introduction . 13
8.2 Additional Key Levels . 13
8.3 Additional Security Operations . 13
History . 14

ETSI
4 ETSI TS 103 162 V1.1.1 (2010-10)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Access, Terminals, Transmission
and Multiplexing (ATTM).
ETSI
5 ETSI TS 103 162 V1.1.1 (2010-10)
1 Scope
The present document defines the key ladder and cryptographic requirements for security functionality to be embedded
within a television receiver's chipset (e.g. SOC). The use of a standard key ladder ensures that any television receiving
device may receive television content from any television distribution network regardless of the network security
solution in use.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are necessary for the application of the present document.
[1] ISO/IEC 13818-1 (2007): Information technology - Generic coding of moving pictures and
associated audio information: Systems".
[2] ETSI ETR 289: "Digital Video Broadcasting (DVB); Support for use of scrambling and
Conditional Access (CA) within digital broadcasting systems".
[3] ETSI TS 102 825-5: "Digital Video Broadcasting (DVB); Content Protection and Copy
Management (DVB-CPCM); Part 5: CPCM Security Toolbox".
[4] ISO/IEC 18033-3 (2005): Information technology - Security techniques - Encryption algorithms -
Part 3: Block ciphers.
[5] FIPS-197 (AES): "Specification for the Advanced Encryption Standard Federal Information
Processing Standards (FIPS)" Publication 197, November 26, 2001.
2.2 Informative references
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] DVB-CSA - DVB BlueBook A125 (2008)/(Document a125_CSA3_dTR101289.v1.2.1): "Support
for use of the DVB Scrambling Algorithm version 3 within digital broadcasting systems".
ETSI
6 ETSI TS 103 162 V1.1.1 (2010-10)
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
Authentication key (A): a 16-byte key derived from K2 that is used by the challenge-response mechanism
NOTE: A can be used either to authenticate the sink device through a traditional challenge-response, or used by
the sink device to authenticate messages from the source device by deriving a key for a CBC-MAC or
similar symmetric message authentication algorithm.
control word: key used to descramble the video, either 8 or 16 bytes
Dk(Y): used to denote the data Y decrypted with key K
Ek(Y): used to denote the data Y encrypted with key K
ESCK: encrypted secret chipset key which is the value physically stored in the chipset's OTP
NOTE: It has to be at least as large as the SCK. The ESCK would be typically uneditable and unreadable after
manufacture.
Key 1 (K1): 16-byte key used to decrypt the CW
Key 2 (K2): 16-byte key used to decrypt K1
Key Ladder Root Key, or Root Key (K3): 16-byte private key used by each compliant chipset at the root of the key
ladder, it is used to decrypt K2
NOTE: In chipsets that implement an extended key ladder with n levels, the root key at the highest level of the
key ladder will be denoted by Kn.
PID: Packet ID of a component elementary stream within a program carried in an MPEG-2 transport stream
public ID: 8-byte Public Identifier of the sink device chipset, including elements indicating the manufacturer and model
as well as a globally unique identifier for the chipset instance within that model
SCK: secret chipset key which is unique to each compliant chipset
NOTE: It has to be at least 16-bytes. In initial chipset deployments that lack the root key derivation mechanism,
the SCK may also serve as the key ladder root key K3. In this case the SCK shall be exactly 16 bytes.
vendor ID: value of at least 8 bits that will be used to identify CA vendors, network operators, and other entities using
a compliant chipset
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AES Advanced Encryption Standard
CPU Central Processing Unit
CW Control Word
DES Data Encryption Security
DVB-CSA2 Digital Video Broadcasting-Common Scrambling Algorithm
ILA Industry Licensing Authority
MPEG Motion Picture Equipment Group
OTP One Time Programmable memory
SOC System On Chip
SCK Secret Chipset Key
STB Set Top Box
TDES Triple DES
ETSI
7 ETSI TS 103 162 V1.1.1 (2010-10)
4 Introduction
4.1 Overview
The present document is a specification for enabling and securing the delivery of content descrambling keys from a
source device to a sink device.
The basis of the present document is a three-step key ladder and challenge-response authentication scheme in which the
base key derivation inputs are protected within the one time programmable memory (OTP) of the sink device's
hardware (e.g. chipset). The key ladder is used primarily for the delivery of content descrambling keys while the
challenge-response mechanism is used for checking the integrity and authenticity of sink devices as well as messages
arriving from an compliant source device.
The present document is intended for chipset manufacturers who choose to implement the key ladder functionality in
their chipsets.
This key ladder specification is designed to support the dynamic substitution and replacement of either sink or source
device in a manner that maintains the security and integrity of the underlying content distribution network. The
specification enables the portability of sink devices between content distribution networks by permitting the field
upgradeability of sink devices to work with previously unknown source devices. The specification also enhances the
capability of networks to upgrade their source devices without disrupting the capabilities of already fielded sink
devices.
While the source device is expected to be a key management system such as a traditional Conditional Access System or
Digital Rights Management solution deployed by a content distribution network, and the sink device is expected to be a
secure content consumption device such as a STB or television, the present document is not limited to only supporting
these particular types of devices.
The present document is derived from an existing technical solution already deployed in existing hardware systems and
is designed to be backwards compatible with these existing implementations.
The key derivation component of the present document enables cross-network portability by allowing network specific
inputs to be securely reprogrammed in the field. The modification of one of these system inputs may occur 'on the fly',
and is sufficient to enable a sink device to function securely on a new network, using a new 'root' key for the key ladder.
The present document does not specify how content arrives to the sink device descrambler, only that the sink device's
descrambler shall recognize the scrambling algorithm utilized by the content's network distribution system.
The present document does not specify conformance and robustness rules for chipset hardware nor interoperability or
certification requirements. Such rules are beyond the scope of the current specification and are expected to be the
responsibility of an Industry Licensing Authority (ILA).
It is recognized that effective and safe implementation and deployment of cont
...