A DSP Based POD Implementation for High Speed Multimedia Communications

In the cable network services, the audio/video entertainment contents should be protected from unauthorized copying, intercepting, and tampering. Point-of-deployment (POD) security module, proposed by OpenCable TM , allows viewers to receive secure cable services such as premium subscription channels, impulse pay-per-view, video-on-demand as well as other interactive services. In this paper, we present a digital signal processor (DSP) (TMS320C6211) based POD implementation for the real-time applications which include elliptic curve digital signature algorithm (ECDSA), elliptic curve Di ﬃ e Hellman (ECDH) key exchange, elliptic curve key derivation function (ECKDF), cellular automata (CA) cryptography, communication processes between POD and Host, and Host authentication. In order to get di ﬀ erent security levels and di ﬀ erent rates of encryption/decryption, a CA based symmetric key cryptography algorithm is used whose encryption/decryption rate can be up to 75Mbps. The experiment results indicate that the DSP based POD implementation provides high speed and ﬂexibility, and satisﬁes the requirements of real-time video data transmission.


INTRODUCTION
The next generation of the cable networks requires that a security module should be built and separated from the host devices (set top boxes and integrated digital televisions) in order to facilitate commercial sale of navigational devices. The point-of-deployment (POD) security module is being developed to satisfy these separable security requirements and to enable retail availability of Host devices [1,2,3].
The POD module supports two major functions.
(1) The POD will provide the cable operator with a secure device at the customer's location.
(2) The POD will act as a translator so that the Host device will only have to understand a single protocol, regardless of the type of network to which it is connected. Since the draft of the specification of the POD module was released in fall 1997, several POD products have been reported. All of them are the application specific integrated circuits (ASIC), and use data encryption standard (DES) as the preliminary technique for content encryption/decryption. But DES has been proved not secure enough and will be replaced by the new standards. Moreover, due to the nature of cable network services, different applications require different security levels. It is desirable for POD to provide versatile cryptography schemes. On the other hand, since the current specification of the POD module has not been accepted as an international standard, any further modifications of the standard will cause redesigning and rebuilding of the ASIC POD.
In order to provide a low cost and flexible POD, a DSP based POD implementation is proposed in this paper which satisfies the requirements of real-time video data transmission and can be applied in different security levels. The  outline of the remainder of the paper is as follows. Section 2 introduces the POD security module including the overview of POD, its functionalities, and algorithms used in POD. Section 3 presents the POD implementation based on DSP. Section 4 is the conclusion.

FUNCTIONS OF POD MODULE
The set top box (STB) is a commonly used interface between digital television and the functions accessible via cable network in the architecture of next-generation television and video systems. It attaches a point-of-deployment (POD) security plug-in module to provide the security and copy protection of the contents. Figure 1 illustrates logically how the POD module interface connects with other OpenCable interfaces. In Figure 1, OCI-N (OpenCable interface network) is the interface between a cable network and the Host device. OCI-C1 (Open-Cable interface consumer 1) is the interface between a Host device and a digital consumer device. OCI-C2 (OpenCable interface consumer 2) is the interface between a Host device and the POD module.
The primary functions of the OpenCable POD module include: (1) provide conditional access to a Host device; (2) provide communication and control between the headend and the Host device. The POD module decrypt the contents under control of the headend and re-encrypt the contents for the purpose of copy protection between the POD module and Host device. Typically, the POD is authorized by the conditional access system to decrypt contents, and authorizes the Host by delivering either clear or CP (copy protection) encrypted content. The content passing the POD interface can be one of the following three formats: (1) Cleartext, (2) Passing through, (3) Rescramble. The copy protection between the POD and the Host works as follows.
Step 1 (Initialization of the POD and the Host evaluation). When the POD is powered on, it checks if the Host supports OpenCable TM content protection by checking the availability of the CP resource and verifying the authenticity of the device certificate.
Step 2 (Host authentication). The POD retrieves the Host certificate Data to initiate the authentication procedure and the Host replies to it. After this exchange, both the POD and the Host come up with the authentication key.
Step 3 (Key exchange). The POD sends its DH (Diffie-Hellman) public key to the Host and requests the Host's DH public key and then the Host sends its DH public key to the POD. After this exchange, both the POD and the Host come up with a common secret value. By using a method covered by intellectual property, they establish the shared secret keys derived from the Host authentication process.
Step 4 (Interface encryption). The POD uses the secret key to encrypt the content.
The cryptography schemes used in POD include: (1) Elliptic curve digital signature algorithm (ECDSA), which is used in the Host authentication process for signing and verification. (2) Diffie-Hellman (DH) public key agreement algorithm, which provides a method for POD and Host to compute a shared secret value, that is, used in the content encryption/decryption key generation. (3) SHA-1 (secure hash algorithm) [4], which is used in the digital signature algorithm to generate a message digest of length 160 bits. For the POD, the SHA-1 algorithm is used for Host certificate signature verification, authentication key generation and copy protection key generation. (4) Elliptic curve key derivation function (ECKDF) algorithm, which is used to generate the key for the content protection.
Moreover, a random number generator is included to generate DH private keys which will be compliant with the SHA-1 based algorithm. Each OpenCable device has a unique seed value which is set by the manufactory. Figure 2 illustrates the cryptographic functions used in the POD copy protection.

Introduction of DSP C6211
Texas Instruments (TI) TMS320C6000 generation [5] is based on VelociTI TM architecture, an advanced architecture  for DSPs with very long instruction word (VLIW). The VLIW architecture makes it very suitable for the multichannel and multifunction applications. TMS320C6211 (C6211 for short) provides 1200 MIPS (million instructions per second) at 150 MHz, and the TMS32062xx devices are the fixedpoint DSP family. The cache architecture in C6211 provides low cost and high performance capabilities. C6211 has 32 general purpose registers of 32 bit word length and eight highly independent functional units. The eight functional units provide six arithmetic logic units (ALUs) for a high degree of parallelism and two 16-bit multipliers. The development tools of C6211 include: C compiler, assembly optimizer to simplify programming and scheduling, and Windows TM debugger interface for visibility into source code execution [6]. The DSP based POD can greatly reduce the hardware design period, since it can easily reprogram when the specifications of POD are to be modified or new components are added.

Cryptography algorithms used in the DSP based POD
In order to make the POD more efficient, we use ECKDF which is based on the elliptic curve cryptography [7,8] for the key derive function; and use cellular automata (CA) based symmetric-key cryptographic algorithm for media content protection. ECDSA algorithm is applied in POD to authenticate the Host, which includes three parts: key schedule which is to set up the key, signature procedure, and verification process as illustrated in Figure 3.
Elliptic curve Diffie Hellman (ECDH) primitives is the  basis for the operation of elliptic curve encryption scheme. For the POD, we use this algorithm to exchange the key between the POD and the Host. Figure 4 illustrates the flow chart of ECDH algorithm.
Suppose POD (P) and Host (H) will communicate with each other, and require the key exchange. Here we use d P and Q P to represent the P's private key and public key which are obtained from the key schedule. d H and Q H denote H's private key and public key, respectively. P performs the following steps: /* setup the scheme */ create the elliptic curve; /* compute the elliptic curve point */ V P = (x p , y p ) = d P Q H ; return the x component of V P as the shared secret key (z P ).
Similarly, H uses the same primitive to get the shared secret key.
/* setup the scheme */ create the elliptic curve; /* compute the elliptic curve point */ V H = (x h , y h ) = d H Q P ; return the x component of V H as the shared secret key (z H ).
By running ECDH algorithm, we have P V = P U . That is, two parties get the same secret key.
In the POD implementation, ECKDF key derivation function is used to generate the common key for content encryption and decryption. The following is the description of ECKDF key derivation function: check the length of input data (z); initiate a Counter = 1; where " | " means concatenation, and h stands for hash function SHA-1. By applying this function, we can generate different key sizes as required.
In the following, we introduce the cellular automata based symmetric-key cryptography algorithm and how it is applied in POD. Cellular automata (CA) is an array of cells where each cell is in any of the permissible states. For example, in a 2-state CA, each cell's state can be zero or one. In a k-neighborhood CA, at each clock cycle, the evolution of a cell value depends on its rule and the present states of its neighbors. The following three CA rules have special characteristics which can be applied in message encryption: Thus, if we choose rules of 51, 153, 195 as a group CA, then the fundamental transformations are self-inverse, that is, the decryption is carried out in the same way as encryption. Assuming the rule matrix is T, then we have T 2n = T n · T n = I (the identity matrix). (2) Control bit Different rule Figure 5: Overview of rule applied to message.
The CA-based block cipher scheme is as follows. Encryption Decryption where T 1 , T 2 , . . . , T q are secret CA rules, which can be reviewed as the subkeys of the block cipher. The flexibility of CA based cryptosystem is that by choosing different values of n and q, we can achieve different security levels and data encryption/decryption rates according to the application requirements. In Figure 5, the first bit is the rule control bit where "0" stands for rule 51, and "1" stands for rule 195 or 153 which will be selected by the corresponding bit. The core procedures of the CA algorithm is described as follows: temp51 = (~Message) & (~Rule); /* Implement the rule 51 */ switch(rule sign) { case 0: temp1 = Message 1; temp195 = (~(Message^temp1)) & Rule; temp C Block = temp195; break; case 1: temp2 = Message 1; temp153 = (~(Message^temp2)) & Rule; temp C Block = temp153; break; } C Block = temp51 | temp C Block.
Note that cycles used for encryption and decryption can be variable as well in CA based cryptography. For example, if we set 2n = 8, that is, the message should be processed by applying 8 times of CA rule during the procedure of encryption and decryption, then we can choose the first four cycles for encryption and the other four cycles for decryption, or we can use the first three cycles for encryption and another five cycles for decryption.