Cryptographic schemes for a local cable company

This, for sure, is one of my favorite questions during my university year.

Q: A local cable company is improving the security of their method for distribution of “pay per view” movies. Each subscriber is given a secret key Ki at subscription time; this is programmed into that users black box on top of their TV, and kept in the company’s secured database. A movie M, which consists of a string of many gigabits
of data, is delivered to a subscriber’s home by cable. A user’s request for a movie is authenticated by a data value which is a function of Ki, sent from the access box to the cable company. Ki is also used to recover a special “movie key” as described below.

• Scheme I. The movie M is encrypted under Ki for each user Ui that requested to view
the movie, and such user Ui is sent the movie as a different string of bits EKi(M).

• Scheme II. The cable company computes a special key K for the movie M, and just
before the movie starts, sends a user-specific quantity EKi(K) to each user Ui that
requested to view the movie. Each user uses its own key to recover K. A single copy
of the movie, EK(M), is broadcast over the cable.

• Scheme III. To simplify Scheme II, a consultant from another firm proposes
that the cost of computing the encrypted keys EKi(K), which is one block cipher
operation per user, be reduced to that of a single XOR operation per user, by sending
the user Ui, the key K, encrypting it as K XOR Ki.

As a professional consultant, which method do you think is the best? Please discuss security as well as implementation issues that the company might have to consider.

I’ll answer this later since I have to finish my CCNA study. I am writing the exam this coming Friday. Meanwhile, you can try to answer this question by leaving some comments. Maybe you have a better solution than I do.

Note: The question is related to movies. Yes. But it does not mean I like watching movies or anything related to that. I stop watching TVs/Movies in 2004/2005. So many corruptions, bad influence and nonsense. It just makes me sick.

One thought on “Cryptographic schemes for a local cable company

  1. Is this a Cisco exam Q? Fairly typical of most tech exam Q’s – one totally ludicrous answer, one that is temptingly ‘simple’ and the right one…

    Discount the ridiculous answer of 1 stream per user…

    Option 3 will leak user keys – If I know the key for user 1 (k1) then I can extract the movie Key (km) and then use that to recover the keys for ALL others users… In fact it is probably possible to recover Km without knowing any User keys.

    So the only secure & network efficient solution is the 2nd option….

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s