RC4 Vector Key Based Conditional Access
System in Pay-TV Broadcasting System
Solomon.I1, Sumitha.S2.
Department of Information Technology
PSN College of Engineering and Technology, Tirunelveli, India
1
i.sn.deva@gmail.com, 2sumeeanu@yahoo.com
Abstract— This paper proposes a new key management
scheme for wireless sensor networks to reduce the
memory and communication overhead, and improve the
security capacity. Comparing with the typical key pre-
distribution schemes, a new method of establishing keys
is adopted, and is analyzed deeply in three important
performance indexes. The theory of liner combination is
applied to generate the keys using the random vectors
in vector group.
Keywords—Access key management, conditional access
system, group key distribution, pay-TV,rc4 vector key
Introduction
A Pay-Tv System is a commercial TV system,
which charges its subscriber fee for receiving the
broadcasting program. Here, a Pay-TV System can be
a digital cable TV system, such as the current local
CATV system, or a Digital Broadcasting System
(DBS).
A Pay-TV System may have many broadcasting
channels to provide its service and those channels can
be classified into two classes, i.e., the basic channels
and the pay-channels. The basic channels are available
to all the subscribers of the system. The pay-channels
require to charge the subscriber for the receiving fee.
The existing CASs in pay-TV broadcasting systems
can be classified into three models: pay-per-channel
(PPC), pay-per-view (PPV), and flexible pay-per-
channel (F-PPC). In PPC, a subscriber leases
subscription packages among multiple groups of
channels for a fixed period, typically for a month or a
year. A subscriber can watch all of the programs
broadcast on the channels of the groups in his
subscription. Members in PPC, however, are unable
to subscribe to an arbitrary combination of channels
according to his preference. In contrast, PPV
provides a fair service, because a PPV subscriber can
pay for one program at a time. However, PPV makes
the subscriber inconvenient because of the high
subscription frequency and low flexibility of channel
selection. F-PC further improves PPV and PPC by
accommodating efficient membership management,
flexible channel selection, and fairness [4]. A Pay-TV
System need a function to permit that only the
authorized subscribers, who have paid the receiving fee,
can watch the TV program; while an unauthorized
viewer, a viewer who is not a subscriber or being a
subscriber but without paying the receiving fee, can see
nothing. The needed function is called Conditional
Access System (CAS’. Thus CAS is the essential basic
system to charge the subscriber for the subscribing fee.
The CAS function can be worked only by using
scrambling. Scrambling is a method using
cryptographic algorithm with some secret encrypting
keys to encrypt source program to make it
unintelligible. Therefore, only the receiver
withholding the decryption key can descramble the
received scrambled program and reconstruct the
original source, while a receiver without the
decryption key cannot receive programs correctly.
Hence the authorized subscribers need the decryption
key to receive programs. And CAS can charge the
subscribing fee by managing those decryption keys
well. The encrypting keys used in scrambling are
called the Scrambling key. Due to the fact that almost
Pay-TV systems use symmetric key cryptosystems,
.e,. decryption key is the same as encryption key, to
encrypt the program, , we hereafter use scrambling
key to represent encryption or decryption key. Thus,
the authorized subscribers need also the scrambling
key to descramble the received scrambled program.
The management of scrambling keys of CAS is to
refresh the scrambling keys periodically, and then reverse steps of the head-end. More detailed
distribute them to authorized subscribers secretly so description of this process is shown in Fig 2
that unauthorized receivers cannot get the correct
decryption keys. Here, it is assume that the
cryptographic algorithm used in scrambling is secure
enough. Due to this assumption, the security of a
CAS depends merely on the key distribution
management. Thus, key distribution management
scheme is an essential part of a CAS, and is as
important as the cryptographic algorithm used in
scrambling.

Conditional access system (CAS) is a security system

designed to ensure that only authorized subscribers
can access broadcasting services [1]–[4]. To
prevent unauthorized access in pay-tv broadcasting
systems, scramble and encryption algorithms are
commonly used for secure media delivery and
channel protection. The encryption keys must be
distributed to all subscribers so that they can receive Figure 1. Control Access System (CAS)
and decrypt the broadcasts they are entitled to under
the terms of their subscriptions As shown in Figure 2, when STB receives radio
frequency signal from the channel, tuner and
Conditional Access System (CAS) demodulator will process the signal to restore the TS
stream. That is, ECM/EMM filters filter out the ECM
This section introduces the CAS model and and EMM sections. These two sections are sent to the
discusses some related works on mutual smart card to be decrypted for CW with Decrypt2 and
authentication and key agreement protocols between Decrypt1 as figure 1 shown. At this moment, mutual
STB and smart card. For DTV broadcasting, CAS is authentication and key agreement between STB and
an essential system to facilitate the subscription the smart card are needed. CW is encrypted with a
system. The overall structure of CAS is shown in session key (SK) in smart card and transferred back
figure 1 [5]. At the head-end, control word (CW) is to STB. Then, descrambler can use CW to
used to initialize the generation of a pseudo random descramble the TS stream, and TS will be de-
sequence number. This number is generated by a multiplexed and decoded. During this processes, if
pseudo random sequence generator (PRG) in order to CW is not encrypted before it is transferred back to
scramble and descramble video/audio and data STB, the adversary may redirect the CW to a same
signals. CW for each subscriber is encrypted with an type of descrambler to descramble the program
authorization key (AK) for the corresponding directly by eavesdropping the communication of the
channel. This encrypted CW forms entitlement smart card interface. That is if CW is not properly
control message (ECM). AK is also encrypted using encrypted, a security issue may arise.
master private key (MPK). And the encrypted AK
forms entitlement management message (EMM).
These ECM, EMM and the scrambled signals are re-
multiplexed in a new transport stream (TS). And
eventually the TS are broadcasted in the form of
radiofrequency signal. The subscriber management
system (SMS) is used to administer or update the
issue of the smart card for a subscriber, which
contains MPK and other account information. At the
receiver end, the STB receives the radio frequency
signal and attempts to decrypt the encrypted
information. The smart card is used for this
decryption. Once the authentication process succeeds, Figure 2. Cooperation of STB and smart card
STB descrambles the program according to the
 What this indicates is that, without properly
encrypted mutual authentication between STB and
the smart card, an adversary can duplicate smart card
or redirect the communication message between STB
and a legitimated smart card to other STBs. This may
entitle the unauthorized user to use the program
content without a charge. Therefore, dynamic session
key agreement and mutual authentication between
STB and smart card are necessary for the system
security.
Huang et al. [2], Liu et al. [3], and Jiang et al. [6]
proposed four-level key hierarchy CASs for PPV and
PPC. Their approaches aim at efficient group-key
distribution in terms of the number of messages sent
and computational overhead requirements. Jiang et
al.’s CAS requires messages to deliver a group key,
where is the number of groups. Liu et al.’s and
Huang et al.’s CASs further reduce the number of
messages to one. Although most CASs perform a
modular exponentiation as a way to handle a group
key, Huang et al.’s CAS employs lightweight
operations such as XOR, hash, and symmetric
encryption. Wang et al.’s CAS has an advantage over
other approaches in its support of diverse billing
strategies by service providers [7].
Sun et al. proposed a new CAS, also based on a
four-level key hierarchy, for F-PPC broadcasting
systems. To manage an RGK, the server and group
members maintain the structure of a binary tree for a
group, as shown in Fig. 1. Every node in the tree has
its secret value,. Every member is assigned to a leaf
node and given a by the server through a secure
channel. The is a set of secret values of, and contains
all the secret values in the tree except the restricted
secret value.
REVIEW OF SUN ET AL.’S CAS
In general, key management in a CAS consists of
a four-level key hierarchy. Each channel is encrypted
with a control word (CW). A server refreshes the CW
at a specific interval that can range from 5 to 20 s.
The CW is distributed to legitimate subscribers after
being encrypted by a channel key called an
authorization key (AK). For the daily or weekly
refreshment of the AK, a receiving group key (RGK)
is assigned to each subscribed group and is used to
encrypt the AK. Consider a system with channels and
subscribers. Without the group key, the server would
have to send messages for all channels to update the
CW and messages for all members every day or week
to update the AK. However, this process has been
made more efficient with the introduction of the
RGK because the server now sends the same number
of messages to update the CW but messages for all
members to update the AK. A master private key
(MPK) is a pre-shared key between a client and the
server and is used to encrypt the RGK for secure
distribution of group keys. The group key is updated
whenever a change occurs in group membership.
Sun et al. proposed a new CAS, also based on a
four-level key hierarchy, for F-PPC broadcasting
systems. To manage an RGK, the server and group
members maintain the structure of a binary tree for a
group, as shown in Fig. 1. Every node in the tree has
its secret value, every member is assigned to a leaf
node and given a by the server through a secure
channel. The set of secret values of, and contains all
the secret values in the tree except the restricted
secret value.
The restricted secret value of is referred to as a
secret value of the leaf node to which is assigned. As
illustrated in Fig. 1, for located at should include all
the secret values in the tree except. In order to save
storage space, the size of is reduced to contain only,
and (nodes with the shaded background in Fig. 1).
The remaining secret values can be derived using two
hash functions, HL and HR for left and right children,
respectively. The restricted secret value also extends
to include those secret values on the path from its
node to the root. and are the restricted secret values
(nodes with dotted lines in Fig. 1) for When a
member leaves a group , all the members in the group
update a group key RGK to RGK according to (1)
where is a secret value corresponding to an ’s leaf
node for . The server notifies members of the’s
departure by broadcasting the identity off. The
departing member cannot update the group key
because is the restricted secret value off. In case
leaves the group, the rest of the members update the
group key by XORing the current group key with.
However, cannot update the group key because it
cannot derive from. Sun et al. argued that this
inability to update the group key would guarantee
backward secrecy. When a new member joins the
group, receives a package of information from the
server, including the current group key and , after
encrypting this information with . The server
broadcasts an identity of to all the group members in
the arrival message. It would be preferable to locate a
rejoining member to the node where was originally
assigned. However, if is occupied by another member
, the server and group members append two children
nodes to , and then move to the left child and assign
to the right child, respectively. The corresponding
and values extend to reflect these changes in the
binary tree.It are critical that all of the group
members know the position of so as to include the
new member in the binary tree. Note that the
members update the group key only in the departure
procedure, not in the arrival procedure. The
management of AK is similar to that of RGK except
that an AK controls access to a channel. A binary tree
for a channel is used to manage subscription
packages that subscribe to and takes a group as a
node of the tree as shown in Fig. 2(a).Note that the
departure message is sent in clear text. If leaves a
group needs to be updated for backward secrecy, and
all the authorization keys of the channels in should
also be updated. If a channel in is also a channel in ,
all the members of and should update the
corresponding authorization key of the channel . In
this case, if the departure messages are encrypted, the
server should broadcast the departure message two
times, each one encrypted with and, respectively. In a
worst-case scenario, the server may have to broadcast
the departure message times, where is the number of
groups, after encrypting the message with each group
key for all the groups. The comparison in [4, Table
IV] shows that the number of transmitted messages
for un-subscription is constant. This figure confirms
that the departure message is broadcast once in clear
text to all the members. The departure message could
be encrypted with the group keys at the expense of
additional computational and communication
overheads. The arrival message that is broadcast is
not encrypted either.
Consider the example shown in Fig. 2(b) in which
a member in a group subscribes to channels and; in
particular, is shared with groups, and changes its
subscription package to the group, as shown in Fig.
2(a). In this case’s restricted secret value in the tree
for needs to be changed because knows this value.
According to [4], the server updates) and sends to
members in. Members in and are able to calculate by
the fact that has left and has joined .This means that
each member should be able to track the arrivals and
departures of members of other groups. Hence, if the
arrival messages are encrypted, in the worst case, the
arrival messages are sent times after encryption with
each group key for all the groups. However, the
authors of [4] do not consider this additional
overhead. This confirms that the arrival messages are
broadcast once in clear text to all the members.
PROPOSED SHEME
A conditional access system (CAS) proposed by
Sun et al. has a critical security weakness in its
inability to preserve backward secrecy; a former
subscriber can still access programs despite his or her
change in status. This weakness in Sun et al.’s CAS
originates because 1) no change is made to a group
key after a new member arrives, and 2) updates of
group keys are done in an insecure manner. We show
how simple protocol changes can fix these
weaknesses and thus render Sun et al.’s CAS capable
of preserving backward secrecy. In order to improve
key management RC4 algorithm introduced.
In general, key management in a CAS consists of
a four-level key hierarchy. Each channel is encrypted
with a control word (CW). A server refreshes the CW
at a specific interval that can range from 5 to 20 s.
The CW is distributed to legitimate subscribers after
being encrypted by a channel key called an
authorization key (AK). For the daily or weekly
refreshment of the AK, RC4 is assigned to each
subscribed group and is used to encrypt the AK.
Consider a system with channels and subscribers.
Without the group key, the server would have to send
messages for all channels to update the CW and
messages for all members every day or week to
update the AK. However, this process has been made
more efficient with the introduction of the RC4
because the server now sends the same number of
messages to update the CW but messages for all
members to update the AK. A master private key
(MPK) is a pre-shared key between a client and the
server and is used to encrypt the RC4 for secure
distribution of group keys. The group key is updated
whenever a change occurs in group membership.
Figure3 showed the rc4 hey generation method. it
provide low memory overhead
The proposed a new CAS, also based on a four-
level key hierarchy, for F-PPC broadcasting systems.
To manage an RC4, the server and group members
maintain the randomly selected, Every node tree has
its secret value with randomly,. Every member is
assigned to a leaf node and given a by the server
through a secure channel. The set of secret values of,
and contains all the secret values in the tree except
the restricted secret value.
 downloading”,IEEE Trans.On Consumer Electronics, Vol.
47, No.1,2001, pp.47-53.
[6] T. Jiang, S. Zheng, and B. Liu, “Key distribution based
on hierarchicalaccess control for conditional access system
in DTV broadcast,” IEEE Trans. Consum.Electron., vol.
50, no. 1, pp. 225–230, Feb. 2004.
[7] S. Y. Wang and C. S. Laih, “Efficient key distribution
for access control in pay-TV systems,” IEEE Trans.
Multimedia, vol. 10, no. 3, pp.
[8] William Stallings, Cryptography and network security:
Principles and practice, Prentice Hall, Upper Saddle River,
New Jersey, 2003 –492, Apr. 2008.

Figure 3. Rc4 key generation

CONCLUSION

This proposes scheme is a new key

management scheme for wireless sensor networks to
reduce the memory and communication overhead,
and improve the security capacity. Comparing with
the typical key pre-distribution schemes, a new
method of establishing keys is adopted, and is
analyzed deeply in three important performance
indexes. The theory of liner combination is applied to
generate the keys using the random vectors in vector
group. it produce high level security and low memory
overhead.

ACKNOWLEDGEMENT

The authors would like to thank the

reviewers for their valuable comments and
suggestions which certainly led to
improvement of this paper.

REFRENCES

[1] B. M. Macq and J. J. Quisquater, “Cryptology for

digital TV broadcasting,”Proc. IEEE, vol. 83, no. 6, pp.
944–957, Jun. 1995.
[2] Y. L. Huang, S. Shieh, F. S. Ho, and J. C. Wang,
“Efficient key distributionschemes for secure media
delivery in pay-TV systems,” IEEETrans. Multimedia, vol.
6, no. 5, pp. 760–769, Oct. 2004.
[3] B. Liu, W. Zhang, and T. Jiang, “A scalable key
distribution schemefor conditional access system in digital
pay-TV system,” IEEE Trans.Consum.Electron., vol. 50,
no. 2, pp. 632–637, May 2004.
[4] H. M. Sun, C. M. Chen, and C. Z. Shieh, “Flexible-pay-
per-channel: Anewmodel for content access control in pay-
TV broadcasting systems,”IEEE Trans. Multimedia, vol.
10, no. 6, pp. 1109–1120, Oct. 2008.
[5] F. Kamperman and B.V. Rijnsoever, “Conditional
access system interoperability through software