biss
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
biss [2017/01/26 11:00] – walkeradmin | biss [2017/01/26 11:10] – walkeradmin | ||
---|---|---|---|
Line 47: | Line 47: | ||
\\ | \\ | ||
**The CSW, ID and ESW are all linked by a BISS E algorithm. If you know any two, you can derive the third. ** | **The CSW, ID and ESW are all linked by a BISS E algorithm. If you know any two, you can derive the third. ** | ||
+ | \\ | ||
+ | \\ | ||
+ | {{ : | ||
+ | \\ | ||
+ | **When generating BISS-E keys for distribution to clients, you will know the CSW and the ID for each receiver. A software application then generates the ESW. ** | ||
+ | \\ | ||
+ | \\ | ||
+ | {{ : | ||
+ | \\ | ||
+ | **In the receiver, you must enter the ESW. The ID will already be burned into the receiver and in most cases will only be known to the system administrator generating the keys. The ESW and ID combination will be used by the receiver to internally derive the CSW. The receiver will only de-crypt correctly if the derived CSW is correct and matches the CSW used in the encoder. In most cases you cannot read the ID back from the receiver and so a receiver operator will not be aware of the value, but may be able to select from a few pre-stored ID’s.** | ||
+ | \\ | ||
+ | \\ | ||
+ | {{ : | ||
+ | \\ | ||
+ | **In the above, the top key set is valid (1) and will provide the correct CSW. | ||
+ | The same is true for keyset 2. However, in the last example, the wrong ESW has been used for ID2, and so the correct CSW will not be recovered inside the receiver. This example illustrates what would happen if there were 2 receivers with different ID’s, and the recipient of ESW1 decided to pass it to another customer having a receiver with a different ID. The combination of ESW 1 and ID 2 would generate an incorrect CSW and the receiver would not be able to decrypt. ** | ||
+ | \\ | ||
+ | \\ | ||
+ | The same concept is used in both the encoder and the decoder and the algorithm used to relate the ESW, ID and the CSW is the same in every BISS-E compliant device. | ||
+ | \\ | ||
+ | \\ | ||
+ | {{ : | ||
+ | \\ | ||
+ | **The encoder and decoder both normally need an ID and ESW to be entered. The only difference is that the ID in the decoder is normally pre-set and cannot be read or changed. This stops key-sharing between customers since an ESW will only work in a receiver with a correct ID, and if all the ID’s are unique, then an ESW will only work in the one, intended receiver and no other!** | ||
+ | \\ | ||
+ | \\ | ||
+ | There are a number of ways in which this concept can be implemented and used in practice. The BISS standard lists two standardized ways known as “user mode” (which is mandatory) and “Buried_ID” (which is an option to EBU-TECH 3292 and is not implemented by TANDBERG for security reasons because it does not prevent the ID within a receiver from being read back by the user). In addition, there is a proprietary “TTV” method which is implemented on all TANDBERG receivers. | ||
+ | \\ | ||
+ | \\ | ||
+ | <color red>ser mode</ | ||
+ | \\ | ||
+ | \\ | ||
+ | TANDBERG receivers need to be put in BISS E “user mode” to allow entry of the ESW and the ID. Importantly, | ||
+ | \\ | ||
+ | \\ | ||
+ | <color red> | ||
+ | \\ | ||
+ | \\ | ||
+ | It is only possible for the manufacturer or specialist service departments to burn numbers into a receiver, and so this method provides an excellent way of obtaining a secure ID that is unique and that the user cannot change or read back from the device. This mode is also widely inter-operable between receivers and is used by large organizations (such as EBU). | ||
+ | \\ | ||
+ | \\ | ||
+ | <color red>TTV Mode</ | ||
+ | \\ | ||
+ | \\ | ||
+ | This also means that a unique ESW will be required for each receiver. The ESW will only work in the receiver possessing the correct serial number (and hence ID). Only this combination will result in the correct CSW being generated when this combination is passed through the BISS E algorithm. Using this method is proprietary to TANDBERG receivers, and is selected by placing the receiver in “BISS-E TTV” mode. | ||
+ | \\ | ||
+ | \\ | ||
+ | It completely prevents the possibility of valid keys being passed to others in an unauthorized way. Additionally, | ||
+ | \\ | ||
+ | \\ | ||
+ | This is because knowledge of the BISS algorithm alone is not enough to recover the ID that our proprietary technique creates; To achieve this you must have knowledge of how the serial number is used to create the ID which is kept internal to TANDBERG Television. The TANDBERG BISS E software tool is used to create the keys in the normal way and is described in detail later in this section. The tool is able to detect automatically that a TTV serial number has been entered as the receiver ID from the number length, and will then apply the proprietary process that converts it into a standard-length ID. | ||
+ | \\ | ||
\\ | \\ | ||
+ | |||
+ | ---- | ||
+ | ==== Using BISS E ==== | ||
+ | \\ | ||
+ | |||
+ | |||
biss.txt · Last modified: 2023/03/09 22:35 by 127.0.0.1