Common scrambling algorithm

The Common Scrambling Algorithm (CSA) is the encryption method used in digital television DVB to encrypt the video data stream .

CSA was kept secret for several years. Some information came to light through the patent specification, but important details remained secret, for example the structure of the so-called S-boxes . Without these details, a free implementation of the algorithm was not possible. CSA was originally intended to be implemented only in hardware, which made it impossible to determine the necessary details by reverse engineering existing implementations , for example Conditional Access Modules (CAM).

In 2002 a program called FreeDec appeared , which implemented the CSA in software . The program was only available as a binary version (also: Executable ). Hackers disassembled the software and used it to find the missing details. This has made it possible to implement by CSA in a high level language to implement.

Since the algorithm for CSA was fully known, cryptanalysts have been looking for weak points in the process. As with other encryption methods, a point of attack arises from the fact that parts of the plain text are to be assumed as known or at least very likely (for example MPEG headers). The length of the key (here: Control Word ) of 64 bits results in 2 ⁶⁴ encryption options. If one were to try out all possible keywords with the help of a computer and this would take 1 μs for each attempt, the search would take over 500,000 years. By accepting certain plain text bytes, conclusions can be drawn about the key used in order to significantly reduce the total number of possible keys.

According to the current state of the cryptanalysis , the CSA can be attacked using a rainbow table and can be decrypted at least sequentially. However, this is due to the artificially shortened key length of 48 bits instead of the intended 64 bits and to the slow, cyclical key changes, which are predictable. We therefore recommend using the full 64-bit key length and switching to AES later . A corresponding program for calculating the rainbow table has also been published.

Individual evidence

↑ Colibri DVB: CSA Rainbow Table ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. , December 16, 2011 (German)@1@ 2Template: Toter Link / colibri-dvb.info

↑ ^a ^b Colibri DVB: CSA full encryption cracked ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (PDF; 1.2 MB), December 16, 2011 (German)@1@ 2Template: Toter Link / colibri-dvb.info

Web links

literature

Analysis of the DVB Common Scrambling Algorithm , 2004 (PDF file; 194 kB)
Erik Tews, Julian W Bäumen , Michael Weiner: Breaking DVB-CSA (PDF; 4.4 MB) West European Workshop on Research in Cryptography WEWoRC 2011, pp. 41–45

software

CSA Rainbow Table : Cryptanalysis and tools for the common scrambling algorithm
libdvbcsa: A free implementation of the DVB Common Scrambling Algorithm
FFdecsa is a fast implementation of a CSA decryption algorithm for MPEG TS packets

[1] Colibri DVB: CSA Rainbow Table ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. , December 16, 2011 (German)@1@ 2Template: Toter Link / colibri-dvb.info

[colibri-2] Colibri DVB: CSA full encryption cracked ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (PDF; 1.2 MB), December 16, 2011 (German)@1@ 2Template: Toter Link / colibri-dvb.info