CCAP Encryption Integrating CCAP into the Video Control

  • Slides: 26
Download presentation
CCAP Encryption Integrating CCAP into the Video Control Plane Kevin Taylor Fellow Comcast July

CCAP Encryption Integrating CCAP into the Video Control Plane Kevin Taylor Fellow Comcast July 31, 2014

Topics CCAP in a Nutshell CCAP In a System Context CCAP Encryption Goals CCAP

Topics CCAP in a Nutshell CCAP In a System Context CCAP Encryption Goals CCAP Transition Strategy CCAP Encryption Hardware Requirements CCAP Encryption Options CCAP Encryption Phasing Case Study Special Considerations 2

CCAP in a nutshell • Converged Cable Access Platform • Combines the functions of

CCAP in a nutshell • Converged Cable Access Platform • Combines the functions of the CMTS and Edge QAM • Implements all narrowcast and broadcast QAMs HSD/CDV IP Video VOD DS RF Port 64 NC QAMs + 96 BC QAMs Broadcast c. DVR Narrowcast & Broadcast Digital Services Legacy OOB & QAM CCAP DS US Analog 3 Split Legacy OOB MPEG TS Simplify, and eventually eliminate RF Combining DOCSIS CCAP DS Port Assignments

CCAP Impact • Engineering: Capacity and efficiency - 50% space savings with 4 x

CCAP Impact • Engineering: Capacity and efficiency - 50% space savings with 4 x capacity - 60% power savings plus less cooling - Improve existing UPS and battery backup performance • Architecture: Simplicity and flexibility - Minimum, simplified combining wiring - Full-spectrum, MPEG/DOCSIS QAMs, easier migration to IPTV - Future proof, single access platform • Purchasing: Cost will quickly become a big driver - Especially DOCSIS QAMs are significantly cheaper • Operations: Reliability and manageability - Fully redundant (N+1 LC & 1+1 Commons) - Configuration change between QAM types vs. equipment swap-out - Much shorter maintenance window (ISSU) - Far less equipment to manage and maintain 4

CCAP in a System Context 5 System Context

CCAP in a System Context 5 System Context

CCAP Encryption Goals Architecture - Cost Efficiency - Resource Efficiency - Compatibility with Deployed

CCAP Encryption Goals Architecture - Cost Efficiency - Resource Efficiency - Compatibility with Deployed Conditional Access Systems - Scalability - Security - Modern Network Architecture - Reliability and Resiliency Linear - Broadcast - DTA - PPV/IPPV - SDV VOD - Port Mapped (Static) - Session (Dynamic) 6

CCAP Encryption Converged Cable Access Platform Encryption Broadcast SDV & VOD QAM M-CMTS QAM

CCAP Encryption Converged Cable Access Platform Encryption Broadcast SDV & VOD QAM M-CMTS QAM Hardware platform specifications ARRIS Media. Cipher Cisco Power. Key DVB Encryption 7 I-CMTS

8 8 Legacy Encryption vs. CCAP Encryption Legacy Encryption EQAM: Proprietary Generation of CW

8 8 Legacy Encryption vs. CCAP Encryption Legacy Encryption EQAM: Proprietary Generation of CW and ECM EQAM: Encryption EQAM: Stream Multiplexing EQAM: Output Conversion GQAM, MQAM, SEM, APEX, Net. Crypt CCAP Encryption ECMG: Proprietary Generation of CW and ECMs move to Vendor ECMG device EQAM: Encryption, Multiplexing and output conversion remain in EQAM CCAP and 3 rd Party EQAM

CCAP Transition Strategy 9

CCAP Transition Strategy 9

CCAP Encryption Requirements 10 Decryption Support • Network Decryption (not currently implemented) - AES-128

CCAP Encryption Requirements 10 Decryption Support • Network Decryption (not currently implemented) - AES-128 Encryption Support • Media. Cipher / DTA - SCTE-52 (DES-CBC) • Power. Key / DTA - DES-ECB • AES • DVB-CSA/CSA 3 (Simulcrypt) CA System Support • PID Routing - CAT - DTA System Information - DTA EMM - DTA User Interface Data - DTA Messaging • PSIP Aggregation - PSIP - EAS

CCAP Encryption Options • Option 1 – CCAP with ECMG • Option 2 –

CCAP Encryption Options • Option 1 – CCAP with ECMG • Option 2 – CCAP with Bulk Encryption • Option 3 – CCAP with DVB Simul. Crypt 11

CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) Authentication CCAP Web Request

CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) Authentication CCAP Web Request {AC, ECM/CW} Load Balancer Shared ECMG Pool ECMG. CWG. . ECMG CWG ECM/CW cache Abbreviations: ECMG – Entitlement Control Message Generator ECM – Entitlement Control Message CW – Control Word CWG – Control Word Generator CAS – Conditional Access System 12 CAS

CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) Shared ECMG Pool ECMG

CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) Shared ECMG Pool ECMG CWG CWG Secrets Settop CAS DTA CAS http[AC, ECM/CW] Load Balancer http[AC, ECM/CW] 13 CCAP Encrypt MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) DTA CAT, SI, EMM, Data, EAS

CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) • ECMG is not

CCAP Encryption Option 1 - CCAP with ECMG (Load Balancer/HTTP) • ECMG is not in the video path • ECMG<>CCAP Interface is resilient to network delays and short outages • Batching of ECMs and CWs • Standard network load balancing is supported • CCAP needs licensed technology from CA vendors • ECMG is stateless 14

Option 2 - CCAP with Bulk Encryptor Settop CAS MPTS/SPTS Bulk Encryptor Video (Clear

Option 2 - CCAP with Bulk Encryptor Settop CAS MPTS/SPTS Bulk Encryptor Video (Clear Secrets Content) DTA CAS Encrypt 15 CCAP Encryption DTA CAT, SI, EMM, Data, EAS MPTS/SPTS (Encrypted Content) Abbreviations: DTA – Digital Terminal Adaptor CAS – Conditional Access System SI – System Information EMM – Entitlement Management Message EAS – Emergency Alert System MPTS – Multi-Program Stream SPTS – Single Program Stream . . . CCAP MPTS/SPTS (Encrypted Content)

16 CCAP Encryption Option 2 - CCAP with Bulk Encryptor • Bulk encryptor is

16 CCAP Encryption Option 2 - CCAP with Bulk Encryptor • Bulk encryptor is in the video path • Requires appropriate redundancy to be applied at the bulk encryptor and CCAP • Bulk encryptor encapsulates all of the propriety CA vendor information into a single video encryption device • Maybe resilient to network delays and short outages • Efficient encryption method for video architecture with many nodes

CCAP Encryption Option 3 CCAP with DVB Simul. Crypt Compliant CA System EIS Simulcrypt

CCAP Encryption Option 3 CCAP with DVB Simul. Crypt Compliant CA System EIS Simulcrypt EIS<->SCS Abbreviations: ECMG – Entitlement Control Message Generator EIS – Event Information Scheduler SCS – Simul. Crypt Synchronizer CW – Control Word CWG – Control Word Generator CAS – Conditional Access System Settop CAS ECMG Secrets Simulcrypt SCS <->ECMG Secrets. DTA CAS . . Simulcrypt SCS <->ECMG CWG* 17 *Varies by CA vendor CCAP Encrypt* MPTS/SPTS Video (Clear Content) MPTS/SPTS (Encrypted Content) DTA CAT, SI, EMM, Data, EAS

18 CCAP Encryption Option 3 – CCAP with DVB Simul. Crypt • ECMG is

18 CCAP Encryption Option 3 – CCAP with DVB Simul. Crypt • ECMG is not in the video path • Standardized DVB Interfaces • Socket based interfaces • Not all CA Systems support a Simulcrypt mode with the CCAP being the Simulcrypt Synchronizer(SCS) • Some CA System have IP or secrets that need to be applied at the Encryptor

19 CCAP Encryption Option Comparison (1) Option 1 ECMG Option 2 Bulk Encryptor Option

19 CCAP Encryption Option Comparison (1) Option 1 ECMG Option 2 Bulk Encryptor Option 3 DVB Simulcrypt CAS Operation Single Vendor Multi-Vendor Encryption Location CCAP Bulk Encryptor CCAP Location of Proprietary CA Secrets ECMG Bulk Encryptor ECMG Interface Standards Proprietary Propriety (Licensed to CCAP Vendors) Open Protocol Basis HTTPS Proprietary Socket Interface Authentication Authenticated Per vendor implementation None ECM Batching Y N/A N (Transaction per crypto period) Load Balancing Y N/A Concept of primary, secondary, and priority. Support vendor specific.

CCAP Encryption Option Comparison (2) Option 1 ECMG Option 2 Bulk Encryptor Video Path

CCAP Encryption Option Comparison (2) Option 1 ECMG Option 2 Bulk Encryptor Video Path Redundancy CCAP Responsibility Bulk Encryptor and CCAP Responsibility CCAP share redundancy responsibility Network Load Resilient to short network outages Stateless Stateful Cloud Readiness Auto-scaling, load None balancing, and failure resiliency are part of architecture Concept of Primary / Secondary ECMG Hitless Upgrades Y – ECMG Pool provides redundancy N Maybe – requires 1: 1 redundancy Horizontal Scalability Y N Concept of Primary / Secondary ECMG ECM Stretching Vendor specific Support Current 20 Future Option 3 DVB Simulcrypt

CCAP Encryption Phasing Case Study – ARRIS Network Function VOD Encryption Linear Encryption Mode

CCAP Encryption Phasing Case Study – ARRIS Network Function VOD Encryption Linear Encryption Mode Media. Cipher Session Based Encryption Media. Cipher (CTCP) (ODCP) Session Y Y Y n/a Y Y Y n/a Y n/a Y Y Y Common Tier Privacy Mode Encryption VPME VOD Session Setup Port mapping Components CCAP Y Y ECMG n/a Y VOD Back Office N N Updates DAC N Y CASMR N Y BVSM n/a (One. Controller) Interfaces (Req’d) Cable. Labs RMI n/a CCAP-ECMG n/a Y CAMS-SM n/a 21 Linear + One. Controller Media. Cipher (CTCP, ODCP) Media. Cipher, Media. Cipher DTA Port or Session Y Y (CTCP, ODCP)

22 CCAP Encryption Phasing Case Study – Cisco Network Function VOD Encryption Linear Encryption

22 CCAP Encryption Phasing Case Study – Cisco Network Function VOD Encryption Linear Encryption Mode VOD Session Setup Embedded Power. Key VOD on ECMG Power. Key Linear with Simulcrypt Power. Key, SCP/SCC Linear with One. Controller Power. Key, SCP/SCC DNCS BVSM Session Components CCAP ECMG (PCG) N n/a Y Y (Simulcrypt) Y Y N Y Y Y n/a N N Y Y n/a Y Y Y N Y Y n/a Y N N N Y Y Y Y N Linear Session Setup VOD Back Office DNCS/EC ECS BVSM (One. Controller) DTACS Interfaces (Req’d) Cable. Labs RMI PEACH (ECMG) CAMS-SM Simulcrypt

Special Considerations • CCAP Broadcast Replication • Adult Content - Special Requirements - Combinations

Special Considerations • CCAP Broadcast Replication • Adult Content - Special Requirements - Combinations of Encryption Approaches 23

Summary • CCAP Architecture enables several mechanisms for the cable operator to enable video

Summary • CCAP Architecture enables several mechanisms for the cable operator to enable video encryption • The cable operator will need to decide which approach is best for their system architecture, service type, and network 24 Comcast IConfidential

Questions? 25 Comcast IConfidential

Questions? 25 Comcast IConfidential

Summary of Encryption What is encryption In encryptionSummary of Encryption What is encryption In encryption
Encryption What is Encryption Types of Encryption 1Encryption What is Encryption Types of Encryption 1
Asymmetric encryption Asymmetric encryption Asymmetric encryption often calledAsymmetric encryption Asymmetric encryption Asymmetric encryption often called
Nor140VID Integrated Video Recording System Integrating Video intoNor140VID Integrated Video Recording System Integrating Video into
PS litosfra video video video video Msta zemtesenPS litosfra video video video video Msta zemtesen
Video Summarization Video Highlights Extraction Video Browsing VideoVideo Summarization Video Highlights Extraction Video Browsing Video
PS litosfra video video video video Msta zemtesenPS litosfra video video video video Msta zemtesen
Video Basics Introduction video industry Video Imaging videoVideo Basics Introduction video industry Video Imaging video
GenesX Video Video Format Mood Video brief videoGenesX Video Video Format Mood Video brief video
Integrating Safety Into The Transportation Planning Process IntegratingIntegrating Safety Into The Transportation Planning Process Integrating
Integrating Educational Technology into Teaching Chapter 4 IntegratingIntegrating Educational Technology into Teaching Chapter 4 Integrating
INTEGRATING WATER INTO LAND USE PLANNING Integrating WaterINTEGRATING WATER INTO LAND USE PLANNING Integrating Water
Integrating Technology Tara Rotolo Integrating Technology into ElementaryIntegrating Technology Tara Rotolo Integrating Technology into Elementary
INTEGRATING HOSA INTO THE CLASSROOM Texas HOSA IntegratingINTEGRATING HOSA INTO THE CLASSROOM Texas HOSA Integrating
ENCRYPTION Presented by Amit Choudhary ENCRYPTION Data thatENCRYPTION Presented by Amit Choudhary ENCRYPTION Data that
Data Encryption Standard DES 1 Data Encryption StandardData Encryption Standard DES 1 Data Encryption Standard
Homomorphic Encryption Mike Merry Motivations for homomorphic encryptionHomomorphic Encryption Mike Merry Motivations for homomorphic encryption
Encryption Technologies Encryption is an important technical solutionEncryption Technologies Encryption is an important technical solution
CRYPTOGRAPHY WHAT IS PUBLICKEY ENCRYPTION Encryption is theCRYPTOGRAPHY WHAT IS PUBLICKEY ENCRYPTION Encryption is the
Encryption Dana Scherm Velma De Fee Encryption andEncryption Dana Scherm Velma De Fee Encryption and
6 Antiforensics Topics Encryption Breaking Encryption Hiding and6 Antiforensics Topics Encryption Breaking Encryption Hiding and
Multimedia Encryption Sistem Multimedia 1 Multimedia Encryption SpecialMultimedia Encryption Sistem Multimedia 1 Multimedia Encryption Special
Crypto Concepts Symmetric encryption Public key encryption andCrypto Concepts Symmetric encryption Public key encryption and
Chapter 2 Classical Encryption Techniques Symmetric encryption SecretChapter 2 Classical Encryption Techniques Symmetric encryption Secret