KEY TO INTEGRITY
MHP extends the existing and successful open DVB standards for broadcast and
interactive services in all transmission networks including satellite,
cable, terrestrial and microwave systems. It supports many kinds of
applications allowing broadcasters, network operators, and content creators
to provide a rich interactive multimedia and Internet experience to their
clients, thus opening a new vista of additional services and entertainment.
However these new vistas also introduce the possibility of new threats and
thus the MHP standard includes a strong security framework to secure MHP
applications and consumers.
The MHP security model is designed to maintain integrity of content in the
content delivery chain and to guard against potential problems such as:
- Malicious damage of the MHP device by an application
- ‘Denial of Service’ through competing applications, malicious attacks or
other means
- Unauthorised use of user data
- Unauthorised use or theft of content
- Unauthorised use of the return channel
- Unauthorised access to the communication on the return channel.
The MHP thus provides authentication and verification systems that validate
incoming applications. It provides capabilities to check the operation of an
application and its use of the MHP’s resources, as well as secure
authentication mechanisms that allow access to secure applications or online
sites. Furthermore, in the future a copyright system that manages the
storage of content within the MHP is being considered, and an encryption
system that guards against the theft of content is of course needed.
The MHP security mechanism is based on a Public Key Infrastructure (PKI) in
order to support current and future needs; defining security requirements
for consumer, service provider, device manufacturer, and broadcaster by
providing confidentiality, integrity, availability, privacy and
non-reputability.
The PKI is owned by DVB Services Sarl, and after a tender and evaluation
process WISeKey was selected to be its operator. WISeKey has thus
implemented the infrastructure, and also hosts and operates it.
A Public Key Infrastructure is composed of Certification Authorities (CA),
each possessing a key pair, one private and the other public, with the
public key incorporated into a digital certificate. The Root Certification
Authority is at the base of the trust chain and must be operated with
extreme security, trust, and care.
WISeKey therefore equips its facilities with multiple security controls such
as biometric access, multi-tiered physical entry, micro cement and steel
reinforced structures, sophisticated alarm systems, and onsite and remote
surveillance to ensure Root CA safety. Staff are also highly trained and
complete a strict trusted employee verification process. All core operations
are supported by documented operational procedures; and backed by legal and
service agreements that ensure the smooth, secure and efficient functioning
of the system.
The DVB Service PKI contains a minimum of three Root CAs, and these Root
Certificates are embedded within every MHP receiver, host, or client. These
devices are thus able to verify the chain of trust to ensure the integrity
of MHP content and ultimately safeguard consumers from threats.
WISeKey provides the certification services that ensure the security, and
availability of the core PKI infrastructure that is essential to the MHP
community including:
- Security and operation of Root and Signing Certification Authorities
- Root certificates for device manufacturers
- Application signing certificates for content creators
- Support and consulting to customers.
The DVB Project and its partners have invested significantly to provide a
safe and secure environment in MHP. It’s in the interest of the entire
community, including broadcasters, network operators, application
developers, and device manufacturers to support the MHP security framework
and ensure a fun and safe playground for us all.
Kevin Blackman joined WISeKey in 2000 and has more than 12 years experience
in project management, IT security, PKI, and telecommunications. Kevin holds
a degree in electrical and computer engineering from the University of the
West Indies and is a Certified Information System Security Professional,
Information Systems Security Management Professional, and Information System
Architecture Professional