Secure Key Exchange Scheme for IPTV Broadcasting

In Internet Protocol Television (IPTV) broadcasting, service providers charge subscription fee by scrambling the program in Conditional Access System (CAS). This avoids unauthorized users to receive the programs. A smart card (CA card) is used to decrypt the Control Words (CWs) and transfer them back to Set-Top Box (STB) in order to deseramble the scrambled program. This paper presents a secure mutual authentication and key exchange scheme between STB and smart card for IPTV broadcasting. Its security is based on one way hash function and the discrete logarithm problem. It allows subscribers to choose and change the password freely, provides dynamic session key agreement and mutual authentication between STB and smart card. Security analysis proves that the scheme is strong against subscriber and STB impersonation attacks, replay attack, stolen verifier attack, smart card loss attack, man-in-the-middle attack and attack on perfect forward secrecy which are considered as common threats in IPTV environment. Moreover, the scheme also prevents serious attacks such as smart card cloning and McCormac Hack attack particular to authentication using smart cards.