Newtec Proprietary
Confidentiality: Unrestricted
R3.2_v1.0
299/387
Feature Descriptions
MDM9000 Satellite Modem
• Odd/Even key: The operator on the modulator selects which key to use. The demodulators
automatically detect which key is used (odd or even) and selects the key of the same type (odd
or even) to performing the decryption.
16.18.2.3 Key Sizes
The key management layer for AES is defined to work with two key sizes: 128 bits for maximum
security and 64 bits for meeting exportation restrictions in some countries - the 64 bit keys have a
randomness of 56 bits to fully meet exportation restrictions. The last byte of the key is not used.
It is possible that the security mode on your modulator is restricted in the factory to use 64-bit keys
only.
In that case, you cannot switch to 128-bit key mode.
Switching from one key size to another erases all keys in use.
16.18.2.4 Use of Group Key
The group key can be used in two ways:
• A unique group key is defined for each device. In that case, a different encrypted content key
needs to be sent to each device. This key is unique and the operator is guaranteed that if the key
is intercepted, it cannot be used on another device (unless the group key is known).
• A group key is defined for a group of devices. Devices from region A share the same group key,
while devices from region B share another group key. In this case, the same encrypted content
key (let's say protected with the group key of region A) can be broadcasted to all devices. Only
devices of region A will be able to receive the content. The same procedure can be used to
separate receivers from two different sub-networks and it can also be used to separate receivers
dedicated to different purposes.
For 64-bits keys, some restriction applies. As the DES encryption is used to protect the encrypted
content key, it is not possible to use a weak DES key as a group key. Weak DES keys are listed in
Appendix-ListofWeak64-bitGroupKeysonpage346 at the back of this manual.
16.18.2.5 Seamless Key Change
The AES key management system is designed to allow the change of an encryption key during a
transmission without interrupting the stream, if the demodulator stores the same content keys than
the modulator.
Demodulators can detect which key (odd or even key) is currently in use. When the modulator
switches from one key to another, the demodulator automatically detects the change and switches to
the other key in a frame-synchronous way. This way, the demodulator always uses the proper key to
decrypt the baseband frames. No interruption or glitch appears at the output of the demodulator.
By changing the unused key on the modulator and demodulators, it is possible to switch again the
key in the network.
To Next Page
Loading...
