Hacker News new | ask | show | jobs
by londons_explore 1068 days ago
These modern systems tend to have a seperate key for every consumer. Ie. every single device ever produced has a seperate key.

If any device is cracked/leaked, they find out which one is cracked and send out new keys for every other device except the one that was cracked.

Through clever use of key hierarchies, you only need to send out a small number of new keys over the air to make sure every legit user gets a new one, but your leaked key doesn't get replaced so anyone using that gets locked out.

There is no master key to leak - if you leak one key, you only lock out one device. All other keys are ephemeral.
1 comments
axus 1068 days ago
Is that what they do with satellite TV? Not knowing anything, I'd think they'd need a unique connection for every user, like Internet streaming, to have unique keys.
link
kaetemi 1068 days ago
Encrypt video broadcast with a master key pair. Then just continually broadcast the decryption key, encrypted for every customer individually, alongside. If there's a mysterious "activation" period after turning on the device initially, it's probably something like that. Rotate the master every so often to kick off users.
link
hiatus 1068 days ago
> Then just continually broadcast the decryption key, encrypted for every customer individually, alongside.

Wouldn't broadcasting a unique stream for each client increase bandwidth?

link
londons_explore 1068 days ago
You can do neat things with key hierarchies to avoid this.

Group all your customers into leaves of a binary tree. 100 million customers is a tree ~27 levels deep.

Issue every customer a private key on a smartcard. Also generate keys for each node in the tree, and have the smartcard also preloaded with the keys from that customer to the root. (ie. 26 extra keys on the card - easy to store).

Now, whenever a customer leaks their key, you cut that customer out of the tree and regenerate all nodes up to the root. You transmit over the air, every few minutes, all the modified keys. Each new key is transmitted multiple times encrypted with the children of that node.

Now every legit keyholder either has the master key, or some set of keys that can decrypt the master key (as a combination of the keys on the card and the keys transmitted over the air). Any banned cardholders do not.

Using this method, even banning hundreds of keys, there won't be more than tens of thousands of keys that need to be transmitted over the air, even though you might have 100 million cardholders. That's very transmittable every few minutes, meaning that honest cardholders won't have to wait more than a few minutes for service, even if their tree-neighbour is a hax0r.

link
BenjiWiebe 1068 days ago
It would, but if you are only transmitting keys, and only every couple hours, it needn't be much bandwidth.
link