#v{d ÷d õ® LFSR-BASED CRYPTOGRAPHIC CHECKSUMS FOR SECURE BROADCASTING

In this paper, we present a scheme for generating cryptographic checksums to perform message authentication in a one-way broadcasting system. The proposed scheme is based on the use of clockcontrolled LFSRs and is aimed at high-speed implementation for real-time applications. INTRODUCTION In a typical secure broadcasting system, source information (video, voice, images, text,..., etc.) are transmitted in a scrambled structure from the broadcast center and all the receivers get the same broadcasting signal consisting of scrambled information and access control information [1]. A set of randomly generated decryption keys, master keys, are stored in a physically secure and tamperproof module inside the legitimate receivers while the center keep a copy of corresponding encryption keys at a database against receiver's unique ID, etc. Successful descrambling occurs in authorized receivers when correctly encrypted descrambling keys were delivered from the broadcast center. Although the cryptographic algorithm selected for distributing descrambling key could either be a public-key algorithm or a private-key algorithm, DES-alike schemes are usually chosen and implemented in firmware or software to provide key distribution in a secure and cost-effective manner. The receivers are individually addressable, meaning they can be directly controlled, using the unique master key, at any time from the broadcast center. Nevertheless, it is very inefficient to deliver the descrambling key to each receiver on an individual basis, therefore a key distribution hierarchy is normally developed. The idea is to form receiver groups and each member of the same group shares the identical distribution key [1]. In a three-level hierarchy of keys, the descrambling key is downloaded into receivers through a broadcasting message encrypted by the shared group key while the group keys is encrypted by the master key and distributed in advance into the secure module in the authorized receivers. Message for distributing the group key has to be extremely insensitive to transmission errors and a check must also be made by the receiver of the message that it has not been deliberately altered since it left the broadcast center. Furthermore, the delay and complexity that is required in implementing this message authentication must be satisfied with real-time and low-cost constrains in a commercial one-way broadcast system. Cryptographic checksums (also known as message authentication codes, integrity check-values, modification detection codes, or message integrity codes) are used to detect unauthorized alternation of message being transmission between two mutually trusted parties [2-5]. Much like an ordinary checksum or cyclic redundancy check (CRC), a checksum is appended to the transmitted message and the number of checksum bits are generally less than the number of message bits to be transmitted. However, the cryptographic checksum will be dependent not only on the original message but also on a secret key known only between the sender and the intended receiver. When a message is transmitted, the broadcast center calculates a checksum using the agreed secret key and appends it to the message (Figure 1).