現今用於付費廣播電視存取控制的金鑰管理系統可以分成兩種類型，時限性階層金鑰管理系統(time-bound hierarchical key management system)與條件式存取系統(conditional access system)。時限性階層金鑰管理系統主要是針對不同權限的使用者於不同時間指派不同的金鑰；另一方面，條件式存取系統則是針對不同的商業模式來設計出符合條件的系統。這兩類的系統的目的都是希望只有合法的使用者能夠正確的收看節目。在此博士論文中，這兩種類型的金鑰管理系統都有詳細的討論。

此論文的第一部分，我們針對第一類型的金鑰管理系統。部分這類型的演算法是利用智慧卡來抵擋共謀攻擊。然而，我們發現一個利用智慧卡的演算法依然會遭受到共謀攻擊。我們修改此演算法來抵擋共謀攻擊並提出一個新的方法，可以不需使用智慧卡便能抵擋共謀攻擊。

此論文的第二部分，我們針對條件式存取系統作深入研究討論並提出新的改良。由於現有的商業模式都有其限制，首先，我們定義了一個新的商業模式並針對此商業模式設計出相對應的條件式存取系統。此外，我們也針對所設計出的條件式存取系統作詳細的分析與比較。

In Pay-TV broadcasting systems, only the authorized subscribers are allowed to precisely access the TV programs/channels subscribed by them. In order to achieve this requirement, several key management mechanisms are proposed to provide the channel protection.
Two kinds of key management mechanisms, time-bound hierarchical key management and conditional access systems, are widely discussed in Pay-TV broadcasting systems.
A time-bound hierarchical key management scheme is a method to assign time-dependent encryption keys to a set of classes which have partially ordered hierarchy. On the other hand, conditional access systems provide the channel protection according to distinct business models. In this thesis, these two mechanisms are discussed.

In the first part of this thesis, we focus on time-bound hierarchical key management schemes.
We first demonstrate that a new scheme proposed by Betrino et al. is insecure against the collusion attack even their scheme has adopted tamper-resistant devices. We also provide some possible amendments to this scheme. Besides, we propose a new time-bound hierarchical key management scheme which can effectively defeat the collusion attacks without adopting a tamper-resistant device. Compared with the previous schemes, our design requires less public parameters.

In the second part of this thesis, we put emphasis on the conditional access system. Since the existing business models, pay-per-view and pay-per-channel, have some constraints and drawbacks, we define a new business model which is more flexible for subscribers. In order to fulfill the requirements and assumptions of this business model, we also propose a new conditional access system. Besides, we also describe two methods to reduce the size of the access control matrix which is used for recording the subscription of all subscribers.

[1] S. G. Akl and P. D. Taylor. Cryptographic Solution to a Problem of Access Control in a Hierarchy. ACM Transactions on Computer Systems, 1(3):239-248, 1983.
[2] R. Anderson and M. Kuhn. Low Cost Attacks on Tamper Resistant Devices.In Proceedings of 5th International Workshop on Security Protocols, pages 125-136, 1997.
[3] M. J. Atallah, M. Blanton, N. Fazio, and K. B. Frikken. Dynamic and Efficient Key Management for Access Hierarchies. In Proceedings of 12th ACM conference on Computer and Communications Security, pages 190-201, 2005.
[4] G. Ateniese, A. D. Santis, A. L. Ferrara, and B. Masucci. Provably-Secure Time-Bound Hierarchical Key Assignment Schemes. In Proceedings of 13th ACM conference on Computer and Communications Security, pages 288-297,
2006.
[5] E. Bertino, S. Ning, and S. S. Wagsta. An Ecient Time-Bound HierarchicalKey Management Scheme for Secure Broadcasting. IEEE Transactions on Dependable and Secure Computing, 5(2):65-70, April-June 2008.
[6] H. Burklin, R. Schafer, and D. Westerkamp. DVB: from Broadcasting to IP Delivery. ACM SIGCOMM Computer Communication Review, 37(1):65-67, Jan. 2007.
[7] H. Y. Chen. Ecient Time-Bound Hierarchical Key Assignment Scheme.IEEE Transactions on Knowledge and Data Engineering, 16(10):1301-1304, Oct. 2004.
8] B. Chor, A. Fiat, M. Naor, and B. Pinkas. Tracing Traitors. IEEE Transactions on Information Theory, 46(3):893-910, May 2000.
[9] R. J. Crinon, D. Bhat, D. Catapano, G. Thomas, J. T. Van Loo, and G. Bang. Data Broadcasting and Interactive Television. Proceedings of the IEEE, 94(1):102-118, Jan. 2006.
[10] B. Cruselles, J. L. Melus, and M. Soriano. An Overview of Security in Eurocrypt Conditional Access System. In Proceedings of IEEE International Conference on Global Telecommunications, volume 1, pages 188-193, 1993.
[11] T. T. Do, K. A. Hua, and M. A. Tantaoui. P2VoD: Providing Fault Tolerant Video-on-Demand Streaming in Peer-to-Peer Environment. In Proceedings of IEEE International Conference on Communications, volume 3, pages 1467-1472, 2004.
[12] European Telecommunications Standards Institute (ETSI). Digital Video Broadcasting (DVB); Framing Structure, Channel Coding and Modulation for Terrestrial Television, Nov. 2004.
[13] Z. Fei, M. H. Ammar, I. Kamel, and S. Mukherjee. An Active Buer Management Technique for Providing Interactive Functions in Broadcast Video-on-Demand Systems. IEEE Transactions on Multimedia, 7(5):942-950, Oct. 2005.
[14] A. Fiat and M. Naor. Broadcast Encryption. In Proceedings of Crypto 2001, Lecture Notes in Computer Science, pages 480-491. Springer, 1994.
[15] T. W. Hou, J. T. Lai, and C. L. Yen. Based on Cryptosystem Secure Communication between Set-top Box and Smart Card in DTV Broadcasting. In Proceedings of IEEE Region 10 Conference (TENCON' 07), pages 1-5, 2007.
[16] A. Hu. Video-on-Demand Broadcasting Protocols: A Comprehensive Study. In Proceedings of 20th Annual Joint Conference of the IEEE Computer and Communications Societies, volume 1, pages 508-517, 2001.
[17] Y. L. Huang, S. P. Shieh, F. S. Ho, and J. C. Wang. Efficient Key Distribution Schemes for Secure Media Delivery in Pay-TV Systems. IEEE Transactions on Multimedia, 6(5):760-769, Oct. 2004.
[18] Y. L. Huang, S. P. Shieh, and J. C. Wang. Practical Key Distribution Schemes for Channel Protection. In Proceedings of International Conference on Computer Software and Applications, pages 569-574, 2000.
[19] ITU Rec. 810. Conditional-Access Broadcasting Systems, 1992.
[20] R. Janakiraman, M. Waldvogel, and L. Xu. Fuzzycast: Ecient Video-on-Demand over Multicast. In Proceedings of 21th Annual Joint Conference of the IEEE Computer and Communications Societies, volume 2, pages 920-929,2002.
[21] T. Jiang, S. Zheng, and B. Liu. Key Distribution based on Hierarchical Access Control for Conditional Access System in DTV Broadcast. IEEE Transactions on Consumer Electronics, 50(1):225-230, Feb. 2004.
[22] A. V. D. M. Kayem, P. Martin, and S. G. Akl. Heuristics for Improving Cryptographic Key Assignment in a Hierarchy. In Proceedings of 21st International Conference on Advanced Information Networking and Applications Workshops, volume 1, pages 531-536. IEEE Computer Society, 21{23 May 2007.
[23] Y. Kim, A. Perrig, and G. Tsudik. Group Key Agreement Efficient in Communication. IEEE Transactions on Computers, 53(7):905-921, Jul. 2004.
[24] Y. Kim, A. Perrig, and G. Tsudik. Tree-based Group Key Agreement. ACM Transactions on Information and System Security, 7(1):60-96, Feb. 2004.
[25] W. C. Kuo. Comments on A Multikey Secure Multimedia Proxy Using Asymmetric Reversible Parametric Sequences: Theory, Design, and Implementation. IEEE Transactions on Multimedia, 9(2):420-421, Feb. 2007.
[26] J. W. Lee. Key Distribution and Management for Conditional Access System on DBS. In Proceedings of International Conference on Cryptology and Infor-
mation Security, pages 82-86, 1996.
[27] C. H. Lin. Hierarchical Key Assignment Without Public-key Cryptography.Computers and Security, 20(7):612-619, 2001.
[28] B. Liu, W. Zhang, and T. Jiang. A Scalable Key Distribution Scheme for Conditional Access System in Digital Pay-TV System. IEEE Transactions on
Consumer Electronics, 50(2):632-637, May 2004.
[29] S. J. MacKinnon, P. D. Taylor, H. Meijer, and S. G. Akl. An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy. IEEE
Transactions on Computers, 34(9):797-802, June 1985.
[30] B. M. Macq and J. J. Quisquater. Cryptology for Digital TV Broadcasting.Proceedings of the IEEE, 83(6):944-957, Jun. 1995.
[31] R. Molva and A. Pannetrat. Scalable Multicast Security with Dynamic Recipient Groups. ACM Transactions on Information and System Security (TISSEC),
3(3):136-160, Aug. 2000.
[32] D. Naor, M. Naor, and J. Lotspiech. Revocation and Tracing Schemes for Stateless Receivers. In Proceeding of Advances in Cryptology-(CRYPTO'01),
volume 1, pages 4162. Springer, 2001.
[33] R. D. Pietro, L. V. Mancini, Y. W. Law, S. Etalle, and P. Havinga. LKHW:A Directed Diusion-based Secure Multicast Scheme for Wireless Sensor Networks.In Proceedings of 2003 International Conference on Parallel Processing
Workshops, pages 397-406, 2003.
[34] D. Purandare and R. Guha. An Alliance Based Peering Scheme for P2P Live Media Streaming. IEEE Transactions on Multimedia, 9(8):1633-1644, Dec.
2007.
[35] R. L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-key Cryptosystems. Communications of the ACM,21(2):120-126, Feb. 1978.
[36] A. D. Santis, A. L. Ferrara, and B. Masucci. Enforcing the Security of a Time-Bound Hierarchical Key Assignment Scheme. Information Sciences,176(12):1684-1694, 2006.
[37] B. Schneier. Applied Cryptography. Wiley, second edition, 1996.
[38] H. M. Sun, C. M. Chen, and C. Z. Shieh. Flexible-Pay-Per-Channel: A New Model For Content Access Control in Pay-TV Broadcasting Systems. IEEE Transactions on Multimedia, 6(10):1109-1120, Oct. 2008.
[39] H. M. Sun, C. Z. Shieh, and C. M. Chen. An Ecient and Flexible Key Distribution Scheme for Conditional Access System in Pay-TV System. In Proceedings of 16th Information Security Conference, 2006.
[40] H. M. Sun, K. H. Wang, and C. M. Chen. On the Security of an efficient Time-Bound Hierarchical Key Management Scheme. IEEE Transactions on Dependable and Secure Computing, 6(2):159{160, April-June 2009.
[41] V. D. To, R. Safavi-Naini, and F. Zhang. New Traitor Tracing Schemes using Bilinear Map. In Proceedings of 3rd ACM Workshop on Digital Rights Management, pages 67-76, 2003.
[42] F. K. Tu, C. S. Laih, and H. H. Tung. On Key Distribution Management for Conditional Access System on Pay-TV System. IEEE Transactions on Consumer Electronics, 45(1):151-158, Feb. 1999.
[43] W. G. Tzeng. A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy. IEEE Transactions on Knowledge and Data Engineering, 14(1):182-188, Jan./Feb. 2002.
[44] M. Waldvogel, G. Caronni, D. Sun, N. Weiler, and B. Plattner. The VersaKey Framework: Versatile Group Key Management. IEEE Journal on Selected Areas in Communications, 17(9):1614-1631, Sep. 1999.
[45] W. Y. Wang and C. S. Laih. Merging: An Ecient Solution for a Time-Bound Hierarchical Key Assignment Scheme. IEEE Transaction on Dependable Secure
Computing, 3(1):91-100, Jan./Mar. 2006.
[46] C. K. Wong, M. Gouda, and S. S. Lam. Secure Group Communications Using Key Graphs. IEEE/ACM Transactions on Networking, 8(1):16-30, Feb. 2000.
[47] J. Yeh. An RSA-based Time-Bound Hierarchical Key Assignment Scheme for Electronic Article Subscription. In Proceedings of 14th ACM International Conference on Information and Knowledge Management, 2005.
[48] S. F. Yeung, J. C. S. Lui, and D. K. Y. Yau. A Multikey Secure Multimedia Proxy using Asymmetric Reversible Parametric Sequences: Theory, Design,
and Implementation. IEEE Transactions on Multimedia, 7(2):330-338, Apr.2005.
[49] X. Yi. Security of Chien's Efficient Time-Bound Hierarchical Key Assignment Scheme. IEEE Transactions on Knowledge and Data Engineering, 17(9):1298-1299, Sept. 2005.
[50] X. Yi and Y. Ye. Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy. IEEE Transactions on Knowledge and Data Engineering, 15(4):1054-1055, July-Aug. 2003.
[51] W. T. Zhu. A Cost-Ecient Secure Multimedia Proxy System. IEEE Transactions on Multimedia, 10(6):1214-1220, Oct. 2008.