Cable & Satellite International nov-dec 2006 www.cable-satellite.com page twenty one

PayTV piracy is rampant. Exact figures are

hard to come by but most statistics put the

annual cost to the industry in the billions

of dollars (the MPAA reports a U$6 billion loss to its

studios worldwide in 2005 with Asia the worst

regional culprit). Figures are inexact because it's

notoriously hard to know when service theft has been

committed (for satellite broadcast particularly) and

also because operators are understandably reluctant

to reveal that they're being hacked. Robert Payne

VP and general manager, EMEA, Verimatrix cites

operators “who acknowledge that 40 per cent of all

eyeballs on their content don't pay for it.”

The software argument

Software CA vendors recognise that piracy can and

will occur on any network, “all content can and will

be broken,” insists Matt Canard, Widevine VP

As PayTV piracy soars operators areconsidering the best security options to takein protecting content. Adrian Penningtonasks whether software or hardware is best

Conditional Access

Conditional access: The hard or soft option?

Conditional Access

marketing. However they argue that smartcards are

more subject to cloning. “You don’t need to break

the code if you can copy then resell it by posting

on the internet through splitters and repeaters,”

says Payne. “The set-top box is a hostile

environment in security terms. All smartcards

contain a series of keys (algorithms) which is the

Achilles heel of the system. If you get at that key

you can hack the whole system.”

Software systems, he suggests, avoid that

vulnerability by not having secret keys. “Instead we

use validation systems where the set-top box has to

check with the head-end CAS making the job

of breaking the system much more difficult.”

Furthermore software solutions are said to

provide a much quicker way of resetting the

network if compromised. “If you’re an operator

with 200,000 subs and your content security

is breached your immediate requirement is to renew

that security to prevent piracy from reoccurring,”

says Canard. “With hardware approaches that's

unrealistic within even 24 hours, whereas our

CAS offers downloadable back-up.”

Mathieson believes strongly that Latens IPTV

CA is more secure than almost all existing

smartcard/hardware-based CAS. “To understand

why, you have to consider all the issues concerned

with countering piracy. The first is stopping a hack,

in which we’re very strong. The second task is that

if you’re hacked then you need to be able to

quickly recover and do it cost-effectively — again

we are far more effective than the competition on

recovery. Thirdly, you have to discourage hackers by

making it hard to profit from a hack — here we’re

very much stronger than the smartcard. The

smartcard is the perfect mechanism for a pirate to

distribute a hack and as European broadcasters are

finding out, it can take an operator protected by a

smartcard many months to recover from a hack —

during which time they're leaking revenues month

by month. So, not only is our cost of ownership

much better than that of smartcards, but our

revenue and content protection is superior too.”

Critics who argue that software is not as secure as

a physical sealed unit are missing the point, says

Payne. “Software is inherently easier to attack than

a smartcard — but in security terms that’s a red

herring. Even if it’s broken there’s nothing inside

a secure software system that the hacker can get

from the set-top box. It’s like breaking into a safe and

finding all the money stored in a whole other bank.”

But perhaps the main difference between pure

hardware and software approaches contend

software developers is that smartcards incur an

inherent cost in terms of chip manufacture, printing

and physical distribution — a cost that device

makers must either bear themselves or (more likely)

pass along to consumers. Payne estimates that a

card reader can add U$40 to the cost of each set-

top box making considerable savings for an

operator who plumps for software CAS. Since the

media industry have not subsidised this cost it may

feel that the potential damage caused by software

hacks is within the bounds of acceptable risk.

The hardware argument

However these claims are rigorously refuted

by NDS, whose 65 million active smartcards —

including large installed bases for Direct TV and Sky

— have never been hacked.

“Software based security for high value content

is fundamentally flawed,” suggest Nigel Smith,

the firm’s VP Broadband Internet. “You can analyse

exactly what the security system is doing, debug

it, walk through it and decide where you want to

bypass. With hardware the security system operates

in black boxes which you can’t get into or analyse.

With our IPTV systems we could extend our

smartcard to anywhere in the network.”

He says software companies are speaking from

a position of inexperience and spreading misleading

information. “The claim that it takes a long time

to get smartcard systems up and running is invalid.

Hardware based security is very mature and feature

multiple levels of security, not just one, which we

can activate and refresh. Some of these levels never

surface because we’ve never needed them to.

Additionally our systems use proprietary chips

which don’t use off the shelf technology so you

can’t clone our cards.”

There is no premium for hardware based security,

he says, aside from the physical cost of the card.

“But you don’t need a security service at the other

end of the network. There is no extra cost because

the main processor has the black box within it.”

Nagra’s Ippach concurs, “Because the intelligence

is transferred to computers at the head end users

still have to pay for that. The simple fact is that if

you want a secure solution you need to work with

device manufactures — this is labour intensive,

takes considerable experience and a lot of money

to harden up devices against theft.”

Although no CA software-based system has been

broken the fact that Microsoft's Windows Media

DRM has been famously hacked twice — and

Apple’s Fairplay was recently hacked and stripped

of its iTunes content — highlights the vulnerability

of software systems and especially operating

systems which all software layers need to run

on. Indeed the MPAA indicated that 60 per cent of

the industry’s $6 billion loss was

through PCs.

Lessons from OS hacks

Device manufacturer

Pace is naturally

agnostic as to the

CAS systems it

Cable & Satellite International nov-dec 2006 www.cable-satellite.com page twenty three

Conditional Access

Cable & Satellite International nov-dec 2006 www.cable-satellite.com page twenty five

deploys but Mark Rooney, the company’s head of

IPTV reckons the more solutions the better.

“Technology has to fend off piracy so that

operators have greater confidence and rights

owners are more assured that their content is safe

and so the whole industry grows. IPTV operators

now have a plethora of hardware and software

measures they can adopt and for them it’s where

they feel most comfortable with a security that fits

their business model.”

Widevine claims it tested its CAS on the code

(Fairuse4DRM) that broke WM DRM and Fairplay

and found its protection robust. “We had the first

virtual smartcard on the market so our technology

is mature,” says Canard. “Our technology is

integrated with over 30 IP video devices

and we can prove our CA working with every

major middleware and VoD vendor.”

The other big differentiator for Widevine he

contends, “is the way we encrypt content. Widevine

has the only patented technology to persistently

encrypt content so that encryption occurs once

and remains encrypted all the way to the consumer

device. Others require multiple decrypt and

re-encrypt sites in the chain.”

For Verimatrix, which boasts 1.5 million client

licences, the scalability of its solution is unique.

“The larger the IP network becomes the more

traffic occurs on the network. Some of our

competitors suffer from scalability issues because

they’ve designed their networks with DVB and

DVB has control over the transmission plan every

15-20 seconds. If you do that over IP the network

capacity is quickly overloaded.” Verimatrix has

a range of CA measures which examines network

security from the head end, Dslam or router;

a software-based clone detection system and

forensic tracking which includes set-top based

content water marking.

“Not only is it viable but it is now the only

sensible way of protecting payTV content on

two-way networks,” adds Mathieson. “Implemented

properly, software CA is more secure than relying

on a hardware/smart card based CA and in addition

it’s more flexible and it's cost-effective too.” Latens’

recent launch of Broadcast CAS, is intended

to make it possible for the operators of one-way

networks, such as DTV and satellite, “to reap

the benefits of deploying software-based security.”

Software vendors believe they have the market

for IP sewn up. “Software is systematically replacing

hardware solutions even in one-way networks,”

says Payne.

Verimetrix too is working with chip manufacturers

Philips, TI and Broadcom to include its solutions

within the next generation of silicon. “The chip

in the STB becomes the CA element alleviating

the need for smartcards,” says Payne.

But NDS’ Smith has this warning. “What the

software guys are relying on is lack of visibility.

There is no real large IPTV service extant.” NDS,

he says, has the largest operational security team

actively looking for hackers and brining them

to justice. “Crime syndicates view payTV as

more profitable than drugs. It’s white collar crime

for which the sentences are not serious and

the revenues are huge. But right now the market

size of a telco IP service doesn’t justify attack from

a professional pirate. As IPTV subscriber counts rise

the pirates will turn their attention to them

and software companies will run into severe

problems. Once one is breached all other software

solutions will be brought into question. An

operator’s subs growth will slow down or go

negative when customers realise they don't need to

subscribe in order to receive it, and when content

starts popping up all over world services will be

withdrawn from the operator.”