conditional access: soft option?encrypt content so that encryption occurs once and remains encrypted...
TRANSCRIPT
Cable & Satellite International nov-dec 2006 www.cable-satellite.com page twenty one
PayTV piracy is rampant. Exact figures are
hard to come by but most statistics put the
annual cost to the industry in the billions
of dollars (the MPAA reports a U$6 billion loss to its
studios worldwide in 2005 with Asia the worst
regional culprit). Figures are inexact because it's
notoriously hard to know when service theft has been
committed (for satellite broadcast particularly) and
also because operators are understandably reluctant
to reveal that they're being hacked. Robert Payne
VP and general manager, EMEA, Verimatrix cites
operators “who acknowledge that 40 per cent of all
eyeballs on their content don't pay for it.”
The software argument
Software CA vendors recognise that piracy can and
will occur on any network, “all content can and will
be broken,” insists Matt Canard, Widevine VP
As PayTV piracy soars operators areconsidering the best security options to takein protecting content. Adrian Penningtonasks whether software or hardware is best
Conditional Access
Conditional access: The hard or soft option?
Conditional Access
marketing. However they argue that smartcards are
more subject to cloning. “You don’t need to break
the code if you can copy then resell it by posting
on the internet through splitters and repeaters,”
says Payne. “The set-top box is a hostile
environment in security terms. All smartcards
contain a series of keys (algorithms) which is the
Achilles heel of the system. If you get at that key
you can hack the whole system.”
Software systems, he suggests, avoid that
vulnerability by not having secret keys. “Instead we
use validation systems where the set-top box has to
check with the head-end CAS making the job
of breaking the system much more difficult.”
Furthermore software solutions are said to
provide a much quicker way of resetting the
network if compromised. “If you’re an operator
with 200,000 subs and your content security
is breached your immediate requirement is to renew
that security to prevent piracy from reoccurring,”
says Canard. “With hardware approaches that's
unrealistic within even 24 hours, whereas our
CAS offers downloadable back-up.”
Mathieson believes strongly that Latens IPTV
CA is more secure than almost all existing
smartcard/hardware-based CAS. “To understand
why, you have to consider all the issues concerned
with countering piracy. The first is stopping a hack,
in which we’re very strong. The second task is that
if you’re hacked then you need to be able to
quickly recover and do it cost-effectively — again
we are far more effective than the competition on
recovery. Thirdly, you have to discourage hackers by
making it hard to profit from a hack — here we’re
very much stronger than the smartcard. The
smartcard is the perfect mechanism for a pirate to
distribute a hack and as European broadcasters are
finding out, it can take an operator protected by a
smartcard many months to recover from a hack —
during which time they're leaking revenues month
by month. So, not only is our cost of ownership
much better than that of smartcards, but our
revenue and content protection is superior too.”
Critics who argue that software is not as secure as
a physical sealed unit are missing the point, says
Payne. “Software is inherently easier to attack than
a smartcard — but in security terms that’s a red
herring. Even if it’s broken there’s nothing inside
a secure software system that the hacker can get
from the set-top box. It’s like breaking into a safe and
finding all the money stored in a whole other bank.”
But perhaps the main difference between pure
hardware and software approaches contend
software developers is that smartcards incur an
inherent cost in terms of chip manufacture, printing
and physical distribution — a cost that device
makers must either bear themselves or (more likely)
pass along to consumers. Payne estimates that a
card reader can add U$40 to the cost of each set-
top box making considerable savings for an
operator who plumps for software CAS. Since the
media industry have not subsidised this cost it may
feel that the potential damage caused by software
hacks is within the bounds of acceptable risk.
The hardware argument
However these claims are rigorously refuted
by NDS, whose 65 million active smartcards —
including large installed bases for Direct TV and Sky
— have never been hacked.
“Software based security for high value content
is fundamentally flawed,” suggest Nigel Smith,
the firm’s VP Broadband Internet. “You can analyse
exactly what the security system is doing, debug
it, walk through it and decide where you want to
bypass. With hardware the security system operates
in black boxes which you can’t get into or analyse.
With our IPTV systems we could extend our
smartcard to anywhere in the network.”
He says software companies are speaking from
a position of inexperience and spreading misleading
information. “The claim that it takes a long time
to get smartcard systems up and running is invalid.
Hardware based security is very mature and feature
multiple levels of security, not just one, which we
can activate and refresh. Some of these levels never
surface because we’ve never needed them to.
Additionally our systems use proprietary chips
which don’t use off the shelf technology so you
can’t clone our cards.”
There is no premium for hardware based security,
he says, aside from the physical cost of the card.
“But you don’t need a security service at the other
end of the network. There is no extra cost because
the main processor has the black box within it.”
Nagra’s Ippach concurs, “Because the intelligence
is transferred to computers at the head end users
still have to pay for that. The simple fact is that if
you want a secure solution you need to work with
device manufactures — this is labour intensive,
takes considerable experience and a lot of money
to harden up devices against theft.”
Although no CA software-based system has been
broken the fact that Microsoft's Windows Media
DRM has been famously hacked twice — and
Apple’s Fairplay was recently hacked and stripped
of its iTunes content — highlights the vulnerability
of software systems and especially operating
systems which all software layers need to run
on. Indeed the MPAA indicated that 60 per cent of
the industry’s $6 billion loss was
through PCs.
Lessons from OS hacks
Device manufacturer
Pace is naturally
agnostic as to the
CAS systems it
Cable & Satellite International nov-dec 2006 www.cable-satellite.com page twenty three
Conditional Access
Cable & Satellite International nov-dec 2006 www.cable-satellite.com page twenty five
deploys but Mark Rooney, the company’s head of
IPTV reckons the more solutions the better.
“Technology has to fend off piracy so that
operators have greater confidence and rights
owners are more assured that their content is safe
and so the whole industry grows. IPTV operators
now have a plethora of hardware and software
measures they can adopt and for them it’s where
they feel most comfortable with a security that fits
their business model.”
Widevine claims it tested its CAS on the code
(Fairuse4DRM) that broke WM DRM and Fairplay
and found its protection robust. “We had the first
virtual smartcard on the market so our technology
is mature,” says Canard. “Our technology is
integrated with over 30 IP video devices
and we can prove our CA working with every
major middleware and VoD vendor.”
The other big differentiator for Widevine he
contends, “is the way we encrypt content. Widevine
has the only patented technology to persistently
encrypt content so that encryption occurs once
and remains encrypted all the way to the consumer
device. Others require multiple decrypt and
re-encrypt sites in the chain.”
For Verimatrix, which boasts 1.5 million client
licences, the scalability of its solution is unique.
“The larger the IP network becomes the more
traffic occurs on the network. Some of our
competitors suffer from scalability issues because
they’ve designed their networks with DVB and
DVB has control over the transmission plan every
15-20 seconds. If you do that over IP the network
capacity is quickly overloaded.” Verimatrix has
a range of CA measures which examines network
security from the head end, Dslam or router;
a software-based clone detection system and
forensic tracking which includes set-top based
content water marking.
“Not only is it viable but it is now the only
sensible way of protecting payTV content on
two-way networks,” adds Mathieson. “Implemented
properly, software CA is more secure than relying
on a hardware/smart card based CA and in addition
it’s more flexible and it's cost-effective too.” Latens’
recent launch of Broadcast CAS, is intended
to make it possible for the operators of one-way
networks, such as DTV and satellite, “to reap
the benefits of deploying software-based security.”
Software vendors believe they have the market
for IP sewn up. “Software is systematically replacing
hardware solutions even in one-way networks,”
says Payne.
Verimetrix too is working with chip manufacturers
Philips, TI and Broadcom to include its solutions
within the next generation of silicon. “The chip
in the STB becomes the CA element alleviating
the need for smartcards,” says Payne.
But NDS’ Smith has this warning. “What the
software guys are relying on is lack of visibility.
There is no real large IPTV service extant.” NDS,
he says, has the largest operational security team
actively looking for hackers and brining them
to justice. “Crime syndicates view payTV as
more profitable than drugs. It’s white collar crime
for which the sentences are not serious and
the revenues are huge. But right now the market
size of a telco IP service doesn’t justify attack from
a professional pirate. As IPTV subscriber counts rise
the pirates will turn their attention to them
and software companies will run into severe
problems. Once one is breached all other software
solutions will be brought into question. An
operator’s subs growth will slow down or go
negative when customers realise they don't need to
subscribe in order to receive it, and when content
starts popping up all over world services will be
withdrawn from the operator.”