conax.com

Security

Morten RuudInternational Product Marketing Manager

1 C O N A X – S E C U R I N G T H E F U T U R E

conax.comC O N A X – S E C U R I N G T H E F U T U R E2

Conax

Global provider of security forcontent distribution

Satellite

Terrestrial

MMDSCable

IP

conax.comC O N A X – S E C U R I N G T H E F U T U R E3

TV viewers prefers a complete content offering

Eases competition with satellite and cable

Increased value for free to air operators

Has happened in all markets

Free to air and pay TV operator in broadcast

conax.comC O N A X – S E C U R I N G T H E F U T U R E4

Terrestrial provides a rich TV offering!

4

Digitenne in Netherlands:

• 23 TV channels• 19 Radio channels

RiksTV in Norway

• 25 TV channels• 16 Radio channels

RiksTV will also offer a rich selection of HD movies as VOD

Developed by

Conax CAS and Conax Pairing protects

exclusive content like sport andearly releases of series and movies

to maximize revenue!!

conax.com

Piracy trends in the Caribbean

Many operators in the Caribbean experience problems where users are watching unauthorised TV. In the Caribbean, many operators are suffering from redistribution of unauthorized sport and Hollywood content.

Where is this content coming from?

5 C O N A X – S E C U R I N G T H E F U T U R E

conax.com

Where is this content coming from?

Unprotected free to air Unsecure set top boxes Analogous redistribution

For pay TV operators there is a need for content protection, from the head-end, through the set top box!

6 C O N A X – S E C U R I N G T H E F U T U R E

conax.com

Content, and its need for protection!

7 C O N A X – S E C U R I N G T H E F U T U R E

conax.com

Pay TV operator investments and revenue

Investing into prime content at exclusive terms attracts new subscribers and makes the current subscribers loyal.

To make the offering attractive for new subscribers, pay TV operators usually subsidize the set top boxes.

The set top box, multiplied by the number of subscribers, and exclusive top content usually represents significant investments!

The upside is, steady increase of loyal subscribers paying a monthly fee for years.

8 C O N A X – S E C U R I N G T H E F U T U R E

conax.com

The challenge

In broadcast, you do not know the recipients.

How can you be sure only paying customers can watch your services

C O N A X – S E C U R I N G T H E F U T U R E9

conax.com

Conditional Access – CA Motivation

Process of selectively determining if a particular user shall be made able to make use of a video/audio product being distributed via a broadcast medium.

The motivation for conditional access is twofold:

1. Cost control: restrict access to the content to just a particular geographical area or to a specific group of users due to limitations in programme rights

2. Revenue source: force users that want access to the content to pay for it.

Prevent commercial piracy. Commercial piracy occurs when the operator looses significant revenue due to a pirate distributing the means for un-authorized access to the content.

C O N A X – S E C U R I N G T H E F U T U R E10

conax.com

DVB Broadcast scenarioBroadcasting implies transmitting information from one

sender to many recipients – point to multipoint.Although digital television is becoming interactive so that a

consumer’s decoder/set-top-box (STB) can communicate with a central server, the delivery of the content itself is still one-way communication.

Interfaces for CA is standard (DVB) but CA itself is proprietary

C O N A X – S E C U R I N G T H E F U T U R E11

conax.com

The scenario; Protect a point to multipoint one-way information stream

Consumers are in general not interested in secure communication – they would like to get the content product for free if they could.

Broadcast content is normally intended for a consumer audience, implying that the reception equipment including any security devices must be low cost.

The laws and law enforcement regarding signal theft is weak in many jurisdictions, and the large revenue potential associated with pay-TV attracts well-funded, skilled and organized pirates.

These factors constitute the scenario in which to implement secure communications. This scenario is quite different from two-way systems like GSM where fraud detection is easier, and from on-line bank transactions where the consumer has an interest in the security not being compromised.

C O N A X – S E C U R I N G T H E F U T U R E12

conax.com

Conditional Access System

Controls the encryption on the transmit side and determine if a specific consumer shall be granted access to the content.

Usually implemented in a smart card on the receive side. The smart card provides for a tamper resistant environment.

The smart card communicates with an embedded application in the client (STB, CAM or other type)

ECM

The session key for the decryptor in the client is carried in a particular type of conditional access system messages, denoted

Entitlement Control Messages (ECM)

The smart card decrypts the ECM, then compares the service reference and entitlement information in the ECM with

corresponding information stored in the card. If authorisation is given, the smart card releases the session key to the STB for

the STB to descramble the scrambled payload.

EMM

Authorisations, and other CA specific infomration, for smart cards are carried in Entitlement Management Messages (EMM).

C O N A X – S E C U R I N G T H E F U T U R E13

conax.com

The broadcast security scenario and the implications

C O N A X – S E C U R I N G T H E F U T U R E14

Broadcast One way communication and available to all Recipient not required to respond per piece of information Emitter cannot detect who and how many are on Return path for requesting keys/entitlements does not help as pirates arranges for whatever is required

through their own network

Encryption techniques used to protect the broadcast content

Encryption is controlled by keys

Piracy can happen if:

Encryption techniques are simple enough for production of a cheap inverse

Keys become known

Keys and encryption techniques can be copied

Signal is redistributed

and is prevented by:

Complex encryption techniques

Keeping keys secret

Making it difficult to copy keys and encryption techniques

conax.com

Access/No Access

A CA System is involved in two separate, yet parallel processes in a pay-TV operation:

1. Prevent access: The CA System together with the scrambler makes sure that the signal is scrambled and unavailable for unauthorized viewers.

2. Give access: The CA System together with the scrambler and STB makes sure that the signal can be descrambled for authorized viewers.

C O N A X – S E C U R I N G T H E F U T U R E15

conax.com

Entitlement Control Messages (ECMs)

C O N A X – S E C U R I N G T H E F U T U R E16

Subscriber ManagementSystem (SMS)

ECM Generator (ECMG)

EMM Injector (EMMI)

Subscriber Authorization System (SAS)

Multiplexer / Scrambler

1

2

STB

Smart card

1. The scrambler scrambles the content based on a session key, known as Control Word (CW). The same CW is sent to the ECMG, which puts it into an ECM together with access criterias and a time reference. The ECM is then encrypted and sent back to the scrambler for insertion into the transport stream.

2. The STB receives the ECM and sends it to the smart card. The smart card decrypt the ECM and checks the access criteria against it’s internal subscription table. If the smart card has a matching access criteria loaded in memory, the CW will be sent to the STB for descrambling, if not the smart card will not send the CW and hence the STB is not able to descramble the content.

conax.com

Entitlement Management Messages (EMMs)

C O N A X – S E C U R I N G T H E F U T U R E17

Subscriber ManagementSystem (SMS)

ECM Generator (ECMG)

EMM Injector (EMMI)

Subscriber Authorization System (SAS)

Multiplexer / Scrambler

1

2

3

4

STB

Smart card

1. The Subscriber calls to subscribe to a service. The SMS generates a request and sends it to the SAS.

2. The SAS generates an Entitlement Management Message (EMM), encrypts it and sends it to the EMMI.

3. The EMMI sends the EMM to the mux/scrambler for insertion into the transport stream.4. The STB receives the EMM and sends it to the smart card. The smart card updates it’s

internal subscription table.

conax.comC O N A X – S E C U R I N G T H E F U T U R E18

Program Scrambled program

Control WordECM

Service Key

Service Key

Group Key

EMMSubscription

Group Key

Subscription

Control Word

conax.com

Simulcrypt basics

Simulcrypt is specified by DVB to allow multiple CA systems to scramble the same content without simulcasting.

The standard specifies the interfaces between the head-end equipment and the CA system

Why simulcrypt?

– standarise system interfaces, increasing inter-operability between manufacturers

– save bandwith when the option is to simulcast– to share content from a broadcaster between operators

using different CA (for example MTV in Europe)– to introduce a new CA to an operation (to increase

competition, or swap provider)

C O N A X – S E C U R I N G T H E F U T U R E19

conax.com

How does it work?

DVB Simulcrypt allows multiple CA systems to co-exist on a system by;

– specifying unique IDs for each manufacturer– specifying data structures in the Program Specific

Information (PSI) tables, so that clients can identify the CA system in use

– PSI data is used by the clients to locate the CA specific data for the channel it is tuned to

– the Simulcrypt Synchroniser (SCS) is used to synchronise the scrambling of a service with a Control Word with the various systems ECM generation

C O N A X – S E C U R I N G T H E F U T U R E20

conax.comC O N A X – S E C U R I N G T H E F U T U R E21

Hardware or Software Security?

conax.com

Software versus Hardware security module

C O N A X – S E C U R I N G T H E F U T U R E22

Software Hardware

Manipulation Medium(with cloaking, otherwise easy)

Hard

Recovery from piracy Hard(not without upgrade of HW)

Easy(by replacing a relative low cost element)

Keeping keys secret Medium(with cloaking)

Yes

Copying of device with keys is feasible (i.e. easy)

Easy Hard

conax.com

Hardware Security ModuleSmart card

C O N A X – S E C U R I N G T H E F U T U R E23

Smart card – STB combination satisfy the broadcast scenario security requirements

Smart cards:

Single chip designed for physical protection of keys Smart card software is in complete control of entire chip Smart cards can perform all key related processing necessary Smart cards without keys are useless Smart cards with keys are not easy to copy Smart cards deny the pirate what is needed to make pirate devices

Best combination: security – cost – flexibility

Minimum cost for a hardware device (single chip) Convenient format for distribution and use

conax.com

Conclusion

C O N A X – S E C U R I N G T H E F U T U R E24

Hardware CAS is superior to Software CAS in broadcast scenario

If software CAS is hacked, recovery is in principle not possible unless client hardware is upgraded

Software CAS alternative only if piracy pressure is low due to low value content and/or small network

– then, in small networks, back-end cost dominates - not the cost of a few cards

But 1, if a card is hacked, security can only be fully restored by swapping the cards of that type

But 2: Unlike software, if cards are swapped, security is indeed restored

Content providers are more comfortable with hardware CAS

conax.com

How to improve security further?

C O N A X – S E C U R I N G T H E F U T U R E25

conax.comC O N A X – S E C U R I N G T H E F U T U R E26

Content protection from the head-end through the consumer device

Conax Conditional Access and Conax Chipset Pairing• Protects the content from the head end, through the client device

• SW controlled by the Conax protected bootloader in the STB• STB tested by Conax and authorized by the digital TV operator• Control words not in clear anywhere• Digital content not in clear anywhere• Controls that certain content can be unscrambled on such STBs only

Conax head endtechnology

Conax client device technology

conax.com

The Conax Solution - Conax Pairing

Secure content protection from the head end through the set top box.

On the set top box side secrets are stored in the vault of the set top box chipset and the smart card.

Control word or content not in clear anywhere.

The operator securely controls the set top box population.

The operator securely controls that certain content can be watched on such set top boxes only.

27 C O N A X – S E C U R I N G T H E F U T U R E

conax.com

The Conax Solution - Conax Fingerprinting

An unique solution to identify any unauthorized redistribution.

Needs to be done in the set top box.

Secured by Conax Pairing.

Successfully deployed in markets where unauthorised analogous redistribution is an issue.

28 C O N A X – S E C U R I N G T H E F U T U R E

21455221584

conax.com

How secure is secure – Conax security evaluation

29 C O N A X – S E C U R I N G T H E F U T U R E

Level 0

Level 9

conax.com

Conax security evaluation certificate

30 C O N A X – S E C U R I N G T H E F U T U R E

conax.com

Conax facts and figures

31 C O N A X – S E C U R I N G T H E F U T U R E

Focus on content security only!

Fastest growing.

300+ customers in 80+ countries.

Largest supplier into Scandinavia, China, India, Russia and Latin Americas.

Protecting the most valuable content in markets with the most active pirates.

No piracy attack with commercial impact.

Well funded to stay ahead of pirates.

conax.com

Summary

Select a set top box with a high security level.

Select a content security provider with a solid

track record!

Select a content security provider well funded to

invest into staying ahead of piracy!

32 C O N A X – S E C U R I N G T H E F U T U R E

conax.com

Would you leave your future unsecured?

Thank you!

33 C O N A X – S E C U R I N G T H E F U T U R E