Upload
sona
View
40
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Security Morten Ruud International Product Marketing Manager. Conax. Satellite. Terrestrial. IP. MMDS. Cable. Global provider of security for content distribution. Free to air and pay TV operator in broadcast. TV viewers prefers a complete content offering - PowerPoint PPT Presentation
Citation preview
conax.com
Security
Morten RuudInternational Product Marketing Manager
1 C O N A X – S E C U R I N G T H E F U T U R E
conax.comC O N A X – S E C U R I N G T H E F U T U R E2
Conax
Global provider of security forcontent distribution
Satellite
Terrestrial
MMDSCable
IP
conax.comC O N A X – S E C U R I N G T H E F U T U R E3
TV viewers prefers a complete content offering
Eases competition with satellite and cable
Increased value for free to air operators
Has happened in all markets
Free to air and pay TV operator in broadcast
conax.comC O N A X – S E C U R I N G T H E F U T U R E4
Terrestrial provides a rich TV offering!
4
Digitenne in Netherlands:
• 23 TV channels• 19 Radio channels
RiksTV in Norway
• 25 TV channels• 16 Radio channels
RiksTV will also offer a rich selection of HD movies as VOD
Developed by
Conax CAS and Conax Pairing protects
exclusive content like sport andearly releases of series and movies
to maximize revenue!!
conax.com
Piracy trends in the Caribbean
Many operators in the Caribbean experience problems where users are watching unauthorised TV. In the Caribbean, many operators are suffering from redistribution of unauthorized sport and Hollywood content.
Where is this content coming from?
5 C O N A X – S E C U R I N G T H E F U T U R E
conax.com
Where is this content coming from?
Unprotected free to air Unsecure set top boxes Analogous redistribution
For pay TV operators there is a need for content protection, from the head-end, through the set top box!
6 C O N A X – S E C U R I N G T H E F U T U R E
conax.com
Content, and its need for protection!
7 C O N A X – S E C U R I N G T H E F U T U R E
conax.com
Pay TV operator investments and revenue
Investing into prime content at exclusive terms attracts new subscribers and makes the current subscribers loyal.
To make the offering attractive for new subscribers, pay TV operators usually subsidize the set top boxes.
The set top box, multiplied by the number of subscribers, and exclusive top content usually represents significant investments!
The upside is, steady increase of loyal subscribers paying a monthly fee for years.
8 C O N A X – S E C U R I N G T H E F U T U R E
conax.com
The challenge
In broadcast, you do not know the recipients.
How can you be sure only paying customers can watch your services
C O N A X – S E C U R I N G T H E F U T U R E9
conax.com
Conditional Access – CA Motivation
Process of selectively determining if a particular user shall be made able to make use of a video/audio product being distributed via a broadcast medium.
The motivation for conditional access is twofold:
1. Cost control: restrict access to the content to just a particular geographical area or to a specific group of users due to limitations in programme rights
2. Revenue source: force users that want access to the content to pay for it.
Prevent commercial piracy. Commercial piracy occurs when the operator looses significant revenue due to a pirate distributing the means for un-authorized access to the content.
C O N A X – S E C U R I N G T H E F U T U R E10
conax.com
DVB Broadcast scenarioBroadcasting implies transmitting information from one
sender to many recipients – point to multipoint.Although digital television is becoming interactive so that a
consumer’s decoder/set-top-box (STB) can communicate with a central server, the delivery of the content itself is still one-way communication.
Interfaces for CA is standard (DVB) but CA itself is proprietary
C O N A X – S E C U R I N G T H E F U T U R E11
conax.com
The scenario; Protect a point to multipoint one-way information stream
Consumers are in general not interested in secure communication – they would like to get the content product for free if they could.
Broadcast content is normally intended for a consumer audience, implying that the reception equipment including any security devices must be low cost.
The laws and law enforcement regarding signal theft is weak in many jurisdictions, and the large revenue potential associated with pay-TV attracts well-funded, skilled and organized pirates.
These factors constitute the scenario in which to implement secure communications. This scenario is quite different from two-way systems like GSM where fraud detection is easier, and from on-line bank transactions where the consumer has an interest in the security not being compromised.
C O N A X – S E C U R I N G T H E F U T U R E12
conax.com
Conditional Access System
Controls the encryption on the transmit side and determine if a specific consumer shall be granted access to the content.
Usually implemented in a smart card on the receive side. The smart card provides for a tamper resistant environment.
The smart card communicates with an embedded application in the client (STB, CAM or other type)
ECM
The session key for the decryptor in the client is carried in a particular type of conditional access system messages, denoted
Entitlement Control Messages (ECM)
The smart card decrypts the ECM, then compares the service reference and entitlement information in the ECM with
corresponding information stored in the card. If authorisation is given, the smart card releases the session key to the STB for
the STB to descramble the scrambled payload.
EMM
Authorisations, and other CA specific infomration, for smart cards are carried in Entitlement Management Messages (EMM).
C O N A X – S E C U R I N G T H E F U T U R E13
conax.com
The broadcast security scenario and the implications
C O N A X – S E C U R I N G T H E F U T U R E14
Broadcast One way communication and available to all Recipient not required to respond per piece of information Emitter cannot detect who and how many are on Return path for requesting keys/entitlements does not help as pirates arranges for whatever is required
through their own network
Encryption techniques used to protect the broadcast content
Encryption is controlled by keys
Piracy can happen if:
Encryption techniques are simple enough for production of a cheap inverse
Keys become known
Keys and encryption techniques can be copied
Signal is redistributed
and is prevented by:
Complex encryption techniques
Keeping keys secret
Making it difficult to copy keys and encryption techniques
conax.com
Access/No Access
A CA System is involved in two separate, yet parallel processes in a pay-TV operation:
1. Prevent access: The CA System together with the scrambler makes sure that the signal is scrambled and unavailable for unauthorized viewers.
2. Give access: The CA System together with the scrambler and STB makes sure that the signal can be descrambled for authorized viewers.
C O N A X – S E C U R I N G T H E F U T U R E15
conax.com
Entitlement Control Messages (ECMs)
C O N A X – S E C U R I N G T H E F U T U R E16
Subscriber ManagementSystem (SMS)
ECM Generator (ECMG)
EMM Injector (EMMI)
Subscriber Authorization System (SAS)
Multiplexer / Scrambler
1
2
STB
Smart card
1. The scrambler scrambles the content based on a session key, known as Control Word (CW). The same CW is sent to the ECMG, which puts it into an ECM together with access criterias and a time reference. The ECM is then encrypted and sent back to the scrambler for insertion into the transport stream.
2. The STB receives the ECM and sends it to the smart card. The smart card decrypt the ECM and checks the access criteria against it’s internal subscription table. If the smart card has a matching access criteria loaded in memory, the CW will be sent to the STB for descrambling, if not the smart card will not send the CW and hence the STB is not able to descramble the content.
conax.com
Entitlement Management Messages (EMMs)
C O N A X – S E C U R I N G T H E F U T U R E17
Subscriber ManagementSystem (SMS)
ECM Generator (ECMG)
EMM Injector (EMMI)
Subscriber Authorization System (SAS)
Multiplexer / Scrambler
1
2
3
4
STB
Smart card
1. The Subscriber calls to subscribe to a service. The SMS generates a request and sends it to the SAS.
2. The SAS generates an Entitlement Management Message (EMM), encrypts it and sends it to the EMMI.
3. The EMMI sends the EMM to the mux/scrambler for insertion into the transport stream.4. The STB receives the EMM and sends it to the smart card. The smart card updates it’s
internal subscription table.
conax.comC O N A X – S E C U R I N G T H E F U T U R E18
Program Scrambled program
Control WordECM
Service Key
Service Key
Group Key
EMMSubscription
Group Key
Subscription
Control Word
conax.com
Simulcrypt basics
Simulcrypt is specified by DVB to allow multiple CA systems to scramble the same content without simulcasting.
The standard specifies the interfaces between the head-end equipment and the CA system
Why simulcrypt?
– standarise system interfaces, increasing inter-operability between manufacturers
– save bandwith when the option is to simulcast– to share content from a broadcaster between operators
using different CA (for example MTV in Europe)– to introduce a new CA to an operation (to increase
competition, or swap provider)
C O N A X – S E C U R I N G T H E F U T U R E19
conax.com
How does it work?
DVB Simulcrypt allows multiple CA systems to co-exist on a system by;
– specifying unique IDs for each manufacturer– specifying data structures in the Program Specific
Information (PSI) tables, so that clients can identify the CA system in use
– PSI data is used by the clients to locate the CA specific data for the channel it is tuned to
– the Simulcrypt Synchroniser (SCS) is used to synchronise the scrambling of a service with a Control Word with the various systems ECM generation
C O N A X – S E C U R I N G T H E F U T U R E20
conax.comC O N A X – S E C U R I N G T H E F U T U R E21
Hardware or Software Security?
conax.com
Software versus Hardware security module
C O N A X – S E C U R I N G T H E F U T U R E22
Software Hardware
Manipulation Medium(with cloaking, otherwise easy)
Hard
Recovery from piracy Hard(not without upgrade of HW)
Easy(by replacing a relative low cost element)
Keeping keys secret Medium(with cloaking)
Yes
Copying of device with keys is feasible (i.e. easy)
Easy Hard
conax.com
Hardware Security ModuleSmart card
C O N A X – S E C U R I N G T H E F U T U R E23
Smart card – STB combination satisfy the broadcast scenario security requirements
Smart cards:
Single chip designed for physical protection of keys Smart card software is in complete control of entire chip Smart cards can perform all key related processing necessary Smart cards without keys are useless Smart cards with keys are not easy to copy Smart cards deny the pirate what is needed to make pirate devices
Best combination: security – cost – flexibility
Minimum cost for a hardware device (single chip) Convenient format for distribution and use
conax.com
Conclusion
C O N A X – S E C U R I N G T H E F U T U R E24
Hardware CAS is superior to Software CAS in broadcast scenario
If software CAS is hacked, recovery is in principle not possible unless client hardware is upgraded
Software CAS alternative only if piracy pressure is low due to low value content and/or small network
– then, in small networks, back-end cost dominates - not the cost of a few cards
But 1, if a card is hacked, security can only be fully restored by swapping the cards of that type
But 2: Unlike software, if cards are swapped, security is indeed restored
Content providers are more comfortable with hardware CAS
conax.com
How to improve security further?
C O N A X – S E C U R I N G T H E F U T U R E25
conax.comC O N A X – S E C U R I N G T H E F U T U R E26
Content protection from the head-end through the consumer device
Conax Conditional Access and Conax Chipset Pairing• Protects the content from the head end, through the client device
• SW controlled by the Conax protected bootloader in the STB• STB tested by Conax and authorized by the digital TV operator• Control words not in clear anywhere• Digital content not in clear anywhere• Controls that certain content can be unscrambled on such STBs only
Conax head endtechnology
Conax client device technology
conax.com
The Conax Solution - Conax Pairing
Secure content protection from the head end through the set top box.
On the set top box side secrets are stored in the vault of the set top box chipset and the smart card.
Control word or content not in clear anywhere.
The operator securely controls the set top box population.
The operator securely controls that certain content can be watched on such set top boxes only.
27 C O N A X – S E C U R I N G T H E F U T U R E
conax.com
The Conax Solution - Conax Fingerprinting
An unique solution to identify any unauthorized redistribution.
Needs to be done in the set top box.
Secured by Conax Pairing.
Successfully deployed in markets where unauthorised analogous redistribution is an issue.
28 C O N A X – S E C U R I N G T H E F U T U R E
21455221584
conax.com
How secure is secure – Conax security evaluation
29 C O N A X – S E C U R I N G T H E F U T U R E
Level 0
Level 9
conax.com
Conax security evaluation certificate
30 C O N A X – S E C U R I N G T H E F U T U R E
conax.com
Conax facts and figures
31 C O N A X – S E C U R I N G T H E F U T U R E
Focus on content security only!
Fastest growing.
300+ customers in 80+ countries.
Largest supplier into Scandinavia, China, India, Russia and Latin Americas.
Protecting the most valuable content in markets with the most active pirates.
No piracy attack with commercial impact.
Well funded to stay ahead of pirates.
conax.com
Summary
Select a set top box with a high security level.
Select a content security provider with a solid
track record!
Select a content security provider well funded to
invest into staying ahead of piracy!
32 C O N A X – S E C U R I N G T H E F U T U R E
conax.com
Would you leave your future unsecured?
Thank you!
33 C O N A X – S E C U R I N G T H E F U T U R E